summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-10-20 08:47:49 +0200
committerRory& <root@rory.gay>2024-10-20 08:47:49 +0200
commit5acd6221d7825729543d233b945bf05626bb3601 (patch)
tree42313411c89007f30480553d9fb5658981c48b07
parentDesktop changes, build script changes (diff)
downloadRory-Open-Architecture-5acd6221d7825729543d233b945bf05626bb3601.tar.xz
Add Fedora Draupnir instance
-rwxr-xr-xhost/Rory-nginx/configuration.nix1
-rw-r--r--host/Rory-nginx/services/containers/draupnir-fedora/container.nix28
-rw-r--r--host/Rory-nginx/services/containers/draupnir-fedora/root.nix21
-rw-r--r--host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix23
4 files changed, 73 insertions, 0 deletions
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix
index 7a94254..a1f3938 100755
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -94,6 +94,7 @@
     initialPasswordFile = "/etc/matrix-user-pass";
   };
   containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
+  containers."draupnir-fedora" = import ./services/containers/draupnir-fedora/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
 
   #containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
 
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/container.nix b/host/Rory-nginx/services/containers/draupnir-fedora/container.nix
new file mode 100644
index 0000000..4ab9009
--- /dev/null
+++ b/host/Rory-nginx/services/containers/draupnir-fedora/container.nix
@@ -0,0 +1,28 @@
+{ nixpkgs-Draupnir, ... }:
+
+{
+  privateNetwork = true;
+  autoStart = true;
+  specialArgs = {
+    inherit nixpkgs-Draupnir;
+  };
+  config =
+    { lib, pkgs, ... }:
+    {
+      imports = [
+        ../shared.nix
+        ./root.nix
+        ./services/draupnir.nix
+        "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+      ];
+      nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ];
+    };
+  hostAddress = "192.168.100.1";
+  localAddress = "192.168.100.18";
+
+  bindMounts."draupnir-access-token" = {
+    hostPath = "/etc/draupnir-fedora-access-token";
+    mountPoint = "/etc/draupnir-access-token";
+    isReadOnly = true;
+  };
+}
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/root.nix b/host/Rory-nginx/services/containers/draupnir-fedora/root.nix
new file mode 100644
index 0000000..e4da810
--- /dev/null
+++ b/host/Rory-nginx/services/containers/draupnir-fedora/root.nix
@@ -0,0 +1,21 @@
+{ ... }:
+
+{
+  environment.etc."resolv.conf".text = ''
+    nameserver 8.8.8.8
+    nameserver 8.4.4.8
+    nameserver 1.1.1.1
+    nameserver 1.0.0.1
+  '';
+
+  networking.hosts = {
+    "192.168.100.1" = [
+      "matrix.rory.gay"
+      "rory.gay"
+    ];
+  };
+
+  networking.firewall = {
+    enable = true;
+  };
+}
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix
new file mode 100644
index 0000000..6573f4c
--- /dev/null
+++ b/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix
@@ -0,0 +1,23 @@
+{ ... }:
+
+{
+  services.draupnir = {
+    enable = true;
+    accessTokenFile = "/etc/draupnir-access-token";
+    homeserverUrl = "https://matrix.rory.gay";
+
+    settings = {
+      managementRoom = "#draupnir-fedora-mgmt:rory.gay";
+      recordIgnoredInvites = true; # We want to be aware of invites
+      autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
+      automaticallyRedactForReasons = [ "*" ]; # Always autoredact
+      fasterMembershipChecks = true;
+
+      backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
+      pollReports = false;
+
+      admin.enableMakeRoomAdminCommand = false;
+      commands.ban.defaultReasons = [ "spam" ];
+    };
+  };
+}