diff options
| author | Rory&::Emma <root@rory.gay> | 2024-04-20 19:24:50 +0000 |
|---|---|---|
| committer | Rory& <root@rory.gay> | 2024-07-04 14:44:59 +0200 |
| commit | 80ac7a155a43d89d0f94f32fea45db593f2d28f6 (patch) | |
| tree | a38d7f626b7a66fed84f00188188cfb9409bbfcd | |
| parent | Update from server (diff) | |
| download | Rory-Open-Architecture-80ac7a155a43d89d0f94f32fea45db593f2d28f6.tar.xz | |
Server changes
| -rw-r--r-- | flake.lock | 210 | ||||
| -rwxr-xr-x | flake.nix | 4 | ||||
| -rwxr-xr-x | host/Rory-nginx/configuration.nix | 1 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix | 2 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/matrix/conduit.nix | 33 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/nginx/rory.gay/conduit.nix | 4 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/nginx/rory.gay/matrix.nix | 3 | ||||
| -rwxr-xr-x | modules/users/Alice.nix | 17 | ||||
| -rw-r--r-- | modules/users/groups/BugMine-contrib.nix | 5 |
9 files changed, 202 insertions, 77 deletions
diff --git a/flake.lock b/flake.lock index 429836f..a46c025 100644 --- a/flake.lock +++ b/flake.lock @@ -1,11 +1,30 @@ { "nodes": { + "MatrixMediaGate": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1709199781, + "narHash": "sha256-OH9OSnRNj9zHkKMBRwBaa0pMA0yOzibt3h6i3M4KIKw=", + "ref": "refs/heads/master", + "rev": "a3bce27ac19dfd940a34c4c148c0f617f513feed", + "revCount": 18, + "type": "git", + "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/" + }, + "original": { + "type": "git", + "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/" + } + }, "attic": { "inputs": { "crane": "crane", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -25,7 +44,7 @@ }, "botcore-v4": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1683656302, @@ -48,23 +67,22 @@ "crane": "crane_2", "fenix": "fenix", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1710602287, - "narHash": "sha256-6hjHSfH3jfTDxD6hELL7RGoqv2pnyVAtS81H5Le6qkk=", + "lastModified": 1713381361, + "narHash": "sha256-0rAVZ6uhdg0ySRVu1hH/mkRZL0wMDO2f42Z1ix9LpPQ=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "930bf3891c5a1279b23e16f3f10ce02c47b9b4cb", + "rev": "7ecc570bb8a07aba9802fd0217f978583f55bc8b", "type": "github" }, "original": { "owner": "girlbossceo", "repo": "conduwuit", + "rev": "7ecc570bb8a07aba9802fd0217f978583f55bc8b", "type": "github" } }, @@ -121,11 +139,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1709619709, - "narHash": "sha256-l6EPVJfwfelWST7qWQeP6t/TDK3HHv5uUB1b2vw4mOQ=", + "lastModified": 1711606966, + "narHash": "sha256-nTaO7ZDL4D02dVC5ktqnXNiNuODBUHyE4qEcFjAUCQY=", "owner": "nix-community", "repo": "fenix", - "rev": "c8943ea9e98d41325ff57d4ec14736d330b321b2", + "rev": "aa45c3e901ea42d6633af083c0c555efaf948b17", "type": "github" }, "original": { @@ -183,6 +201,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -197,16 +233,16 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -215,16 +251,16 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -235,14 +271,14 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1710796387, - "narHash": "sha256-ve/vpbby+4LPJrlNGqGyuzZMLL7zHUZhvvKu1StsaC8=", + "lastModified": 1713547559, + "narHash": "sha256-zju60y4pyYQoRmqhbgkw+jwmKZReVsCNvb8mZxID2Do=", "owner": "nix-community", "repo": "home-manager", - "rev": "baf7659448ffa6ab6870dba1ca681a4868c3068a", + "rev": "938357cb234e85da37109df2cdd9cc59ab9c1cc0", "type": "github" }, "original": { @@ -272,11 +308,11 @@ "nhekoSrc": { "flake": false, "locked": { - "lastModified": 1710586292, - "narHash": "sha256-60D9LZg7WiJmQ2BOIbiTP/ftWmPRLWzu2/CoLmXqBTM=", + "lastModified": 1712511512, + "narHash": "sha256-T27BrHbPrbzI9rymiQbHEp8OMMVn74SG42YAJj8qWmk=", "owner": "Nheko-reborn", "repo": "nheko", - "rev": "6d44c8e30dbdac75b34d05b1de08b2377cffd797", + "rev": "df88eccfb7f4826299a93b30606364a387b23779", "type": "github" }, "original": { @@ -288,11 +324,11 @@ }, "nix-filter": { "locked": { - "lastModified": 1705332318, - "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=", + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", "owner": "numtide", "repo": "nix-filter", - "rev": "3449dc925982ad46246cfc36469baf66e1b64f17", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", "type": "github" }, "original": { @@ -304,15 +340,15 @@ "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1710519878, - "narHash": "sha256-0dbc10OBFUVYyXC+C+N6vRUd8xyBSRxkcZ4Egipbx0M=", + "lastModified": 1713528946, + "narHash": "sha256-IBQta+xrEaI2S5UmYrXcgV7Tu7rGLQu2V3TeJseLPSg=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "aef95bdb6800a3a2af7aa7083d6df03067da6592", + "rev": "63c1247e12f269396ed2df8cdec3aed1f0f3928c", "type": "github" }, "original": { @@ -323,11 +359,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "lastModified": 1708807242, + "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", "type": "github" }, "original": { @@ -339,11 +375,11 @@ }, "nixpkgs-RoryNix": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1713344939, + "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd", "type": "github" }, "original": { @@ -355,11 +391,11 @@ }, "nixpkgs-rory": { "locked": { - "lastModified": 1707972976, - "narHash": "sha256-+icCdPkNM18KR3ictKTazG0ZEWJAEO1WRDAd1cd9VX0=", + "lastModified": 1712398816, + "narHash": "sha256-9s+KZY0XBQEl1oEwELIgXuS8OG8E+a0J/8ih+oYCCC4=", "owner": "TheArcaneBrony", "repo": "nixpkgs", - "rev": "f4b588ce674437075fccdda76ffd339fba77c8ec", + "rev": "7e5dba52fb1644c6412871495a946aea14deb871", "type": "github" }, "original": { @@ -387,6 +423,22 @@ }, "nixpkgs_2": { "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { "lastModified": 1702539185, "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", "owner": "NixOS", @@ -401,13 +453,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1711523803, + "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", "type": "github" }, "original": { @@ -417,13 +469,29 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { + "locked": { + "lastModified": 1713248628, + "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { - "lastModified": 1707514827, - "narHash": "sha256-Y+wqFkvikpE1epCx57PsGw+M1hX5aY5q/xgk+ebDwxI=", + "lastModified": 1713013257, + "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20f65b86b6485decb43c5498780c223571dd56ef", + "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8", "type": "github" }, "original": { @@ -433,13 +501,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_7": { "locked": { - "lastModified": 1710631334, - "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=", + "lastModified": 1713297878, + "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a", + "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", "type": "github" }, "original": { @@ -451,13 +519,14 @@ }, "root": { "inputs": { + "MatrixMediaGate": "MatrixMediaGate", "botcore-v4": "botcore-v4", "conduit": "conduit", "home-manager": "home-manager", "mtxclientSrc": "mtxclientSrc", "nhekoSrc": "nhekoSrc", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_7", "nixpkgs-RoryNix": "nixpkgs-RoryNix", "nixpkgs-rory": "nixpkgs-rory" } @@ -465,11 +534,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1709571018, - "narHash": "sha256-ISFrxHxE0J5g7lDAscbK88hwaT5uewvWoma9TlFmRzM=", + "lastModified": 1711562745, + "narHash": "sha256-s/YOyBM0vumhkqCFi8CnV5imFlC5JJrGia8CmEXyQkM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "9f14343f9ee24f53f17492c5f9b653427e2ad15e", + "rev": "ad51a17c627b4ca57f83f0dc1f3bb5f3f17e6d0b", "type": "github" }, "original": { @@ -508,6 +577,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0ea3c34..cb3c792 100755 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ }; conduit = { #url = "gitlab:famedly/conduit"; - url = "github:girlbossceo/conduwuit"; + url = "github:girlbossceo/conduwuit/7ecc570bb8a07aba9802fd0217f978583f55bc8b"; # Assuming you have an input for nixpkgs called `nixpkgs`. If you experience # build failures while using this, try commenting/deleting this line. This # will probably also require you to always build from source. @@ -35,7 +35,7 @@ }; MatrixMediaGate = { - url = "git+https://cgit.rory.gay/matrix/MatrixMediaGate.git/"; + url = "git+https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/"; }; # Sources... diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index ea023d6..ef4f7c0 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -7,6 +7,7 @@ ../../modules/users/levi.nix ../../modules/users/db2k.nix ../../modules/users/ks.nix + ../../modules/users/Alice.nix ./services/postgres.nix ./services/discordbots.nix diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix index 8e49043..e07dad3 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix @@ -12,6 +12,8 @@ max_concurrent_requests = 1000; allow_check_for_updates = false; allow_registration = true; + yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true; + allow_guest_registration = true; disable_federation = true; }; }; diff --git a/host/Rory-nginx/services/matrix/conduit.nix b/host/Rory-nginx/services/matrix/conduit.nix index f98a4e6..463c936 100755 --- a/host/Rory-nginx/services/matrix/conduit.nix +++ b/host/Rory-nginx/services/matrix/conduit.nix @@ -9,14 +9,15 @@ server_name = "conduit.rory.gay"; database_backend = "rocksdb"; - rocksdb_optimize_for_spinning_disks = true; - rocksdb_max_log_file_size = 33554432; +# rocksdb_optimize_for_spinning_disks = false; +# rocksdb_max_log_file_size = 33554432; - - allow_public_room_directory_over_federation = true; +# allow_public_room_directory_over_federation = true; - allow_device_name_federation = true; - enable_lightning_bolt = true; +# allow_device_name_federation = true; +# enable_lightning_bolt = true; + + #allow_local_presence = true; #allow_incoming_presence = true; #allow_outgoing_presence = true; @@ -24,14 +25,28 @@ #presence_offline_timeout_s = 180; - max_concurrent_requests = 1000; - conduit_cache_capacity_modifier = 3.0; +# max_concurrent_requests = 32767; +# conduit_cache_capacity_modifier = 4000.0; #512.0; +# db_cache_capacity_mb = 65535.0; #8192.0; +# rocksdb_parallelism_threads = 12; + + #dns settings +# dns_cache_entries = 65535; +# dns_min_ttl = 60 * 60 * 12; #12 hours... we expect other servers to backfill in the unlikely case an IP changes. +# dns_min_ttl_nxdomain = 60 * 60 * 24 * 7; #1 week... we expect backfill to happen must this change... +# dns_timeout = 15; +# dns_attempts = 15; #our DNS setup tends to fail +# query_all_nameservers = true; #needed on our setup... + +# federation_timeout = 30; +# federation_idle_per_host = 8; +# federation_idle_timeout = 600; allow_check_for_updates = false; allow_registration = false; - #log = "info,state_res=info"; +# log = "info,state_res=info"; #log = "debug"; }; }; diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix index 44b074a..81547aa 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix @@ -2,8 +2,8 @@ enableACME = true; addSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:9002"; - #proxyPass = "http://127.0.0.1:6167"; + #proxyPass = "http://127.0.0.1:9002"; + proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix index 8aaedc8..6a5bf47 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix @@ -2,7 +2,8 @@ enableACME = true; addSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:9001"; + #proxyPass = "http://127.0.0.1:9001"; + proxyPass = "http://localhost:8008"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; diff --git a/modules/users/Alice.nix b/modules/users/Alice.nix new file mode 100755 index 0000000..e2e343a --- /dev/null +++ b/modules/users/Alice.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + imports = [ groups/BugMine-contrib.nix ]; + users.groups.Alice = {}; + users.users.Alice = { + isSystemUser = true; + extraGroups = [ "BugMine-contrib" ]; + group = "Alice"; + home = "/group/bugmine-contrib"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb52m1rnJSffSOJvN6OYkKgK0TmiRKE4SbOKlkT8Tvn" + ]; + }; +} + diff --git a/modules/users/groups/BugMine-contrib.nix b/modules/users/groups/BugMine-contrib.nix new file mode 100644 index 0000000..636afba --- /dev/null +++ b/modules/users/groups/BugMine-contrib.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + users.groups.BugMine-contrib = {}; +} |