diff options
Diffstat (limited to '')
59 files changed, 1423 insertions, 1165 deletions
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index 648d8d5..b85a75e 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -1,43 +1,57 @@ -{ config, pkgs, lib, grapevine, conduit, conduwuit, ... }: +{ + config, + pkgs, + lib, + grapevine, + conduit, + conduwuit, + ... +}: { - imports = - [ - ../../modules/base-server.nix - ../../modules/users/levi.nix - ../../modules/users/db2k.nix - ../../modules/users/ks.nix - ../../modules/users/Alice.nix + imports = [ + ../../modules/base-server.nix + ../../modules/users/levi.nix + ../../modules/users/db2k.nix + ../../modules/users/ks.nix + ../../modules/users/Alice.nix - ./services/postgres.nix - ./services/discordbots.nix - ./services/matrix/root.nix - ./services/nginx/nginx.nix - #./services/jitsi.nix - ./services/cgit.nix - #./services/ollama.nix - ./services/prometheus.nix - ]; - users.groups.ocp = {}; + ./services/postgres.nix + ./services/discordbots.nix + ./services/matrix/root.nix + ./services/nginx/nginx.nix + #./services/jitsi.nix + ./services/cgit.nix + #./services/ollama.nix + ./services/prometheus.nix + ]; + users.groups.ocp = { }; networking = { hostName = "Rory-nginx"; - interfaces.ens18.ipv4.addresses = [ { - address = "192.168.1.2"; - prefixLength = 24; - } ]; - interfaces.ens19.ipv4.addresses = [ { - address = "10.10.10.2"; - prefixLength = 16; - } ]; + interfaces.ens18.ipv4.addresses = [ + { + address = "192.168.1.2"; + prefixLength = 24; + } + ]; + interfaces.ens19.ipv4.addresses = [ + { + address = "10.10.10.2"; + prefixLength = 16; + } + ]; defaultGateway.interface = "ens18"; -# extraHosts = '' -# 127.0.0.1 rory.gay -# 127.0.0.1 matrix.rory.gay -# 127.0.0.1 conduit.rory.gay -# ''; + # extraHosts = '' + # 127.0.0.1 rory.gay + # 127.0.0.1 matrix.rory.gay + # 127.0.0.1 conduit.rory.gay + # ''; nat = { enable = true; - internalInterfaces = [ "ve-+" "vb-+" ]; + internalInterfaces = [ + "ve-+" + "vb-+" + ]; externalInterface = "ens18"; #enableIPv6 = true; }; diff --git a/host/Rory-nginx/services/cgit.nix b/host/Rory-nginx/services/cgit.nix index dbab79c..72ee221 100644 --- a/host/Rory-nginx/services/cgit.nix +++ b/host/Rory-nginx/services/cgit.nix @@ -1,54 +1,63 @@ -{ config, pkgs, lib, ... }: - -let base_cgit_config = { - enable = true; - nginx.virtualHost = "cgit.rory.gay"; - package = pkgs.cgit-pink; - scanPath = "/data/nginx/html_git"; - settings = { - css = "/cgit.css"; - logo = "/cgit.png"; - favicon = "/favicon.ico"; - readme = ":README.MD"; - about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - clone-url = (lib.concatStringsSep " " [ - "https://cgit.rory.gay/$CGIT_REPO_URL" - "ssh://<user>@git.rory.gay:$CGIT_REPO_URL" - ]); - enable-log-filecount = 1; - enable-log-linecount = 1; - enable-git-config = 1; -#testing - enable-blame = 1; - enable-commit-graph = 1; - enable-follow-links = 1; - enable-http-clone = 1; - enable-index-links = 1; - enable-remote-branches = 1; - enable-subject-links = 1; - enable-tree-linenumbers = 1; - max-atom-items = 100; - max-commit-count = 250; - max-repo-count = 500; - snapshots = "tar.xz"; - #side-by-side-diffs = 1; +{ + config, + pkgs, + lib, + ... +}: +let + base_cgit_config = { + enable = true; + nginx.virtualHost = "cgit.rory.gay"; + package = pkgs.cgit-pink; + scanPath = "/data/nginx/html_git"; + settings = { + css = "/cgit.css"; + logo = "/cgit.png"; + favicon = "/favicon.ico"; + readme = ":README.MD"; + about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; + source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = ( + lib.concatStringsSep " " [ + "https://cgit.rory.gay/$CGIT_REPO_URL" + "ssh://<user>@git.rory.gay:$CGIT_REPO_URL" + ] + ); + enable-log-filecount = 1; + enable-log-linecount = 1; + enable-git-config = 1; + #testing + enable-blame = 1; + enable-commit-graph = 1; + enable-follow-links = 1; + enable-http-clone = 1; + enable-index-links = 1; + enable-remote-branches = 1; + enable-subject-links = 1; + enable-tree-linenumbers = 1; + max-atom-items = 100; + max-commit-count = 250; + max-repo-count = 500; + snapshots = "tar.xz"; + #side-by-side-diffs = 1; - root-title = "cgit.rory.gay"; - root-desc = "Rory&s Git Repositories"; + root-title = "cgit.rory.gay"; + root-desc = "Rory&s Git Repositories"; + }; }; -}; in { +in +{ services.cgit."main" = base_cgit_config; services.cgit."ocp" = lib.attrsets.recursiveUpdate base_cgit_config { scanPath = "/data/nginx/html_git/.ocp"; nginx.location = "/.ocp/"; - settings.clone-url = (lib.concatStringsSep " " [ - "https://cgit.rory.gay/.ocp/$CGIT_REPO_URL" - "ssh://<user>@git.rory.gay:.ocp/$CGIT_REPO_URL" - ]); + settings.clone-url = ( + lib.concatStringsSep " " [ + "https://cgit.rory.gay/.ocp/$CGIT_REPO_URL" + "ssh://<user>@git.rory.gay:.ocp/$CGIT_REPO_URL" + ] + ); }; } - - diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix index 28309b5..08e6760 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix @@ -1,26 +1,41 @@ -{ pkgs, lib, conduit, ... }: +{ + pkgs, + lib, + conduit, + ... +}: { privateNetwork = true; autoStart = true; specialArgs = { inherit conduit; - }; - config = { lib, pkgs, conduit, ... }: { - imports = [ ./root.nix ]; - environment.etc."resolv.conf".text = '' - nameserver 8.8.8.8 - nameserver 8.4.4.8 - nameserver 1.1.1.1 - nameserver 1.0.0.1 + }; + config = + { + lib, + pkgs, + conduit, + ... + }: + { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 ''; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 5432 ]; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 5432 + ]; + }; }; - }; hostAddress = "192.168.100.14"; localAddress = "192.168.100.15"; hostAddress6 = "fc00::5"; localAddress6 = "fc00::6"; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix index c248559..a9929d2 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix @@ -1,12 +1,17 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { - imports = - [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; + imports = [ + ./services/nginx.nix + ./services/conduit.nix + ./services/pantalaimon.nix + ]; environment.systemPackages = with pkgs; [ wget @@ -27,4 +32,4 @@ dig cloud-utils ]; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix index e01b1d0..6713b26 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { services.matrix-conduit = { @@ -18,4 +24,3 @@ }; }; } - diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix index a33c784..0678047 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services = { @@ -13,22 +18,20 @@ recommendedOptimisation = true; appendConfig = '' worker_processes 16; - ''; - eventsConfig = '' + ''; + eventsConfig = '' #use kqueue; worker_connections 512; - ''; + ''; appendHttpConfig = '' #sendfile on; disable_symlinks off; ''; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; + additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { "conduit.matrixunittests.rory.gay" = { locations."/" = { - proxyPass = "http://127.0.0.1:6167"; + proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; @@ -50,23 +53,19 @@ locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "conduit.matrixunittests.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "conduit.matrixunittests.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://conduit.matrixunittests.rory.gay"; - } - }'; - ''; + return 200 '${builtins.toJSON { "m.homeserver".base_url = "https://conduit.matrixunittests.rory.gay"; }}'; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ + return 200 '${ + builtins.toJSON { + admins = [ { matrix_id = "@emma:rory.gay"; role = "admin"; @@ -92,7 +91,7 @@ }; }; systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; + LimitNOFILE = 5000000; }; security.acme.acceptTerms = true; security.acme.defaults.email = "root@rory.gay"; diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix index b5f7f77..da95e76 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.pantalaimon-headless = { @@ -13,4 +18,3 @@ }; } - diff --git a/host/Rory-nginx/services/containers/matrixunittests/container.nix b/host/Rory-nginx/services/containers/matrixunittests/container.nix index 597b1cf..5273b4e 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/container.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/container.nix @@ -1,26 +1,41 @@ -{ pkgs, lib, conduit, ... }: +{ + pkgs, + lib, + conduit, + ... +}: { privateNetwork = true; autoStart = true; specialArgs = { inherit conduit; - }; - config = { lib, pkgs, conduit, ... }: { - imports = [ ./root.nix ]; - environment.etc."resolv.conf".text = '' - nameserver 8.8.8.8 - nameserver 8.4.4.8 - nameserver 1.1.1.1 - nameserver 1.0.0.1 + }; + config = + { + lib, + pkgs, + conduit, + ... + }: + { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 ''; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 5432 ]; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 5432 + ]; + }; }; - }; hostAddress = "192.168.100.12"; localAddress = "192.168.100.13"; hostAddress6 = "fc00::3"; localAddress6 = "fc00::4"; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/matrixunittests/root.nix b/host/Rory-nginx/services/containers/matrixunittests/root.nix index c248559..a9929d2 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/root.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/root.nix @@ -1,12 +1,17 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { - imports = - [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; + imports = [ + ./services/nginx.nix + ./services/conduit.nix + ./services/pantalaimon.nix + ]; environment.systemPackages = with pkgs; [ wget @@ -27,4 +32,4 @@ dig cloud-utils ]; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix index e07dad3..573075e 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { services.matrix-conduit = { @@ -21,7 +27,7 @@ systemd.services.matrix-conduit-reg-token = { enable = true; description = "Random registration token for Conduit."; - wantedBy = ["conduit.service"]; # So the registration can be used by Conduit. + wantedBy = [ "conduit.service" ]; # So the registration can be used by Conduit. script = '' rm -rfv /var/lib/matrix-conduit/* @@ -36,4 +42,3 @@ }; } - diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix index d6697be..98d2e52 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services = { @@ -13,22 +18,20 @@ recommendedOptimisation = true; appendConfig = '' worker_processes 16; - ''; - eventsConfig = '' + ''; + eventsConfig = '' #use kqueue; worker_connections 512; - ''; + ''; appendHttpConfig = '' #sendfile on; disable_symlinks off; ''; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; + additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { "matrixunittests.rory.gay" = { locations."/" = { - proxyPass = "http://127.0.0.1:6167"; + proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; @@ -50,23 +53,19 @@ locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "matrixunittests.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "matrixunittests.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://matrixunittests.rory.gay"; - } - }'; - ''; + return 200 '${builtins.toJSON { "m.homeserver".base_url = "https://matrixunittests.rory.gay"; }}'; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ + return 200 '${ + builtins.toJSON { + admins = [ { matrix_id = "@emma:rory.gay"; role = "admin"; @@ -92,7 +91,7 @@ }; }; systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; + LimitNOFILE = 5000000; }; security.acme.acceptTerms = true; security.acme.defaults.email = "root@rory.gay"; diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix index b5f7f77..da95e76 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.pantalaimon-headless = { @@ -13,4 +18,3 @@ }; } - diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix index f1ddb3f..4ddffeb 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix @@ -1,26 +1,38 @@ -{ pkgs, lib, conduit, ... }: +{ + pkgs, + lib, + conduit, + ... +}: { privateNetwork = true; autoStart = true; specialArgs = { inherit conduit; - }; - config = { lib, pkgs, conduit, ... }: { - imports = [ ./root.nix ]; - environment.etc."resolv.conf".text = '' - nameserver 8.8.8.8 - nameserver 8.4.4.8 - nameserver 1.1.1.1 - nameserver 1.0.0.1 + }; + config = + { + lib, + pkgs, + conduit, + ... + }: + { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 ''; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; }; - }; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::2"; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix index c248559..a9929d2 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix @@ -1,12 +1,17 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { - imports = - [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; + imports = [ + ./services/nginx.nix + ./services/conduit.nix + ./services/pantalaimon.nix + ]; environment.systemPackages = with pkgs; [ wget @@ -27,4 +32,4 @@ dig cloud-utils ]; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix index 069b055..bbc042c 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, conduit, ... }: +{ + config, + pkgs, + lib, + conduit, + ... +}: { services.matrix-conduit = { @@ -18,7 +24,7 @@ systemd.services.matrix-conduit-reg-token = { enable = true; description = "Random registration token for Conduit."; - wantedBy = ["conduit.service"]; # So the registration can be used by Conduit. + wantedBy = [ "conduit.service" ]; # So the registration can be used by Conduit. script = '' reg_token=`cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c 256` @@ -37,4 +43,3 @@ }; } - diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix index 9ec08fd..0f9fad4 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services = { @@ -13,22 +18,20 @@ recommendedOptimisation = true; appendConfig = '' worker_processes 16; - ''; - eventsConfig = '' + ''; + eventsConfig = '' #use kqueue; worker_connections 512; - ''; + ''; appendHttpConfig = '' #sendfile on; disable_symlinks off; ''; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; + additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { "pcpoc.rory.gay" = { locations."/" = { - proxyPass = "http://127.0.0.1:6167"; + proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; @@ -50,23 +53,19 @@ locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "pcpoc.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "pcpoc.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://pcpoc.rory.gay"; - } - }'; - ''; + return 200 '${builtins.toJSON { "m.homeserver".base_url = "https://pcpoc.rory.gay"; }}'; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ + return 200 '${ + builtins.toJSON { + admins = [ { matrix_id = "@emma:rory.gay"; role = "admin"; @@ -92,7 +91,7 @@ }; }; systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; + LimitNOFILE = 5000000; }; security.acme.acceptTerms = true; security.acme.defaults.email = "root@rory.gay"; diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix index b5f7f77..da95e76 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.pantalaimon-headless = { @@ -13,4 +18,3 @@ }; } - diff --git a/host/Rory-nginx/services/discordbots.nix b/host/Rory-nginx/services/discordbots.nix index 93622e7..1183807 100755 --- a/host/Rory-nginx/services/discordbots.nix +++ b/host/Rory-nginx/services/discordbots.nix @@ -1,12 +1,17 @@ -{ config, pkgs, lib, botcore-v4, ... }: +{ + config, + pkgs, + lib, + botcore-v4, + ... +}: { - imports = - [ - botcore-v4.modules.bots - botcore-v4.modules.frontend - botcore-v4.modules.dataupdater - botcore-v4.modules.users - ]; + imports = [ + botcore-v4.modules.bots + botcore-v4.modules.frontend + botcore-v4.modules.dataupdater + botcore-v4.modules.users + ]; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/jitsi.nix b/host/Rory-nginx/services/jitsi.nix index 02b0af9..29f6a9e 100755 --- a/host/Rory-nginx/services/jitsi.nix +++ b/host/Rory-nginx/services/jitsi.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.jitsi-videobridge.openFirewall = true; @@ -6,261 +11,265 @@ enable = true; nginx.enable = true; hostName = "jitsi.rory.gay"; -# interfaceConfig = { -# APP_NAME = "Rory&'s Jitsi Meet Instance"; -# AUDIO_LEVEL_PRIMARY_COLOR = "rgba(255,0,255,0.5)"; -# AUDIO_LEVEL_SECONDARY_COLOR = "rgba(255,0,255,0.25)"; -# AUTO_PIN_LATEST_SCREEN_SHARE = true; -# BRAND_WATERMARK_LINK = "https://rory.gay"; -# CLOSE_PAGE_GUEST_HINT = false; -# DEFAULT_BACKGROUND = "#000000"; -# DEFAULT_WELCOME_PAGE_LOGO_URL = ""; -# DISABLE_DOMINANT_SPEAKER_INDICATOR = true; -# DISABLE_JOIN_LEAVE_NOTIFICATIONS = true; -# DISABLE_PRESENCE_STATUS = true; -# DISABLE_TRANSCRIPTION_SUBTITLES = true; -# DISABLE_VIDEO_BACKGROUND = true; -# DISABLE_WELCOME_FOOTER = false; -# DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD = false; -# DISPLAY_WELCOME_PAGE_CONTENT = false; -# DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT = false; -# ENABLE_DIAL_OUT = false; -# FILM_STRIP_MAX_HEIGHT = 80; -# HIDE_INVITE_MORE_HEADER = true; -# JITSI_WATERMARK_LINK = ""; -# LANG_DETECTION = false; -# LOCAL_THUMBNAIL_RATIO = 16 / 9; -# MAXIMUM_ZOOMING_COEFFICIENT = 2; -# MOBILE_APP_PROMO = false; -# OPTIMAL_BROWSERS = [ "firefox" ]; -# POLICY_LOGO = ""; -# PROVIDER_NAME = "Rory&'s Jitsi Meet Instance"; -# SETTINGS_SECTIONS = [ "devices" "language" "moderator" "profile" "calendar" "sounds" "more" ]; -# SHARING_FEATURES = [ "url" "embed" ]; -# SHOW_BRAND_WATERMARK = true; -# SHOW_CHROME_EXTENSION_BANNER = false; -# SHOW_JITSI_WATERMARK = false; -# SHOW_POWERED_BY = false; -# SHOW_PROMOTIONAL_CLOSE_PAGE = false; -# VERTICAL_FILMSTRIP = true; -# VIDEO_LAYOUT_FIT = "nocrop"; -# VIDEO_QUALITY_LABEL_DISABLED = false; -# }; -# config = { -# #hosts.domain = "jitsi.rory.gay"; -# testing = { -# assumeBandwidth = false; -# noAutoPlayVideo = false; -# callStatsTreshold = 100; -# }; -# disableModeratorIndicator = false; -# disableReactions = false; -# disableReactionsModeration = false; -# disablePolls = false; -# disableSelfView = false; -# disableSelfViewSettings = false; -# screenshotCapture = { -# enabled = true; -# mode = "always"; -# }; -# disableAudioLevels = false; -# audioLevelsInterval = 12; -# enableNoAudioDetection = true; -# enableSaveLogs = false; -# disableShowMoreStats = false; -# enableNoisyMicDetection = false; -# startAudioOnly = false; -# startAudioMuted = 100; -# startSilent = false; -# enableOpusRed = true; -# audioQuality = { -# stereo = false; -# opusMaxAverageBitrate = 51000; -# enableOpusDtx = true; -# }; -# resolution = 720; -# disableRemoveRaisedHandOnFocus = false; -# speakerStats = { -# disabled = false; -# disableSearch = false; -# order = [ -# "role" -# "name" -# "left" -# ]; -# }; -# maxFullResolutionParticipants = 10; -# constraints = { -# video = { -# height = { -# ideal = 720; -# max = 1080; -# min = 144; -# }; -# }; -# }; -# disableSimulcast = false; -# startVideoMuted = 50; -# startWithVideoMuted = false; -# desktopSharingFrameRate = { -# min = 5; -# max = 5; -# }; -# recordingService.enabled = false; -# localRecording = { -# disable = true; -# notifyAllParticipants = true; -# disableSelfRecording = true; -# }; -# transcription.enabled = false; -# connectionIndicators = { -# autoHide = false; -# autoHideTimeout = 5000; -# disabled = false; -# disableDetails = false; -# inactiveDisabled = false; -# }; -# videoQuality = { -# codecPreferenceOrder = [ "VP9" "VP8" "H264" ]; -# maxBitratesVideo = { -# H264 = { -# low = 200000; # 200 kbps -# standard = 500000; # 500 kbps -# high = 700000; # 700 kbps -# }; -# VP8 = { -# low = 200000; # 200 kbps -# standard = 500000; # 500 kbps -# high = 700000; # 700 kbps -# }; -# VP9 = { -# low = 200000; # 200 kbps -# standard = 500000; # 500 kbps -# high = 700000; # 700 kbps -# }; -# }; -# }; -# notificationTimeouts = { -# short = 2000; -# moderate = 4000; -# long = 600; -# }; -# disableRtx = false; -# disableBeforeUnloadHandler = false; -# -# # UI settings -# disableResponsiveTiles = false; -# enableWebHID = true; -# welcomePage = { -# disabled = true; -# customUrl = "https://jitsi.rory.gay/null"; -# }; -# lobby = { -# autoKnock = true; -# enableChat = true; -# }; -# securityUi = { -# hideLobbyButton = false; -# disableLobbyPassword = false; -# }; -# disableShortcuts = true; -# disableInitialGUM = true; -# enableClosePage = false; -# disable1On1Mode = true; -# defaultLocalDisplayName = "User"; -# defaultRemoteDisplayName = "Other User"; -# hideDisplayName = false; -# hideDominantSpeakerBadge = false; -# disableProfile = false; -# hideEmailInSettings = false; -# roomPasswordNumberOfDigits = false; -# enableCalendarIntegration = false; -# prejoinConfig = { -# enabled = true; -# hideDisplayName = false; -# hideExtraJoinButtons = ["by-phone"]; -# }; -# openSharedDocumentOnJoin = false; -# enableInsecureRoomNameWarning = false; -# enableAutomaticUrlCopy = false; -# toolbarButtons = [ -# "camera" -# "chat" -# #"closedcaptions" -# "desktop" -# "download" -# "embedmeeting" -# #"etherpad" -# #"feedback" -# "filmstrip" -# "fullscreen" -# "hangup" -# #"help" -# "highlight" -# "invite" -# #"linktosalesforce" -# "livestreaming" -# "microphone" -# "noisesuppression" -# "participants-pane" -# "profile" -# "raisehand" -# #"recording" -# "security" -# "select-background" -# "settings" -# "shareaudio" -# "sharedvideo" -# "shortcuts" -# "stats" -# "tileview" -# "toggle-camera" -# "videoquality" -# #"whiteboard" -# ]; -# toolbarConfig = { -# alwaysVisible = true; -# }; -# gatherStats = true; -# pcStatsInterval = 1000; -# enableDisplayNameInStats = true; -# feedbackPercentage = 0; -# p2p = { -# enabled = false; -# }; -# analytics.disabled = true; -# remoteVideoMenu = { -# disabled = false; -# disableKick = false; -# disableGrantModerator = false; -# disablePrivateChat = false; -# }; -# disableRemoteMute = false; -# enableLipSync = true; -# participantsPane = { -# hideModeratorSettingsTab = false; -# hideMoreActionsButton = false; -# hideMuteAllButton = false; -# }; -# breakoutRooms = { -# hideAddRoomButton = true; -# hideAutoAssignButton = true; -# hideJoinRoomButton = true; -# }; -# disableVirtualBackground = true; -# disableAddingBackgroundImages = true; -# disableScreensharingVirtualBackground = true; -# backgroundAlpha = 0.5; -# hideConferenceTimer = false; -# hideConferenceSubject = false; -# hideParticipantsStats = false; -# displayJids = true; -# requireDisplayName = true; -# disableChatSmileys = true; -# }; + # interfaceConfig = { + # APP_NAME = "Rory&'s Jitsi Meet Instance"; + # AUDIO_LEVEL_PRIMARY_COLOR = "rgba(255,0,255,0.5)"; + # AUDIO_LEVEL_SECONDARY_COLOR = "rgba(255,0,255,0.25)"; + # AUTO_PIN_LATEST_SCREEN_SHARE = true; + # BRAND_WATERMARK_LINK = "https://rory.gay"; + # CLOSE_PAGE_GUEST_HINT = false; + # DEFAULT_BACKGROUND = "#000000"; + # DEFAULT_WELCOME_PAGE_LOGO_URL = ""; + # DISABLE_DOMINANT_SPEAKER_INDICATOR = true; + # DISABLE_JOIN_LEAVE_NOTIFICATIONS = true; + # DISABLE_PRESENCE_STATUS = true; + # DISABLE_TRANSCRIPTION_SUBTITLES = true; + # DISABLE_VIDEO_BACKGROUND = true; + # DISABLE_WELCOME_FOOTER = false; + # DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD = false; + # DISPLAY_WELCOME_PAGE_CONTENT = false; + # DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT = false; + # ENABLE_DIAL_OUT = false; + # FILM_STRIP_MAX_HEIGHT = 80; + # HIDE_INVITE_MORE_HEADER = true; + # JITSI_WATERMARK_LINK = ""; + # LANG_DETECTION = false; + # LOCAL_THUMBNAIL_RATIO = 16 / 9; + # MAXIMUM_ZOOMING_COEFFICIENT = 2; + # MOBILE_APP_PROMO = false; + # OPTIMAL_BROWSERS = [ "firefox" ]; + # POLICY_LOGO = ""; + # PROVIDER_NAME = "Rory&'s Jitsi Meet Instance"; + # SETTINGS_SECTIONS = [ "devices" "language" "moderator" "profile" "calendar" "sounds" "more" ]; + # SHARING_FEATURES = [ "url" "embed" ]; + # SHOW_BRAND_WATERMARK = true; + # SHOW_CHROME_EXTENSION_BANNER = false; + # SHOW_JITSI_WATERMARK = false; + # SHOW_POWERED_BY = false; + # SHOW_PROMOTIONAL_CLOSE_PAGE = false; + # VERTICAL_FILMSTRIP = true; + # VIDEO_LAYOUT_FIT = "nocrop"; + # VIDEO_QUALITY_LABEL_DISABLED = false; + # }; + # config = { + # #hosts.domain = "jitsi.rory.gay"; + # testing = { + # assumeBandwidth = false; + # noAutoPlayVideo = false; + # callStatsTreshold = 100; + # }; + # disableModeratorIndicator = false; + # disableReactions = false; + # disableReactionsModeration = false; + # disablePolls = false; + # disableSelfView = false; + # disableSelfViewSettings = false; + # screenshotCapture = { + # enabled = true; + # mode = "always"; + # }; + # disableAudioLevels = false; + # audioLevelsInterval = 12; + # enableNoAudioDetection = true; + # enableSaveLogs = false; + # disableShowMoreStats = false; + # enableNoisyMicDetection = false; + # startAudioOnly = false; + # startAudioMuted = 100; + # startSilent = false; + # enableOpusRed = true; + # audioQuality = { + # stereo = false; + # opusMaxAverageBitrate = 51000; + # enableOpusDtx = true; + # }; + # resolution = 720; + # disableRemoveRaisedHandOnFocus = false; + # speakerStats = { + # disabled = false; + # disableSearch = false; + # order = [ + # "role" + # "name" + # "left" + # ]; + # }; + # maxFullResolutionParticipants = 10; + # constraints = { + # video = { + # height = { + # ideal = 720; + # max = 1080; + # min = 144; + # }; + # }; + # }; + # disableSimulcast = false; + # startVideoMuted = 50; + # startWithVideoMuted = false; + # desktopSharingFrameRate = { + # min = 5; + # max = 5; + # }; + # recordingService.enabled = false; + # localRecording = { + # disable = true; + # notifyAllParticipants = true; + # disableSelfRecording = true; + # }; + # transcription.enabled = false; + # connectionIndicators = { + # autoHide = false; + # autoHideTimeout = 5000; + # disabled = false; + # disableDetails = false; + # inactiveDisabled = false; + # }; + # videoQuality = { + # codecPreferenceOrder = [ "VP9" "VP8" "H264" ]; + # maxBitratesVideo = { + # H264 = { + # low = 200000; # 200 kbps + # standard = 500000; # 500 kbps + # high = 700000; # 700 kbps + # }; + # VP8 = { + # low = 200000; # 200 kbps + # standard = 500000; # 500 kbps + # high = 700000; # 700 kbps + # }; + # VP9 = { + # low = 200000; # 200 kbps + # standard = 500000; # 500 kbps + # high = 700000; # 700 kbps + # }; + # }; + # }; + # notificationTimeouts = { + # short = 2000; + # moderate = 4000; + # long = 600; + # }; + # disableRtx = false; + # disableBeforeUnloadHandler = false; + # + # # UI settings + # disableResponsiveTiles = false; + # enableWebHID = true; + # welcomePage = { + # disabled = true; + # customUrl = "https://jitsi.rory.gay/null"; + # }; + # lobby = { + # autoKnock = true; + # enableChat = true; + # }; + # securityUi = { + # hideLobbyButton = false; + # disableLobbyPassword = false; + # }; + # disableShortcuts = true; + # disableInitialGUM = true; + # enableClosePage = false; + # disable1On1Mode = true; + # defaultLocalDisplayName = "User"; + # defaultRemoteDisplayName = "Other User"; + # hideDisplayName = false; + # hideDominantSpeakerBadge = false; + # disableProfile = false; + # hideEmailInSettings = false; + # roomPasswordNumberOfDigits = false; + # enableCalendarIntegration = false; + # prejoinConfig = { + # enabled = true; + # hideDisplayName = false; + # hideExtraJoinButtons = ["by-phone"]; + # }; + # openSharedDocumentOnJoin = false; + # enableInsecureRoomNameWarning = false; + # enableAutomaticUrlCopy = false; + # toolbarButtons = [ + # "camera" + # "chat" + # #"closedcaptions" + # "desktop" + # "download" + # "embedmeeting" + # #"etherpad" + # #"feedback" + # "filmstrip" + # "fullscreen" + # "hangup" + # #"help" + # "highlight" + # "invite" + # #"linktosalesforce" + # "livestreaming" + # "microphone" + # "noisesuppression" + # "participants-pane" + # "profile" + # "raisehand" + # #"recording" + # "security" + # "select-background" + # "settings" + # "shareaudio" + # "sharedvideo" + # "shortcuts" + # "stats" + # "tileview" + # "toggle-camera" + # "videoquality" + # #"whiteboard" + # ]; + # toolbarConfig = { + # alwaysVisible = true; + # }; + # gatherStats = true; + # pcStatsInterval = 1000; + # enableDisplayNameInStats = true; + # feedbackPercentage = 0; + # p2p = { + # enabled = false; + # }; + # analytics.disabled = true; + # remoteVideoMenu = { + # disabled = false; + # disableKick = false; + # disableGrantModerator = false; + # disablePrivateChat = false; + # }; + # disableRemoteMute = false; + # enableLipSync = true; + # participantsPane = { + # hideModeratorSettingsTab = false; + # hideMoreActionsButton = false; + # hideMuteAllButton = false; + # }; + # breakoutRooms = { + # hideAddRoomButton = true; + # hideAutoAssignButton = true; + # hideJoinRoomButton = true; + # }; + # disableVirtualBackground = true; + # disableAddingBackgroundImages = true; + # disableScreensharingVirtualBackground = true; + # backgroundAlpha = 0.5; + # hideConferenceTimer = false; + # hideConferenceSubject = false; + # hideParticipantsStats = false; + # displayJids = true; + # requireDisplayName = true; + # disableChatSmileys = true; + # }; }; - networking.firewall.allowedTCPPorts = [ 80 443 5349 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 5349 + ]; networking.firewall.allowedUDPPorts = [ 10000 ]; services.nginx.virtualHosts."jitsi.rory.gay" = { enableACME = true; @@ -270,4 +279,3 @@ system.stateVersion = "22.11"; # DO NOT EDIT! } - diff --git a/host/Rory-nginx/services/matrix/coturn.nix b/host/Rory-nginx/services/matrix/coturn.nix index 427721a..1fed755 100755 --- a/host/Rory-nginx/services/matrix/coturn.nix +++ b/host/Rory-nginx/services/matrix/coturn.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { # coturn (WebRTC) @@ -50,4 +55,3 @@ #}; } - diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix index 65c5a21..f2a8357 100755 --- a/host/Rory-nginx/services/matrix/draupnir.nix +++ b/host/Rory-nginx/services/matrix/draupnir.nix @@ -1,10 +1,15 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { # Alicia - doesnt work yet... until in nixpkgs... services.draupnir = { enable = true; - + pantalaimon = { enable = true; username = "draupnir"; @@ -48,10 +53,9 @@ }; }; -# services.pantalaimon-headless.instances.draupnir = { -# homeserver = "http://localhost:8008"; -# ssl = false; -# }; + # services.pantalaimon-headless.instances.draupnir = { + # homeserver = "http://localhost:8008"; + # ssl = false; + # }; } - diff --git a/host/Rory-nginx/services/matrix/grapevine.nix b/host/Rory-nginx/services/matrix/grapevine.nix index 700c4bb..1cb2e19 100755 --- a/host/Rory-nginx/services/matrix/grapevine.nix +++ b/host/Rory-nginx/services/matrix/grapevine.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.grapevine = { @@ -6,9 +11,9 @@ enable = true; settings = { conduit_compat = true; -# address = "127.0.0.1"; + # address = "127.0.0.1"; server_name = "conduit.rory.gay"; - + listen = [ { type = "tcp"; @@ -30,4 +35,3 @@ }; }; } - diff --git a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix index 8c31e10..43c26ca 100755 --- a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix +++ b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix @@ -1,8 +1,13 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { # Discord bridge - services.matrix-appservice-discord = { + services.matrix-appservice-discord = { enable = false; # Alicia - figure out secret first... environmentFile = /etc/keyring/matrix-appservice-discord/tokens.env; # The appservice is pre-configured to use SQLite by default. @@ -20,7 +25,6 @@ connString = "postgres://postgres@127.0.0.1/matrix-appservice-discord"; }; }; - }; + }; } - diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix index fbec107..7eb599c 100755 --- a/host/Rory-nginx/services/matrix/matrix-media-gate.nix +++ b/host/Rory-nginx/services/matrix/matrix-media-gate.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, MatrixMediaGate, ... }: +{ + config, + pkgs, + lib, + MatrixMediaGate, + ... +}: { systemd.services = { @@ -38,4 +44,3 @@ }; }; } - diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix index 3ab3028..87b5cc9 100755 --- a/host/Rory-nginx/services/matrix/root.nix +++ b/host/Rory-nginx/services/matrix/root.nix @@ -1,14 +1,20 @@ -{ config, pkgs, lib, botcore-v4, ... }: +{ + config, + pkgs, + lib, + botcore-v4, + ... +}: { - imports = - [ - ./synapse/synapse-main.nix - ./coturn.nix - ./matrix-appservice-discord.nix - ./draupnir.nix - ./grapevine.nix - #./matrix-media-gate.nix - ]; + imports = [ + ./synapse/synapse-main.nix + ./coturn.nix + ./matrix-appservice-discord.nix + ./draupnir.nix + ./grapevine.nix + ./sliding-sync.nix + #./matrix-media-gate.nix + ]; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/sliding-sync.nix b/host/Rory-nginx/services/matrix/sliding-sync.nix index bb028bd..e35113d 100644 --- a/host/Rory-nginx/services/matrix/sliding-sync.nix +++ b/host/Rory-nginx/services/matrix/sliding-sync.nix @@ -1,12 +1,12 @@ { config }: { - services.matrix-sliding-sync = { - enable = true; - settings = { - "SYNCV3_SERVER" = "http://localhost:8008"; - "SYNCV3_DB" = "postgresql://%2Frun%2Fpostgresql/syncv3"; - "SYNCV3_BINDADDR" = "0.0.0.0:8100"; - }; - environmentFile = "/etc/sliding-sync.env"; + services.matrix-sliding-sync = { + enable = true; + settings = { + "SYNCV3_SERVER" = "http://localhost:8008"; + "SYNCV3_DB" = "postgresql://%2Frun%2Fpostgresql/syncv3"; + "SYNCV3_BINDADDR" = "0.0.0.0:8100"; }; -] \ No newline at end of file + environmentFile = "/etc/sliding-sync.env"; + }; +} diff --git a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix index 26c61a1..8bdaf19 100755 --- a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix +++ b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { services.matrix-synapse = { @@ -25,7 +30,7 @@ max_long_retry_delay = "30s"; }; - event_cache_size = "1200K"; #defaults to 10K + event_cache_size = "1200K"; # defaults to 10K caches = { global_factor = 5000.0; cache_entry_ttl = "12h"; @@ -41,18 +46,26 @@ # Alicia - figure this out later... #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; - + listeners = [ - { + { port = 8008; - bind_addresses = [ "192.168.1.2" "127.0.0.1" ]; + bind_addresses = [ + "192.168.1.2" + "127.0.0.1" + ]; type = "http"; tls = false; x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; - compress = true; - } ]; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = true; + } + ]; } ]; dynamic_thumbnails = true; @@ -171,42 +184,41 @@ plugins = with pkgs.matrix-synapse-plugins; [ # Alicia - need to port draupnir... #matrix-synapse-mjolnir-antispam -# matrix-synapse-pam + # matrix-synapse-pam ]; -# extraConfigFiles = [ -# (pkgs.writeTextFile { -# name = "matrix-synapse-extra-config.yml"; -# text = '' -# modules: -# - module: "pam_auth_provider.PAMAuthProvider" -# config: -# create_users: true -# skip_user_check: false -# ''; -# }) -# ]; + # extraConfigFiles = [ + # (pkgs.writeTextFile { + # name = "matrix-synapse-extra-config.yml"; + # text = '' + # modules: + # - module: "pam_auth_provider.PAMAuthProvider" + # config: + # create_users: true + # skip_user_check: false + # ''; + # }) + # ]; }; - systemd.services.matrix-synapse-reg-token = { - description = "Random registration token for Synapse."; - before = ["matrix-synapse.service"]; # So the registration can be used by Synapse - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - - script = '' - - if [ ! -f "registration_shared_secret.txt" ] - then - cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt - else - echo Not generating key, key exists; - fi''; - serviceConfig = { - User = "matrix-synapse"; - Group = "matrix-synapse"; - WorkingDirectory = "/var/lib/matrix-synapse"; - }; + systemd.services.matrix-synapse-reg-token = { + description = "Random registration token for Synapse."; + before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + script = '' + + if [ ! -f "registration_shared_secret.txt" ] + then + cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt + else + echo Not generating key, key exists; + fi''; + serviceConfig = { + User = "matrix-synapse"; + Group = "matrix-synapse"; + WorkingDirectory = "/var/lib/matrix-synapse"; }; + }; } - diff --git a/host/Rory-nginx/services/matrix/synapse/caches.nix b/host/Rory-nginx/services/matrix/synapse/caches.nix index 6196129..16fe0fc 100644 --- a/host/Rory-nginx/services/matrix/synapse/caches.nix +++ b/host/Rory-nginx/services/matrix/synapse/caches.nix @@ -1,7 +1,15 @@ { - gc_min_interval = [ "15m" "30m" "60m" ]; - gc_thresholds = [ 10000 5000 2500 ]; - event_cache_size = "12000K"; #defaults to 10K + gc_min_interval = [ + "15m" + "30m" + "60m" + ]; + gc_thresholds = [ + 10000 + 5000 + 2500 + ]; + event_cache_size = "12000K"; # defaults to 10K caches = { global_factor = 500000.0; cache_entry_ttl = "24h"; @@ -13,4 +21,4 @@ min_cache_ttl = "6h"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/db.nix b/host/Rory-nginx/services/matrix/synapse/db.nix index c5edc51..d8dcde3 100644 --- a/host/Rory-nginx/services/matrix/synapse/db.nix +++ b/host/Rory-nginx/services/matrix/synapse/db.nix @@ -1,7 +1,8 @@ -{ +{ workerName ? null, - dbGroup ? null -}: { + dbGroup ? null, +}: +{ name = "psycopg2"; args = { user = "matrix-synapse-rory-gay"; @@ -9,13 +10,23 @@ database = "matrix-synapse-rory-gay"; host = "/run/postgresql"; application_name = "matrix-synapse (rory.gay) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}"; - cp_min = if dbGroup == "small" then 2 - else if dbGroup == "medium" then 5 - else if dbGroup == "large" then 10 - else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; - cp_max = if dbGroup == "small" then 2 - else if dbGroup == "medium" then 10 - else if dbGroup == "large" then 10 - else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; + cp_min = + if dbGroup == "small" then + 2 + else if dbGroup == "medium" then + 5 + else if dbGroup == "large" then + 10 + else + throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; + cp_max = + if dbGroup == "small" then + 2 + else if dbGroup == "medium" then + 10 + else if dbGroup == "large" then + 10 + else + throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix index 8165fe4..4f6b7db 100644 --- a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix +++ b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix @@ -53,4 +53,4 @@ concurrent = 100; }; federation_rr_transactions_per_room_per_second = 1; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix index 4dc13a8..acd842f 100755 --- a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix +++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix @@ -1,11 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py # Documentation: https://github.com/element-hq/synapse/blob/develop/docs/workers.md - imports = [ - ./workers/module.nix - ]; + imports = [ ./workers/module.nix ]; services.matrix-synapse = { enable = true; @@ -39,26 +42,36 @@ }; registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; - + listeners = [ - { + { port = 8008; - bind_addresses = [ "192.168.1.2" "127.0.0.1" ]; + bind_addresses = [ + "192.168.1.2" + "127.0.0.1" + ]; type = "http"; tls = false; x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; - compress = false; - } ]; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = false; + } + ]; } - { + { type = "http"; path = "/run/matrix-synapse/main.sock"; - resources = [ { - names = [ "replication" ]; - compress = false; - } ]; + resources = [ + { + names = [ "replication" ]; + compress = false; + } + ]; } ]; dynamic_thumbnails = true; @@ -67,7 +80,12 @@ update_interval = 60; }; url_preview_enabled = true; - database = (import ./db.nix { workerName = "main"; dbGroup = "medium"; }); + database = ( + import ./db.nix { + workerName = "main"; + dbGroup = "medium"; + } + ); app_service_config_files = [ #"/etc/matrix-synapse/appservice-registration.yaml" "/var/lib/matrix-synapse/modas-registration.yaml" @@ -101,28 +119,25 @@ "msc3916_authenticated_media_enabled" = true; # Authenticated media }; - redis = { enabled = true; path = "/run/redis-matrix-synapse/redis.sock"; }; - instance_map = { - main = { # replication listener + main = { + # replication listener path = "/run/matrix-synapse/main.sock"; }; }; - } - // import ./ratelimits.nix - // import ./caches.nix; + } // import ./ratelimits.nix // import ./caches.nix; }; systemd.services.matrix-synapse-reg-token = { description = "Random registration token for Synapse."; - before = ["matrix-synapse.service"]; # So the registration can be used by Synapse - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; script = '' @@ -146,8 +161,6 @@ user = "matrix-synapse"; }; }; - - systemd.tmpfiles.rules = [ - "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" - ]; -} \ No newline at end of file + + systemd.tmpfiles.rules = [ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" ]; +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix index 5f1323c..d259edd 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix @@ -1,6 +1,11 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: -let +let cfg = config.services.matrix-synapse; in { @@ -24,7 +29,7 @@ in path = "/run/matrix-synapse/appservice.sock"; resources = [ { - names = ["replication"]; + names = [ "replication" ]; compress = false; } ]; @@ -33,4 +38,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/background.nix b/host/Rory-nginx/services/matrix/synapse/workers/background.nix index d267124..c97d647 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/background.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/background.nix @@ -1,6 +1,11 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: -let +let cfg = config.services.matrix-synapse; in { @@ -24,7 +29,7 @@ in path = "/run/matrix-synapse/background.sock"; resources = [ { - names = ["replication"]; + names = [ "replication" ]; compress = false; } ]; @@ -33,4 +38,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix index c90fe3e..d0b1774 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: +let cfg = config.services.matrix-synapse; federationSenders = lib.range 0 (cfg.federationSenders - 1); in @@ -12,23 +17,25 @@ in outbound_federation_restricted_to = lib.map (index: "federation_sender-${toString index}") federationSenders; }; - workers = lib.listToAttrs (lib.map (index: { - name = "federation_sender-${toString index}"; - value = { - worker_app = "synapse.app.generic_worker"; - worker_listeners = [ - { - type = "http"; - path = "/run/matrix-synapse/pusher-${toString index}.sock"; - resources = [ - { - names = ["replication"]; - compress = false; - } - ]; - } - ]; - }; - }) federationSenders); + workers = lib.listToAttrs ( + lib.map (index: { + name = "federation_sender-${toString index}"; + value = { + worker_app = "synapse.app.generic_worker"; + worker_listeners = [ + { + type = "http"; + path = "/run/matrix-synapse/pusher-${toString index}.sock"; + resources = [ + { + names = [ "replication" ]; + compress = false; + } + ]; + } + ]; + }; + }) federationSenders + ); }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix index 9cc3d92..b9c490e 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix @@ -1,14 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.matrix-synapse; - #eventWriters = lib.range 0 (count - 1); - #typingWriters = lib.range 0 (count - 1); - #deviceWriters = lib.range 0 (count - 1); - #accountDataWriters = lib.range 0 (count - 1); - #receiptsWriters = lib.range 0 (count - 1); - #presenceWriters = lib.range 0 (count - 1); - #pusherWriters = lib.range 0 (count - 1); in +#eventWriters = lib.range 0 (count - 1); +#typingWriters = lib.range 0 (count - 1); +#deviceWriters = lib.range 0 (count - 1); +#accountDataWriters = lib.range 0 (count - 1); +#receiptsWriters = lib.range 0 (count - 1); +#presenceWriters = lib.range 0 (count - 1); +#pusherWriters = lib.range 0 (count - 1); { imports = [ ./federation-sender.nix @@ -16,37 +21,43 @@ in ./pusher.nix ./stream-writers/event-stream-writer.nix ]; - options.services.matrix-synapse = lib.listToAttrs (lib.map (option: { - name = "${option}StreamWriters"; - value = lib.mkOption { - type = lib.types.int; - default = 0; - description = "Number of writers for ${option} streams"; - }; - }) [ - "event" - "typing" - "toDevice" - "accountData" - "receipts" - "presence" - "pushRule" - ]) // { - enableStreamWriters = lib.mkEnableOption "Enable stream writers"; - enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker"; - enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker"; + options.services.matrix-synapse = + lib.listToAttrs ( + lib.map + (option: { + name = "${option}StreamWriters"; + value = lib.mkOption { + type = lib.types.int; + default = 0; + description = "Number of writers for ${option} streams"; + }; + }) + [ + "event" + "typing" + "toDevice" + "accountData" + "receipts" + "presence" + "pushRule" + ] + ) + // { + enableStreamWriters = lib.mkEnableOption "Enable stream writers"; + enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker"; + enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker"; - federationSenders = lib.mkOption { - type = lib.types.int; - default = 0; - description = "Number of federation senders"; - }; - pushers = lib.mkOption { - type = lib.types.int; - default = 0; - description = "Number of pushers"; - }; + federationSenders = lib.mkOption { + type = lib.types.int; + default = 0; + description = "Number of federation senders"; + }; + pushers = lib.mkOption { + type = lib.types.int; + default = 0; + description = "Number of pushers"; }; + }; config = lib.mkIf cfg.enableStreamWriters { #services.matrix-synapse = { @@ -57,7 +68,7 @@ in # path = "/run/matrix-synapse/stream-writer-${toString index}.sock"; # }; # }) federationSenders); -# + # # stream_writers = { # events = lib.map (index: "stream-writer-events-${toString index}") federationSenders; # typing = lib.map (index: "stream-writer-typing-${toString index}") typingWriters; @@ -68,7 +79,7 @@ in # push_rules = lib.map (index: "stream-writer-push_rules-${toString index}") pusherWriters; # }; # }; -# + # # workers = lib.listToAttrs (lib.map (index: { # name = "stream-writerr-${toString index}"; # value = { @@ -78,4 +89,4 @@ in # }) federationSenders); #}; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix index c90561e..f5ef601 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.matrix-synapse; pushers = lib.range 0 (cfg.pushers - 1); @@ -7,34 +12,38 @@ in config = lib.mkIf (cfg.pushers > 0) { services.matrix-synapse = { settings = { - instance_map = lib.listToAttrs (lib.map (index: { - name = "pusher-${toString index}"; - value = { - path = "/run/matrix-synapse/pusher-${toString index}.sock"; - }; - }) pushers); + instance_map = lib.listToAttrs ( + lib.map (index: { + name = "pusher-${toString index}"; + value = { + path = "/run/matrix-synapse/pusher-${toString index}.sock"; + }; + }) pushers + ); pusher_instances = lib.map (index: "pusher-${toString index}") pushers; }; - workers = lib.listToAttrs (lib.map (index: { - name = "pusher-${toString index}"; - value = { - worker_app = "synapse.app.generic_worker"; - worker_listeners = [ - { - type = "http"; - path = "/run/matrix-synapse/pusher-${toString index}.sock"; - resources = [ - { - names = ["replication"]; - compress = false; - } - ]; - } - ]; - }; - }) pushers); + workers = lib.listToAttrs ( + lib.map (index: { + name = "pusher-${toString index}"; + value = { + worker_app = "synapse.app.generic_worker"; + worker_listeners = [ + { + type = "http"; + path = "/run/matrix-synapse/pusher-${toString index}.sock"; + resources = [ + { + names = [ "replication" ]; + compress = false; + } + ]; + } + ]; + }; + }) pushers + ); }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix index a661911..d4a9ff4 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix @@ -1,53 +1,66 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.matrix-synapse; - #eventWriters = lib.range 0 (count - 1); - #typingWriters = lib.range 0 (count - 1); - #deviceWriters = lib.range 0 (count - 1); - #accountDataWriters = lib.range 0 (count - 1); - #receiptsWriters = lib.range 0 (count - 1); - #presenceWriters = lib.range 0 (count - 1); - #pusherWriters = lib.range 0 (count - 1); in +#eventWriters = lib.range 0 (count - 1); +#typingWriters = lib.range 0 (count - 1); +#deviceWriters = lib.range 0 (count - 1); +#accountDataWriters = lib.range 0 (count - 1); +#receiptsWriters = lib.range 0 (count - 1); +#presenceWriters = lib.range 0 (count - 1); +#pusherWriters = lib.range 0 (count - 1); { - options.services.matrix-synapse = lib.listToAttrs (lib.map (option: { - name = "${option}StreamWriters"; - value = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of writers for ${option} streams"; - }; - }) [ - "event" - "typing" - "toDevice" - "accountData" - "receipts" - "presence" - "pushRule" - ]) // { - enableStreamWriters = lib.mkEnableOption "Enable stream writers"; - federationSenders = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of federation senders"; - }; - pushers = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of pushers"; - }; + options.services.matrix-synapse = + lib.listToAttrs ( + lib.map + (option: { + name = "${option}StreamWriters"; + value = lib.mkOption { + type = lib.types.int; + default = 1; + description = "Number of writers for ${option} streams"; + }; + }) + [ + "event" + "typing" + "toDevice" + "accountData" + "receipts" + "presence" + "pushRule" + ] + ) + // { + enableStreamWriters = lib.mkEnableOption "Enable stream writers"; + federationSenders = lib.mkOption { + type = lib.types.int; + default = 1; + description = "Number of federation senders"; + }; + pushers = lib.mkOption { + type = lib.types.int; + default = 1; + description = "Number of pushers"; }; + }; config = lib.mkIf cfg.enableStreamWriters { services.matrix-synapse = { settings = { - instance_map = lib.listToAttrs (lib.map (port: { - name = "stream-writer-${toString port}"; - value = { - path = "/run/matrix-synapse/stream-writer-${toString port}.sock"; - }; - }) federationSenders); + instance_map = lib.listToAttrs ( + lib.map (port: { + name = "stream-writer-${toString port}"; + value = { + path = "/run/matrix-synapse/stream-writer-${toString port}.sock"; + }; + }) federationSenders + ); stream_writers = { events = lib.map (port: "stream-writer-events-${toString port}") federationSenders; @@ -60,13 +73,15 @@ in }; }; - workers = lib.listToAttrs (lib.map (port: { - name = "stream-writerr-${toString port}"; - value = { - worker_app = "synapse.app.generic_worker"; - worker_listeners = [ ]; - }; - }) federationSenders); + workers = lib.listToAttrs ( + lib.map (port: { + name = "stream-writerr-${toString port}"; + value = { + worker_app = "synapse.app.generic_worker"; + worker_listeners = [ ]; + }; + }) federationSenders + ); }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix index af7e544..42e9251 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix @@ -1,5 +1,9 @@ - -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.matrix-synapse; streamWriters = lib.range 0 (cfg.eventStreamWriters - 1); @@ -7,35 +11,39 @@ in { services.matrix-synapse = { settings = { - instance_map = lib.listToAttrs (lib.map (port: { - name = "stream-writer-${toString port}"; - value = { - path = "/run/matrix-synapse/stream-writer-${toString port}.sock"; - }; - }) streamWriters); + instance_map = lib.listToAttrs ( + lib.map (port: { + name = "stream-writer-${toString port}"; + value = { + path = "/run/matrix-synapse/stream-writer-${toString port}.sock"; + }; + }) streamWriters + ); stream_writers = { events = lib.map (index: "stream-writer-events-${toString index}") streamWriters; }; }; - workers = lib.listToAttrs (lib.map (index: { - name = "stream-writer-${toString index}"; - value = { - worker_app = "synapse.app.generic_worker"; - worker_listeners = [ - { - type = "http"; - path = "/run/matrix-synapse/stream-writer-${toString index}.sock"; - resources = [ - { - names = ["replication"]; - compress = false; - } - ]; - } - ]; - }; - }) streamWriters); + workers = lib.listToAttrs ( + lib.map (index: { + name = "stream-writer-${toString index}"; + value = { + worker_app = "synapse.app.generic_worker"; + worker_listeners = [ + { + type = "http"; + path = "/run/matrix-synapse/stream-writer-${toString index}.sock"; + resources = [ + { + names = [ "replication" ]; + compress = false; + } + ]; + } + ]; + }; + }) streamWriters + ); }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix index 3e48d0f..73c22b6 100644 --- a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix +++ b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix @@ -22,228 +22,228 @@ # ''; # }; - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - locations."~ ^/_matrix/client/(r0|v3)/sync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + locations."~ ^/_matrix/client/(r0|v3)/sync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; extraConfig = '' - # We want to wait for 15 minutes here... - proxy_read_timeout 54000; - proxy_connect_timeout 54000; - proxy_send_timeout 54000; - ''; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/versions$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; + # We want to wait for 15 minutes here... + proxy_read_timeout 54000; + proxy_connect_timeout 54000; + proxy_send_timeout 54000; + ''; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/versions$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { - proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; - }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { + proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; + }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { - proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; - }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { + proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; + }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { - proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; - }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { + proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; + }; ### DUPLICATES???? # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { - proxyPass = "http://user_dir_workers_upstream$request_uri"; - }; + proxyPass = "http://user_dir_workers_upstream$request_uri"; + }; # ??? - locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8008"; - #proxyPass = "http://$backend"; + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8008"; + #proxyPass = "http://$backend"; proxyPass = "http://127.0.0.1:8008"; - }; + }; - locations."~ ^/_matrix/federation/v1/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state_ids/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/backfill/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/get_missing_events/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/publicRooms" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/query/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/event_auth/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/user/devices/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/key/v2/query" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/hierarchy/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/send/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; + locations."~ ^/_matrix/federation/v1/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state_ids/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/backfill/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/get_missing_events/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/publicRooms" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/query/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/event_auth/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/user/devices/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/key/v2/query" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/hierarchy/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/send/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; ##### media repo @@ -270,12 +270,11 @@ proxyPass = "http://media_repository_workers_upstream$request_uri"; }; - #locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8048"; - #proxyPass = "http://$backend"; - #}; - + #locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8048"; + #proxyPass = "http://$backend"; + #}; - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; } diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix index 00ccdee..cdf3c92 100644 --- a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix +++ b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix @@ -23,4 +23,4 @@ user_dir_workers_upstream.servers = { "127.0.0.1:18661" = { }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams.nix b/host/Rory-nginx/services/nginx/matrix-upstreams.nix index 6ba45af..5dd2fe8 100644 --- a/host/Rory-nginx/services/nginx/matrix-upstreams.nix +++ b/host/Rory-nginx/services/nginx/matrix-upstreams.nix @@ -23,4 +23,4 @@ user_dir_workers_upstream.servers = { "127.0.0.1:8008" = { }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix index 0e993a1..0b53a28 100755 --- a/host/Rory-nginx/services/nginx/nginx.nix +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: +let serveDir = config: { enableACME = if config ? ssl then config.ssl else true; addSSL = if config ? ssl then config.ssl else true; @@ -10,7 +15,8 @@ let }; }; }; -in { +in +{ services = { nginx = { enable = true; @@ -24,11 +30,11 @@ in { defaultMimeTypes = ../../../../modules/packages/nginx/mime.types; appendConfig = '' worker_processes 16; - ''; - eventsConfig = '' + ''; + eventsConfig = '' #use kqueue; worker_connections 512; - ''; + ''; appendHttpConfig = '' #sendfile on; disable_symlinks off; @@ -36,9 +42,7 @@ in { access_log /var/log/nginx/access.log combined_vhosts; ''; upstreams = import ./matrix-upstreams.nix; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; + additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; }; "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; }; @@ -57,11 +61,11 @@ in { "thearcanebrony.net" = import ./thearcanebrony.net/root.nix; "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix; "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix; - + "rory.gay" = import ./rory.gay/root.nix; #"rory.boo" = import ./rory.gay/root.nix; "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; }; - + "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; "cgit.rory.gay" = import ./rory.gay/cgit.nix; #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix; @@ -99,7 +103,7 @@ in { }; }; systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; + LimitNOFILE = 5000000; }; systemd.services.nginx.requires = [ "data.mount" ]; security.acme.acceptTerms = true; diff --git a/host/Rory-nginx/services/nginx/rory.gay/bots.nix b/host/Rory-nginx/services/nginx/rory.gay/bots.nix index 7652dc9..9bd18a8 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/bots.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/bots.nix @@ -6,4 +6,4 @@ proxyPass = "http://127.0.0.1:5033"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix index c9610fd..9503747 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix @@ -6,10 +6,10 @@ kTLS = true; extraConfig = '' brotli off; - ''; + ''; locations = { "/" = { proxyPass = "http://192.168.100.15:80"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix index feaa77a..250a6b2 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix @@ -34,42 +34,42 @@ locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "conduit.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "conduit.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://conduit.rory.gay"; - "m.identity_server".base_url = "https://conduit.rory.gay"; - } + return 200 '${ + builtins.toJSON { + "m.homeserver".base_url = "https://conduit.rory.gay"; + "m.identity_server".base_url = "https://conduit.rory.gay"; + } }'; - ''; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } + return 200 '${ + builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } }'; ''; } diff --git a/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix b/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix index c2feaa1..f6091bc 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix @@ -1,13 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let - overrideJs = filePath: varName: newContent: appendExtra: + overrideJs = + filePath: varName: newContent: appendExtra: let oldContent = builtins.readFile filePath; regex = "var ${varName} = {[^}]*};"; newJs = builtins.replaceStrings [ regex ] [ "var ${varName} = ${newContent};" ] oldContent; in - builtins.writeFile filePath newJs; + builtins.writeFile filePath newJs; cfg = config.services.jitsi-meet; in @@ -33,13 +39,7 @@ in proxy_set_header Host $host; ''; }; - locations."=/external_api.js" = lib.mkDefault { - alias = "${pkgs.jitsi-meet}/libs/external_api.min.js"; - }; - locations."=/config.js" = lib.mkDefault { - alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig; - }; - locations."=/interface_config.js" = lib.mkDefault { - alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig ""; - }; -} \ No newline at end of file + locations."=/external_api.js" = lib.mkDefault { alias = "${pkgs.jitsi-meet}/libs/external_api.min.js"; }; + locations."=/config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig; }; + locations."=/interface_config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig ""; }; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix index 2780979..5d44454 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix @@ -2,7 +2,7 @@ enableACME = true; addSSL = true; locations."/_matrix" = { - proxyPass = "http://192.168.1.5:8008"; + proxyPass = "http://192.168.1.5:8008"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; @@ -21,5 +21,5 @@ } ''; }; - locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; + locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; } diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix index 0c3f6cc..d48f4ca 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix @@ -26,42 +26,42 @@ locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "matrix.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://matrix.rory.gay"; - "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay"; - } + return 200 '${ + builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay"; + } }'; - ''; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } + return 200 '${ + builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } }'; ''; diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix b/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix index 65a2c6c..edb1704 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix @@ -6,10 +6,10 @@ kTLS = true; extraConfig = '' brotli off; - ''; + ''; locations = { "/" = { proxyPass = "http://192.168.100.13:80"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/mru.nix b/host/Rory-nginx/services/nginx/rory.gay/mru.nix index 76fb6d8..dd59830 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/mru.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/mru.nix @@ -10,7 +10,7 @@ extraConfig = '' brotli off; brotli_static off; - ''; + ''; locations = { "/" = { index = "index.html"; diff --git a/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix b/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix index 05f1a0c..b62c5fe 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix @@ -6,10 +6,10 @@ kTLS = true; extraConfig = '' brotli off; - ''; + ''; locations = { "/" = { proxyPass = "http://192.168.100.11:80"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/root.nix b/host/Rory-nginx/services/nginx/rory.gay/root.nix index 075a3ed..11d06c0 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/root.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/root.nix @@ -2,48 +2,47 @@ root = "/data/nginx/html_rory_gay"; enableACME = true; addSSL = true; - extraConfig = '' - autoindex on;''; + extraConfig = ''autoindex on;''; locations."= /.well-known/matrix/server".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "matrix.rory.gay:443"; - }}'; - ''; + return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}'; + ''; locations."= /.well-known/matrix/client".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://matrix.rory.gay"; - "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay"; - } + return 200 '${ + builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay"; + } }'; - ''; + ''; locations."= /.well-known/matrix/support".extraConfig = '' more_set_headers 'Content-Type application/json'; more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } + return 200 '${ + builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } }'; ''; } diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix index af52ec8..f13cb0c 100755 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix @@ -9,4 +9,4 @@ proxyPass = "http://localhost:4998"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix index bd23f10..86dddac 100755 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix @@ -2,8 +2,7 @@ enableACME = true; addSSL = true; root = "/data/nginx/html_thearcanebrony"; - extraConfig = '' - autoindex on;''; + extraConfig = ''autoindex on;''; locations = { "/" = { #index = "index.html"; @@ -12,29 +11,30 @@ return = "301 https://gitlab.com/KinoshitaProductions/SecureDestroyer/-/raw/master/run"; }; "= /.well-known/matrix/support".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${ + builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } - }'; - ''; + }'; + ''; }; } diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix index 6298ba8..cd655d8 100755 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix @@ -3,8 +3,7 @@ addSSL = true; locations = { "/" = { - extraConfig = '' - rewrite ^ https://thearcanebrony.net/unavailable.html break;''; + extraConfig = ''rewrite ^ https://thearcanebrony.net/unavailable.html break;''; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix index 96ffe4b..f496190 100755 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix @@ -6,4 +6,4 @@ proxyPass = "http://192.168.1.4:9000"; }; }; -} \ No newline at end of file +} diff --git a/host/Rory-nginx/services/ollama.nix b/host/Rory-nginx/services/ollama.nix index 8480968..42f8b93 100755 --- a/host/Rory-nginx/services/ollama.nix +++ b/host/Rory-nginx/services/ollama.nix @@ -1,7 +1,12 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { -# systemd.tmpfiles.rules = [ "d /data/ollama 0750 ostgres postgres" ]; + # systemd.tmpfiles.rules = [ "d /data/ollama 0750 ostgres postgres" ]; services.ollama = { enable = true; diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix index ac3b228..a05aa1e 100755 --- a/host/Rory-nginx/services/postgres.nix +++ b/host/Rory-nginx/services/postgres.nix @@ -1,7 +1,12 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ]; + systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ]; services.postgresql = { enable = true; @@ -31,7 +36,7 @@ work_mem = "512MB"; maintenance_work_mem = "1024MB"; huge_pages = "try"; - effective_cache_size = "60GB"; #was 22 + effective_cache_size = "60GB"; # was 22 effective_io_concurrency = "8"; random_page_cost = 4; @@ -44,7 +49,7 @@ wal_level = "replica"; max_wal_senders = 0; - synchronous_commit = "off"; #was on + synchronous_commit = "off"; # was on checkpoint_timeout = "15min"; checkpoint_completion_target = "0.9"; @@ -63,10 +68,10 @@ bgwriter_lru_multiplier = "2.0"; bgwriter_flush_after = "0"; - max_worker_processes = "32"; #was 14 - max_parallel_workers_per_gather = "16"; #was 7 - max_parallel_maintenance_workers = "16"; #was 7 - max_parallel_workers = "32"; #was 14 + max_worker_processes = "32"; # was 14 + max_parallel_workers_per_gather = "16"; # was 7 + max_parallel_maintenance_workers = "16"; # was 7 + max_parallel_workers = "32"; # was 14 parallel_leader_participation = "on"; enable_partitionwise_join = "on"; @@ -81,4 +86,3 @@ }; } - diff --git a/host/Rory-nginx/services/prometheus.nix b/host/Rory-nginx/services/prometheus.nix index 1a5d346..9409529 100644 --- a/host/Rory-nginx/services/prometheus.nix +++ b/host/Rory-nginx/services/prometheus.nix @@ -1,4 +1,4 @@ -{ ... } : +{ ... }: { services.prometheus = { |