flake: update to NixOS 24.11
Some checks failed
Flake checks / Check (pull_request) Failing after 1m34s
Some checks failed
Flake checks / Check (pull_request) Failing after 1m34s
Fix warnings: trace: evaluation warning: The option `services.forgejo.mailerPasswordFile' defined in `/nix/store/13vqhb5askjgi07wqwxawq4bdm7h0wc7-source/flake.nix, via option flake.nixosModules.forgejo' has been renamed to `services.forgejo.secrets.mailer.PASSWD'. trace: evaluation warning: Using `services.nextcloud.config.dbtableprefix` is deprecated. Fresh installations with this option set are not allowed anymore since v20. If you have an existing installation with a custom table prefix, make sure it is set correctly in `config.php` and remove the option from your NixOS config. Fix errors: - The option definition `services.matrix-sliding-sync' in `/nix/store/wgxgv8rjbd2nhf7y28kfzm4n6kz85dnq-source/flake.nix, via option flake.nixosModules.matrix' no longer has any effect; please remove it. The matrix-sliding-sync package has been removed, since matrix-synapse incorporated its functionality - The option `services.keycloak.settings.proxy' has been removed. Set `services.keycloak.settings.proxy-headers` in combination with other hostname options as needed instead. See [Proxy option removed](https://www.keycloak.org/docs/latest/upgrading/index.html#proxy-option-removed) for more information. error: The option `services.matrix-appservice-irc.settings.ircService.mediaProxy.publicUrl' was accessed but has no value defined. Try setting the option.
This commit is contained in:
parent
3e32bfe106
commit
7fc8dcf332
54
flake.lock
54
flake.lock
|
@ -257,16 +257,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726989464,
|
"lastModified": 1733050161,
|
||||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
"narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
"rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-24.05",
|
"ref": "release-24.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -336,20 +336,35 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731797254,
|
"lastModified": 1732981179,
|
||||||
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
|
"narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
|
"rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-24.05",
|
"ref": "nixos-24.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-24_05": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1733016324,
|
||||||
|
"narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-24.05",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730504152,
|
"lastModified": 1730504152,
|
||||||
|
@ -362,6 +377,21 @@
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1733015953,
|
||||||
|
"narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -384,12 +414,8 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": "nixpkgs_2",
|
||||||
"unstable"
|
"nixpkgs-24_05": "nixpkgs-24_05",
|
||||||
],
|
|
||||||
"nixpkgs-24_05": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"utils": "utils_2"
|
"utils": "utils_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
# Track channels with commits tested and built by hydra
|
# Track channels with commits tested and built by hydra
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||||
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
fork.url = "github:teutat3s/nixpkgs/init-matrix-authentication-service-module";
|
fork.url = "github:teutat3s/nixpkgs/init-matrix-authentication-service-module";
|
||||||
|
|
||||||
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
home-manager.url = "github:nix-community/home-manager/release-24.05";
|
home-manager.url = "github:nix-community/home-manager/release-24.11";
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
|
@ -38,8 +38,6 @@
|
||||||
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||||
simple-nixos-mailserver.inputs.nixpkgs-24_05.follows = "nixpkgs";
|
|
||||||
simple-nixos-mailserver.inputs.nixpkgs.follows = "unstable";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
|
|
@ -73,22 +73,23 @@
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."matrix-synapse-sliding-sync-secret" = {
|
|
||||||
file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age";
|
|
||||||
mode = "400";
|
|
||||||
owner = "matrix-synapse";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets."matrix-authentication-service-secret-config.yml" = {
|
age.secrets."matrix-authentication-service-secret-config.yml" = {
|
||||||
file = "${flake.self}/secrets/matrix-authentication-service-secret-config.yml.age";
|
file = "${flake.self}/secrets/matrix-authentication-service-secret-config.yml.age";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-authentication-service";
|
owner = "matrix-authentication-service";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# matrix-appservice-irc
|
||||||
|
age.secrets."matrix-appservice-irc-mediaproxy-signing-key" = {
|
||||||
|
file = "${flake.self}/secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "matrix-appservice-irc";
|
||||||
|
};
|
||||||
|
|
||||||
pub-solar-os.matrix = {
|
pub-solar-os.matrix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
appservice-irc.mediaproxy.signingKeyPath = config.age.secrets."matrix-appservice-irc-mediaproxy-signing-key".path;
|
||||||
synapse = {
|
synapse = {
|
||||||
sliding-sync.enable = false;
|
|
||||||
signing_key_path = config.age.secrets."matrix-synapse-signing-key".path;
|
signing_key_path = config.age.secrets."matrix-synapse-signing-key".path;
|
||||||
extra-config-files = [
|
extra-config-files = [
|
||||||
config.age.secrets."matrix-synapse-secret-config.yaml".path
|
config.age.secrets."matrix-synapse-secret-config.yaml".path
|
||||||
|
|
|
@ -10,11 +10,9 @@
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./backups.nix
|
./backups.nix
|
||||||
"${flake.inputs.fork}/nixos/modules/services//matrix/matrix-authentication-service.nix"
|
"${flake.inputs.fork}/nixos/modules/services//matrix/matrix-authentication-service.nix"
|
||||||
"${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
disabledModules = [
|
disabledModules = [
|
||||||
"services/matrix/matrix-authentication-service.nix "
|
"services/matrix/matrix-authentication-service.nix "
|
||||||
"services/web-apps/mastodon.nix"
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,8 +42,16 @@
|
||||||
owner = "matrix-authentication-service";
|
owner = "matrix-authentication-service";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# matrix-appservice-irc
|
||||||
|
age.secrets."matrix-appservice-irc-mediaproxy-signing-key" = {
|
||||||
|
file = "${flake.self}/secrets/staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "matrix-appservice-irc";
|
||||||
|
};
|
||||||
|
|
||||||
pub-solar-os.matrix = {
|
pub-solar-os.matrix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
appservice-irc.mediaproxy.signingKeyPath = config.age.secrets."matrix-appservice-irc-mediaproxy-signing-key".path;
|
||||||
synapse = {
|
synapse = {
|
||||||
extra-config-files = [
|
extra-config-files = [
|
||||||
config.age.secrets."staging-matrix-synapse-secret-config.yaml".path
|
config.age.secrets."staging-matrix-synapse-secret-config.yaml".path
|
||||||
|
|
|
@ -65,6 +65,7 @@
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
package = pkgs.forgejo;
|
||||||
user = "gitea";
|
user = "gitea";
|
||||||
group = "gitea";
|
group = "gitea";
|
||||||
database = {
|
database = {
|
||||||
|
@ -75,7 +76,7 @@
|
||||||
};
|
};
|
||||||
stateDir = "/var/lib/forgejo";
|
stateDir = "/var/lib/forgejo";
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
|
secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
|
||||||
settings = {
|
settings = {
|
||||||
DEFAULT.APP_NAME = "pub.solar git server";
|
DEFAULT.APP_NAME = "pub.solar git server";
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,8 @@
|
||||||
hostname = "auth.${config.pub-solar-os.networking.domain}";
|
hostname = "auth.${config.pub-solar-os.networking.domain}";
|
||||||
http-host = "127.0.0.1";
|
http-host = "127.0.0.1";
|
||||||
http-port = 8080;
|
http-port = 8080;
|
||||||
proxy = "edge";
|
proxy-headers = "xforwarded";
|
||||||
|
http-enabled = true;
|
||||||
};
|
};
|
||||||
themes = {
|
themes = {
|
||||||
"pub.solar" =
|
"pub.solar" =
|
||||||
|
|
|
@ -16,111 +16,128 @@ let
|
||||||
synapseClientPort = "${toString listenerWithClient.port}";
|
synapseClientPort = "${toString listenerWithClient.port}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.matrix-appservice-irc = {
|
options.pub-solar-os = {
|
||||||
enable = true;
|
matrix.appservice-irc.mediaproxy = {
|
||||||
localpart = "irc_bot";
|
signingKeyPath = lib.mkOption {
|
||||||
port = 8010;
|
description = "Path to file containing the IRC appservice mediaproxy signing key";
|
||||||
registrationUrl = "http://localhost:8010";
|
type = lib.types.str;
|
||||||
settings = {
|
default = "/var/lib/matrix-appservice-irc/media-signingkey.jwk";
|
||||||
homeserver = {
|
|
||||||
domain = "${config.pub-solar-os.networking.domain}";
|
|
||||||
url = "http://127.0.0.1:${synapseClientPort}";
|
|
||||||
media_url = "https://matrix.${config.pub-solar-os.networking.domain}";
|
|
||||||
enablePresence = false;
|
|
||||||
};
|
};
|
||||||
ircService = {
|
};
|
||||||
ident = {
|
};
|
||||||
address = "::";
|
config = {
|
||||||
enabled = false;
|
services.matrix-appservice-irc = {
|
||||||
port = 1113;
|
enable = true;
|
||||||
|
localpart = "irc_bot";
|
||||||
|
port = 8010;
|
||||||
|
registrationUrl = "http://localhost:8010";
|
||||||
|
settings = {
|
||||||
|
homeserver = {
|
||||||
|
domain = "${config.pub-solar-os.networking.domain}";
|
||||||
|
url = "http://127.0.0.1:${synapseClientPort}";
|
||||||
|
enablePresence = false;
|
||||||
};
|
};
|
||||||
logging = {
|
ircService = {
|
||||||
# set to debug for debugging
|
ident = {
|
||||||
level = "warn";
|
address = "::";
|
||||||
maxFiles = 5;
|
enabled = false;
|
||||||
toCosole = true;
|
port = 1113;
|
||||||
};
|
};
|
||||||
matrixHandler = {
|
logging = {
|
||||||
eventCacheSize = 4096;
|
# set to debug for debugging
|
||||||
};
|
level = "warn";
|
||||||
metrics = {
|
maxFiles = 5;
|
||||||
enabled = true;
|
toCosole = true;
|
||||||
remoteUserAgeBuckets = [
|
};
|
||||||
"1h"
|
matrixHandler = {
|
||||||
"1d"
|
eventCacheSize = 4096;
|
||||||
"1w"
|
};
|
||||||
];
|
mediaProxy = {
|
||||||
};
|
signingKeyPath = config.pub-solar-os.matrix.appservice-irc.mediaproxy.signingKeyPath;
|
||||||
provisioning = {
|
# keep media for 2 weeks
|
||||||
enabled = false;
|
ttlSeconds = 1209600;
|
||||||
requestTimeoutSeconds = 300;
|
bindPort = 11111;
|
||||||
};
|
publicUrl = "https:///matrix.${config.pub-solar-os.networking.domain}/media";
|
||||||
servers =
|
};
|
||||||
let
|
metrics = {
|
||||||
commonConfig = {
|
enabled = true;
|
||||||
allowExpiredCerts = false;
|
remoteUserAgeBuckets = [
|
||||||
botConfig = {
|
"1h"
|
||||||
enabled = false;
|
"1d"
|
||||||
joinChannelsIfNoUsers = false;
|
"1w"
|
||||||
nick = "MatrixBot";
|
];
|
||||||
};
|
};
|
||||||
dynamicChannels = {
|
provisioning = {
|
||||||
createAlias = true;
|
enabled = false;
|
||||||
enabled = true;
|
requestTimeoutSeconds = 300;
|
||||||
federate = true;
|
};
|
||||||
joinRule = "public";
|
servers =
|
||||||
published = true;
|
let
|
||||||
};
|
commonConfig = {
|
||||||
ircClients = {
|
allowExpiredCerts = false;
|
||||||
allowNickChanges = true;
|
botConfig = {
|
||||||
concurrentReconnectLimit = 50;
|
enabled = false;
|
||||||
idleTimeout = 10800;
|
joinChannelsIfNoUsers = false;
|
||||||
lineLimit = 3;
|
nick = "MatrixBot";
|
||||||
maxClients = 30;
|
};
|
||||||
nickTemplate = "$DISPLAY[m]";
|
dynamicChannels = {
|
||||||
reconnectIntervalMs = 5000;
|
createAlias = true;
|
||||||
};
|
enabled = true;
|
||||||
matrixClients = {
|
federate = true;
|
||||||
joinAttempts = -1;
|
joinRule = "public";
|
||||||
};
|
published = true;
|
||||||
membershipLists = {
|
};
|
||||||
enabled = true;
|
ircClients = {
|
||||||
floodDelayMs = 10000;
|
allowNickChanges = true;
|
||||||
global = {
|
concurrentReconnectLimit = 50;
|
||||||
ircToMatrix = {
|
idleTimeout = 10800;
|
||||||
incremental = true;
|
lineLimit = 3;
|
||||||
initial = true;
|
maxClients = 30;
|
||||||
};
|
nickTemplate = "$DISPLAY[m]";
|
||||||
matrixToIrc = {
|
reconnectIntervalMs = 5000;
|
||||||
incremental = true;
|
};
|
||||||
initial = true;
|
matrixClients = {
|
||||||
|
joinAttempts = -1;
|
||||||
|
};
|
||||||
|
membershipLists = {
|
||||||
|
enabled = true;
|
||||||
|
floodDelayMs = 10000;
|
||||||
|
global = {
|
||||||
|
ircToMatrix = {
|
||||||
|
incremental = true;
|
||||||
|
initial = true;
|
||||||
|
};
|
||||||
|
matrixToIrc = {
|
||||||
|
incremental = true;
|
||||||
|
initial = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
port = 6697;
|
||||||
|
privateMessages = {
|
||||||
|
enabled = true;
|
||||||
|
federate = true;
|
||||||
|
};
|
||||||
|
sasl = false;
|
||||||
|
sendConnectionMessages = true;
|
||||||
|
ssl = true;
|
||||||
};
|
};
|
||||||
port = 6697;
|
in
|
||||||
privateMessages = {
|
{
|
||||||
enabled = true;
|
"irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig {
|
||||||
federate = true;
|
name = "libera";
|
||||||
|
dynamicChannels.groupId = "+libera.chat:localhost";
|
||||||
|
dynamicChannels.aliasTemplate = "#_libera_$CHANNEL";
|
||||||
|
matrixClients.displayName = "$NICK (LIBERA-IRC)";
|
||||||
|
};
|
||||||
|
"irc.scratch-network.net" = lib.attrsets.recursiveUpdate commonConfig {
|
||||||
|
name = "scratch";
|
||||||
|
matrixClients.displayName = "$NICK (SCRATCH-IRC)";
|
||||||
|
dynamicChannels.aliasTemplate = "#_scratch_$CHANNEL";
|
||||||
|
dynamicChannels.groupId = "+scratch-network.net:localhost";
|
||||||
};
|
};
|
||||||
sasl = false;
|
|
||||||
sendConnectionMessages = true;
|
|
||||||
ssl = true;
|
|
||||||
};
|
};
|
||||||
in
|
};
|
||||||
{
|
|
||||||
"irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig {
|
|
||||||
name = "libera";
|
|
||||||
dynamicChannels.groupId = "+libera.chat:localhost";
|
|
||||||
dynamicChannels.aliasTemplate = "#_libera_$CHANNEL";
|
|
||||||
matrixClients.displayName = "$NICK (LIBERA-IRC)";
|
|
||||||
};
|
|
||||||
"irc.scratch-network.net" = lib.attrsets.recursiveUpdate commonConfig {
|
|
||||||
name = "scratch";
|
|
||||||
matrixClients.displayName = "$NICK (SCRATCH-IRC)";
|
|
||||||
dynamicChannels.aliasTemplate = "#_scratch_$CHANNEL";
|
|
||||||
dynamicChannels.groupId = "+scratch-network.net:localhost";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -32,11 +32,6 @@ in
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
|
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
|
||||||
};
|
};
|
||||||
|
|
||||||
sliding-sync.enable = lib.mkEnableOption {
|
|
||||||
description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+";
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
matrix-authentication-service = {
|
matrix-authentication-service = {
|
||||||
|
@ -339,18 +334,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-sliding-sync = {
|
|
||||||
enable = config.pub-solar-os.matrix.synapse.sliding-sync.enable;
|
|
||||||
settings = {
|
|
||||||
SYNCV3_SERVER = "https://${publicDomain}";
|
|
||||||
SYNCV3_BINDADDR = "127.0.0.1:8011";
|
|
||||||
# The bind addr for Prometheus metrics, which will be accessible at
|
|
||||||
# /metrics at this address
|
|
||||||
SYNCV3_PROM = "127.0.0.1:9100";
|
|
||||||
};
|
|
||||||
environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
pub-solar-os.backups.restic.matrix-synapse = {
|
pub-solar-os.backups.restic.matrix-synapse = {
|
||||||
paths = [
|
paths = [
|
||||||
"/var/lib/matrix-synapse"
|
"/var/lib/matrix-synapse"
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
home = "/var/lib/nextcloud";
|
home = "/var/lib/nextcloud";
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nextcloud29;
|
package = pkgs.nextcloud30;
|
||||||
https = true;
|
https = true;
|
||||||
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
|
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
|
||||||
maxUploadSize = "1G";
|
maxUploadSize = "1G";
|
||||||
|
@ -45,7 +45,6 @@
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
dbname = "nextcloud";
|
dbname = "nextcloud";
|
||||||
dbtableprefix = "oc_";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
|
|
@ -120,6 +120,13 @@ in
|
||||||
extraConfig = commonHeaders;
|
extraConfig = commonHeaders;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# For IRC appservice media proxy
|
||||||
|
"/media" = {
|
||||||
|
priority = 100;
|
||||||
|
proxyPass = "http://127.0.0.1:${toString (config.services.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort)}";
|
||||||
|
extraConfig = commonHeaders;
|
||||||
|
};
|
||||||
|
|
||||||
# Forward to the auth service
|
# Forward to the auth service
|
||||||
"~ ^/_matrix/client/(.*)/(login|logout|refresh)" = {
|
"~ ^/_matrix/client/(.*)/(login|logout|refresh)" = {
|
||||||
priority = 100;
|
priority = 100;
|
||||||
|
|
|
@ -16,8 +16,6 @@
|
||||||
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
||||||
inherit (inputs) element-stickers maunium-stickerpicker;
|
inherit (inputs) element-stickers maunium-stickerpicker;
|
||||||
};
|
};
|
||||||
mastodon = unstable.mastodon;
|
|
||||||
matrix-authentication-service = unstable.matrix-authentication-service;
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
BIN
secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age
Normal file
BIN
secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age
Normal file
Binary file not shown.
|
@ -1,45 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 iDKjwg GPTqfaZZC6ze7BUkT1uF4VslvE29BFKm0+AlJk+DKQQ
|
|
||||||
GxI7erqw8p3GrCArh5vZOiTmYh40DVisCphNyFhNTqM
|
|
||||||
-> ssh-ed25519 uYcDNw oo52Nh9BCO5NNF0YyzracKfvMifSiREsxyQqiRZ6WTs
|
|
||||||
JvqwRX5yOMtEYgWyc7dIQs85wDghMRHQCIi6t5QxIwo
|
|
||||||
-> ssh-rsa f5THog
|
|
||||||
w+B5hc0E9u1fFWNNPaTtPmJfPJWUBbRwHYK/T69g2ORNfaBYynl0LL4vSUs8o9Gw
|
|
||||||
rwBY+cLpth6e4tS819H5C7HtvT47KR3KF8JLxVjA2mbVO83+BnWFjThjYB452CdI
|
|
||||||
KZvQQPhkSH/43YF6pjxnQjNWB/wroScyjGVtUamcij7YHxt71z0AAnyqE5PgWEc6
|
|
||||||
6/ao5gLfTKhcWpxkTTz8LHn05s9IppXywDrvpwtJaU8LKgJT2H6Epsaci348lG+I
|
|
||||||
tAZYODhQqP+yKl92DZbuQQCjxH5CJfhdBs2ZR63hQPj9OrIFRjLg4V+1gdcxzAuz
|
|
||||||
9FwwIeLq3uxWXPdwTRR8RUsHEGhKMcVty4PkW0vlt+VwZrZBhdz3k+ApVG7Jvclz
|
|
||||||
MPZYLzKC0DiODqPuA23ye6suFRCHXYfq3ZyCIIN6wOci0X0crSr9ZXW4M8R7aWaZ
|
|
||||||
XDeZRaUgvd54WI0HZhVWBvJQyswgUXf+/RkS4aI8IgnNV801x12h+mTdWX9BC/cD
|
|
||||||
YRIWBnGkfTX4WM4OEE2VEgqSDuKl/90o2LFIquIIJULVd2Vs5C2S8FhJcsT7+HmL
|
|
||||||
TFWnLeIfGbw7RDUeH0c/Bbg9NK11SZF0/VdRZcBQ/zIXBMBlL1EZsH1HfIfhKISN
|
|
||||||
PyHFB5kfmuVIBhDXgtDdgjKfDmQL9/9Aq1U4ZMBcUKA
|
|
||||||
-> ssh-rsa kFDS0A
|
|
||||||
KysKtr7wrKKJ8w+Dj7qjJstyXtKIw9weFi9oVwJkMvy2utn+JARs7puh7KC27TXC
|
|
||||||
slZJrHf4vx+y8qSjRS0W4z8CPl8/auiYOilepT9JoxwGUP7J/nTr5SCofgWcdZm5
|
|
||||||
FtgHoCcABjzcF+mrKUofuqrx6oYSDCS0JkV2tClQI6ybXnjRwIIicLmBN9UDHCuU
|
|
||||||
9ZOesYp5XrJyBoD3Zv51b19xJyOfuWAUQvlNPRH2TpgvisutpESU/o869z5AMn4Z
|
|
||||||
BfDD/0oR1ALbk/sB3r13Xi6oJZAB2AbggoQRlwvPeWc3MdS+bFNV2o2ue0ov6Fkd
|
|
||||||
U5C/GnJVlyE0cv9I+YvxtLT6T/Gf/yoUZGfB7xD5QkHpMIEmKxUYqGNBB/NcnFMY
|
|
||||||
Tal8jMDtZDEk+uk0MahE7GsL6Z3xrkKTevG+Rr3j+beFYie2RJbNwwUyQ1lL3EoA
|
|
||||||
Rx1AMk+nYlvxVHiciYJNh9nffgAXXwO255IkWvYzmuPBEP1LmqadA4fQPf5Rgj3u
|
|
||||||
DuOX3hJ+rIyRIoDXOZio3SDf+bb380xCxF+7efJ27Ep0sFviAq5qKeptbyt51Dp8
|
|
||||||
tlbeYAylhVbV9Zgd+EozwE7Btlfqt3sbUij/0Iy+BdOYSPLmvx3oKybpipZ0i3fo
|
|
||||||
KR/bZHlMKF1Ipd5L7zEwh5aTjImuomoyRyZG3NWdv44
|
|
||||||
-> piv-p256 vRzPNw A7FwWUuml/VyHcOmha3R/DOg1RvnRXcwjaJJH/sgmsBR
|
|
||||||
+CP1/qY8sHbR7nkFl1T5HPsjYLRPDCSR01DEJaim96o
|
|
||||||
-> piv-p256 zqq/iw AgYhaJWqe+QbVCHkXsU7AQhWhte/fjwVbOgmHVRPHsEE
|
|
||||||
7jNmDI62i/9RakJhbo3MP0qMgXYGlhAW9BKo8HLWQYc
|
|
||||||
-> ssh-ed25519 YFSOsg cGPMyhqcd20TDBeMkSDJ8hQ/vE9cuDgVi1hfcwAKVjw
|
|
||||||
U9GRSr607w5oUGr0rC6XqdWMD65JidY/Ri3Ex1dmGXI
|
|
||||||
-> ssh-ed25519 iHV63A cW7bblsvL1TwI6lp8KjPfUwB5EzWilLhc6Z2geE3SQw
|
|
||||||
PzBdZ/LXA7iGI7ZjErredqC7ehHsr5MCY3qENv0nZI8
|
|
||||||
-> ssh-ed25519 BVsyTA AGDqp6Rrp2vStBU9+eJMGf5O4SZQIASE63n8vbf8PEs
|
|
||||||
SFakjoivQrFkSUBGZ9sISKVhAxNOpc2RxugiBTSK9/k
|
|
||||||
-> ssh-ed25519 +3V2lQ MmMv45CQFAdgkV/B7InOY22iXzvIU8TY41SV5Jxx7RQ
|
|
||||||
vNIRE5wSXVzy4miZLV90T1TEOhOjYQT12GWtZpsTxJ8
|
|
||||||
--- EBBXvYr1OpETpgXOsUfJn6h1e4rXF+olz6DbhDUWCcw
|
|
||||||
.Œ
|
|
||||||
ösÊ~¦—åHͯk‘ 2 ¦À9<C380>¶§Bz¤¨?°3ëþTÇJ`§gº¦P°çioÙÜr<C39C>Š€" ØÝöwÒs-K€6©òšfÝ
|
|
||||||
ß0XÎŒvù‘Xª&£8
š¶gÐ=ÄzrH¥jh>
|
|
|
@ -67,12 +67,14 @@ in
|
||||||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
||||||
"matrix-authentication-service-secret-config.yml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-authentication-service-secret-config.yml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"matrix-appservice-irc-mediaproxy-signing-key.jwk.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
|
"staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
|
||||||
"staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
|
"staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
|
||||||
undergroundKeys ++ adminKeys;
|
undergroundKeys ++ adminKeys;
|
||||||
|
"staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age".publicKeys =
|
||||||
|
undergroundKeys ++ adminKeys;
|
||||||
|
|
||||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
Binary file not shown.
Loading…
Reference in a new issue