vm.strangervm: move matrix@hillion.co.uk to vm.strangervm
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing

This commit is contained in:
Jake Hillion 2022-11-13 16:25:13 +00:00
parent 37cb451b4a
commit bf60516170
6 changed files with 108 additions and 1 deletions

View File

@ -8,6 +8,7 @@
imports = [ imports = [
../../modules/common/default.nix ../../modules/common/default.nix
../../modules/matrix/default.nix
../../modules/resilio/default.nix ../../modules/resilio/default.nix
../../modules/reverse-proxy/global.nix ../../modules/reverse-proxy/global.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -47,4 +48,3 @@
{ name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; } { name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
]; ];
} }

View File

@ -0,0 +1,75 @@
{ config, pkgs, lib, ... }:
{
## Matrix (matrix.hillion.co.uk)
config.age.secrets."matrix/matrix.hillion.co.uk/macaroon_secret_key" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/macaroon_secret_key.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
config.age.secrets."matrix/matrix.hillion.co.uk/email" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/email.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
config.services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
config.services.matrix-synapse = {
enable = true;
extraConfigFiles = [
config.age.secrets."matrix/matrix.hillion.co.uk/macaroon_secret_key".path
config.age.secrets."matrix/matrix.hillion.co.uk/email".path
];
settings = {
server_name = "hillion.co.uk";
public_baseurl = "https://matrix.hillion.co.uk/";
listeners = [
{
port = 8008;
tls = false;
type = "http";
x_forwarded = true;
bind_addresses = [ "::1" ];
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
password = "synapse";
host = "127.0.0.1";
cp_min = 5;
cp_max = 10;
};
};
enable_registration = true;
registrations_require_3pid = [ "email" ];
allowed_local_3pids = [
{
medium = "email";
pattern = "^[^@]+@hillion\.co\.uk$";
}
];
suppress_key_server_warning = true;
};
};
}

View File

@ -9,6 +9,9 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts."hillion.co.uk".extraConfig = ''
respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
'';
virtualHosts."ts.hillion.co.uk".extraConfig = '' virtualHosts."ts.hillion.co.uk".extraConfig = ''
reverse_proxy http://10.48.62.14:8080 reverse_proxy http://10.48.62.14:8080
''; '';
@ -21,6 +24,9 @@
virtualHosts."emby.hillion.co.uk".extraConfig = '' virtualHosts."emby.hillion.co.uk".extraConfig = ''
reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096 reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096
''; '';
virtualHosts."matrix.hillion.co.uk".extraConfig = ''
reverse_proxy http://vm.strangervm.ts.hillion.co.uk:8008
'';
virtualHosts."unifi.hillion.co.uk".extraConfig = '' virtualHosts."unifi.hillion.co.uk".extraConfig = ''
reverse_proxy https://unifi.unifi.ts.hillion.co.uk:8443 { reverse_proxy https://unifi.unifi.ts.hillion.co.uk:8443 {
transport http { transport http {

Binary file not shown.

View File

@ -0,0 +1,22 @@
age-encryption.org/v1
-> ssh-rsa GxPFJQ
P+0KXVdzP9LOCrfJ8mENrknodn3Eiyt+U7tvQ2sBM4NL7UWoGXm6gk5UiIhY327b
PDVkxCedvI8ubdm0lHO6krppW6WFdaxJDvojoSQOQi6MNhheJfiyd4A3LnonUfID
sWGvqoTpKE/2Ua43hxz6PM/tGTMhIRkV9h8XEc0KsTN9UIkL80GQwNPrw5NWGR/I
6/+t6kYUJiVZdksUHAC/OA3RjnmJezucL/e23emRgFXCrv1i4TgZPIQbOs5PkfZM
VEOY0Pjz6NYxL6BWIkfgkePmZRL+pzpPVJBqehAUS3aUkf1P5YGfjnO9w32f095w
HxIiIxUNlF8rZPh3q4i52g
-> ssh-rsa K9mW1w
IGBmiwGX626k3yHsX1I56YODkl8qcHEEP3W+r3Ihwqszgxk2nAykAkkO6R9tN1kv
N0knR5xBVXzLzXIBAhIjaoEgkE5dLy46b0n2sZUcJ5iWG2PdqV/x7dJMrIVu3Ezn
LU1dztSOYjRJzKuRLI7uKuFPmDH8xq1ey8NWxWVZhuWJ7ETZkHqCxxryGHZzpi6k
cPu0dM9WQuaXI1qrmhI008iNhyvRgMRNBHMCslC/FCReAIOL9yZQ1i9kmcN5i24m
LgagL74GFEPRTPmRzynVttLk7DIk81r24gOBdWdvlTVuXGfQMzlG4B+ed1EC31Pv
u51Wj9TIqWg/RYNOqK7u0g
-> ssh-ed25519 O0LMHg trgcLiflNv4yLOdCecrvemKOv3gpEXsUnHc2AK93xzc
neAWZIHgS9Oe76juS0fyMDTEn1E3svP7Q5ak9Qaa66Y
-> R_$N!<cA-grease
xY6KvypbZ/PE0YJCu27w/pAvmkiqGIrxZ6t28/Jm02+b9sFY
--- 56u/OV+nNAceHwVQ7igojGkV4eBB/jADPOZY1au7gQg
6=HS ¸÷ñ
38= ÙüDI>Ü}S\M<>ÅûA<C3BB>âtœ/g<>>^å» ÓâÇXc¶,`òÜVmÍ/<2F>÷R¾‡Sè ¦AÁl ßæUGñ˜;ÈWÂüC3O¦¬?<3F>"À£Â©fRP¥uœ2x]“1÷ì

View File

@ -32,4 +32,8 @@ in
"resilio/plain/projects.age".publicKeys = users ++ [ gendry_terminals ]; "resilio/plain/projects.age".publicKeys = users ++ [ gendry_terminals ];
"resilio/plain/resources.age".publicKeys = users ++ [ gendry_terminals ]; "resilio/plain/resources.age".publicKeys = users ++ [ gendry_terminals ];
"resilio/plain/sync.age".publicKeys = users ++ [ gendry_terminals ]; "resilio/plain/sync.age".publicKeys = users ++ [ gendry_terminals ];
# Matrix Secrets
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = users ++ [ vm_strangervm ];
"matrix/matrix.hillion.co.uk/email.age".publicKeys = users ++ [ vm_strangervm ];
} }