tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

Merge branch 'alpine/master' into nixbook/master

Browse source
This commit is contained in:
Tristan 2024-05-01 13:42:13 +01:00
commit 68bf957891
9 changed files with 119 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
flake.nix
View file

@ -67,8 +67,10 @@
./nixos/services/prometheus.nix ./nixos/services/prometheus.nix
./nixos/services/grafana.nix ./nixos/services/grafana.nix
./nixos/services/synapse.nix ./nixos/services/synapse.nix
./nixos/services/whatsapp.nix ./nixos/services/mautrix/whatsapp.nix
./nixos/services/mautrix/signal.nix
./nixos/services/nextcloud.nix ./nixos/services/nextcloud.nix
./nixos/services/ntfy.nix
] []; ] [];
vm-sway = vm-sway =

8
hardware/alpine.nix
View file

@ -140,14 +140,6 @@ in {
enableACME = true; enableACME = true;
root = "/srv/www/tristans.cloud"; root = "/srv/www/tristans.cloud";
}; };
"*.thebeanbakery.xyz" = {
globalRedirect = "thebeanbakery.xyz";
};
"thebeanbakery.xyz" = {
forceSSL = true;
enableACME = true;
root = "/srv/www/thebeanbakery.xyz";
};
"auth.tristans.cloud" = { "auth.tristans.cloud" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

29
nixos/services/mautrix/instagram.nix Normal file
View file

@ -0,0 +1,29 @@
{config, ...}: let
inherit (config) sops;
inherit (sops) templates placeholder;
inherit (import ./lib.nix) toAppRegistration;
in {
sops.secrets = {
"mautrix-instagram/as_token" = {};
"mautrix-instagram/hs_token" = {};
};
sops.templates = {
"mautrix-instagram/appservice.yaml" = {
owner = "matrix-synapse";
content = toAppRegistration {
id = "instagram";
port = 29328;
as_token = placeholder."mautrix-instagram/as_token";
hs_token = placeholder."mautrix-instagram/hs_token";
sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";
"de.sorunome.msc2409.push_ephemeral" = true;
};
};
};
# mautrix-instagram server currently in ansible/podman
services.matrix-synapse.settings.app_service_config_files = [
templates."mautrix-instagram/appservice.yaml".path
];
}

27
nixos/services/mautrix/lib.nix Normal file
View file

@ -0,0 +1,27 @@
{
toAppRegistration = {
port,
id,
as_token,
hs_token,
sender_localpart,
rate_limited ? false,
...
} @ conf:
builtins.toJSON ({
namespaces = {
users = [
{
exclusive = true;
regex = "^@${id}_.*:tristans.cloud$";
}
{
exclusive = true;
regex = "^@${id}bot:tristans.cloud$";
}
];
};
url = "http://localhost:${toString port}";
}
// conf);
}

29
nixos/services/mautrix/signal.nix Normal file
View file

@ -0,0 +1,29 @@
{config, ...}: let
inherit (config) sops;
inherit (sops) templates placeholder;
inherit (import ./lib.nix) toAppRegistration;
in {
sops.secrets = {
"mautrix-signal/as_token" = {};
"mautrix-signal/hs_token" = {};
};
sops.templates = {
"mautrix-signal/appservice.yaml" = {
owner = "matrix-synapse";
content = toAppRegistration {
id = "signal";
port = 29328;
as_token = placeholder."mautrix-signal/as_token";
hs_token = placeholder."mautrix-signal/hs_token";
sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";
"de.sorunome.msc2409.push_ephemeral" = true;
};
};
};
# mautrix-signal server currently in ansible/podman
services.matrix-synapse.settings.app_service_config_files = [
templates."mautrix-signal/appservice.yaml".path
];
}

27
nixos/services/whatsapp.nix → nixos/services/mautrix/whatsapp.nix
View file

@ -1,32 +1,7 @@
{config, ...}: let {config, ...}: let
inherit (config) sops; inherit (config) sops;
inherit (sops) templates placeholder; inherit (sops) templates placeholder;
inherit (import ./lib.nix) toAppRegistration;
toAppRegistration = {
port,
id,
as_token,
hs_token,
sender_localpart,
rate_limited ? false,
...
} @ conf:
builtins.toJSON ({
namespaces = {
users = [
{
exclusive = true;
regex = "^@${id}_.*:tristans.cloud$";
}
{
exclusive = true;
regex = "^@${id}bot:tristans.cloud$";
}
];
};
url = "http://localhost:${toString port}";
}
// conf);
in { in {
sops.secrets = { sops.secrets = {
"mautrix-whatsapp/as_token" = {}; "mautrix-whatsapp/as_token" = {};

19
nixos/services/ntfy.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
let
domain = "up.${config.networking.domain}";
port = 8080;
in
{
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://${domain}";
listen-http = ":${toString port}";
};
};
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString port}";
};
}

5
nixos/services/prometheus.nix
View file

@ -1,8 +1,9 @@
{config, ...}: let {config, ...}: let
inherit (config.services) prometheus; inherit (config.services) prometheus;
nodes = [ nodes = [
"100.65.29.110" "alpine"
"100.106.241.122" "fcs-tristan-nixbook"
"zenix"
]; ];
addPort = ip: "${ip}:${toString prometheus.exporters.node.port}"; addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
in { in {

10
secrets/secrets.yaml
View file

@ -13,6 +13,12 @@ synapse:
mautrix-whatsapp: mautrix-whatsapp:
as_token: ENC[AES256_GCM,data:x1iIfwaRdSzC7wo684FY5ZCytj+uQSS2k8UZ/Sm/0gy7jnjsb6Eyl0I5tdNf7mYk2gdTtfmc+dVThOP3aGIZXQ==,iv:hvVr1MZfpLewomTW5pUhOvrQ2fEkQy4LNnfqslkeFgQ=,tag:5eUZLn5Bd2D5GWyIx9xevw==,type:str] as_token: ENC[AES256_GCM,data:x1iIfwaRdSzC7wo684FY5ZCytj+uQSS2k8UZ/Sm/0gy7jnjsb6Eyl0I5tdNf7mYk2gdTtfmc+dVThOP3aGIZXQ==,iv:hvVr1MZfpLewomTW5pUhOvrQ2fEkQy4LNnfqslkeFgQ=,tag:5eUZLn5Bd2D5GWyIx9xevw==,type:str]
hs_token: ENC[AES256_GCM,data:y8q41zg1NFco0fs7Q/yZVIPCdrUsB8/CRiffBpAVWsH0vCCHQvBs6VUGZmZwJVySkxSfFqBdCc/TF38SPwhxCg==,iv:sJ0cldlCTpGRMYT0u9ZGFVI70m3VBCZqn/l4cwUDyAI=,tag:D0QE2TQxLNnEv6/ECCLnRw==,type:str] hs_token: ENC[AES256_GCM,data:y8q41zg1NFco0fs7Q/yZVIPCdrUsB8/CRiffBpAVWsH0vCCHQvBs6VUGZmZwJVySkxSfFqBdCc/TF38SPwhxCg==,iv:sJ0cldlCTpGRMYT0u9ZGFVI70m3VBCZqn/l4cwUDyAI=,tag:D0QE2TQxLNnEv6/ECCLnRw==,type:str]
mautrix-signal:
as_token: ENC[AES256_GCM,data:wu9ohlIUn6dBYxa7jZzG9DRVRrBCnmXsc7txntF6U6eW6rpe/bvKWDR5/db1ZtMxAv/MZrTephJ81yqtr8aDsw==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:J6F3CP5OJbyPBr5iVWhg0w==,type:str]
hs_token: ENC[AES256_GCM,data:8OAHb5+k7uRW5EtjrNiTFjG1lf3txePHjpVYaDtJ1MfbtU8jN/T50PENPwFHR9iJSh2Zma7PGgFjwlWHGQEW8A==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:3y/K1iztmWrWR34/3vjopA==,type:str]
mautrix-instagram:
as_token: ENC[AES256_GCM,data:pNO76BcGejQdCc5X4f/UvSsBIPU6QZCCQTJvwVIXRf3rnb9ewWNMEtYXlqj886yh3g5SgqQ4Uhqby/7vrMxREA==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:vJHOhwJBPlgUPu1SFqI4ew==,type:str]
hs_token: ENC[AES256_GCM,data:m1CK8Ae6QyJKgDZm904xMpZ1KgKxEUpmQ1jdKOkjexgwAWjjtYF+RVximtcXwxPg/0jkbK/LMlxA89ic+zajiA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:rRwhYn88ZZwm5sDI1etR2g==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -28,8 +34,8 @@ sops:
NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG
A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g== A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-26T19:50:48Z" lastmodified: "2024-03-23T23:24:16Z"
mac: ENC[AES256_GCM,data:ZmySnwEMEStfSWgKbw7eVULLkYdpH4d4RMV0mDlfE0dXdF8eOtjfBK/NyLCP84VMIWJWFzc/KihOuSWEpzjtoZVJAHi/c/sh87OpigjG4X3RFIJFV7IhKyielyhd5SInQV/yMa0IOPN5MnK40h59+ofRlVZ2371PdYkns6EVUoo=,iv:1PMwsRz78iMCs6QJfnfCUXCofOonEl+je/6e/4GZW+g=,tag:FOqWXMkWOf4C6VhV7ODwMg==,type:str] mac: ENC[AES256_GCM,data:bs8t7nH5BdIz4uQd33M2pt+AVhqfBEJy9l8AFl8p80GLAMg5zKlDWxtVCPrWk8viJvfMkhvwEovBizoy3m7gt8iWLf+dtznBjALtUXVAc/+dmACUS8E9JHHKcvOHxT/cYCuU3t6pDJWlbfnpBtKSSHH8Z/YblYMlkeoNeNOoAwU=,iv:9fKO44c5TNMBgHqcuV6Fu+GW8TjND+32KDEerawpZL4=,tag:Ps8kelq+8iY88mdqugRTMg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1