batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

refactor: Clean up many things

Browse source
This commit is contained in:
batteredbunny 2025-04-19 04:23:06 +03:00
parent a935356956
commit d88878a0dc
8 changed files with 162 additions and 146 deletions
Download patch file Download diff file Expand all files Collapse all files

69
caddy.nix
View file

@ -1,27 +1,8 @@
{ config { config
, pkgs , pkgs
, inputs , inputs
, settings
, ... , ...
}: }: {
let
elementClient = pkgs.element-web.override {
conf = {
default_server_config.default_server_name = "catnip.ee";
element_call.use_exclusively = true;
features = {
feature_video_rooms = true;
feature_element_call_video_rooms = true;
};
};
};
synapse-admin = pkgs.synapse-admin.override {
baseUrl = "https://matrix.catnip.ee";
};
in
{
systemd.services.caddy = { systemd.services.caddy = {
serviceConfig = { serviceConfig = {
# Required to use ports < 1024 # Required to use ports < 1024
@ -51,7 +32,6 @@ in
respond owo respond owo
''; '';
"http://syncthing.internal".extraConfig = '' "http://syncthing.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10 @local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local http://${config.services.syncthing.guiAddress} reverse_proxy @local http://${config.services.syncthing.guiAddress}
@ -63,7 +43,6 @@ in
hide .Trash-1000 hide .Trash-1000
} }
''; '';
"files.catnip.ee".extraConfig = '' "files.catnip.ee".extraConfig = ''
tls { tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN} dns cloudflare {env.CLOUDFLARE_API_TOKEN}
@ -79,51 +58,6 @@ in
hide .Trash-1000 hide .Trash-1000
} }
''; '';
"chat.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
root * ${elementClient}
file_server
'';
"synapse-admin.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
root * ${synapse-admin}
file_server
'';
"matrix.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
reverse_proxy :${toString settings.ports.synapse}
redir /telegram /telegram/
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
}
handle /.well-known/matrix/server {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.server": "matrix.catnip.ee:443"}`
}
handle /telegram/* {
reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port}
}
'';
"catnip.ee".extraConfig = '' "catnip.ee".extraConfig = ''
tls { tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN} dns cloudflare {env.CLOUDFLARE_API_TOKEN}
@ -154,7 +88,6 @@ in
redir https://catnip.ee{uri} permanent redir https://catnip.ee{uri} permanent
''; '';
":80".extraConfig = '' ":80".extraConfig = ''
respond awawaw respond awawaw
''; '';

73
configuration.nix
View file

@ -1,7 +1,6 @@
{ config { config
, pkgs , pkgs
, inputs , inputs
, settings
, lib , lib
, ... , ...
}: { }: {
@ -21,9 +20,6 @@
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [
"olm-3.2.16" # mautrix-telegram is still using the old one ugh
];
}; };
overlays = [ overlays = [
@ -190,17 +186,11 @@
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/lib/caddy" "/var/lib/caddy"
"/var/lib/syncthing" "/var/lib/syncthing"
"/var/lib/matrix-synapse"
"/etc/secrets" "/etc/secrets"
"/etc/nixos" "/etc/nixos"
]; ];
exclude = [
"/var/lib/matrix-synapse/media_store/remote_content"
"/var/lib/matrix-synapse/media_store/remote_thumbnail"
];
repo = "ssh://uq9l5635@uq9l5635.repo.borgbase.com/./repo"; repo = "ssh://uq9l5635@uq9l5635.repo.borgbase.com/./repo";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
@ -263,69 +253,6 @@
''; '';
}; };
# /var/lib/matrix-synapse
matrix-synapse = {
enable = true;
extraConfigFiles = [
"/etc/secrets/synapse.yaml"
];
settings = {
enable_registration = true;
registration_requires_token = true;
max_upload_size = "250M";
server_name = "catnip.ee";
public_baseurl = "https://matrix.catnip.ee/";
# Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run
# email = {
# smtp_host = "mx1.sly.ee";
# smtp_user = "matrix@catnip.ee";
# smtp_pass = "";
# force_tls = true;
# notif_from = "Matrix <matrix@catnip.ee>";
# app_name = "Catnip.ee matrix";
# };
server_notices = {
system_mxid_localpart = "server";
system_mxid_display_name = "Server Notices";
system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm";
room_name = "Server Notices";
auto_join = true;
};
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
};
};
listeners = [
{
bind_addresses = [ "127.0.0.1" ];
port = settings.ports.synapse;
resources = [
{
compress = true;
names = [ "client" "federation" ];
}
];
tls = false;
type = "http";
x_forwarded = true;
}
];
turn_uris = [
"turn:${config.services.coturn.realm}:3478?transport=udp"
"turn:${config.services.coturn.realm}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
};
};
openssh = { openssh = {
enable = true; enable = true;
settings = { settings = {

4
flake.nix
View file

@ -43,10 +43,10 @@
, nixpkgs , nixpkgs
, ... , ...
} @ inputs: { } @ inputs: {
nixosConfigurations.server = nixpkgs.lib.nixosSystem rec { nixosConfigurations.server = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs system; inherit inputs self;
settings = import ./settings.nix { }; settings = import ./settings.nix { };
}; };
modules = [ ./configuration.nix ]; modules = [ ./configuration.nix ];

2
services/default.nix
View file

@ -1,6 +1,5 @@
{ ... }: { { ... }: {
imports = [ imports = [
./mautrix.nix
./jellyfin.nix ./jellyfin.nix
./mastodon.nix ./mastodon.nix
./archivebox.nix ./archivebox.nix
@ -24,5 +23,6 @@
./komga.nix ./komga.nix
./prosody.nix ./prosody.nix
./scrutiny.nix ./scrutiny.nix
./matrix
]; ];
} }

7
services/matrix/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
imports = [
./synapse.nix
./mautrix.nix
./extras.nix
];
}

40
services/matrix/extras.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, ... }:
let
elementClient = pkgs.element-web.override {
conf = {
default_server_config.default_server_name = "catnip.ee";
element_call.use_exclusively = true;
features = {
feature_video_rooms = true;
feature_element_call_video_rooms = true;
};
};
};
synapse-admin = pkgs.synapse-admin.override {
baseUrl = "https://matrix.catnip.ee";
};
in
{
services.caddy.virtualHosts = {
"chat.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
root * ${elementClient}
file_server
'';
"synapse-admin.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
root * ${synapse-admin}
file_server
'';
};
}

10
services/mautrix.nix → services/matrix/mautrix.nix
View file

@ -1,6 +1,8 @@
{ pkgs, settings, ... }: let { pkgs, settings, ... }:
let
appservicePort = 8009; appservicePort = 8009;
in { in
{
virtualisation.oci-containers.containers.mautrix-discord = { virtualisation.oci-containers.containers.mautrix-discord = {
autoStart = true; autoStart = true;
image = "dock.mau.dev/mautrix/discord:v0.7.2"; image = "dock.mau.dev/mautrix/discord:v0.7.2";
@ -12,6 +14,10 @@ in {
]; ];
}; };
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16" # mautrix-telegram is still using the old one ugh
];
services = { services = {
# mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html # mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html
caddy.virtualHosts."discord-media.catnip.ee".extraConfig = '' caddy.virtualHosts."discord-media.catnip.ee".extraConfig = ''

103
services/matrix/synapse.nix Normal file
View file

@ -0,0 +1,103 @@
{ config, settings, ... }: {
services = {
# /var/lib/matrix-synapse
matrix-synapse = {
enable = true;
extraConfigFiles = [
"/etc/secrets/synapse.yaml"
];
settings = {
enable_registration = true;
registration_requires_token = true;
max_upload_size = "250M";
server_name = "catnip.ee";
public_baseurl = "https://matrix.catnip.ee/";
# Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run
# email = {
# smtp_host = "mx1.sly.ee";
# smtp_user = "matrix@catnip.ee";
# smtp_pass = "";
# force_tls = true;
# notif_from = "Matrix <matrix@catnip.ee>";
# app_name = "Catnip.ee matrix";
# };
server_notices = {
system_mxid_localpart = "server";
system_mxid_display_name = "Server Notices";
system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm";
room_name = "Server Notices";
auto_join = true;
};
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
};
};
listeners = [
{
bind_addresses = [ "127.0.0.1" ];
port = settings.ports.synapse;
resources = [
{
compress = true;
names = [ "client" "federation" ];
}
];
tls = false;
type = "http";
x_forwarded = true;
}
];
turn_uris = [
"turn:${config.services.coturn.realm}:3478?transport=udp"
"turn:${config.services.coturn.realm}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
};
};
caddy.virtualHosts."matrix.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
reverse_proxy :${toString settings.ports.synapse}
redir /telegram /telegram/
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
}
handle /.well-known/matrix/server {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.server": "matrix.catnip.ee:443"}`
}
handle /telegram/* {
reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port}
}
'';
borgbackup.jobs."borgbase" = {
paths = [
"/var/lib/matrix-synapse"
];
exclude = [
"/var/lib/matrix-synapse/media_store/remote_content"
"/var/lib/matrix-synapse/media_store/remote_thumbnail"
];
};
};
}