diff options
author | Rory& <root@rory.gay> | 2024-08-04 05:08:05 +0200 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-08-04 05:08:05 +0200 |
commit | 4402873891edace4b678af537236ff1d81bba585 (patch) | |
tree | 343f32b070b98eaba7e11ab77bd27ce98a464bc7 /host | |
parent | Update flake lock (diff) | |
download | Rory-Open-Architecture-4402873891edace4b678af537236ff1d81bba585.tar.xz |
Server config cleanup
Diffstat (limited to 'host')
58 files changed, 205 insertions, 1283 deletions
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix index 929cab8..9f6304d 100644 --- a/host/Rory-desktop/configuration.nix +++ b/host/Rory-desktop/configuration.nix @@ -14,7 +14,7 @@ args@{ # (import ../../modules/base-secrets.nix { path = "/home/rory/.config/sops/config.yaml"; }) ../../modules/packages/vim.nix # ../../modules/environments/home.nix -# ../../modules/software-templates/profilers.nix + # ../../modules/software-templates/profilers.nix ./postgres.nix ./nginx.nix @@ -120,7 +120,6 @@ args@{ }; }; - environment.systemPackages = with pkgs; [ libreoffice qt6.qtwayland diff --git a/host/Rory-desktop/ollama.nix b/host/Rory-desktop/ollama.nix index 952203f..7f0ae8c 100755 --- a/host/Rory-desktop/ollama.nix +++ b/host/Rory-desktop/ollama.nix @@ -27,7 +27,7 @@ environmentVariables = { OLLAMA_LLM_LIBRARY = "rocm"; }; -# writablePaths = [ "/data/ollama/home" ]; + # writablePaths = [ "/data/ollama/home" ]; #listenAddress = "0.0.0.0:11434"; host = "0.0.0.0"; port = 11434; diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index ce9c2ad..83d7a35 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -18,7 +18,6 @@ ../../modules/users/Alice.nix ./services/postgres.nix - ./services/discordbots.nix ./services/matrix/root.nix ./services/nginx/nginx.nix #./services/jitsi.nix @@ -42,11 +41,6 @@ } ]; defaultGateway.interface = "ens18"; - # extraHosts = '' - # 127.0.0.1 rory.gay - # 127.0.0.1 matrix.rory.gay - # 127.0.0.1 conduit.rory.gay - # ''; nat = { enable = true; internalInterfaces = [ @@ -75,13 +69,9 @@ conduit = conduit; }; - containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { - inherit pkgs lib nixpkgs-Draupnir; - }; + containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; }; - containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { - inherit pkgs lib nixpkgs-Draupnir; - }; + containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; }; system.stateVersion = "22.11"; # DO NOT EDIT! } diff --git a/host/Rory-nginx/services/cgit.nix b/host/Rory-nginx/services/cgit.nix index 72ee221..5b80000 100644 --- a/host/Rory-nginx/services/cgit.nix +++ b/host/Rory-nginx/services/cgit.nix @@ -1,5 +1,4 @@ { - config, pkgs, lib, ... diff --git a/host/Rory-nginx/services/containers/draupnir-cme/container.nix b/host/Rory-nginx/services/containers/draupnir-cme/container.nix index 75ce709..6ea20a4 100755 --- a/host/Rory-nginx/services/containers/draupnir-cme/container.nix +++ b/host/Rory-nginx/services/containers/draupnir-cme/container.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - nixpkgs-Draupnir, - ... -}: +{ nixpkgs-Draupnir, ... }: { privateNetwork = true; @@ -12,21 +7,15 @@ inherit nixpkgs-Draupnir; }; config = + { lib, pkgs, ... }: { - lib, - pkgs, - ... - }: - { - imports = [ + imports = [ + ../shared.nix ./root.nix + ./services/draupnir.nix "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix" ]; - nixpkgs.overlays = [ - (final: prev: { - draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; - }) - ]; + nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ]; }; hostAddress = "192.168.100.16"; localAddress = "192.168.100.17"; diff --git a/host/Rory-nginx/services/containers/draupnir-cme/root.nix b/host/Rory-nginx/services/containers/draupnir-cme/root.nix index cf6f8c0..aa9bae8 100755 --- a/host/Rory-nginx/services/containers/draupnir-cme/root.nix +++ b/host/Rory-nginx/services/containers/draupnir-cme/root.nix @@ -1,31 +1,6 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { - imports = [ - ./services/draupnir.nix - ]; - - environment.systemPackages = with pkgs; [ - neofetch - lnav - zsh - lsd - htop - btop - duf - kitty.terminfo - neovim - jq - yq - pv - dig - ]; - environment.etc."resolv.conf".text = '' nameserver 8.8.8.8 nameserver 8.4.4.8 @@ -34,9 +9,12 @@ ''; networking.hosts = { - "192.168.100.16" = [ "matrix.rory.gay" "rory.gay" ]; + "192.168.100.16" = [ + "matrix.rory.gay" + "rory.gay" + ]; }; - + networking.firewall = { enable = true; }; diff --git a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix index c23680c..cf59809 100755 --- a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix +++ b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix @@ -1,14 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { services.draupnir = { enable = true; accessTokenFile = "/etc/draupnir-access-token"; + homeserverUrl = "https://matrix.rory.gay"; settings = { managementRoom = "#draupnir-cme:rory.gay"; @@ -16,15 +12,12 @@ autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ... automaticallyRedactForReasons = [ "*" ]; # Always autoredact fasterMembershipChecks = true; - homeserverUrl = "https://matrix.rory.gay"; backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit pollReports = false; admin.enableMakeRoomAdminCommand = false; - commands.ban.defaultReasons = [ - "spam" - ]; + commands.ban.defaultReasons = [ "spam" ]; }; }; } diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix index 57a14bf..6a126f1 100755 --- a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - nixpkgs-Draupnir, - ... -}: +{ nixpkgs-Draupnir, ... }: { privateNetwork = true; @@ -12,21 +7,15 @@ inherit nixpkgs-Draupnir; }; config = + { lib, pkgs, ... }: { - lib, - pkgs, - ... - }: - { - imports = [ + imports = [ + ../shared.nix ./root.nix + ./services/draupnir.nix "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix" ]; - nixpkgs.overlays = [ - (final: prev: { - draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; - }) - ]; + nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ]; }; hostAddress = "192.168.100.18"; localAddress = "192.168.100.19"; diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix index bea6255..2254695 100755 --- a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix @@ -1,31 +1,6 @@ -{ - config, - pkgs, - lib, - ... -}: +{ pkgs, ... }: { - imports = [ - ./services/draupnir.nix - ]; - - environment.systemPackages = with pkgs; [ - neofetch - lnav - zsh - lsd - htop - btop - duf - kitty.terminfo - neovim - jq - yq - pv - dig - ]; - environment.etc."resolv.conf".text = '' nameserver 8.8.8.8 nameserver 8.4.4.8 @@ -34,9 +9,12 @@ ''; networking.hosts = { - "192.168.100.18" = [ "matrix.rory.gay" "rory.gay" ]; + "192.168.100.18" = [ + "matrix.rory.gay" + "rory.gay" + ]; }; - + networking.firewall = { enable = true; }; diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix index 1eb159b..042651a 100755 --- a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix @@ -1,14 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { services.draupnir = { enable = true; accessTokenFile = "/etc/draupnir-access-token"; + homeserverUrl = "https://matrix.rory.gay"; settings = { managementRoom = "#draupnir-linux-mint:rory.gay"; @@ -16,7 +12,6 @@ autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ... automaticallyRedactForReasons = [ "*" ]; # Always autoredact fasterMembershipChecks = true; - homeserverUrl = "https://matrix.rory.gay"; backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit pollReports = false; diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix index 08e6760..987348e 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - conduit, - ... -}: +{ conduit, ... }: { privateNetwork = true; @@ -19,7 +14,11 @@ ... }: { - imports = [ ./root.nix ]; + imports = [ + ../shared.nix + ./services/nginx.nix + ./services/conduit.nix + ]; environment.etc."resolv.conf".text = '' nameserver 8.8.8.8 nameserver 8.4.4.8 @@ -28,14 +27,9 @@ ''; networking.firewall = { enable = true; - allowedTCPPorts = [ - 80 - 5432 - ]; + allowedTCPPorts = [ 80 ]; }; }; hostAddress = "192.168.100.14"; localAddress = "192.168.100.15"; - hostAddress6 = "fc00::5"; - localAddress6 = "fc00::6"; } diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix deleted file mode 100755 index a9929d2..0000000 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - pkgs, - lib, - conduit, - ... -}: - -{ - imports = [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; - - environment.systemPackages = with pkgs; [ - wget - neofetch - lnav - zsh - git - lsd - htop - btop - duf - kitty.terminfo - neovim - tmux - jq - yq - pv - dig - cloud-utils - ]; -} diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix index 6713b26..3df71be 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - conduit, - ... -}: +{ pkgs, conduit, ... }: { services.matrix-conduit = { diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix index 0678047..0d7874e 100755 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix +++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ pkgs, ... }: { services = { diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix deleted file mode 100755 index da95e76..0000000 --- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - services.pantalaimon-headless = { - instances."localhost" = { - homeserver = "http://localhost:6167"; - ssl = false; - extraSettings = { - "DropOldKeys" = true; - "UseKeyring" = false; - }; - }; - }; - -} diff --git a/host/Rory-nginx/services/containers/matrixunittests/container.nix b/host/Rory-nginx/services/containers/matrixunittests/container.nix index 5273b4e..3ef68bf 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/container.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/container.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - conduit, - ... -}: +{ conduit, ... }: { privateNetwork = true; @@ -19,7 +14,11 @@ ... }: { - imports = [ ./root.nix ]; + imports = [ + ../shared.nix + ./services/nginx.nix + ./services/conduit.nix + ]; environment.etc."resolv.conf".text = '' nameserver 8.8.8.8 nameserver 8.4.4.8 diff --git a/host/Rory-nginx/services/containers/matrixunittests/root.nix b/host/Rory-nginx/services/containers/matrixunittests/root.nix deleted file mode 100755 index a9929d2..0000000 --- a/host/Rory-nginx/services/containers/matrixunittests/root.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - pkgs, - lib, - conduit, - ... -}: - -{ - imports = [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; - - environment.systemPackages = with pkgs; [ - wget - neofetch - lnav - zsh - git - lsd - htop - btop - duf - kitty.terminfo - neovim - tmux - jq - yq - pv - dig - cloud-utils - ]; -} diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix index 573075e..b33117f 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - conduit, - ... -}: +{ pkgs, conduit, ... }: { services.matrix-conduit = { diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix index 98d2e52..0236182 100755 --- a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix +++ b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ pkgs, ... }: { services = { diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix deleted file mode 100755 index da95e76..0000000 --- a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - services.pantalaimon-headless = { - instances."localhost" = { - homeserver = "http://localhost:6167"; - ssl = false; - extraSettings = { - "DropOldKeys" = true; - "UseKeyring" = false; - }; - }; - }; - -} diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix index 4ddffeb..837ae11 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - conduit, - ... -}: +{ conduit, ... }: { privateNetwork = true; @@ -19,7 +14,10 @@ ... }: { - imports = [ ./root.nix ]; + imports = [ + ./root.nix + ../shared.nix + ]; environment.etc."resolv.conf".text = '' nameserver 8.8.8.8 nameserver 8.4.4.8 diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix index a9929d2..7e7c355 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix @@ -1,8 +1,4 @@ { - config, - pkgs, - lib, - conduit, ... }: @@ -13,23 +9,4 @@ ./services/pantalaimon.nix ]; - environment.systemPackages = with pkgs; [ - wget - neofetch - lnav - zsh - git - lsd - htop - btop - duf - kitty.terminfo - neovim - tmux - jq - yq - pv - dig - cloud-utils - ]; } diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix index bbc042c..db9df9a 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix @@ -1,10 +1,4 @@ -{ - config, - pkgs, - lib, - conduit, - ... -}: +{ pkgs, conduit, ... }: { services.matrix-conduit = { diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix index 0f9fad4..9d8041a 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ pkgs, ... }: { services = { diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix index da95e76..335176f 100755 --- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { services.pantalaimon-headless = { diff --git a/host/Rory-nginx/services/containers/shared.nix b/host/Rory-nginx/services/containers/shared.nix new file mode 100644 index 0000000..f267ff0 --- /dev/null +++ b/host/Rory-nginx/services/containers/shared.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + neofetch + lnav + zsh + git + lsd + htop + btop + duf + kitty.terminfo + neovim + jq + dig + ]; +} diff --git a/host/Rory-nginx/services/discordbots.nix b/host/Rory-nginx/services/discordbots.nix deleted file mode 100755 index 1183807..0000000 --- a/host/Rory-nginx/services/discordbots.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - pkgs, - lib, - botcore-v4, - ... -}: - -{ - imports = [ - botcore-v4.modules.bots - botcore-v4.modules.frontend - botcore-v4.modules.dataupdater - botcore-v4.modules.users - ]; - -} diff --git a/host/Rory-nginx/services/jitsi.nix b/host/Rory-nginx/services/jitsi.nix index 29f6a9e..ff7a229 100755 --- a/host/Rory-nginx/services/jitsi.nix +++ b/host/Rory-nginx/services/jitsi.nix @@ -1,7 +1,4 @@ { - config, - pkgs, - lib, ... }: diff --git a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json deleted file mode 100644 index f1e8d6a..0000000 --- a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Logging": { - "LogLevel": { - "Default": "Information", - "Microsoft.AspNetCore": "Information", - "Microsoft.AspNetCore.Routing": "Warning", - "Microsoft.AspNetCore.Mvc": "Warning" - } - }, - "ProxyConfiguration": { - "Upstream": "http://127.0.0.1:6167", - "Host": "conduit.rory.gay", - "TrustedServers": [ - "conduit.rory.gay" - ] - } -} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json deleted file mode 100644 index 5240676..0000000 --- a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Logging": { - "LogLevel": { - "Default": "Information", - "Microsoft.AspNetCore": "Information", - "Microsoft.AspNetCore.Routing": "Warning", - "Microsoft.AspNetCore.Mvc": "Warning" - } - }, - "ProxyConfiguration": { - "Upstream": "http://matrix-rory-gay.localhost", - "Host": "matrix-rory-gay.localhost", - "TrustedServers": [ - "rory.gay" - ] - } -} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/coturn.nix b/host/Rory-nginx/services/matrix/coturn.nix index 1fed755..805faa9 100755 --- a/host/Rory-nginx/services/matrix/coturn.nix +++ b/host/Rory-nginx/services/matrix/coturn.nix @@ -1,13 +1,8 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { # coturn (WebRTC) - services.coturn = rec { + services.coturn = { enable = false; # Alicia - figure out secret first... no-cli = true; no-tcp-relay = true; diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix index f2a8357..9f48e6d 100755 --- a/host/Rory-nginx/services/matrix/draupnir.nix +++ b/host/Rory-nginx/services/matrix/draupnir.nix @@ -1,22 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { - # Alicia - doesnt work yet... until in nixpkgs... services.draupnir = { enable = true; + homeserverUrl = "https://matrix.rory.gay"; pantalaimon = { enable = true; username = "draupnir"; passwordFile = "/etc/draupnir-password"; options = { - homeserver = "http://localhost:8008"; - ssl = false; + #homeserver = "http://localhost:8008"; + #ssl = false; }; }; settings = { @@ -30,8 +25,6 @@ backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit pollReports = false; # this is a single person homeserver... let's save ourself the work - #homeserverUrl = "yes"; - admin.enableMakeRoomAdminCommand = true; commands.ban.defaultReasons = [ "spam" @@ -52,10 +45,4 @@ }; }; }; - - # services.pantalaimon-headless.instances.draupnir = { - # homeserver = "http://localhost:8008"; - # ssl = false; - # }; - } diff --git a/host/Rory-nginx/services/matrix/grapevine.nix b/host/Rory-nginx/services/matrix/grapevine.nix index 1cb2e19..0f0006b 100755 --- a/host/Rory-nginx/services/matrix/grapevine.nix +++ b/host/Rory-nginx/services/matrix/grapevine.nix @@ -1,18 +1,12 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { services.grapevine = { - #package = conduit.packages.${pkgs.system}.default; enable = true; settings = { conduit_compat = true; - # address = "127.0.0.1"; server_name = "conduit.rory.gay"; + trusted_servers = [ "rory.gay" ]; listen = [ { @@ -31,7 +25,7 @@ #log = "info"; #log_format = "full"; - #log = "debug"; + log = "debug"; }; }; } diff --git a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix index 43c26ca..3041aaa 100755 --- a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix +++ b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ ... }: { # Discord bridge diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix deleted file mode 100755 index 7eb599c..0000000 --- a/host/Rory-nginx/services/matrix/matrix-media-gate.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - pkgs, - lib, - MatrixMediaGate, - ... -}: - -{ - systemd.services = { - "MatrixMediaGate-matrix-rory-gay" = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${MatrixMediaGate.packages.x86_64-linux.default}/bin/MatrixMediaGate"; - ExecStartPre = "${pkgs.busybox}/bin/cp ${./appsettings.matrix-rory-gay.json} ./appsettings.matrix-rory-gay.json"; - Restart = "always"; - RestartSec = "5"; - Type = "notify"; - DynamicUser = true; - StateDirectory = "matrix-media-gate"; - WorkingDirectory = "/var/lib/matrix-media-gate"; - }; - environment = { - "DOTNET_ENVIRONMENT" = "matrix-rory-gay"; - "DOTNET_URLS" = "http://localhost:9001"; - }; - }; - "MatrixMediaGate-conduit-rory-gay" = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${MatrixMediaGate.packages.x86_64-linux.default}/bin/MatrixMediaGate"; - ExecStartPre = "${pkgs.busybox}/bin/cp ${./appsettings.conduit-rory-gay.json} ./appsettings.conduit-rory-gay.json"; - Restart = "always"; - RestartSec = "5"; - Type = "notify"; - DynamicUser = true; - StateDirectory = "matrix-media-gate"; - WorkingDirectory = "/var/lib/matrix-media-gate"; - }; - environment = { - "DOTNET_ENVIRONMENT" = "conduit-rory-gay"; - "DOTNET_URLS" = "http://localhost:9002"; - }; - }; - }; -} diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix index 87b5cc9..968a14a 100755 --- a/host/Rory-nginx/services/matrix/root.nix +++ b/host/Rory-nginx/services/matrix/root.nix @@ -14,7 +14,6 @@ ./draupnir.nix ./grapevine.nix ./sliding-sync.nix - #./matrix-media-gate.nix ]; } diff --git a/host/Rory-nginx/services/matrix/sliding-sync.nix b/host/Rory-nginx/services/matrix/sliding-sync.nix index 9de4958..e66d325 100644 --- a/host/Rory-nginx/services/matrix/sliding-sync.nix +++ b/host/Rory-nginx/services/matrix/sliding-sync.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ ... }: { services.matrix-sliding-sync = { enable = true; diff --git a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix deleted file mode 100755 index 8bdaf19..0000000 --- a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix +++ /dev/null @@ -1,224 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - services.matrix-synapse = { - enable = true; - withJemalloc = true; - - # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html - settings = { - server_name = "rory.gay"; - - enable_registration = true; - registration_requires_token = true; - - require_membership_for_aliases = false; - redaction_retention_period = null; - user_ips_max_age = null; - allow_device_name_lookup_over_federation = true; - - federation = { - client_timeout = "60s"; - max_short_retries = 6; - max_short_retry_delay = "10s"; - max_long_retries = 5; - max_long_retry_delay = "30s"; - }; - - event_cache_size = "1200K"; # defaults to 10K - caches = { - global_factor = 5000.0; - cache_entry_ttl = "12h"; - expire_caches = true; - sync_response_cache_duration = "6h"; - cache_autotuning = { - max_cache_memory_usage = "65536M"; - target_cache_memory_usage = "32768M"; - min_cache_ttl = "6h"; - }; - }; - - # Alicia - figure this out later... - #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; - registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; - - listeners = [ - { - port = 8008; - bind_addresses = [ - "192.168.1.2" - "127.0.0.1" - ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = true; - } - ]; - } - ]; - dynamic_thumbnails = true; - presence = { - enable = true; - update_interval = 60; - }; - url_preview_enabled = true; - database = { - name = "psycopg2"; - args = { - user = "matrix-synapse-rory-gay"; - #passwordFile = "/run/secrets/matrix-synapse-password"; - password = "somepassword"; - database = "matrix-synapse-rory-gay"; - host = "127.0.0.1"; - application_name = "matrix-synapse (rory.gay)"; - cp_min = 5; - cp_max = 50; - #cp_reconnect_interval = "True"; - }; - }; - app_service_config_files = [ - #"/etc/matrix-synapse/appservice-registration.yaml" - "/var/lib/matrix-synapse/modas-registration.yaml" - ]; - - rc_message = { - per_second = 1000; - burst_count = 1000; - }; - rc_login = { - address = { - per_second = 1000; - burst_count = 1000; - }; - account = { - per_second = 1000; - burst_count = 1000; - }; - failed_attempts = { - per_second = 0.1; - burst_count = 3; - }; - }; - rc_joins = { - local = { - per_second = 1000; - burst_count = 1000; - }; - remote = { - per_second = 1000; - burst_count = 1000; - }; - }; - rc_joins_per_room = { - per_second = 1000; - burst_count = 1000; - }; - rc_invites = { - per_room = { - per_second = 1000; - burst_count = 1000; - }; - per_user = { - per_second = 1000; - burst_count = 1000; - }; - per_issuer = { - per_second = 1000; - burst_count = 1000; - }; - }; - rc_federation = { - window_size = 10; - sleep_limit = 1000; - sleep_delay = 100; - reject_limit = 1000; - concurrent = 100; - }; - federation_rr_transactions_per_room_per_second = 1; - - max_image_pixels = "100M"; - - ui_auth = { - session_timeout = "1m"; - }; - - login_via_existing_session = { - enabled = true; - require_ui_auth = true; - token_timeout = "1y"; - }; - - #sentry = { - # dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14"; - #}; - - report_stats = false; - - user_directory = { - enabled = true; - search_all_users = true; - prefer_local_users = true; - }; - - experimental_features = { - "org.matrix.msc3026.busy_presence" = true; - "fi.mau.msc2815" = true; - "org.matrix.msc3881" = true; - "org.matrix.msc3874" = true; - "org.matrix.msc3912" = true; - }; - }; - - plugins = with pkgs.matrix-synapse-plugins; [ - # Alicia - need to port draupnir... - #matrix-synapse-mjolnir-antispam - # matrix-synapse-pam - ]; - # extraConfigFiles = [ - # (pkgs.writeTextFile { - # name = "matrix-synapse-extra-config.yml"; - # text = '' - # modules: - # - module: "pam_auth_provider.PAMAuthProvider" - # config: - # create_users: true - # skip_user_check: false - # ''; - # }) - # ]; - }; - - systemd.services.matrix-synapse-reg-token = { - description = "Random registration token for Synapse."; - before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - script = '' - - if [ ! -f "registration_shared_secret.txt" ] - then - cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt - else - echo Not generating key, key exists; - fi''; - serviceConfig = { - User = "matrix-synapse"; - Group = "matrix-synapse"; - WorkingDirectory = "/var/lib/matrix-synapse"; - }; - }; - -} diff --git a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix index 4f3256f..5202ac1 100755 --- a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix +++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ pkgs, ... }: { # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py @@ -15,6 +10,8 @@ withJemalloc = true; nginxVirtualHostName = "matrix.rory.gay"; + enableWorkers = true; + federationSenders = 16; pushers = 1; mediaRepoWorkers = 4; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix index d259edd..e3b07bc 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix @@ -1,23 +1,20 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; + workerName = "appservice"; + workerRoutes = [ ]; in { services.matrix-synapse = lib.mkIf cfg.enableAppserviceWorker { settings = { instance_map = { appservice = { - path = "/run/matrix-synapse/appservice.sock"; + path = "/run/matrix-synapse/${workerName}.sock"; }; }; - notify_appservices_from_worker = "appservice"; + notify_appservices_from_worker = workerName; }; workers = { @@ -26,7 +23,7 @@ in worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/appservice.sock"; + path = "/run/matrix-synapse/${workerName}.sock"; resources = [ { names = [ "replication" ]; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/background.nix b/host/Rory-nginx/services/matrix/synapse/workers/background.nix index 501299a..611f6eb 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/background.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/background.nix @@ -1,23 +1,20 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; + workerName = "background"; + workerRoutes = [ ]; in { services.matrix-synapse = lib.mkIf cfg.enableBackgroundWorker { settings = { instance_map = { background = { - path = "/run/matrix-synapse/background.sock"; + path = "/run/matrix-synapse/${workerName}.sock"; }; }; - run_background_tasks_on = "background"; + run_background_tasks_on = workerName; }; workers = { @@ -26,7 +23,7 @@ in worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/background.sock"; + path = "/run/matrix-synapse/${workerName}.sock"; resources = [ { names = [ "replication" ]; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix index ff7352b..c89b147 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix @@ -1,13 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; workers = lib.range 0 (cfg.clientReaders - 1); + workerName = "client_reader"; routes = [ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" @@ -44,9 +40,9 @@ in settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "client_reader-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/client_reader-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) workers ); @@ -54,13 +50,13 @@ in workers = lib.listToAttrs ( lib.map (index: { - name = "client_reader-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/client_reader-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -70,7 +66,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/client_reader-client-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-client-${toString index}.sock"; mode = "666"; resources = [ { @@ -82,7 +78,7 @@ in ]; database = ( import ../db.nix { - workerName = "client_reader-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "medium"; } ); @@ -91,13 +87,13 @@ in ); }; - services.nginx.upstreams."client_reader" = { + services.nginx.upstreams."${workerName}" = { extraConfig = '' keepalive 32; ''; servers = lib.listToAttrs ( lib.map (index: { - name = "unix:/run/matrix-synapse/client_reader-client-${toString index}.sock"; + name = "unix:/run/matrix-synapse/${workerName}-client-${toString index}.sock"; value = { max_fails = 0; }; @@ -109,7 +105,7 @@ in lib.map (route: { name = route; value = { - proxyPass = "http://client_reader"; + proxyPass = "http://${workerName}"; }; }) routes ); diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix index 9853601..2e3574f 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix @@ -1,16 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; workers = lib.range 0 (cfg.federationReaders - 1); - routes = [ - "~ /_matrix/federation/(v1|v2)/send/" - ]; + workerName = "federation_inbound"; + workerRoutes = [ "~ /_matrix/federation/(v1|v2)/send/" ]; in { config = lib.mkIf (cfg.federationInboundWorkers > 0) { @@ -18,9 +12,9 @@ in settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "federation_inbound-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/federation_inbound-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) workers ); @@ -28,13 +22,13 @@ in workers = lib.listToAttrs ( lib.map (index: { - name = "federation_inbound-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/federation_inbound-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -44,7 +38,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/federation_inbound-federation-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-federation-${toString index}.sock"; mode = "666"; resources = [ { @@ -56,7 +50,7 @@ in ]; database = ( import ../db.nix { - workerName = "federation_inbound-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "medium"; } ); @@ -65,14 +59,14 @@ in ); }; - services.nginx.upstreams."federation_inbound" = { + services.nginx.upstreams."${workerName}" = { extraConfig = '' keepalive 32; ip_hash; ''; servers = lib.listToAttrs ( lib.map (index: { - name = "unix:/run/matrix-synapse/federation_inbound-federation-${toString index}.sock"; + name = "unix:/run/matrix-synapse/${workerName}-federation-${toString index}.sock"; value = { max_fails = 0; }; @@ -84,9 +78,9 @@ in lib.map (route: { name = route; value = { - proxyPass = "http://federation_inbound"; + proxyPass = "http://${workerName}"; }; - }) routes + }) workerRoutes ); }; } diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix index 9aafb28..762f82c 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix @@ -1,14 +1,10 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; workers = lib.range 0 (cfg.federationReaders - 1); - routes = [ + workerName = "federation_reader"; + workerRoutes = [ "~ ^/_matrix/federation/(v1|v2)/event/" "~ ^/_matrix/federation/(v1|v2)/state/" "~ ^/_matrix/federation/(v1|v2)/state_ids/" @@ -38,9 +34,9 @@ in settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "federation_reader-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/federation_reader-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) workers ); @@ -48,13 +44,13 @@ in workers = lib.listToAttrs ( lib.map (index: { - name = "federation_reader-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/federation_reader-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -64,7 +60,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/federation_reader-federation-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-federation-${toString index}.sock"; mode = "666"; resources = [ { @@ -76,7 +72,7 @@ in ]; database = ( import ../db.nix { - workerName = "federation_reader-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "medium"; } ); @@ -85,14 +81,14 @@ in ); }; - services.nginx.upstreams."federation_reader" = { + services.nginx.upstreams."${workerName}" = { extraConfig = '' keepalive 32; hash $request_uri consistent; ''; servers = lib.listToAttrs ( lib.map (index: { - name = "unix:/run/matrix-synapse/federation_reader-federation-${toString index}.sock"; + name = "unix:/run/matrix-synapse/${workerName}-federation-${toString index}.sock"; value = { max_fails = 0; }; @@ -104,9 +100,9 @@ in lib.map (route: { name = route; value = { - proxyPass = "http://federation_reader"; + proxyPass = "http://${workerName}"; }; - }) routes + }) workerRoutes ); }; } diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix index 4cb137a..391e046 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix @@ -1,46 +1,36 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; federationSenders = lib.range 0 (cfg.federationSenders - 1); + workerName = "federation_sender"; + workerRoutes = [ ]; in { services.matrix-synapse = lib.mkIf (cfg.federationSenders > 0) { settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "federation_sender-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/federation_sender-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) federationSenders ); send_federation = false; - federation_sender_instances = lib.map (index: "federation_sender-${toString index}") federationSenders; - outbound_federation_restricted_to = lib.map (index: "federation_sender-${toString index}") federationSenders; - worker_replication_secret = "federation_sender_secret"; - - database = ( - import ../db.nix { - workerName = "federation_sender"; - dbGroup = "solo"; - } - ); + federation_sender_instances = lib.map (index: "${workerName}-${toString index}") federationSenders; + outbound_federation_restricted_to = lib.map (index: "${workerName}-${toString index}") federationSenders; + worker_replication_secret = "${workerName}_secret"; }; workers = lib.listToAttrs ( lib.map (index: { - name = "federation_sender-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/federation_sender-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -49,6 +39,12 @@ in ]; } ]; + database = ( + import ../db.nix { + workerName = "${workerName}-${toString index}"; + dbGroup = "solo"; + } + ); }; }) federationSenders ); diff --git a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix index e4d3b32..b030706 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix @@ -1,13 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; workers = lib.range 0 (cfg.mediaRepoWorkers - 1); + workerName = "media_repo"; routes = [ "~ ^/_matrix/media/" "~ ^/_matrix/client/v1/media/" @@ -25,26 +21,26 @@ in settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "media_repo-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/media_repo-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) workers ); - media_instance_running_background_jobs = "media_repo-0"; + media_instance_running_background_jobs = "${workerName}-0"; enable_media_repo = false; }; workers = lib.listToAttrs ( lib.map (index: { - name = "media_repo-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/media_repo-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -54,7 +50,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/media_repo-media-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-media-${toString index}.sock"; mode = "666"; resources = [ { @@ -66,23 +62,33 @@ in ]; database = ( import ../db.nix { - workerName = "media_repo-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "solo"; } ); enable_media_repo = true; + max_upload_size = "512M"; + remote_media_download_burst_count = "512G"; + remote_media_download_per_second = "512G"; + rc_federation = { + window_size = 1; + sleep_limit = 1000; + sleep_delay = 1; + reject_limit = 1000; + concurrent = 100; + }; }; }) workers ); }; - services.nginx.upstreams."media_repo" = { + services.nginx.upstreams."${workerName}" = { extraConfig = '' keepalive 32; ''; servers = lib.listToAttrs ( lib.map (index: { - name = "unix:/run/matrix-synapse/media_repo-media-${toString index}.sock"; + name = "unix:/run/matrix-synapse/${workerName}-media-${toString index}.sock"; value = { max_fails = 0; }; @@ -94,7 +100,7 @@ in lib.map (route: { name = route; value = { - proxyPass = "http://media_repo"; + proxyPass = "http://${workerName}"; extraConfig = '' client_max_body_size 500M; ''; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix index 1450d52..bb46aed 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix @@ -1,19 +1,8 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; in -#eventWriters = lib.range 0 (count - 1); -#typingWriters = lib.range 0 (count - 1); -#deviceWriters = lib.range 0 (count - 1); -#accountDataWriters = lib.range 0 (count - 1); -#receiptsWriters = lib.range 0 (count - 1); -#presenceWriters = lib.range 0 (count - 1); -#pusherWriters = lib.range 0 (count - 1); + { imports = [ ./appservice.nix @@ -51,6 +40,7 @@ in ] ) // { + enableWorkers = lib.mkEnableOption "Enable dedicated workers"; enableStreamWriters = lib.mkEnableOption "Enable stream writers"; enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker"; enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker"; diff --git a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix index 63d903a..3391171 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix @@ -1,12 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; pushers = lib.range 0 (cfg.pushers - 1); + workerName = "pusher"; + workerRoutes = [ ]; in { config = lib.mkIf (cfg.pushers > 0) { @@ -16,23 +13,23 @@ in lib.map (index: { name = "pusher-${toString index}"; value = { - path = "/run/matrix-synapse/pusher-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) pushers ); - pusher_instances = lib.map (index: "pusher-${toString index}") pushers; + pusher_instances = lib.map (index: "${workerName}-${toString index}") pushers; }; workers = lib.listToAttrs ( lib.map (index: { - name = "pusher-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/pusher-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -43,7 +40,7 @@ in ]; database = ( import ../db.nix { - workerName = "pusher-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "small"; } ); diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix deleted file mode 100644 index d4a9ff4..0000000 --- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.services.matrix-synapse; -in -#eventWriters = lib.range 0 (count - 1); -#typingWriters = lib.range 0 (count - 1); -#deviceWriters = lib.range 0 (count - 1); -#accountDataWriters = lib.range 0 (count - 1); -#receiptsWriters = lib.range 0 (count - 1); -#presenceWriters = lib.range 0 (count - 1); -#pusherWriters = lib.range 0 (count - 1); -{ - options.services.matrix-synapse = - lib.listToAttrs ( - lib.map - (option: { - name = "${option}StreamWriters"; - value = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of writers for ${option} streams"; - }; - }) - [ - "event" - "typing" - "toDevice" - "accountData" - "receipts" - "presence" - "pushRule" - ] - ) - // { - enableStreamWriters = lib.mkEnableOption "Enable stream writers"; - federationSenders = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of federation senders"; - }; - pushers = lib.mkOption { - type = lib.types.int; - default = 1; - description = "Number of pushers"; - }; - }; - - config = lib.mkIf cfg.enableStreamWriters { - services.matrix-synapse = { - settings = { - instance_map = lib.listToAttrs ( - lib.map (port: { - name = "stream-writer-${toString port}"; - value = { - path = "/run/matrix-synapse/stream-writer-${toString port}.sock"; - }; - }) federationSenders - ); - - stream_writers = { - events = lib.map (port: "stream-writer-events-${toString port}") federationSenders; - typing = lib.map (port: "stream-writer-typing-${toString port}") typingWriters; - to_device = lib.map (port: "stream-writer-to_device-${toString port}") deviceWriters; - account_data = lib.map (port: "stream-writer-account_data-${toString port}") accountDataWriters; - receipts = lib.map (port: "stream-writer-receipts-${toString port}") receiptsWriters; - presence = lib.map (port: "stream-writer-presence-${toString port}") presenceWriters; - push_rules = lib.map (port: "stream-writer-push_rules-${toString port}") pusherWriters; - }; - }; - - workers = lib.listToAttrs ( - lib.map (port: { - name = "stream-writerr-${toString port}"; - value = { - worker_app = "synapse.app.generic_worker"; - worker_listeners = [ ]; - }; - }) federationSenders - ); - }; - }; -} diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix index 4dbf4ee..1f5b638 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; streamWriters = lib.range 0 (cfg.eventStreamWriters - 1); diff --git a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix index b9ccad3..579e14b 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix @@ -1,13 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.matrix-synapse; workers = lib.range 0 (cfg.syncWorkers - 1); + workerName = "sync"; routes = [ "~ ^/_matrix/client/(v2_alpha|r0|v3)/sync$" "~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$" @@ -21,9 +17,9 @@ in settings = { instance_map = lib.listToAttrs ( lib.map (index: { - name = "sync-${toString index}"; + name = "${workerName}-${toString index}"; value = { - path = "/run/matrix-synapse/sync-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; }; }) workers ); @@ -31,13 +27,13 @@ in workers = lib.listToAttrs ( lib.map (index: { - name = "sync-${toString index}"; + name = "${workerName}-${toString index}"; value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/sync-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-${toString index}.sock"; resources = [ { names = [ "replication" ]; @@ -47,7 +43,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/sync-client-${toString index}.sock"; + path = "/run/matrix-synapse/${workerName}-client-${toString index}.sock"; mode = "666"; resources = [ { @@ -59,7 +55,7 @@ in ]; database = ( import ../db.nix { - workerName = "sync-${toString index}"; + workerName = "${workerName}-${toString index}"; dbGroup = "small"; } ); @@ -68,13 +64,13 @@ in ); }; - services.nginx.upstreams."sync" = { + services.nginx.upstreams."${workerName}" = { extraConfig = '' keepalive 32; ''; servers = lib.listToAttrs ( lib.map (index: { - name = "unix:/run/matrix-synapse/sync-client-${toString index}.sock"; + name = "unix:/run/matrix-synapse/${workerName}-client-${toString index}.sock"; value = { max_fails = 0; }; @@ -86,7 +82,7 @@ in lib.map (route: { name = route; value = { - proxyPass = "http://sync"; + proxyPass = "http://${workerName}"; }; }) routes ); diff --git a/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix b/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix index 2eabe9d..f8d118e 100644 --- a/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix +++ b/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix @@ -7,6 +7,8 @@ let cfg = config.services.matrix-synapse; + workerName = "user_dir"; + workerRoutes = [ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$" ]; in { config = lib.mkIf cfg.enableUserDirWorker { @@ -18,7 +20,7 @@ in }; }; - update_user_directory_from_worker = "user_dir"; + update_user_directory_from_worker = workerName; }; workers = { @@ -27,7 +29,7 @@ in worker_listeners = [ { type = "http"; - path = "/run/matrix-synapse/user_dir.sock"; + path = "/run/matrix-synapse/${workerName}.sock"; resources = [ { names = [ "replication" ]; @@ -37,7 +39,7 @@ in } { type = "http"; - path = "/run/matrix-synapse/user_dir-client.sock"; + path = "/run/matrix-synapse/${workerName}-client.sock"; mode = "666"; resources = [ { diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix deleted file mode 100644 index 73c22b6..0000000 --- a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix +++ /dev/null @@ -1,280 +0,0 @@ -{ - enableACME = false; - addSSL = false; - # locations."/_matrix" = { - # proxyPass = "http://192.168.1.5:8008"; - # extraConfig = '' - # if ($request_method = 'OPTIONS') { - # more_set_headers 'Access-Control-Allow-Origin: *'; - # more_set_headers 'Access-Control-Allow-Methods: *'; - # # - # # Custom headers and headers various browsers *should* be OK with but aren't - # # - # more_set_headers 'Access-Control-Allow-Headers: *'; - # # - # # Tell client that this pre-flight info is valid for 20 days - # # - # more_set_headers 'Access-Control-Max-Age' 1728000; - # more_set_headers 'Content-Type: text/plain; charset=utf-8'; - # more_set_headers 'Content-Length' 0; - # return 204; - # }; - # ''; - # }; - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - locations."~ ^/_matrix/client/(r0|v3)/sync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - extraConfig = '' - # We want to wait for 15 minutes here... - proxy_read_timeout 54000; - proxy_connect_timeout 54000; - proxy_send_timeout 54000; - ''; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/versions$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { - proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { - proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { - proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; - }; - - ### DUPLICATES???? - # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory - locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { - proxyPass = "http://user_dir_workers_upstream$request_uri"; - }; - - # ??? - locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8008"; - #proxyPass = "http://$backend"; - proxyPass = "http://127.0.0.1:8008"; - }; - - locations."~ ^/_matrix/federation/v1/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state_ids/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/backfill/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/get_missing_events/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/publicRooms" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/query/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/event_auth/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/user/devices/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/key/v2/query" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/hierarchy/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/send/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - ##### media repo - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - locations."~ ^/_matrix/media/" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/users/.*/media$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - - #locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8048"; - #proxyPass = "http://$backend"; - #}; - - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; -} diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix deleted file mode 100644 index cdf3c92..0000000 --- a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - generic_workers_upstream.servers = { - "127.0.0.1:18111" = { }; - }; - stream_writer_typing_stream_workers_upstream.servers = { - "127.0.0.1:20012" = { }; - }; - stream_writer_to_device_stream_workers_upstream.servers = { - "127.0.0.1:20013" = { }; - }; - stream_writer_account_data_stream_workers_upstream.servers = { - "127.0.0.1:20014" = { }; - }; - stream_writer_receipts_stream_workers_upstream.servers = { - "127.0.0.1:20015" = { }; - }; - stream_writer_presence_stream_workers_upstream.servers = { - "127.0.0.1:20016" = { }; - }; - media_repository_workers_upstream.servers = { - "127.0.0.1:18551" = { }; - }; - user_dir_workers_upstream.servers = { - "127.0.0.1:18661" = { }; - }; -} diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams.nix b/host/Rory-nginx/services/nginx/matrix-upstreams.nix deleted file mode 100644 index 5dd2fe8..0000000 --- a/host/Rory-nginx/services/nginx/matrix-upstreams.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - generic_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_typing_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_to_device_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_account_data_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_receipts_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_presence_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - media_repository_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - user_dir_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; -} diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix index 0b53a28..d210fb1 100755 --- a/host/Rory-nginx/services/nginx/nginx.nix +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -41,7 +41,6 @@ in log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name"} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log combined_vhosts; ''; - upstreams = import ./matrix-upstreams.nix; additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; }; @@ -63,7 +62,6 @@ in "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix; "rory.gay" = import ./rory.gay/root.nix; - #"rory.boo" = import ./rory.gay/root.nix; "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; }; "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; @@ -73,7 +71,6 @@ in #matrix... "conduit.rory.gay" = import ./rory.gay/conduit.nix; "matrix.rory.gay" = import ./rory.gay/matrix.nix; - "matrix-rory-gay.localhost" = import ./localhost/matrix-rory-gay.nix; "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix; "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix; "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix; @@ -109,8 +106,5 @@ in security.acme.acceptTerms = true; security.acme.defaults.email = "root@thearcanebrony.net"; - environment.systemPackages = with pkgs; [ - #gitfs - ]; - + networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts; } diff --git a/host/Rory-nginx/services/ollama.nix b/host/Rory-nginx/services/ollama.nix index 42f8b93..954fe99 100755 --- a/host/Rory-nginx/services/ollama.nix +++ b/host/Rory-nginx/services/ollama.nix @@ -1,7 +1,4 @@ { - config, - pkgs, - lib, ... }: diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix index 2b29d42..fbe33b7 100755 --- a/host/Rory-nginx/services/postgres.nix +++ b/host/Rory-nginx/services/postgres.nix @@ -1,7 +1,5 @@ { - config, pkgs, - lib, ... }: |