From ce966f07827cd6bec7dc69bc7fc0a3e1d0fc8304 Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 24 Oct 2025 10:58:58 +0100 Subject: [PATCH] alpine: update authentik and mautrix --- nixos/services/authentik.nix | 2 +- nixos/services/mautrix/signal.nix | 25 +++++++++++++------------ nixos/services/mautrix/whatsapp.nix | 18 +++++++++--------- nixos/services/synapse/default.nix | 20 ++++++++++++++++++++ 4 files changed, 43 insertions(+), 22 deletions(-) diff --git a/nixos/services/authentik.nix b/nixos/services/authentik.nix index 3f95bab..186ca42 100644 --- a/nixos/services/authentik.nix +++ b/nixos/services/authentik.nix @@ -10,7 +10,7 @@ }; authentik-config = { autoStart = true; - image = "ghcr.io/goauthentik/server:2025.6.3"; + image = "ghcr.io/goauthentik/server:2025.8.4"; volumes = ["/home/tristan/pods/authentik/media:/media"]; environment = { AUTHENTIK_POSTGRESQL__USER = postgres.user; diff --git a/nixos/services/mautrix/signal.nix b/nixos/services/mautrix/signal.nix index 45f45d1..10a782a 100644 --- a/nixos/services/mautrix/signal.nix +++ b/nixos/services/mautrix/signal.nix @@ -1,10 +1,13 @@ -{config, lib, ...}: let +{ + config, + lib, + ... +}: let inherit (import ./lib.nix) toAppRegistration; inherit (config.sops) templates placeholder; in { - virtualisation.oci-containers.containers.mautrix-signal = { - image = "dock.mau.dev/mautrix/signal:v0.8.3"; + image = "dock.mau.dev/mautrix/signal:v25.10"; dependsOn = ["mautrix-signal-psql"]; volumes = [ "/home/tristan/pods/signal-bridge/mautrix-signal:/data:z" @@ -15,16 +18,15 @@ in { ]; }; -# when you get around to backing this up -# 1. stop the server. -# 2. backup the db. -# 3. migrate to newer version of postgres -# 4. migrate db to local + # when you get around to backing this up + # 1. stop the server. + # 2. backup the db. + # 3. migrate to newer version of postgres + # 4. migrate db to local virtualisation.oci-containers.containers.mautrix-signal-psql = { image = "docker.io/postgres:14-alpine"; - # ports = [ "127.0.0.1:5435:5432" ]; - ports = [ "5435:5432" ]; - volumes = [ "/home/tristan/pods/signal-bridge/db:/var/lib/postgresql/data" ]; + ports = ["5435:5432"]; + volumes = ["/home/tristan/pods/signal-bridge/db:/var/lib/postgresql/data"]; environmentFiles = [templates."mautrix-signal/psql.env".path]; }; sops.templates = { @@ -58,5 +60,4 @@ in { services.matrix-synapse.settings.app_service_config_files = [ templates."mautrix-signal/appservice.yaml".path ]; - } diff --git a/nixos/services/mautrix/whatsapp.nix b/nixos/services/mautrix/whatsapp.nix index 59e6da8..786e4d9 100644 --- a/nixos/services/mautrix/whatsapp.nix +++ b/nixos/services/mautrix/whatsapp.nix @@ -1,5 +1,4 @@ -{config, ...}: -{ +{config, ...}: { nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; @@ -7,9 +6,9 @@ enable = true; registerToSynapse = true; settings = { - appservice.database = { - type = "sqlite3"; - uri = "/var/lib/mautrix-whatsapp/mautrix-whatsapp.db"; + database = { + type = "sqlite3-fk-wal"; + uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; }; homeserver = { address = "http://localhost:8008"; @@ -20,12 +19,13 @@ "tristans.cloud" = "user"; "@tristan:tristans.cloud" = "admin"; }; - encryption = { - allow = true; - appservice = false; - }; personal_filtering_spaces = true; }; + encryption = { + allow = true; + appservice = false; + pickle_key = "maunium.net/go/mautrix-whatsapp"; + }; }; }; } diff --git a/nixos/services/synapse/default.nix b/nixos/services/synapse/default.nix index 229063e..c80c8d8 100644 --- a/nixos/services/synapse/default.nix +++ b/nixos/services/synapse/default.nix @@ -36,6 +36,11 @@ in { "synapse/secrets.yaml" = { owner = "matrix-synapse"; content = builtins.toJSON { + jwt_config = { + enabled = true; + secret = sops.placeholder."synapse/oidc_client_secret"; + algorithm = "RS256"; + }; oidc_providers = [ { idp_id = "authentik"; @@ -84,6 +89,21 @@ in { ]; } ]; + # log_config = pkgs.writeTextFile { + # name = "synapse-logging.json"; + # text = builtins.toJSON { + # version = 1; + # root = { + # level = "INFO"; + # handlers = ["console"]; + # }; + # formatters.precise.format = "%(levelname)s - %(name)s - %(message)s"; + # handlers.console = { + # class = "logging.StreamHandler"; + # formatter = "precise"; + # }; + # }; + # }; }; };