diff options
| -rwxr-xr-x | build.sh | 2 | ||||
| -rwxr-xr-x | host/Rory-nginx/hosts/rory.gay/root.nix | 2 | ||||
| -rwxr-xr-x | host/Rory-synapse/configuration.nix | 16 | ||||
| -rwxr-xr-x | host/Rory-synapse/post-rebuild.sh | 31 | ||||
| -rwxr-xr-x | host/Rory-synapse/pre-rebuild.sh | 2 |
5 files changed, 51 insertions, 2 deletions
diff --git a/build.sh b/build.sh index 5514c7b..7542303 100755 --- a/build.sh +++ b/build.sh @@ -7,9 +7,11 @@ if [ $# -ne 2 ]; then exit 1 fi if [ "$1" = "/" ]; then + [ -f "host/${2}/pre-rebuild.sh" ] && host/$2/pre-rebuild.sh nixos-generate-config --show-hardware-config > hardware-configuration.nix git add -f hardware-configuration.nix nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all + [ -f "host/${2}/post-rebuild.sh" ] && host/$2/post-rebuild.sh git rm --cached hardware-configuration.nix exit else diff --git a/host/Rory-nginx/hosts/rory.gay/root.nix b/host/Rory-nginx/hosts/rory.gay/root.nix index c3dfb2f..8fb3837 100755 --- a/host/Rory-nginx/hosts/rory.gay/root.nix +++ b/host/Rory-nginx/hosts/rory.gay/root.nix @@ -10,7 +10,7 @@ add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; - }}}'; + }}'; ''; locations."= /.well-known/matrix/client".extraConfig = '' add_header Content-Type application/json; diff --git a/host/Rory-synapse/configuration.nix b/host/Rory-synapse/configuration.nix index f65607f..a805e5f 100755 --- a/host/Rory-synapse/configuration.nix +++ b/host/Rory-synapse/configuration.nix @@ -97,12 +97,13 @@ enable_registration = false; # Alicia - figure this out later... #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; + registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; # Alicia - types: https://github.com/NixOS/nixpkgs/blob/release-22.11/nixos/modules/services/matrix/synapse.nix#L410 listeners = [ { port = 8008; - bind_addresses = [ "192.168.1.5" ]; + bind_addresses = [ "192.168.1.5" "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; @@ -172,6 +173,19 @@ # managementRoom = "#draupnir-mgmt:rory.gay"; #}; + systemd.services.matrix-synapse-reg-token = { + description = "Random registration token for Synapse."; + before = ["matrix-synapse.service"]; # So the registration can be used by Synapse + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + + script = ''cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt''; + serviceConfig = { + User = "matrix-synapse"; + Group = "matrix-synapse"; + WorkingDirectory = "/var/lib/matrix-synapse"; + }; + }; system.stateVersion = "22.11"; # DO NOT EDIT! } diff --git a/host/Rory-synapse/post-rebuild.sh b/host/Rory-synapse/post-rebuild.sh new file mode 100755 index 0000000..7be1383 --- /dev/null +++ b/host/Rory-synapse/post-rebuild.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused nix coreutils jq openssl +#set -x +REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt` +LOCALPART='rory.gay' +REACHABLE_DOMAIN='http://localhost:8008' + +# -- LICENSE: CNPL v7+ - https://thufie.lain.haus/files/CNPLv7.md +# Modified from Nyaaori (https://nyaaori.cat) <+@nyaaori.cat> +# Explicit authorisation to use the code has been granted by the original author +# for use by members of the Rory system (https://rory.gay) + + +# the magic function: +register(){ + echo "Registering $1 with password $2" + _nonce=`curl http://localhost:8008/_synapse/admin/v1/register | jq -r .nonce` + #data: nonce, domain, username, password + _hmac=`printf '%s\0%s\0%s\0%s' "$_nonce" "$1" "$2" "admin" | openssl dgst -sha1 -hmac "$REG_KEY" | awk '{print $2}'` + curl -XPOST -d '{"nonce": "'"$_nonce"'", "username": "'"$1"'", "displayname": "'"$1"'", "password": "'"$2"'", "admin": true, "mac": "'"$_hmac"'"}' $REACHABLE_DOMAIN/_synapse/admin/v1/register | tee -a matrix-user-tokens.txt +} + +# -- END OF LICENSED CODE + + + +PASSWD=`cat /run/keys/matrix-user-pass` +for u in {Alicia,Emma,Rory,root} +do + register $u $PASSWD +done diff --git a/host/Rory-synapse/pre-rebuild.sh b/host/Rory-synapse/pre-rebuild.sh new file mode 100755 index 0000000..9d92682 --- /dev/null +++ b/host/Rory-synapse/pre-rebuild.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env sh +echo "PRE REBUILD TEST" |