matrix-authentication-service: init, test, migrate synapse #250

Merged
teutat3s merged 11 commits from mas-init into main 2024-10-30 20:02:54 +00:00
7 changed files with 59 additions and 26 deletions
Showing only changes of commit 9d7d251369 - Show all commits

View file

@ -82,7 +82,6 @@
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
pub-solar-os.matrix-synapse = { pub-solar-os.matrix-synapse = {
enable = true; enable = true;
sliding-sync.enable = true; sliding-sync.enable = true;

View file

@ -79,10 +79,16 @@
{ name = "oauth"; } { name = "oauth"; }
{ name = "compat"; } { name = "compat"; }
{ name = "graphql"; } { name = "graphql"; }
{ name = "assets"; path = "${config.services.matrix-authentication-service.package}/share/matrix-authentication-service/assets"; } {
name = "assets";
path = "${config.services.matrix-authentication-service.package}/share/matrix-authentication-service/assets";
}
]; ];
binds = [ binds = [
{ host = "0.0.0.0"; port = 8090; } {
host = "0.0.0.0";
port = 8090;
}
]; ];
proxy_protocol = false; proxy_protocol = false;
} }
@ -92,7 +98,10 @@
{ name = "health"; } { name = "health"; }
]; ];
binds = [ binds = [
{ host = "0.0.0.0"; port = 8081; } {
host = "0.0.0.0";
port = 8081;
}
]; ];
proxy_protocol = false; proxy_protocol = false;
} }

View file

@ -1,14 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -16,19 +29,19 @@
device = "/dev/disk/by-label/cryptroot"; device = "/dev/disk/by-label/cryptroot";
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/root"; device = "/dev/disk/by-label/root";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/boot"; device = "/dev/disk/by-label/boot";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-label/swap"; } { device = "/dev/disk/by-label/swap"; }
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

View file

@ -13,11 +13,17 @@
address = "80.244.242.1"; address = "80.244.242.1";
interface = "enp1s0"; interface = "enp1s0";
}; };
nameservers = ["95.129.51.51" "80.244.244.244"]; nameservers = [
"95.129.51.51"
"80.244.244.244"
];
interfaces.enp1s0 = { interfaces.enp1s0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
{ address = "80.244.242.3"; prefixLength = 29; } {
address = "80.244.242.3";
prefixLength = 29;
}
]; ];
}; };
}; };

View file

@ -16,13 +16,13 @@ in
app-service-config-files = lib.mkOption { app-service-config-files = lib.mkOption {
description = "List of app service config files"; description = "List of app service config files";
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = []; default = [ ];
}; };
extra-config-files = lib.mkOption { extra-config-files = lib.mkOption {
description = "List of extra synapse config files"; description = "List of extra synapse config files";
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = []; default = [ ];
}; };
signing_key_path = lib.mkOption { signing_key_path = lib.mkOption {

View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
default_server_config = { default_server_config = {
"m.homeserver" = { "m.homeserver" = {

View file

@ -70,7 +70,8 @@ in
"nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; "nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys; "underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
"underground-matrix-authentication-service-secret-config.yml.age".publicKeys = undergroundKeys ++ adminKeys; "underground-matrix-authentication-service-secret-config.yml.age".publicKeys =
undergroundKeys ++ adminKeys;
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;