mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
Compare commits
2 commits
f4fc1ccdf3
...
6159a76a85
Author | SHA1 | Date | |
---|---|---|---|
Rouven Seifert | 6159a76a85 | ||
Rouven Seifert | b0ccdd3924 |
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1,4 +1,5 @@
|
||||||
*.swp
|
*.swp
|
||||||
result
|
result*
|
||||||
*.qcow2
|
*.qcow2
|
||||||
.Trash*
|
.Trash*
|
||||||
|
|
||||||
|
|
12
flake.lock
12
flake.lock
|
@ -180,11 +180,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708806879,
|
"lastModified": 1709204054,
|
||||||
"narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=",
|
"narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a",
|
"rev": "2f3367769a93b226c467551315e9e270c3f78b15",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -296,11 +296,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708807242,
|
"lastModified": 1709150264,
|
||||||
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
|
"narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
|
"rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
./modules/hydra
|
./modules/hydra
|
||||||
# ./modules/prometheus
|
# ./modules/prometheus
|
||||||
./modules/matrix
|
./modules/matrix
|
||||||
|
./modules/mautrix-telegram
|
||||||
./modules/seafile
|
./modules/seafile
|
||||||
./modules/uptime-kuma
|
./modules/uptime-kuma
|
||||||
./modules/vaultwarden
|
./modules/vaultwarden
|
||||||
|
|
74
hosts/nuc/modules/mautrix-telegram/default.nix
Normal file
74
hosts/nuc/modules/mautrix-telegram/default.nix
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
homeserverDomain = config.services.matrix-synapse.settings.server_name;
|
||||||
|
registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml";
|
||||||
|
registrationFileMautrix = "/var/lib/mautrix-telegram/telegram-registration.yaml";
|
||||||
|
settingsFile = builtins.head (builtins.match ".*--config='(.*)' \\\\.*" config.systemd.services.mautrix-telegram.preStart);
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "mautrix-telegram";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}];
|
||||||
|
ensureDatabases = [ "mautrix-telegram" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mautrix-telegram = {
|
||||||
|
file = ../../../../secrets/nuc/mautrix-telegram/env.age;
|
||||||
|
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.matrix-synapse.settings.app_service_config_files = [
|
||||||
|
# The registration file is automatically generated after starting the
|
||||||
|
# appservice for the first time.
|
||||||
|
registrationFileSynapse
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
# copy registration file over to synapse
|
||||||
|
"C ${registrationFileSynapse} - - - - ${registrationFileMautrix}"
|
||||||
|
"Z /var/lib/matrix-synapse/ - matrix-synapse matrix-synapse - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.mautrix-telegram = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
environmentFile = config.age.secrets.mautrix-telegram.path;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
homeserver = {
|
||||||
|
address = "http://[::1]:8008";
|
||||||
|
domain = homeserverDomain;
|
||||||
|
};
|
||||||
|
|
||||||
|
appservice = rec {
|
||||||
|
# Use postgresql instead of sqlite
|
||||||
|
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
|
||||||
|
port = 8082;
|
||||||
|
address = "http://localhost:${toString port}";
|
||||||
|
};
|
||||||
|
|
||||||
|
bridge = {
|
||||||
|
relaybot.authless_portals = false;
|
||||||
|
permissions = {
|
||||||
|
"@rouven:${homeserverDomain}" = "admin";
|
||||||
|
};
|
||||||
|
relay_user_distinguishers = [ ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile
|
||||||
|
# and write them to the settingsFile in /nix/store, which obviously fails.
|
||||||
|
systemd.services.mautrix-telegram.serviceConfig.ExecStart =
|
||||||
|
lib.mkForce (pkgs.writeShellScript "start" ''
|
||||||
|
export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-)
|
||||||
|
export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-)
|
||||||
|
|
||||||
|
${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}'
|
||||||
|
'');
|
||||||
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@ in
|
||||||
initialAdminPassword = "unused garbage";
|
initialAdminPassword = "unused garbage";
|
||||||
ccnetSettings.General.SERVICE_URL = "https://${domain}";
|
ccnetSettings.General.SERVICE_URL = "https://${domain}";
|
||||||
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
|
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
|
||||||
|
seafileSettings.fileserver.port = 8083;
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -18,6 +18,7 @@ in
|
||||||
# nuc
|
# nuc
|
||||||
"secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
|
||||||
|
"secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
|
||||||
|
|
BIN
secrets/nuc/mautrix-telegram/env.age
Normal file
BIN
secrets/nuc/mautrix-telegram/env.age
Normal file
Binary file not shown.
|
@ -64,7 +64,7 @@
|
||||||
|
|
||||||
# fancy tools
|
# fancy tools
|
||||||
just
|
just
|
||||||
(himalaya.override { buildFeatures = [ "pgp-commands" ]; })
|
himalaya
|
||||||
# strace but with colors
|
# strace but with colors
|
||||||
(strace.overrideAttrs (_: {
|
(strace.overrideAttrs (_: {
|
||||||
patches = [
|
patches = [
|
||||||
|
|
Loading…
Reference in a new issue