summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--flake.lock24
-rwxr-xr-xflake.nix9
-rwxr-xr-xhost/Rory-ovh/configuration.nix1
-rwxr-xr-xhost/Rory-ovh/services/matrix/synapse/synapse-main.nix8
-rwxr-xr-xhost/Rory-ovh/services/nginx/nginx.nix2
-rwxr-xr-xhost/Rory-ovh/services/nginx/rory.gay/api.safensound.nix72
-rwxr-xr-xhost/Rory-ovh/services/nginx/rory.gay/safensound.nix30
-rw-r--r--host/Rory-ovh/services/safensound.nix28
8 files changed, 170 insertions, 4 deletions
diff --git a/flake.lock b/flake.lock

index 6d5b8dd..5a8ddad 100644 --- a/flake.lock +++ b/flake.lock
@@ -1379,6 +1379,7 @@ "nixpkgs-master": "nixpkgs-master", "nixpkgs-stable": "nixpkgs-stable_3", "ooye": "ooye", + "safeNSound": "safeNSound", "sops-nix": "sops-nix", "synapseHttpAntispamSrc": "synapseHttpAntispamSrc" } @@ -1417,6 +1418,29 @@ "type": "github" } }, + "safeNSound": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748981743, + "narHash": "sha256-0eOWD48VOpfQWLT0uMO8k4jPmWHtrxYw9ueDU5+6dOA=", + "ref": "refs/heads/main", + "rev": "2034f459d416afdead72e590f870567452b2c62a", + "revCount": 52, + "type": "git", + "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/" + }, + "original": { + "type": "git", + "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_10" diff --git a/flake.nix b/flake.nix
index 87e18f3..5329dee 100755 --- a/flake.nix +++ b/flake.nix
@@ -101,6 +101,14 @@ inputs.hyprland.follows = "hyprland"; }; + safeNSound = { + url = "git+https://cgit.rory.gay/school/nodejs-final-assignment.git/"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + }; outputs = @@ -136,6 +144,7 @@ lix-module.nixosModules.default grapevine.nixosModules.default ooye.modules.default + safeNSound.nixosModules.default ( { pkgs, lib, ... }: diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
index 7efa89b..670db24 100755 --- a/host/Rory-ovh/configuration.nix +++ b/host/Rory-ovh/configuration.nix
@@ -23,6 +23,7 @@ ./services/matrix/draupnir.nix ./services/email/root.nix #./services/wireguard/wireguard.nix + ./services/safensound.nix ]; users.groups.ocp = { }; diff --git a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
index 30ef315..7907927 100755 --- a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix +++ b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
@@ -71,16 +71,16 @@ allow_device_name_lookup_over_federation = true; federation = { - client_timeout = "30s"; # default=60s - max_short_retries = 12; - max_short_retry_delay = "5s"; + client_timeout = "90s"; # 30 # default=60s + max_short_retries = 6; # 12 + max_short_retry_delay = "10s"; # 5 max_long_retries = 5; max_long_retry_delay = "30s"; # rapid retry, small increments destination_min_retry_interval = "1m"; # default=10m destination_max_retry_interval = "12h"; # default=7d - destination_retry_multiplier = 1.2; # default=2 + destination_retry_multiplier = 1.1; # 1.2 # default=2 }; registration_shared_secret_path = "/data/secrets/synapse-shared-secret"; diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
index 453816f..5cd68da 100755 --- a/host/Rory-ovh/services/nginx/nginx.nix +++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -70,6 +70,8 @@ in # #matrix... # "conduit.rory.gay" = import ./rory.gay/conduit.nix; "matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; }; + "safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; }; + "api.safensound.rory.gay" = import ./rory.gay/api.safensound.nix { inherit config; }; "stream.rory.gay" = import ./rory.gay/stream.nix { inherit config; }; # "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix; # "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix; diff --git a/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix new file mode 100755
index 0000000..b0ff075 --- /dev/null +++ b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
@@ -0,0 +1,72 @@ +{ config }: +{ + enableACME = !config.virtualisation.isVmVariant; + addSSL = !config.virtualisation.isVmVariant; + locations."/" = { + #proxyPass = "http://127.0.0.1:9001"; + proxyPass = "http://localhost:7645"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *, Authorization'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + + locations."= /.well-known/matrix/server".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${ + builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay"; + } + }'; + ''; + locations."= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${ + builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; + + locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { + proxyPass = "http://localhost:8100"; + }; +} diff --git a/host/Rory-ovh/services/nginx/rory.gay/safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix new file mode 100755
index 0000000..9208129 --- /dev/null +++ b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
@@ -0,0 +1,30 @@ +{ config }: +{ + enableACME = !config.virtualisation.isVmVariant; + addSSL = !config.virtualisation.isVmVariant; +# quic = true; + http3 = !config.virtualisation.isVmVariant; + http3_hq = !config.virtualisation.isVmVariant; + kTLS = !config.virtualisation.isVmVariant; + root = "/data/nginx/html_safensound"; +# reuseport = true; + extraConfig = '' + brotli off; + brotli_static off; + ''; + locations = { + "/" = { + index = "index.html"; + extraConfig = '' + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + more_set_headers 'Access-Control-Allow-Headers: *'; + more_set_headers 'Access-Control-Expose-Headers: *'; + more_set_headers 'Access-Control-Max-Age' 1728000; + + # default to /index.html if file not found + try_files $uri $uri/ /index.html; + ''; + }; + }; +} diff --git a/host/Rory-ovh/services/safensound.nix b/host/Rory-ovh/services/safensound.nix new file mode 100644
index 0000000..69f301a --- /dev/null +++ b/host/Rory-ovh/services/safensound.nix
@@ -0,0 +1,28 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + services.mongodb = { + enable = true; + package = pkgs.mongodb-ce; + enableAuth = true; + initialRootPasswordFile = "/etc/mongo-pass"; + #bind_ip = "/run/mongodb.sock"; + extraConfig = '' + net.unixDomainSocket.filePermissions: 0777 + ''; + }; + + services.safensound = { + enable = true; + dbCredentialsPath = "/data/secrets/safensound-mongodb"; + port = 7645; + logRequests = "-"; + logQueries = true; + logAuth = true; + }; +}