From 904a73b51df0cc573a5452937e58478b06323d8f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 15:33:58 +0100 Subject: [PATCH 1/8] fix(mautrix-telegram): should not try to update config See: https://github.com/mautrix/python/pull/152 --- hosts/nachtigall/apps/matrix/mautrix-telegram.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix index b9fb60a..d5b5010 100644 --- a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix +++ b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix @@ -205,7 +205,19 @@ lottieconverter # for animated stickers conversion, unfree package ffmpeg # if converting animated stickers to webm (very slow!) ]; - systemd.services.mautrix-telegram.serviceConfig = { + systemd.services.mautrix-telegram.serviceConfig = + let + cfg = config.services.mautrix-telegram; + settingsFormat = pkgs.formats.json {}; + settingsFile = + settingsFormat.generate "mautrix-telegram-config.json" cfg.settings; + in + { User = "matrix-synapse"; + ExecStart = '' + ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ + --config='${settingsFile}' + --no-update + ''; }; } From f911ac7bad5bb4794103183f0549594c0a9f2de6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 15:35:02 +0100 Subject: [PATCH 2/8] fix(matrix-synapse): needs to defince oidc extras after NixOS module updates https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights --- hosts/nachtigall/apps/matrix/synapse.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nachtigall/apps/matrix/synapse.nix b/hosts/nachtigall/apps/matrix/synapse.nix index 0999038..8c4d826 100644 --- a/hosts/nachtigall/apps/matrix/synapse.nix +++ b/hosts/nachtigall/apps/matrix/synapse.nix @@ -218,6 +218,11 @@ in { "/var/lib/matrix-synapse/telegram-registration.yaml" ]; + extras = [ + "oidc" + "redis" + ]; + plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; From 038d80a8017410337728f5005341645608b288ed Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 15:36:03 +0100 Subject: [PATCH 3/8] feat: DNS updates Fix turn domain used by coturn --- terraform/dns.tf | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/terraform/dns.tf b/terraform/dns.tf index 1e61160..57b230c 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -8,7 +8,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "flora-6" type = "A" address = "80.71.153.210" - ttl = 60 } record { hostname = "auth" @@ -19,7 +18,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "ci" type = "A" address = "80.71.153.210" - ttl = 60 } record { hostname = "git" @@ -52,19 +50,16 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "cache" type = "A" address = "95.217.225.160" - ttl = 60 } record { hostname = "factorio" type = "A" address = "80.244.242.2" - ttl = 60 } record { hostname = "collabora" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "@" @@ -76,19 +71,17 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "chat" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "cloud" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { - hostname = "coturn" + hostname = "turn" type = "A" - address = "80.71.153.239" - ttl = 60 + address = "138.201.80.102" + ttl = 300 } record { hostname = "hpb" @@ -96,18 +89,6 @@ resource "namecheap_domain_records" "pub-solar" { address = "80.71.153.239" ttl = 60 } - record { - hostname = "dimension" - type = "A" - address = "85.88.23.162" - ttl = 60 - } - record { - hostname = "element" - type = "A" - address = "85.88.23.162" - ttl = 60 - } record { hostname = "files" type = "CNAME" @@ -132,7 +113,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "matrix" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "www" From 1cfe140e770f3c7bd7aa3cda2e506b351b979d50 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 15:42:18 +0100 Subject: [PATCH 4/8] fix: mkForce mautrix-telegram ExecStart --- hosts/nachtigall/apps/matrix/mautrix-telegram.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix index d5b5010..29037b3 100644 --- a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix +++ b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix @@ -214,7 +214,7 @@ in { User = "matrix-synapse"; - ExecStart = '' + ExecStart = lib.mkForce '' ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ --config='${settingsFile}' --no-update From 37528c08740bc0ef3253b057e1148b5cdc611aaf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 15:44:40 +0100 Subject: [PATCH 5/8] fix: mautrix-telegram ExecStart missing \ --- hosts/nachtigall/apps/matrix/mautrix-telegram.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix index 29037b3..70cace5 100644 --- a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix +++ b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix @@ -216,7 +216,7 @@ User = "matrix-synapse"; ExecStart = lib.mkForce '' ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ - --config='${settingsFile}' + --config='${settingsFile}' \ --no-update ''; }; From becaa9d64987c57d30d97d714e7549733f778bbc Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 2 Dec 2023 16:09:15 +0100 Subject: [PATCH 6/8] fix: revert mautrix-telegram changes --- hosts/nachtigall/apps/matrix/mautrix-telegram.nix | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix index 70cace5..b9fb60a 100644 --- a/hosts/nachtigall/apps/matrix/mautrix-telegram.nix +++ b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix @@ -205,19 +205,7 @@ lottieconverter # for animated stickers conversion, unfree package ffmpeg # if converting animated stickers to webm (very slow!) ]; - systemd.services.mautrix-telegram.serviceConfig = - let - cfg = config.services.mautrix-telegram; - settingsFormat = pkgs.formats.json {}; - settingsFile = - settingsFormat.generate "mautrix-telegram-config.json" cfg.settings; - in - { + systemd.services.mautrix-telegram.serviceConfig = { User = "matrix-synapse"; - ExecStart = lib.mkForce '' - ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ - --config='${settingsFile}' \ - --no-update - ''; }; } From 75270321d56e17aa9203b8468bca31a4d13a1336 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sat, 2 Dec 2023 17:22:28 +0100 Subject: [PATCH 7/8] fix: Allow matrix-appservice-irc to chown things @chown is part of @privileged. It is used by sed which is used to manage the registration.yaml --- hosts/nachtigall/apps/matrix/irc.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/matrix/irc.nix b/hosts/nachtigall/apps/matrix/irc.nix index 8f65985..da20617 100644 --- a/hosts/nachtigall/apps/matrix/irc.nix +++ b/hosts/nachtigall/apps/matrix/irc.nix @@ -1,5 +1,10 @@ -{lib, ...}: +{pkgs, lib, ...}: { + systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [ + "@system-service @pkey" + "~@privileged @resources" + "@chown" + ]; services.matrix-appservice-irc = { enable = true; localpart = "irc_bot"; From 790848ef69248c37a31aed2919e27561b82c13f3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 3 Dec 2023 12:14:47 +0100 Subject: [PATCH 8/8] fix: update keycloak pub.solar theme https://git.pub.solar/pub-solar/keycloak-theme/commit/1ee87a1884524022291ffab4b6abddcbf03bb7ad --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 412674f..248f5b0 100644 --- a/flake.lock +++ b/flake.lock @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1689875310, - "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=", + "lastModified": 1701601812, + "narHash": "sha256-ZasiO0UOpDYumIjoUcfInVST7vBsCUaXZ8ZfnSxwXz8=", "ref": "main", - "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395", - "revCount": 24, + "rev": "bba54d2f5cd616ff5fded4c95f1e4f99faa2f5d0", + "revCount": 26, "type": "git", "url": "https://git.pub.solar/pub-solar/keycloak-theme" },