draupnir-belibre, desktop config update
HEAD master5 files changed, 85 insertions, 1 deletions
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index 5c5f7f7..cc5afae 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -58,7 +58,7 @@ args@{
};
# TODO: re-enable when USB is fixed
- #programs.noisetorch.enable = true;
+ programs.noisetorch.enable = true;
programs.gamemode.enable = true;
users.users.Rory.extraGroups = [ "gamemode" ];
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
index 858bfef..5f87db3 100755
--- a/host/Rory-ovh/configuration.nix
+++ b/host/Rory-ovh/configuration.nix
@@ -127,6 +127,14 @@
;
};
+ containers."draupnir-belibre" = import ./services/containers/draupnir-belibre/container.nix {
+ inherit
+ pkgs
+ lib
+ draupnir
+ ;
+ };
+
networking.firewall.interfaces."ve-spacebar".allowedTCPPorts = [ 5432 ];
containers."spacebar" = import ./services/containers/spacebar/container.nix {
inherit
diff --git a/host/Rory-ovh/services/containers/draupnir-belibre/container.nix b/host/Rory-ovh/services/containers/draupnir-belibre/container.nix
new file mode 100644
index 0000000..e19fb68
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-belibre/container.nix
@@ -0,0 +1,29 @@
+{
+ draupnir,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ inherit draupnir;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/draupnir.nix
+ ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.18";
+
+ bindMounts."draupnir-access-token" = {
+ hostPath = "/data/secrets/draupnir-fedora-access-token";
+ mountPoint = "/etc/draupnir-access-token";
+ isReadOnly = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-belibre/root.nix b/host/Rory-ovh/services/containers/draupnir-belibre/root.nix
new file mode 100644
index 0000000..0ebce9e
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-belibre/root.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix b/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix
new file mode 100644
index 0000000..0b74984
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix
@@ -0,0 +1,31 @@
+{ draupnir, ... }:
+
+{
+ services.draupnir = {
+ enable = true;
+ package = draupnir;
+ secrets.accessToken = "/etc/draupnir-access-token";
+
+ settings = {
+ homeserverUrl = "https://matrix.rory.gay";
+ managementRoom = "#draupnir-fedora-mgmt:rory.gay";
+ recordIgnoredInvites = true; # We want to be aware of invites
+ autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
+ automaticallyRedactForReasons = [ "*" ]; # Always autoredact
+ fasterMembershipChecks = true;
+
+ backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
+ pollReports = false;
+
+ admin.enableMakeRoomAdminCommand = false;
+ commands.ban.defaultReasons = [ "spam" ];
+
+ protections = {
+ wordlist = {
+ words = [ "https://postimg.cc/" ];
+ minutesBeforeTrusting = 0;
+ };
+ };
+ };
+ };
+}
|
