{ flake, config, pkgs, ... }: { # Use GRUB2 as the boot loader. boot.loader.grub = { enable = true; devices = [ "/dev/vda" ]; }; pub-solar-os.networking.domain = "test.pub.solar"; systemd.tmpfiles.rules = [ "f /tmp/dbf 1777 root root 10d password" ]; # keycloak pub-solar-os.auth = { enable = true; database-password-file = "/tmp/dbf"; }; services.keycloak.database.createLocally = true; # matrix-synapse # test.pub.solar /.well-known is required for federation services.nginx.virtualHosts."${config.pub-solar-os.networking.domain}" = { default = true; enableACME = true; forceSSL = true; }; age.secrets."staging-matrix-synapse-secret-config.yaml" = { file = "${flake.self}/secrets/staging-matrix-synapse-secret-config.yaml.age"; mode = "400"; owner = "matrix-synapse"; }; age.secrets."staging-matrix-authentication-service-secret-config.yml" = { file = "${flake.self}/secrets/staging-matrix-authentication-service-secret-config.yml.age"; mode = "400"; owner = "matrix-authentication-service"; }; pub-solar-os.matrix = { enable = true; synapse = { extra-config-files = [ config.age.secrets."staging-matrix-synapse-secret-config.yaml".path # The registration file is automatically generated after starting the # appservice for the first time. # cp /var/lib/mautrix-telegram/telegram-registration.yaml \ # /var/lib/matrix-synapse/ # chown matrix-synapse:matrix-synapse \ # /var/lib/matrix-synapse/telegram-registration.yaml #"/var/lib/matrix-synapse/telegram-registration.yaml" ]; app-service-config-files = [ "/var/lib/matrix-appservice-irc/registration.yml" #"/var/lib/matrix-synapse/telegram-registration.yaml" ]; }; matrix-authentication-service.extra-config-files = [ config.age.secrets."staging-matrix-authentication-service-secret-config.yml".path ]; }; services.openssh.openFirewall = true; system.stateVersion = "24.05"; }