summary refs log tree commit diff
path: root/host
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2026-06-23 04:05:37 +0000
committerRory& <root@rory.gay>2026-06-23 04:06:52 +0000
commita031a93e74ed127a66a8f59b04417ddfffe0fc58 (patch)
tree40b4f3c5cfc4ecf30f38ce61809d1e20208b0695 /host
parentStrengthen draupnir config (diff)
downloadRory-Open-Architecture-a031a93e74ed127a66a8f59b04417ddfffe0fc58.tar.xz
Server update, draupnir fixes HEAD master
Diffstat (limited to 'host')
-rw-r--r--host/Rory-ovh/services/containers/draupnir-belibre/container.nix4
-rw-r--r--host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix34
-rw-r--r--host/Rory-ovh/services/containers/spacebar/services/spacebar.nix1
-rwxr-xr-xhost/Rory-ovh/services/matrix/draupnir.nix37
4 files changed, 71 insertions, 5 deletions
diff --git a/host/Rory-ovh/services/containers/draupnir-belibre/container.nix b/host/Rory-ovh/services/containers/draupnir-belibre/container.nix

index e19fb68..09f5606 100644 --- a/host/Rory-ovh/services/containers/draupnir-belibre/container.nix +++ b/host/Rory-ovh/services/containers/draupnir-belibre/container.nix
@@ -19,10 +19,10 @@ ]; }; hostAddress = "192.168.100.1"; - localAddress = "192.168.100.18"; + localAddress = "192.168.100.23"; bindMounts."draupnir-access-token" = { - hostPath = "/data/secrets/draupnir-fedora-access-token"; + hostPath = "/data/secrets/draupnir-belibre-access-token"; mountPoint = "/etc/draupnir-access-token"; isReadOnly = true; }; diff --git a/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix b/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix
index bacc9f3..917958c 100644 --- a/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix +++ b/host/Rory-ovh/services/containers/draupnir-belibre/services/draupnir.nix
@@ -8,7 +8,7 @@ settings = { homeserverUrl = "https://matrix.rory.gay"; - managementRoom = "#draupnir-fedora-mgmt:rory.gay"; + managementRoom = "#draupnir-belibre-mgmt:rory.gay"; recordIgnoredInvites = true; # We want to be aware of invites autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ... automaticallyRedactForReasons = [ "*" ]; # Always autoredact @@ -22,8 +22,38 @@ protections = { wordlist = { - words = [ + words = [ + # The Obvious + "tranny" + "faggot" + "ywnbaw" + "nigger" + # abuse domains "https://postimg.cc/" + "https://s.binance.com" + # Dec 2025 IRC spam + "irc.hardchats.com" + "white power" + "white pride" + "trannies" + "jews did 9/11" + "zigger" + "|| || <===" + "usurping jews" + "fag hoe" + "neo-freenode" + "thegreatbritishbookshop.co.uk" + "\"israel\"" + "die alone" + "kike" + "irc.tr0ll.us" + "irc.gangste.rs" + "irc.wepump.in" + "death to" + "irc.hackclub.com" + "irc.supernets.org" + "[supernets]" + # Known abuse "lolitaheaven.onrender.com" "heavenlychat-px42.onrender.com" "heavenlydev.onrender.com" diff --git a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
index 228bf69..7b8321b 100644 --- a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix +++ b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
@@ -190,6 +190,7 @@ in #LOG_REQUESTS = "-200,204,304"; LOG_REQUESTS = "-"; LOG_VALIDATION_ERRORS = true; + LOG_API_ERRORS = true; #DB_LOGGING=true; #LOG_GATEWAY_TRACES=true; #LOG_PROTO_UPDATES=true; diff --git a/host/Rory-ovh/services/matrix/draupnir.nix b/host/Rory-ovh/services/matrix/draupnir.nix
index f754809..9a7c292 100755 --- a/host/Rory-ovh/services/matrix/draupnir.nix +++ b/host/Rory-ovh/services/matrix/draupnir.nix
@@ -1,4 +1,4 @@ -{ pkgs, draupnir, ... }: +{ config, lib, pkgs, draupnir, ... }: { services.draupnir = { @@ -70,4 +70,39 @@ }; }; }; + + systemd.services."draupnir" = { + serviceConfig = let + cfg = config.services.draupnir; + format = pkgs.formats.yaml { }; + configFile = format.generate "draupnir.yaml" cfg.settings; + in { + ExecStart = lib.mkForce ( + toString ( + [ + (lib.getExe cfg.package) + "--draupnir-config" + configFile + ] + ++ lib.optionals (cfg.secrets.accessToken != null) [ + "--access-token-path" + "%d/access_token" + ] + ++ lib.optionals (cfg.secrets.pantalaimon.password != null) [ + "--pantalaimon-password-path" + "%d/pantalaimon_password" + ] + ++ lib.optionals (cfg.secrets.web.synapseHTTPAntispam.authorization != null) [ + "--http-antispam-authorization-path" + "%d/http_antispam_authorization" + ] + ++ [ + "--max-old-space-size=32768" + "--max-semi-space-size=256" + "--prof" + ] + ) + ); + }; + }; }