From 6c428f5c0febd70f04593b2ef8bf25509e8a45c2 Mon Sep 17 00:00:00 2001 From: Rory& Date: Sun, 21 Apr 2024 02:32:06 +0200 Subject: Add vanilla conduit container --- flake.lock | 599 --------------------- flake.nix | 6 +- host/Rory-desktop/configuration.nix | 6 +- .../matrixunittests-conduit/container.nix | 26 + .../containers/matrixunittests-conduit/root.nix | 31 ++ .../matrixunittests-conduit/services/conduit.nix | 21 + .../matrixunittests-conduit/services/nginx.nix | 100 ++++ .../services/pantalaimon.nix | 16 + host/Rory-nginx/services/nginx/nginx.nix | 1 + .../nginx/rory.gay/conduit.matrixunittests.nix | 15 + modules/base-server.nix | 11 +- modules/base.nix | 15 +- 12 files changed, 236 insertions(+), 611 deletions(-) delete mode 100644 flake.lock create mode 100755 host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix create mode 100755 host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix create mode 100755 host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix create mode 100755 host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix create mode 100755 host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix diff --git a/flake.lock b/flake.lock deleted file mode 100644 index a46c025..0000000 --- a/flake.lock +++ /dev/null @@ -1,599 +0,0 @@ -{ - "nodes": { - "MatrixMediaGate": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1709199781, - "narHash": "sha256-OH9OSnRNj9zHkKMBRwBaa0pMA0yOzibt3h6i3M4KIKw=", - "ref": "refs/heads/master", - "rev": "a3bce27ac19dfd940a34c4c148c0f617f513feed", - "revCount": 18, - "type": "git", - "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/" - }, - "original": { - "type": "git", - "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/" - } - }, - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1707922053, - "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "main", - "repo": "attic", - "type": "github" - } - }, - "botcore-v4": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1683656302, - "narHash": "sha256-I2eu+9/i0ktqNzQwkc0NuczQ2UThCBf8L9xnZ8v3NSM=", - "owner": "BotCore-Devs", - "repo": "BotCore-v4", - "rev": "0e8738ba7df060782df050dc733b0bfc8c499830", - "type": "gitlab" - }, - "original": { - "owner": "BotCore-Devs", - "ref": "staging", - "repo": "BotCore-v4", - "type": "gitlab" - } - }, - "conduit": { - "inputs": { - "attic": "attic", - "crane": "crane_2", - "fenix": "fenix", - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", - "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1713381361, - "narHash": "sha256-0rAVZ6uhdg0ySRVu1hH/mkRZL0wMDO2f42Z1ix9LpPQ=", - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "7ecc570bb8a07aba9802fd0217f978583f55bc8b", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "7ecc570bb8a07aba9802fd0217f978583f55bc8b", - "type": "github" - } - }, - "crane": { - "inputs": { - "nixpkgs": [ - "conduit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", - "owner": "ipetkov", - "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "inputs": { - "nixpkgs": [ - "conduit", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1707685877, - "narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", - "owner": "ipetkov", - "repo": "crane", - "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "conduit", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1711606966, - "narHash": "sha256-nTaO7ZDL4D02dVC5ktqnXNiNuODBUHyE4qEcFjAUCQY=", - "owner": "nix-community", - "repo": "fenix", - "rev": "aa45c3e901ea42d6633af083c0c555efaf948b17", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1713547559, - "narHash": "sha256-zju60y4pyYQoRmqhbgkw+jwmKZReVsCNvb8mZxID2Do=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "938357cb234e85da37109df2cdd9cc59ab9c1cc0", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "home-manager", - "type": "github" - } - }, - "mtxclientSrc": { - "flake": false, - "locked": { - "lastModified": 1710558918, - "narHash": "sha256-N92nf1Ay27auUQR9pZSXx4HMFCG9UGTBei+Eva18TLU=", - "owner": "Nheko-reborn", - "repo": "mtxclient", - "rev": "4fb7d678aeea197d16b52bfb1dc35b506673bb52", - "type": "github" - }, - "original": { - "owner": "Nheko-reborn", - "ref": "master", - "repo": "mtxclient", - "type": "github" - } - }, - "nhekoSrc": { - "flake": false, - "locked": { - "lastModified": 1712511512, - "narHash": "sha256-T27BrHbPrbzI9rymiQbHEp8OMMVn74SG42YAJj8qWmk=", - "owner": "Nheko-reborn", - "repo": "nheko", - "rev": "df88eccfb7f4826299a93b30606364a387b23779", - "type": "github" - }, - "original": { - "owner": "Nheko-reborn", - "ref": "master", - "repo": "nheko", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1710156097, - "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "3342559a24e85fc164b295c3444e8a139924675b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-filter", - "type": "github" - } - }, - "nixos-wsl": { - "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1713528946, - "narHash": "sha256-IBQta+xrEaI2S5UmYrXcgV7Tu7rGLQu2V3TeJseLPSg=", - "owner": "nix-community", - "repo": "NixOS-WSL", - "rev": "63c1247e12f269396ed2df8cdec3aed1f0f3928c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NixOS-WSL", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1708807242, - "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-RoryNix": { - "locked": { - "lastModified": 1713344939, - "narHash": "sha256-jpHkAt0sG2/J7ueKnG7VvLLkBYUMQbXQ2L8OBpVG53s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e402c3eb6d88384ca6c52ef1c53e61bdc9b84ddd", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-rory": { - "locked": { - "lastModified": 1712398816, - "narHash": "sha256-9s+KZY0XBQEl1oEwELIgXuS8OG8E+a0J/8ih+oYCCC4=", - "owner": "TheArcaneBrony", - "repo": "nixpkgs", - "rev": "7e5dba52fb1644c6412871495a946aea14deb871", - "type": "github" - }, - "original": { - "owner": "TheArcaneBrony", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1702780907, - "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1702539185, - "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1711523803, - "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1713248628, - "narHash": "sha256-NLznXB5AOnniUtZsyy/aPWOk8ussTuePp2acb9U+ISA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5672bc9dbf9d88246ddab5ac454e82318d094bb8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1713013257, - "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "MatrixMediaGate": "MatrixMediaGate", - "botcore-v4": "botcore-v4", - "conduit": "conduit", - "home-manager": "home-manager", - "mtxclientSrc": "mtxclientSrc", - "nhekoSrc": "nhekoSrc", - "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_7", - "nixpkgs-RoryNix": "nixpkgs-RoryNix", - "nixpkgs-rory": "nixpkgs-rory" - } - }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1711562745, - "narHash": "sha256-s/YOyBM0vumhkqCFi8CnV5imFlC5JJrGia8CmEXyQkM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "ad51a17c627b4ca57f83f0dc1f3bb5f3f17e6d0b", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix index cb3c792..f27d066 100755 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,9 @@ # will probably also require you to always build from source. #inputs.nixpkgs.follows = "nixpkgs"; }; + conduit-vanilla = { + url = "gitlab:famedly/conduit"; + }; nixos-wsl.url = "github:nix-community/NixOS-WSL"; #inputs.nur.url = github:nix-community/NUR; @@ -50,7 +53,7 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, MatrixMediaGate, conduit, nixos-wsl, ... }@inputs: { + outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, MatrixMediaGate, conduit, conduit-vanilla, nixos-wsl, ... }@inputs: { nixosConfigurations = { #NIXPKGS FORK Rory-nginx = nixpkgs-rory.lib.nixosSystem { @@ -64,6 +67,7 @@ inherit botcore-v4; inherit home-manager; inherit conduit; + inherit conduit-vanilla; inherit MatrixMediaGate; }; }; diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix index eac78df..da3d8e3 100644 --- a/host/Rory-desktop/configuration.nix +++ b/host/Rory-desktop/configuration.nix @@ -156,7 +156,7 @@ # - Utilities inkscape-with-extensions - gimp-with-plugins + gimp #-with-plugins # - Languages #dotnet-sdk_7 @@ -181,7 +181,7 @@ firefox-bin ungoogled-chromium #needed for Rider in order to debug WASM - yuzu-early-access + #yuzu-early-access wineWowPackages.unstableFull winetricks fragments @@ -281,7 +281,7 @@ modesetting.enable = true; powerManagement.enable = false; powerManagement.finegrained = false; - open = false; + open = true; nvidiaSettings = true; nvidiaPersistenced = true; package = config.boot.kernelPackages.nvidiaPackages.stable; diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix new file mode 100755 index 0000000..28309b5 --- /dev/null +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, conduit, ... }: + +{ + privateNetwork = true; + autoStart = true; + specialArgs = { + inherit conduit; + }; + config = { lib, pkgs, conduit, ... }: { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 5432 ]; + }; + }; + hostAddress = "192.168.100.14"; + localAddress = "192.168.100.15"; + hostAddress6 = "fc00::5"; + localAddress6 = "fc00::6"; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix new file mode 100755 index 0000000..b42a38a --- /dev/null +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix @@ -0,0 +1,31 @@ +{ config, pkgs, lib, conduit, ... }: + +{ + imports = + [ + ./services/nginx.nix + ./services/conduit.nix + ./services/pantalaimon.nix + ]; + + environment.systemPackages = with pkgs; [ + wget + neofetch + lnav + zsh + git + lsd + htop + btop + duf + kitty.terminfo + neovim + tmux + jq + yq + pv + dig + cloud-utils + ]; + +} \ No newline at end of file diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix new file mode 100755 index 0000000..e01b1d0 --- /dev/null +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, conduit, ... }: + +{ + services.matrix-conduit = { + package = conduit.packages.${pkgs.system}.default; + enable = true; + settings.global = { + address = "127.0.0.1"; + server_name = "conduit.matrixunittests.rory.gay"; + database_backend = "rocksdb"; + enable_lightning_bolt = true; + max_concurrent_requests = 1000; + allow_check_for_updates = false; + allow_registration = true; + yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true; + allow_guest_registration = true; + disable_federation = true; + }; + }; +} + diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix new file mode 100755 index 0000000..a33c784 --- /dev/null +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix @@ -0,0 +1,100 @@ +{ config, pkgs, lib, ... }: + +{ + services = { + nginx = { + enable = true; + package = pkgs.nginxQuic; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "conduit.matrixunittests.rory.gay" = { + locations."/" = { + proxyPass = "http://127.0.0.1:6167"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + locations."= /.well-known/matrix/server".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.server" = "conduit.matrixunittests.rory.gay:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://conduit.matrixunittests.rory.gay"; + } + }'; + ''; + locations."= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; + }; + }; + }; + }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "root@rory.gay"; + +} diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix new file mode 100755 index 0000000..b5f7f77 --- /dev/null +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: + +{ + services.pantalaimon-headless = { + instances."localhost" = { + homeserver = "http://localhost:6167"; + ssl = false; + extraSettings = { + "DropOldKeys" = true; + "UseKeyring" = false; + }; + }; + }; + +} + diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix index 5a1da68..74a99d2 100755 --- a/host/Rory-nginx/services/nginx/nginx.nix +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -58,6 +58,7 @@ "matrix-rory-gay.localhost" = import ./localhost/matrix-rory-gay.nix; "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix; "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix; + "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix; "mru.rory.gay" = import ./rory.gay/mru.nix; #bots... diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix new file mode 100755 index 0000000..c9610fd --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix @@ -0,0 +1,15 @@ +{ + enableACME = true; + addSSL = true; + http3 = true; + http3_hq = true; + kTLS = true; + extraConfig = '' + brotli off; + ''; + locations = { + "/" = { + proxyPass = "http://192.168.100.15:80"; + }; + }; +} \ No newline at end of file diff --git a/modules/base-server.nix b/modules/base-server.nix index 8986ee3..2508b24 100755 --- a/modules/base-server.nix +++ b/modules/base-server.nix @@ -46,24 +46,21 @@ systemd.services.NetworkManager-wait-online.enable = false; systemd.network.wait-online.enable = false; - systemd.services.systemd-networkd.stopIfChanged = false; - systemd.services.systemd-resolved.stopIfChanged = false; + # systemd.services.systemd-networkd.stopIfChanged = false; + # systemd.services.systemd-resolved.stopIfChanged = false; nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000); nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000); - # TODO: cargo culted. nix.daemonCPUSchedPolicy = lib.mkDefault "batch"; nix.daemonIOSchedClass = lib.mkDefault "idle"; nix.daemonIOSchedPriority = lib.mkDefault 7; - # My servers always use /dev/sda as boot disk... + # My servers always use /dev/vda as boot disk... boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { grub = { - enable = true; - version = 2; - devices = [ "/dev/sda" ]; # nodev for EFI only + devices = [ "/dev/vda" ]; # nodev for EFI only # EFI efiSupport = false; efiInstallAsRemovable = false; diff --git a/modules/base.nix b/modules/base.nix index 116d496..98556dd 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -44,6 +44,14 @@ "net.ipv4.tcp_keepalive_probes=4" "net.ipv4.tcp_timestamps=0" ]; + kernelPackages = pkgs.linuxPackages_latest; + loader = { + grub = { + enable = true; + version = 2; + }; + timeout = 1; + }; }; networking = { @@ -65,7 +73,12 @@ extraConfig = '' MaxAuthTries 32 ''; - }; + }; + resolved = { + enable = true; + dnssec = lib.mkForce false; + dnsovertls = lib.mkForce false; + } }; systemd = { -- cgit 1.4.1