summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-11-30 20:56:21 +0100
committerRory& <root@rory.gay>2024-11-30 20:56:21 +0100
commitd0c67327a8205e3d6d6a41c0913c9e397ebddd52 (patch)
treea62c41170d87d9c1b4838c5f2ba8a967dd3ce122
parentFix user chris (diff)
downloadRory-Open-Architecture-d0c67327a8205e3d6d6a41c0913c9e397ebddd52.tar.xz
Desktop changes
-rw-r--r--flake.lock251
-rwxr-xr-xflake.nix1
-rw-r--r--host/Rory-desktop/configuration.nix11
-rwxr-xr-xhost/Rory-desktop/ollama.nix6
-rw-r--r--host/Rory-desktop/optional/hardware-specific/amd.nix4
-rw-r--r--host/Rory-nginx/services/email/maddy.conf124
-rw-r--r--host/Rory-nginx/services/email/maddy.nix4
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix10
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/module.nix21
-rwxr-xr-xmodules/base-client.nix3
10 files changed, 313 insertions, 122 deletions
diff --git a/flake.lock b/flake.lock

index 24a59fd..ae66c91 100644 --- a/flake.lock +++ b/flake.lock
@@ -27,16 +27,17 @@ "inputs": { "crane": "crane_3", "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1711742460, - "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "lastModified": 1731270564, + "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", "owner": "zhaofengli", "repo": "attic", - "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "rev": "47752427561f1c34debb16728a210d378f0ece36", "type": "github" }, "original": { @@ -78,11 +79,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1728653546, - "narHash": "sha256-1lrQEr0mNEs8L2GAm+2tOwLCdHVOuYEGOgoN6O409Dw=", + "lastModified": 1730678249, + "narHash": "sha256-Xn1BnCbwbRFhqcFJ4GvSmB+H509fiHFhTJcpi4G+2oo=", "owner": "famedly", "repo": "conduit", - "rev": "12ada1c86abee99dbe333c88a68f0ceb65ba6fc8", + "rev": "e952522a39883e4431e74c42cef3d9bc562752f8", "type": "gitlab" }, "original": { @@ -145,11 +146,11 @@ ] }, "locked": { - "lastModified": 1702918879, - "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -159,18 +160,12 @@ } }, "crane_4": { - "inputs": { - "nixpkgs": [ - "grapevine", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1716569590, - "narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=", + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "owner": "ipetkov", "repo": "crane", - "rev": "109987da061a1bf452f435f1653c47511587d919", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", "type": "github" }, "original": { @@ -183,11 +178,11 @@ "draupnirSrc": { "flake": false, "locked": { - "lastModified": 1729943224, - "narHash": "sha256-d9K0fSQTfdRNhfrAx7MuOR0yDGC9m+kRfygwijrScZs=", + "lastModified": 1732902980, + "narHash": "sha256-2OaOOnVx/EiBp3FnpTzmUikYsV+I1oJYeDNOT+oV1BE=", "owner": "the-draupnir-project", "repo": "Draupnir", - "rev": "c2786e2c4817818f5e84255f5e3a362f7b3bea77", + "rev": "402c39c708d48ed4c204eca1090729aca32e8ee7", "type": "github" }, "original": { @@ -228,11 +223,11 @@ "rust-analyzer-src": "rust-analyzer-src_2" }, "locked": { - "lastModified": 1716359173, - "narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=", + "lastModified": 1731738660, + "narHash": "sha256-tIXhc9lX1b030v812yVJanSR37OnpTb/OY5rU3TbShA=", "owner": "nix-community", "repo": "fenix", - "rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6", + "rev": "e10ba121773f754a30d31b6163919a3e404a434f", "type": "github" }, "original": { @@ -277,11 +272,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -323,6 +318,28 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -361,11 +378,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -375,30 +392,15 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { "inputs": { "systems": "systems_3" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -408,7 +410,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { "systems": "systems_4" }, @@ -432,18 +434,19 @@ "crane": "crane_4", "fenix": "fenix_2", "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nix-filter": "nix-filter_2", "nixpkgs": "nixpkgs_4", + "rocksdb": "rocksdb", "rust-manifest": "rust-manifest" }, "locked": { "host": "gitlab.computer.surgery", - "lastModified": 1730496352, - "narHash": "sha256-u//x8skrHIkVW8VnOmFTbwocTR+Cye5L4c7fqv325UE=", + "lastModified": 1732905593, + "narHash": "sha256-mcW64goCqTVFnBOWRZzLsx8uYrPmyrbwQr0WAQeSfRg=", "owner": "matrix", "repo": "grapevine-fork", - "rev": "d42a5ec1f0e40d79f0569363cad487e3960287d1", + "rev": "2f8e0e3e52620bf36756989f2d71d03b75fe8f50", "type": "gitlab" }, "original": { @@ -458,11 +461,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1730490306, - "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "1743615b61c7285976f85b303a36cdf88a556503", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -492,11 +495,11 @@ "nhekoSrc": { "flake": false, "locked": { - "lastModified": 1730250607, - "narHash": "sha256-BcQ7XxmtxTo2fdgVcSLhGluRaVFF9l+nK8Ai3kI8zmU=", + "lastModified": 1732928703, + "narHash": "sha256-zPXR7HrWs1x1+7fz43uqTGmueT33JJ84sOICpHHqxek=", "owner": "Nheko-reborn", "repo": "nheko", - "rev": "1a00d913167fb9f10b5ff15204c189cb4cfb82d1", + "rev": "2ded62f77d23a14f86802270204bce372892cff0", "type": "github" }, "original": { @@ -523,11 +526,11 @@ }, "nix-filter_2": { "locked": { - "lastModified": 1710156097, - "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", "owner": "numtide", "repo": "nix-filter", - "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", "type": "github" }, "original": { @@ -537,18 +540,40 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1730453870, - "narHash": "sha256-d+kIgz4BvTXb7emjSFV3zjNydGmLUmuluQjdBb51R9o=", + "lastModified": 1731682434, + "narHash": "sha256-HnZFPB7akVIy0KuPq/tEkiB+Brt1qi0DUIDzR8z25qI=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "adb6bc4b661a43328752b4575be4968a4990c033", + "rev": "a6b9cf0b7805e2c50829020a73e7bde683fd36dd", "type": "github" }, "original": { @@ -623,11 +648,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1730600844, - "narHash": "sha256-+Cg5lsY+nOGBdNOxxEVWpoykimE0j1IioFG90OPs9A8=", + "lastModified": 1732989265, + "narHash": "sha256-uJH9OjABOf4k4Nt6tqQlBVUPGdDakN01L4qNq7lTed4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff7219bf791835caa59ca34b6d897c58c21f6754", + "rev": "9b3a550e96b95e03585b8dd15e38eb324fedbe8b", "type": "github" }, "original": { @@ -655,32 +680,16 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -703,11 +712,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", "type": "github" }, "original": { @@ -719,11 +728,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1716330097, - "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -735,11 +744,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1729880355, - "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -767,11 +776,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1732758367, + "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59", "type": "github" }, "original": { @@ -783,11 +792,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1729951556, - "narHash": "sha256-bpb6r3GjzhNW8l+mWtRtLNg5PhJIae041sPyqcFNGb4=", + "lastModified": 1731763621, + "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e0eec54db79d4d0909f45a88037210ff8eaffee", + "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", "type": "github" }, "original": { @@ -797,6 +806,23 @@ "type": "github" } }, + "rocksdb": { + "flake": false, + "locked": { + "lastModified": 1730475155, + "narHash": "sha256-u5uuShM2SxHc9/zL4UU56IhCcR/ZQbzde0LgOYS44bM=", + "owner": "facebook", + "repo": "rocksdb", + "rev": "3c27a3dde0993210c5cc30d99717093f7537916f", + "type": "github" + }, + "original": { + "owner": "facebook", + "ref": "v9.7.4", + "repo": "rocksdb", + "type": "github" + } + }, "root": { "inputs": { "botcore-v4": "botcore-v4", @@ -836,11 +862,11 @@ "rust-analyzer-src_2": { "flake": false, "locked": { - "lastModified": 1716107283, - "narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=", + "lastModified": 1731693936, + "narHash": "sha256-uHUUS1WPyW6ohp5Bt3dAZczUlQ22vOn7YZF8vaPKIEw=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd", + "rev": "1b90e979aeee8d1db7fe14603a00834052505497", "type": "github" }, "original": { @@ -864,15 +890,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1729999681, - "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix
index 1940892..d670894 100755 --- a/flake.nix +++ b/flake.nix
@@ -9,6 +9,7 @@ inputs = { # Different nixpkgs versions nixpkgs = { + #url = "github:NixOS/nixpkgs?rev=18536bf04cd71abd345f9579158841376fdd0c5a"; url = "github:NixOS/nixpkgs/nixos-unstable"; }; diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index f0fb7a7..465936c 100644 --- a/host/Rory-desktop/configuration.nix +++ b/host/Rory-desktop/configuration.nix
@@ -25,7 +25,7 @@ args@{ ./optional/gui/wayland.nix ./printing.nix - #./ollama.nix + ./ollama.nix ]; boot = { @@ -152,7 +152,8 @@ args@{ gimp # - Languages - dotnet-sdk_8 + #dotnet-sdk_8 + dotnetCorePackages.sdk_9_0 #games osu-lazer-bin @@ -196,6 +197,7 @@ args@{ p11-kit opensc eid-mw + jitsi-meet-electron ]; environment.etc."pkcs11/modules/opensc-pkcs11".text = '' module: ${pkgs.opensc}/lib/opensc-pkcs11.so @@ -228,7 +230,8 @@ args@{ }; fonts = { packages = with pkgs; [ - (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + nerd-fonts.jetbrains-mono noto-fonts-monochrome-emoji ]; fontconfig.defaultFonts.monospace = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ]; @@ -245,6 +248,8 @@ args@{ permittedInsecurePackages = [ "electron-25.9.0" "olm-3.2.16" + "dotnet-sdk-wrapped-7.0.410" + "dotnet-sdk-7.0.410" ]; }; }; diff --git a/host/Rory-desktop/ollama.nix b/host/Rory-desktop/ollama.nix
index 0670617..94ec8cc 100755 --- a/host/Rory-desktop/ollama.nix +++ b/host/Rory-desktop/ollama.nix
@@ -21,7 +21,7 @@ #]; services.ollama = { - enable = false; + enable = true; home = "/data/ollama/home"; models = "/data/ollama/home/models"; environmentVariables = { @@ -35,4 +35,8 @@ group = "ollama"; acceleration = "rocm"; }; + + #services.nextjs-ollama-llm-ui = { + + #}; } diff --git a/host/Rory-desktop/optional/hardware-specific/amd.nix b/host/Rory-desktop/optional/hardware-specific/amd.nix
index 3ae47d2..509ff14 100644 --- a/host/Rory-desktop/optional/hardware-specific/amd.nix +++ b/host/Rory-desktop/optional/hardware-specific/amd.nix
@@ -32,9 +32,9 @@ enable32Bit = true; extraPackages = with pkgs; [ rocmPackages.clr.icd - amdvlk + #amdvlk ]; - extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; + #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; }; }; diff --git a/host/Rory-nginx/services/email/maddy.conf b/host/Rory-nginx/services/email/maddy.conf new file mode 100644
index 0000000..1d3eb2f --- /dev/null +++ b/host/Rory-nginx/services/email/maddy.conf
@@ -0,0 +1,124 @@ + +# Minimal configuration with TLS disabled, adapted from upstream example +# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf +# Do not use this in production! + +auth.pass_table local_authdb { + table sql_table { + driver sqlite3 + dsn credentials.db + table_name passwords + } +} + +storage.imapsql local_mailboxes { + driver sqlite3 + dsn imapsql.db +} + +table.chain local_rewrites { + optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3" + optional_step static { + entry postmaster root@$(primary_domain) + } + optional_step file /etc/maddy/aliases +} + +msgpipeline local_routing { + destination postmaster $(local_domains) { + modify { + replace_rcpt &local_rewrites + } + deliver_to &local_mailboxes + } + default_destination { + reject 550 5.1.1 "User doesn't exist" + } +} + +smtp tcp://0.0.0.0:25 { + limits { + all rate 20 1s + all concurrency 10 + } + dmarc yes + check { + require_mx_record + dkim + spf + } + source $(local_domains) { + reject 501 5.1.8 "Use Submission for outgoing SMTP" + } + default_source { + destination postmaster $(local_domains) { + deliver_to &local_routing + } + default_destination { + reject 550 5.1.1 "User doesn't exist" + } + } +} + +submission tls://0.0.0.0:465 tcp://0.0.0.0:587 { + limits { + all rate 50 1s + } + auth &local_authdb + source $(local_domains) { + check { + authorize_sender { + prepare_email &local_rewrites + user_to_email identity + } + } + destination postmaster $(local_domains) { + deliver_to &local_routing + } + default_destination { + modify { + dkim $(primary_domain) $(local_domains) default + } + deliver_to &remote_queue + } + } + default_source { + reject 501 5.1.8 "Non-local sender domain" + } +} + +target.remote outbound_delivery { + limits { + destination rate 20 1s + destination concurrency 10 + } + mx_auth { + dane + mtasts { + cache fs + fs_dir mtasts_cache/ + } + local_policy { + min_tls_level encrypted + min_mx_level none + } + } +} + +target.queue remote_queue { + target &outbound_delivery + autogenerated_msg_domain $(primary_domain) + bounce { + destination postmaster $(local_domains) { + deliver_to &local_routing + } + default_destination { + reject 550 5.0.0 "Refusing to send DSNs to non-local addresses" + } + } +} + +imap tls://0.0.0.0:993 tcp://0.0.0.0:143 { + auth &local_authdb + storage &local_mailboxes +} \ No newline at end of file diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
index 0dfc2e4..8f89405 100644 --- a/host/Rory-nginx/services/email/maddy.nix +++ b/host/Rory-nginx/services/email/maddy.nix
@@ -15,15 +15,17 @@ ensureCredentials = { "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root"; }; - config = + config = #builtins.readFile ./maddy.conf; builtins.replaceStrings [ "imap tcp://0.0.0.0:143" "submission tcp://0.0.0.0:587" + "entry postmaster postmaster@$(primary_domain)" ] [ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" + "entry postmaster root@$(primary_domain)" ] options.services.maddy.config.default; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
index 5b3d4bf..fd75817 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
@@ -21,7 +21,7 @@ let "~ ^/_matrix/federation/(v1|v2)/send_leave/" "~ ^/_matrix/federation/v1/make_knock/" "~ ^/_matrix/federation/v1/send_knock/" - "~ ^/_matrix/federation/(v1|v2)/invite/" + # "~ ^/_matrix/federation/(v1|v2)/invite/" # Needs special handling, define manually "~ ^/_matrix/federation/(v1|v2)/query_auth/" "~ ^/_matrix/federation/(v1|v2)/event_auth/" "~ ^/_matrix/federation/v1/timestamp_to_event/" @@ -134,6 +134,14 @@ in ) ) ); + + virtualHosts."${cfg.nginxVirtualHostName}".locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://${workerName}-federation"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Connection ""; + ''; + }; }; }; } diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
index 32f2095..d761421 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
@@ -68,6 +68,12 @@ in default = null; description = "The virtual host name for the nginx server"; }; + + allowedRemoteInviteOrigins = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "List of allowed remote invite origins"; + }; }; config = { @@ -110,5 +116,20 @@ in message = "Only one shared stream writer is supported"; } ]; + + # Matrix utility maps + services.nginx.httpConfig = '' + # Map authorization header to origin name + map $http_authorization $mx_origin_name { + default ""; + "~*X-Matrix origin=(?<origin>[^,]+)" $origin; + } + + # Map origin name to whether it can invite + map $mx_origin_name $mx_can_invite { + default 0; + ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins} + } + ''; }; } diff --git a/modules/base-client.nix b/modules/base-client.nix
index 6537f92..44f30b2 100755 --- a/modules/base-client.nix +++ b/modules/base-client.nix
@@ -43,7 +43,8 @@ ]; fonts.packages = with pkgs; [ - (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + nerd-fonts.jetbrains-mono cozette ];