diff --git a/flake.lock b/flake.lock
index 6d5b8dd..5a8ddad 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1379,6 +1379,7 @@
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable_3",
"ooye": "ooye",
+ "safeNSound": "safeNSound",
"sops-nix": "sops-nix",
"synapseHttpAntispamSrc": "synapseHttpAntispamSrc"
}
@@ -1417,6 +1418,29 @@
"type": "github"
}
},
+ "safeNSound": {
+ "inputs": {
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1748981743,
+ "narHash": "sha256-0eOWD48VOpfQWLT0uMO8k4jPmWHtrxYw9ueDU5+6dOA=",
+ "ref": "refs/heads/main",
+ "rev": "2034f459d416afdead72e590f870567452b2c62a",
+ "revCount": 52,
+ "type": "git",
+ "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/"
+ }
+ },
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_10"
diff --git a/flake.nix b/flake.nix
index 87e18f3..5329dee 100755
--- a/flake.nix
+++ b/flake.nix
@@ -101,6 +101,14 @@
inputs.hyprland.follows = "hyprland";
};
+ safeNSound = {
+ url = "git+https://cgit.rory.gay/school/nodejs-final-assignment.git/";
+ inputs = {
+ flake-utils.follows = "flake-utils";
+ nixpkgs.follows = "nixpkgs";
+ };
+ };
+
};
outputs =
@@ -136,6 +144,7 @@
lix-module.nixosModules.default
grapevine.nixosModules.default
ooye.modules.default
+ safeNSound.nixosModules.default
(
{ pkgs, lib, ... }:
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
index 7efa89b..670db24 100755
--- a/host/Rory-ovh/configuration.nix
+++ b/host/Rory-ovh/configuration.nix
@@ -23,6 +23,7 @@
./services/matrix/draupnir.nix
./services/email/root.nix
#./services/wireguard/wireguard.nix
+ ./services/safensound.nix
];
users.groups.ocp = { };
diff --git a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
index 30ef315..7907927 100755
--- a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
+++ b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
@@ -71,16 +71,16 @@
allow_device_name_lookup_over_federation = true;
federation = {
- client_timeout = "30s"; # default=60s
- max_short_retries = 12;
- max_short_retry_delay = "5s";
+ client_timeout = "90s"; # 30 # default=60s
+ max_short_retries = 6; # 12
+ max_short_retry_delay = "10s"; # 5
max_long_retries = 5;
max_long_retry_delay = "30s";
# rapid retry, small increments
destination_min_retry_interval = "1m"; # default=10m
destination_max_retry_interval = "12h"; # default=7d
- destination_retry_multiplier = 1.2; # default=2
+ destination_retry_multiplier = 1.1; # 1.2 # default=2
};
registration_shared_secret_path = "/data/secrets/synapse-shared-secret";
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
index 453816f..5cd68da 100755
--- a/host/Rory-ovh/services/nginx/nginx.nix
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -70,6 +70,8 @@ in
# #matrix...
# "conduit.rory.gay" = import ./rory.gay/conduit.nix;
"matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; };
+ "safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; };
+ "api.safensound.rory.gay" = import ./rory.gay/api.safensound.nix { inherit config; };
"stream.rory.gay" = import ./rory.gay/stream.nix { inherit config; };
# "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
# "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
new file mode 100755
index 0000000..b0ff075
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
@@ -0,0 +1,72 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:7645";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://matrix.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
new file mode 100755
index 0000000..9208129
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
@@ -0,0 +1,30 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+# quic = true;
+ http3 = !config.virtualisation.isVmVariant;
+ http3_hq = !config.virtualisation.isVmVariant;
+ kTLS = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_safensound";
+# reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/safensound.nix b/host/Rory-ovh/services/safensound.nix
new file mode 100644
index 0000000..69f301a
--- /dev/null
+++ b/host/Rory-ovh/services/safensound.nix
@@ -0,0 +1,28 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ services.mongodb = {
+ enable = true;
+ package = pkgs.mongodb-ce;
+ enableAuth = true;
+ initialRootPasswordFile = "/etc/mongo-pass";
+ #bind_ip = "/run/mongodb.sock";
+ extraConfig = ''
+ net.unixDomainSocket.filePermissions: 0777
+ '';
+ };
+
+ services.safensound = {
+ enable = true;
+ dbCredentialsPath = "/data/secrets/safensound-mongodb";
+ port = 7645;
+ logRequests = "-";
+ logQueries = true;
+ logAuth = true;
+ };
+}
|