Add container

5 files changed, 77 insertions, 2 deletions

diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix

index 7e32da0..3a62626 100755
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -25,5 +25,9 @@
     } ];
   };
 
+  containers."pluralcontactbotpoc" = import ./services/containers/pluralcontactbotpoc.nix {
+    inherit pkgs lib;
+  };
+
   system.stateVersion = "22.11"; # DO NOT EDIT!
 }
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix
new file mode 100755

index 0000000..f2fdad6
--- /dev/null
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, lib, conduit, ... }:
+
+{
+  services.matrix-conduit = {
+    package = conduit.packages.${pkgs.system}.default;
+    enable = true;
+    settings.global = {
+      address = "127.0.0.1";
+      server_name = "pcpoc.rory.gay";
+      database_backend = "rocksdb";
+      enable_lightning_bolt = true;
+      max_concurrent_requests = 1000;
+      allow_check_for_updates = false;
+      allow_registration = false;
+    };
+  };
+  systemd.services.matrix-conduit-reg-token = {
+      description = "Random registration token for Conduit.";
+      before = ["conduit.service"]; # So the registration can be used by Conduit.
+      after = ["matrix-synapse-reg-token.service"];
+
+      script = ''
+        mkdir -p /run/systemd/system/conduit.service.d
+        echo Environment=\"CONDUIT_REGISTRATION_TOKEN=$(cat /var/lib/matrix-synapse/registration_shared_secret.txt)\" > /run/systemd/system/conduit.service.d/override.conf
+        systemctl daemon-reload'';
+      serviceConfig = {
+        User = "root";
+        Group = "root";
+      };
+    };
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
new file mode 100755

index 0000000..39f593e
--- /dev/null
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
@@ -0,0 +1,28 @@
+{ pkgs, lib, ... }:
+
+{
+#  imports =
+#    [
+#      ./root.nix
+#    ];
+
+    privateNetwork = true;
+    autoStart = true;
+
+
+    # config is root.nix with networking overridden
+    config = import ./root.nix { 
+        inherit config;
+        etc."resolv.conf".text = ''
+            nameserver 8.8.8.8
+            nameserver 8.4.4.8
+            nameserver 1.1.1.1
+            nameserver 1.0.0.1
+        '';
+        networking.firewall = {
+            enable = true;
+            allowedTCPPorts = [ 80 443 ];  
+        };
+    };
+    
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
new file mode 100755

index 0000000..3dbf243
--- /dev/null
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, lib, botcore-v4, ... }:
+
+{
+  imports =
+    [
+      ./nginx.nix
+      ./conduit.nix
+    ];
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/rory.gay/root.nix b/host/Rory-nginx/services/nginx/rory.gay/root.nix

index be4b415..9e96a4f 100755
--- a/host/Rory-nginx/services/nginx/rory.gay/root.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/root.nix
@@ -45,6 +45,5 @@
       ];
     }
     }';
-  ''; 
-  
+  '';
 }