diff --git a/flake.nix b/flake.nix
index 071ca6f..675a614 100755
--- a/flake.nix
+++ b/flake.nix
@@ -18,9 +18,9 @@
url = "github:NixOS/nixpkgs/nixos-unstable";
};
-# nixpkgs-stable = {
-# url = "github:NixOS/nixpkgs/nixos-24.11";
-# };
+ # nixpkgs-stable = {
+ # url = "github:NixOS/nixpkgs/nixos-24.11";
+ # };
nixpkgs-master = {
url = "github:NixOS/nixpkgs/master";
@@ -34,7 +34,7 @@
# Draupnir module/package
#nixpkgs-DraupnirPkg.url = "github:r-ryantm/nixpkgs/auto-update/draupnir";
#nixpkgs-DraupnirPkg.url = "github:NixOS/nixpkgs/master";
-# nixpkgs-keydb.url = "github:NixOS/nixpkgs?rev=e0464e47880a69896f0fb1810f00e0de469f770a";
+ # nixpkgs-keydb.url = "github:NixOS/nixpkgs?rev=e0464e47880a69896f0fb1810f00e0de469f770a";
#MatrixContentFilter.url = "git+file:/home/Rory/git/matrix/MatrixContentFilter?submodules=1";
# Base modules
@@ -146,7 +146,7 @@
safeNSound.nixosModules.default
(
- { pkgs, lib, ... }:
+ { pkgs, lib, ... }:
{
disabledModules = [ "services/matrix/synapse.nix" ];
imports = [
@@ -177,6 +177,8 @@
inherit cgit-magenta;
inherit (inputs) draupnirSrc;
+ inherit (inputs) nixpkgs-master;
+ matrix-synapse-unwrapped-patched = self.packages.x86_64-linux.matrix-synapse-unwrapped-patched;
};
};
@@ -422,17 +424,20 @@
packages.redpanda-connect = (pkgs.callPackage ./packages/redpanda-connect/default.nix { });
packages.matrix-synapse-unwrapped-patched = pkgs-master.matrix-synapse-unwrapped.overrideAttrs (oldAttrs: rec {
- patches = (if oldAttrs ? patches then oldAttrs.patches else []) ++ pkgs.lib.map (
- path: ./packages/overlays/matrix-synapse/patches/${path}
- ) (builtins.attrNames (builtins.readDir ./packages/overlays/matrix-synapse/patches));
+ patches =
+ (if oldAttrs ? patches then oldAttrs.patches else [ ])
+ ++ pkgs.lib.map (path: ./packages/overlays/matrix-synapse/patches/${path}) (builtins.attrNames (builtins.readDir ./packages/overlays/matrix-synapse/patches));
cargoDeps = pkgs.rustPlatform.fetchCargoVendor {
inherit (oldAttrs) src;
inherit patches;
name = "${oldAttrs.pname}-${oldAttrs.version}";
- hash = "sha256-9VJnn8aPkShqK2wYGFr+S5koIjma7VOr+LkLXwStL1E=";
+ hash = "sha256-BfLj+cqS6zpX2qLb+Rur4cy7CyPH2KzdXaTXpNK20DM=";
};
});
+ packages.matrix-synapse-patched = pkgs-master.matrix-synapse.override {
+ matrix-synapse-unwrapped = self.packages.${pkgs.stdenv.hostPlatform.system}.matrix-synapse-unwrapped-patched;
+ };
}
);
}
diff --git a/host/Arc/configuration.nix b/host/Arc/configuration.nix
index b97a8fa..f12348c 100644
--- a/host/Arc/configuration.nix
+++ b/host/Arc/configuration.nix
@@ -84,7 +84,7 @@ args@{
jack.enable = true;
alsa.enable = true;
};
-
+
desktopManager.plasma6.enable = true;
};
@@ -171,9 +171,15 @@ args@{
nerd-fonts.jetbrains-mono
noto-fonts-monochrome-emoji
];
- fontconfig.defaultFonts.monospace = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.sansSerif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.serif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.monospace = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.sansSerif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.serif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
fontconfig.defaultFonts.emoji = with pkgs; [ "freefont" ];
enableDefaultPackages = lib.mkForce false;
enableGhostscriptFonts = lib.mkForce false;
diff --git a/host/Arc/optional/gui/wayland.nix b/host/Arc/optional/gui/wayland.nix
index 281c72d..0d8682b 100644
--- a/host/Arc/optional/gui/wayland.nix
+++ b/host/Arc/optional/gui/wayland.nix
@@ -8,7 +8,7 @@
{
#programs.sway = {
# enable = true;
-#
+ #
# wrapperFeatures.gtk = true;
# extraSessionCommands = ''
# # -- Wayland fixes
@@ -21,7 +21,7 @@
# # use this if they aren't displayed properly:
# export _JAVA_AWT_WM_NONREPARENTING=1
# '';
-#
+ #
# extraPackages = with pkgs; [
# swaybg
# #swayidle
@@ -41,7 +41,7 @@
};
programs.hyprlock.enable = true;
- environment.systemPackages = with pkgs;[
+ environment.systemPackages = with pkgs; [
wmenu
waybar
@@ -52,7 +52,7 @@
keepassxc
networkmanagerapplet
];
-
+
#environment.etc."hyprPlugins" = {
# text = ''
# plugin = ${hy3.packages.${pkgs.stdenv.hostPlatform.system}.hy3}/lib/libhy3.so
diff --git a/host/Rory-NTFS/configuration.nix b/host/Rory-NTFS/configuration.nix
index 98e28de..47d4497 100644
--- a/host/Rory-NTFS/configuration.nix
+++ b/host/Rory-NTFS/configuration.nix
@@ -52,7 +52,7 @@
# allowedUDPPorts = [ ... ];
};
- #interfaces.enp34s0.ipv4.addresses = [ {
+ #interfaces.enp34s0.ipv4.addresses = [ {
# address = "192.168.0.3";
# prefixLength = 24;
#} ];
@@ -170,7 +170,7 @@
extraPortals = with pkgs; [
#xdg-desktop-portal-gtk
xdg-desktop-portal-xapp
-# (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
+ # (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
];
config = {
common = {
@@ -190,8 +190,12 @@
nerd-fonts.jetbrains-mono
noto-fonts-monochrome-emoji
];
- fontconfig.defaultFonts.monospace = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.sansSerif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.monospace = [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.sansSerif = [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
fontconfig.defaultFonts.serif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
fontconfig.defaultFonts.emoji = [ "freefont" ];
enableDefaultPackages = lib.mkForce false;
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index 27f5d93..814bc0f 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -50,7 +50,7 @@ args@{
# TODO: re-enable when USB is fixed
#programs.noisetorch.enable = true;
-
+
programs.gamemode.enable = true;
users.users.Rory.extraGroups = [ "gamemode" ];
@@ -58,7 +58,7 @@ args@{
ZSH_DISABLE_COMPFIX = "true";
};
-# hardware.google-stadia-controller.enable = true;
+ # hardware.google-stadia-controller.enable = true;
networking = {
hostName = "Rory-desktop";
@@ -127,7 +127,7 @@ args@{
# - IDEs
#jetbrains-toolbox
- (jetbrains.plugins.addPlugins jetbrains.webstorm [
+ (jetbrains.plugins.addPlugins jetbrains.webstorm [
jetbrains.plugins.github-copilot-fixed
#"github-copilot"
])
@@ -136,7 +136,7 @@ args@{
#"github-copilot"
"nixidea"
"visual-studio-keymap"
- ]) #"string-manipulation"
+ ]) # "string-manipulation"
#jetbrains.rider
#jetbrains.clion
#github-copilot-intellij-agent
@@ -180,7 +180,6 @@ args@{
#vesktop
#discord-development
-
# (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
mangohud
diff --git a/host/Rory-desktop/optional/gui/hyprland.nix b/host/Rory-desktop/optional/gui/hyprland.nix
index d9dcbb2..f5b0dc2 100644
--- a/host/Rory-desktop/optional/gui/hyprland.nix
+++ b/host/Rory-desktop/optional/gui/hyprland.nix
@@ -12,7 +12,7 @@
};
programs.hyprlock.enable = true;
- environment.systemPackages = with pkgs;[
+ environment.systemPackages = with pkgs; [
wmenu
waybar
wl-clipboard
diff --git a/host/Rory-desktop/services/libvirt.nix b/host/Rory-desktop/services/libvirt.nix
index 405a73d..0724f8c 100644
--- a/host/Rory-desktop/services/libvirt.nix
+++ b/host/Rory-desktop/services/libvirt.nix
@@ -5,4 +5,4 @@
environment.systemPackages = with pkgs; [
virt-viewer
];
-}
\ No newline at end of file
+}
diff --git a/host/Rory-desktop/services/nginx/hse.localhost.nix b/host/Rory-desktop/services/nginx/hse.localhost.nix
index 5812b02..c3c1731 100755
--- a/host/Rory-desktop/services/nginx/hse.localhost.nix
+++ b/host/Rory-desktop/services/nginx/hse.localhost.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ pkgs, ... }:
{
enableACME = false;
addSSL = true;
@@ -27,21 +27,21 @@
'';
};
-# locations."= /.well-known/matrix/server".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
-# '';
-# locations."= /.well-known/matrix/client".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${
-# builtins.toJSON {
-# "m.homeserver".base_url = "http://hse.localhost:5298";
-# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
-# }
-# }';
-# '';
+ # locations."= /.well-known/matrix/server".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+ # '';
+ # locations."= /.well-known/matrix/client".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${
+ # builtins.toJSON {
+ # "m.homeserver".base_url = "http://hse.localhost:5298";
+ # "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ # }
+ # }';
+ # '';
locations."= /.well-known/matrix/support".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
diff --git a/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix b/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix
index 87287a4..8683a13 100644
--- a/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix
+++ b/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ pkgs, ... }:
{
enableACME = false;
addSSL = true;
@@ -27,21 +27,21 @@
'';
};
-# locations."= /.well-known/matrix/server".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
-# '';
-# locations."= /.well-known/matrix/client".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${
-# builtins.toJSON {
-# "m.homeserver".base_url = "http://hse.localhost:5298";
-# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
-# }
-# }';
-# '';
+ # locations."= /.well-known/matrix/server".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+ # '';
+ # locations."= /.well-known/matrix/client".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${
+ # builtins.toJSON {
+ # "m.homeserver".base_url = "http://hse.localhost:5298";
+ # "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ # }
+ # }';
+ # '';
locations."= /.well-known/matrix/support".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
diff --git a/host/Rory-desktop/services/nginx/synapse.localhost.nix b/host/Rory-desktop/services/nginx/synapse.localhost.nix
index 9f89678..766d66f 100755
--- a/host/Rory-desktop/services/nginx/synapse.localhost.nix
+++ b/host/Rory-desktop/services/nginx/synapse.localhost.nix
@@ -1,4 +1,4 @@
-{ pkgs }:
+{ pkgs }:
{
enableACME = false;
addSSL = true;
diff --git a/host/Rory-desktop/services/rabbitmq.nix b/host/Rory-desktop/services/rabbitmq.nix
index f786a70..e92eccd 100644
--- a/host/Rory-desktop/services/rabbitmq.nix
+++ b/host/Rory-desktop/services/rabbitmq.nix
@@ -3,4 +3,4 @@
services.rabbitmq = {
enable = true;
};
-}
\ No newline at end of file
+}
diff --git a/host/Rory-desktop/services/steam.nix b/host/Rory-desktop/services/steam.nix
index a01b46e..2141244 100644
--- a/host/Rory-desktop/services/steam.nix
+++ b/host/Rory-desktop/services/steam.nix
@@ -8,4 +8,4 @@
proton-ge-bin
];
};
-}
\ No newline at end of file
+}
diff --git a/host/Rory-desktop/services/waydroid.nix b/host/Rory-desktop/services/waydroid.nix
index 45a90ea..feb47b6 100644
--- a/host/Rory-desktop/services/waydroid.nix
+++ b/host/Rory-desktop/services/waydroid.nix
@@ -1,4 +1,4 @@
{ ... }:
{
virtualisation.waydroid.enable = true;
-}
\ No newline at end of file
+}
diff --git a/host/Rory-laptop/configuration.nix b/host/Rory-laptop/configuration.nix
index 894878a..5a12b5e 100644
--- a/host/Rory-laptop/configuration.nix
+++ b/host/Rory-laptop/configuration.nix
@@ -125,11 +125,11 @@ args@{
# - IDEs
(jetbrains.plugins.addPlugins jetbrains.webstorm [
- jetbrains.plugins.github-copilot-fixed
+ jetbrains.plugins.github-copilot-fixed
#"github-copilot"
])
(jetbrains.plugins.addPlugins jetbrains.idea-ultimate [
- jetbrains.plugins.github-copilot-fixed
+ jetbrains.plugins.github-copilot-fixed
#"github-copilot"
])
(jetbrains.plugins.addPlugins jetbrains.clion [
@@ -209,23 +209,23 @@ args@{
systemd.services."NetworkManager-wait-online".enable = false;
virtualisation.libvirtd.onBoot = "ignore";
-# systemd.services."systemd-rfkill".serviceConfig.Type = "simple"; # maybe exec?
+ # systemd.services."systemd-rfkill".serviceConfig.Type = "simple"; # maybe exec?
systemd.services."NetworkManager".serviceConfig.Type = "exec"; # maybe exec?
-# systemd.services."home-manager-Rory".serviceConfig.Type = lib.mkForce "exec";
-# systemd.services."systemd-backlight@backlight:intel_backlight".serviceConfig.Type = "exec";
-# systemd.services."wpa_supplicant".serviceConfig.Type = "exec";
-# systemd.services."libvirtd".serviceConfig.Type = lib.mkForce "exec";
-# systemd.services."nginx".serviceConfig.Type = "exec";
-# systemd.services."grafana".serviceConfig.Type = "exec";
-# systemd.services."prometheus".serviceConfig.Type = "exec";
-# systemd.services."bluetooth".serviceConfig.Type = "exec";
-# systemd.services."vmware-usbarbitrator".enable = false;
-# systemd.services."vmware-authdlauncher".enable = false;
-# systemd.services."waydroid-container".enable = false;
-# systemd.services."NetworkManager".serviceConfig.TimeoutStartSec = 10;
+ # systemd.services."home-manager-Rory".serviceConfig.Type = lib.mkForce "exec";
+ # systemd.services."systemd-backlight@backlight:intel_backlight".serviceConfig.Type = "exec";
+ # systemd.services."wpa_supplicant".serviceConfig.Type = "exec";
+ # systemd.services."libvirtd".serviceConfig.Type = lib.mkForce "exec";
+ # systemd.services."nginx".serviceConfig.Type = "exec";
+ # systemd.services."grafana".serviceConfig.Type = "exec";
+ # systemd.services."prometheus".serviceConfig.Type = "exec";
+ # systemd.services."bluetooth".serviceConfig.Type = "exec";
+ # systemd.services."vmware-usbarbitrator".enable = false;
+ # systemd.services."vmware-authdlauncher".enable = false;
+ # systemd.services."waydroid-container".enable = false;
+ # systemd.services."NetworkManager".serviceConfig.TimeoutStartSec = 10;
boot.kernelParams = [
#"quiet"
- "loglevel=8" #3
+ "loglevel=8" # 3
#"systemd.show_status=auto"
#"rd.udev.log_level=3"
#"libahci.ignore_sss=1"
@@ -240,7 +240,7 @@ args@{
#boot.initrd.network.enable = false;
#boot.initrd.services.lvm.enable = false;
#boot.initrd.compressor = "cat";
-#
+ #
#boot.initrd.systemd.units."systemd-backlight@.service".enable = false;
#boot.initrd.systemd.units."dev-ttyS0.device".enable = false;
#boot.initrd.systemd.units."dev-ttyS1.device".enable = false;
@@ -255,7 +255,7 @@ args@{
#boot.initrd.availableKernelModules = [
# "nvme"
#];
-#
+ #
#services.orca.enable = true;
virtualisation.waydroid.enable = true;
diff --git a/host/Rory-laptop/nginx.nix b/host/Rory-laptop/nginx.nix
index 0a72304..fcdcb2e 100644
--- a/host/Rory-laptop/nginx.nix
+++ b/host/Rory-laptop/nginx.nix
@@ -31,7 +31,7 @@
additionalModules = with pkgs.nginxModules; [ moreheaders ];
virtualHosts = {
"discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
- "hse.localhost" = import ./nginx/hse.localhost.nix {inherit pkgs;};
+ "hse.localhost" = import ./nginx/hse.localhost.nix { inherit pkgs; };
};
};
diff --git a/host/Rory-laptop/nginx/hse.localhost.nix b/host/Rory-laptop/nginx/hse.localhost.nix
index 5812b02..c3c1731 100755
--- a/host/Rory-laptop/nginx/hse.localhost.nix
+++ b/host/Rory-laptop/nginx/hse.localhost.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ pkgs, ... }:
{
enableACME = false;
addSSL = true;
@@ -27,21 +27,21 @@
'';
};
-# locations."= /.well-known/matrix/server".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
-# '';
-# locations."= /.well-known/matrix/client".extraConfig = ''
-# more_set_headers 'Content-Type application/json';
-# more_set_headers 'Access-Control-Allow-Origin *';
-# return 200 '${
-# builtins.toJSON {
-# "m.homeserver".base_url = "http://hse.localhost:5298";
-# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
-# }
-# }';
-# '';
+ # locations."= /.well-known/matrix/server".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+ # '';
+ # locations."= /.well-known/matrix/client".extraConfig = ''
+ # more_set_headers 'Content-Type application/json';
+ # more_set_headers 'Access-Control-Allow-Origin *';
+ # return 200 '${
+ # builtins.toJSON {
+ # "m.homeserver".base_url = "http://hse.localhost:5298";
+ # "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ # }
+ # }';
+ # '';
locations."= /.well-known/matrix/support".extraConfig = ''
more_set_headers 'Content-Type application/json';
more_set_headers 'Access-Control-Allow-Origin *';
diff --git a/host/Rory-laptop/optional/gui/wayland.nix b/host/Rory-laptop/optional/gui/wayland.nix
index ab72165..c980a85 100644
--- a/host/Rory-laptop/optional/gui/wayland.nix
+++ b/host/Rory-laptop/optional/gui/wayland.nix
@@ -45,11 +45,11 @@
security.rtkit.enable = true;
programs.hyprlock.enable = true;
- environment.systemPackages = with pkgs;[
+ environment.systemPackages = with pkgs; [
wmenu
kdePackages.xwaylandvideobridge
];
-
+
environment.etc."hyprPlugins" = {
text = ''
plugin = ${hy3.packages.${pkgs.stdenv.hostPlatform.system}.hy3}/lib/libhy3.so
diff --git a/host/Rory-nginx/services/mastodon.nix b/host/Rory-nginx/services/mastodon.nix
index 56f1808..5febe3b 100644
--- a/host/Rory-nginx/services/mastodon.nix
+++ b/host/Rory-nginx/services/mastodon.nix
@@ -5,8 +5,8 @@
enable = true;
webProcesses = 8;
webThreads = 4;
-
- streamingProcesses = 63;
- localDomain = "rory.gay";
+
+ streamingProcesses = 63;
+ localDomain = "rory.gay";
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
index d6d4a94..851cf50 100644
--- a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
+++ b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
@@ -82,13 +82,13 @@
per_second = 1000;
burst_count = 1000;
};
-
+
#presence
rc_presence.per_user = {
per_second = 1;
burst_count = 2;
};
-
+
#delayed events
rc_delayed_event_mgmt = {
per_second = 1000;
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
index f327004..0d039c0 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
@@ -114,9 +114,9 @@ in
name = "${workerName}-${type}";
value = {
extraConfig = ''
- keepalive 32;
-# least_conn;
- hash $request_uri consistent;
+ keepalive 32;
+ # least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
index 1c08d4b..0966573 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
@@ -86,9 +86,9 @@ in
name = "${workerName}-${type}";
value = {
extraConfig = ''
- keepalive 32;
-# least_conn;
- hash $request_uri consistent;
+ keepalive 32;
+ # least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
diff --git a/host/Rory-nginx/services/nginx/rory.gay/mru.nix b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
index d1e1cd7..6c7e2a1 100644
--- a/host/Rory-nginx/services/nginx/rory.gay/mru.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
@@ -1,12 +1,12 @@
{
enableACME = true;
addSSL = true;
-# quic = true;
+ # quic = true;
http3 = true;
http3_hq = true;
kTLS = true;
root = "/data/nginx/html_mru";
-# reuseport = true;
+ # reuseport = true;
extraConfig = ''
brotli off;
brotli_static off;
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
index 3ded494..cd3ac32 100755
--- a/host/Rory-ovh/configuration.nix
+++ b/host/Rory-ovh/configuration.nix
@@ -3,6 +3,8 @@
lib,
nixpkgs-Draupnir,
nixpkgs-DraupnirPkg,
+ nixpkgs-master,
+ matrix-synapse-unwrapped-patched,
...
}:
@@ -110,6 +112,23 @@
;
};
+ containers."syntest1" = import ./services/containers/syntest1/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-master
+ matrix-synapse-unwrapped-patched
+ ;
+ };
+
+ containers."syntest2" = import ./services/containers/syntest2/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-master
+ ;
+ };
+
system.stateVersion = "22.11"; # DO NOT EDIT!
environment.systemPackages = with pkgs; [ waypipe ];
diff --git a/host/Rory-ovh/services/cgit.nix b/host/Rory-ovh/services/cgit.nix
index cbdc350..854dfdf 100644
--- a/host/Rory-ovh/services/cgit.nix
+++ b/host/Rory-ovh/services/cgit.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, cgit-magenta, ... }:
+{
+ pkgs,
+ lib,
+ cgit-magenta,
+ ...
+}:
let
pkg = cgit-magenta.packages.${pkgs.stdenv.hostPlatform.system}.default;
diff --git a/host/Rory-ovh/services/containers/draupnir-ansible/container.nix b/host/Rory-ovh/services/containers/draupnir-ansible/container.nix
index 5ab1aed..ef35488 100644
--- a/host/Rory-ovh/services/containers/draupnir-ansible/container.nix
+++ b/host/Rory-ovh/services/containers/draupnir-ansible/container.nix
@@ -1,6 +1,6 @@
{
-# nixpkgs-Draupnir,
-# nixpkgs-DraupnirPkg,
+ # nixpkgs-Draupnir,
+ # nixpkgs-DraupnirPkg,
...
}:
@@ -8,8 +8,8 @@
privateNetwork = true;
autoStart = true;
specialArgs = {
-# inherit nixpkgs-Draupnir;
-# inherit nixpkgs-DraupnirPkg;
+ # inherit nixpkgs-Draupnir;
+ # inherit nixpkgs-DraupnirPkg;
};
config =
{ lib, pkgs, ... }:
@@ -18,13 +18,13 @@
../shared.nix
./root.nix
./services/draupnir.nix
-# "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ # "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
];
-# nixpkgs.overlays = [
-# (final: prev: {
-# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
-# })
-# ];
+ # nixpkgs.overlays = [
+ # (final: prev: {
+ # draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ # })
+ # ];
};
hostAddress = "192.168.100.1";
localAddress = "192.168.100.19";
diff --git a/host/Rory-ovh/services/containers/draupnir-cme/container.nix b/host/Rory-ovh/services/containers/draupnir-cme/container.nix
index b1ee74b..4b2d0da 100755
--- a/host/Rory-ovh/services/containers/draupnir-cme/container.nix
+++ b/host/Rory-ovh/services/containers/draupnir-cme/container.nix
@@ -1,4 +1,4 @@
-{
+{
#nixpkgs-Draupnir,
#nixpkgs-DraupnirPkg,
...
@@ -20,11 +20,11 @@
./services/draupnir.nix
#"${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
];
-# nixpkgs.overlays = [
-# (final: prev: {
-# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
-# })
-# ];
+ # nixpkgs.overlays = [
+ # (final: prev: {
+ # draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ # })
+ # ];
};
hostAddress = "192.168.100.1";
localAddress = "192.168.100.17";
diff --git a/host/Rory-ovh/services/containers/draupnir-fedora/container.nix b/host/Rory-ovh/services/containers/draupnir-fedora/container.nix
index 5ba9765..fe4571e 100644
--- a/host/Rory-ovh/services/containers/draupnir-fedora/container.nix
+++ b/host/Rory-ovh/services/containers/draupnir-fedora/container.nix
@@ -1,6 +1,6 @@
{
-# nixpkgs-Draupnir,
-# nixpkgs-DraupnirPkg,
+ # nixpkgs-Draupnir,
+ # nixpkgs-DraupnirPkg,
...
}:
@@ -8,8 +8,8 @@
privateNetwork = true;
autoStart = true;
specialArgs = {
-# inherit nixpkgs-Draupnir;
-# inherit nixpkgs-DraupnirPkg;
+ # inherit nixpkgs-Draupnir;
+ # inherit nixpkgs-DraupnirPkg;
};
config =
{ lib, pkgs, ... }:
@@ -18,13 +18,13 @@
../shared.nix
./root.nix
./services/draupnir.nix
-# "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ # "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
];
-# nixpkgs.overlays = [
-# (final: prev: {
-# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
-# })
-# ];
+ # nixpkgs.overlays = [
+ # (final: prev: {
+ # draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ # })
+ # ];
};
hostAddress = "192.168.100.1";
localAddress = "192.168.100.18";
diff --git a/host/Rory-ovh/services/containers/shared.nix b/host/Rory-ovh/services/containers/shared.nix
index f267ff0..7bad188 100644
--- a/host/Rory-ovh/services/containers/shared.nix
+++ b/host/Rory-ovh/services/containers/shared.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, config, ... }:
{
environment.systemPackages = with pkgs; [
neofetch
@@ -14,4 +14,30 @@
jq
dig
];
+
+ networking.resolvconf.enable = false;
+ networking.nameservers = [
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
+
+ services.resolved = {
+ enable = lib.mkForce false;
+ dnssec = lib.mkForce "false";
+ dnsovertls = lib.mkForce "false";
+ };
}
diff --git a/host/Rory-ovh/services/containers/syntest1/container.nix b/host/Rory-ovh/services/containers/syntest1/container.nix
new file mode 100644
index 0000000..da77a2d
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/container.nix
@@ -0,0 +1,68 @@
+{
+ nixpkgs-master,
+ matrix-synapse-unwrapped-patched,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ inherit matrix-synapse-unwrapped-patched;
+ };
+ nixpkgs = nixpkgs-master;
+ config =
+ {
+ lib,
+ pkgs,
+ matrix-synapse-unwrapped-patched,
+ ...
+ }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/synapse/synapse-main.nix
+ ./services/postgres.nix
+ (
+ {
+ pkgs,
+ lib,
+ config,
+ ...
+ }:
+
+ {
+ options.virtualisation = {
+ isVmVariant = lib.mkOption {
+ default = false;
+ example = true;
+ description = "Whether this build is a VM build.";
+ type = lib.types.bool;
+ };
+ };
+ config = {
+ virtualisation.vmVariant = {
+ virtualisation.isVmVariant = true;
+ };
+ };
+ }
+ )
+ ];
+
+ nixpkgs.overlays = [
+ (final: prev: {
+ matrix-synapse-unwrapped = matrix-synapse-unwrapped-patched;
+ })
+ ];
+ networking.firewall.allowedTCPPorts = [ 8008 ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.20";
+
+ bindMounts."postgres" = {
+ hostPath = "/data/dedicated/postgres-syntest1";
+ mountPoint = "/data/postgres";
+ isReadOnly = false;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/root.nix b/host/Rory-ovh/services/containers/syntest1/root.nix
new file mode 100644
index 0000000..0ebce9e
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/root.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/services/postgres.nix b/host/Rory-ovh/services/containers/syntest1/services/postgres.nix
new file mode 100755
index 0000000..98d7155
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/services/postgres.nix
@@ -0,0 +1,99 @@
+{ config, pkgs, ... }:
+
+{
+ systemd.tmpfiles.rules = [ "d /data/postgres 0750 postgres postgres" ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_17_jit;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host discordbots discordbots 192.168.1.2/32 trust
+ host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ # initialScript = pkgs.writeText "backend-initScript" ''
+ # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+ # CREATE DATABASE nixcloud;
+ # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+ # '';
+ dataDir = "/data/postgres";
+ settings = {
+ # https://pgconfigurator.cybertec.at/
+ max_connections = 2500;
+ superuser_reserved_connections = 3;
+
+ shared_buffers = if config.virtualisation.isVmVariant then "128MB" else "64GB";
+ work_mem = if config.virtualisation.isVmVariant then "64MB" else "32GB";
+ maintenance_work_mem = if config.virtualisation.isVmVariant then "512MB" else "8GB";
+ huge_pages = "try";
+ effective_cache_size = if config.virtualisation.isVmVariant then "1GB" else "64GB"; # was 22
+ effective_io_concurrency = 100;
+ random_page_cost = 1.1;
+
+ # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
+ wal_level = "replica";
+ max_wal_senders = 0;
+ synchronous_commit = "on"; # was ond3
+
+ checkpoint_timeout = "15min";
+ checkpoint_completion_target = "0.9";
+ max_wal_size = "2GB";
+ min_wal_size = "1GB";
+
+ wal_compression = "off";
+ wal_buffers = "-1";
+ wal_writer_delay = "500ms"; # was 100
+ wal_writer_flush_after = "32MB"; # was 1
+ #checkpoint_segments = "64"; # additional
+ default_statistics_target = "250"; # additional
+
+ bgwriter_delay = "200ms";
+ bgwriter_lru_maxpages = "100";
+ bgwriter_lru_multiplier = "2.0";
+ bgwriter_flush_after = "0";
+
+ max_worker_processes = "64"; # was 14
+ max_parallel_workers_per_gather = "32"; # was 7
+ max_parallel_maintenance_workers = "32"; # was 7
+ max_parallel_workers = "64"; # was 14
+ parallel_leader_participation = "on";
+
+ enable_partitionwise_join = "on";
+ enable_partitionwise_aggregate = "on";
+ jit = "on";
+ max_slot_wal_keep_size = "1GB";
+ track_wal_io_timing = "on";
+ maintenance_io_concurrency = "4";
+ wal_recycle = "on";
+
+ };
+ };
+
+ # services.prometheus.exporters.postgres = {
+ # enable = true;
+ # port = 9187;
+ # extraFlags = [
+ # "--collector.database_wraparound"
+ # "--collector.long_running_transactions"
+ # "--collector.postmaster"
+ # "--collector.process_idle"
+ # "--collector.stat_activity_autovacuum"
+ # "--collector.stat_statements"
+ # #"--collector.stat_wal_receiver" #we dont have WAL receivers
+ # "--collector.statio_user_indexes"
+ # "--collector.xlog_location"
+ # ];
+ # };
+
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/services/synapse/caches.nix b/host/Rory-ovh/services/containers/syntest1/services/synapse/caches.nix
new file mode 100644
index 0000000..7ddb804
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/services/synapse/caches.nix
@@ -0,0 +1,25 @@
+{
+ gc_min_interval = [
+ "15m"
+ "30m"
+ "60m"
+ ];
+ gc_thresholds = [
+ 10000
+
+ 5000
+ 2500
+ ];
+ event_cache_size = "12000K"; # defaults to 10K
+ caches = {
+ global_factor = 500000.0;
+ cache_entry_ttl = "24h";
+ expire_caches = true;
+ sync_response_cache_duration = "15m";
+ cache_autotuning = {
+ max_cache_memory_usage = "65536M";
+ target_cache_memory_usage = "32768M";
+ min_cache_ttl = "6h";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/services/synapse/db.nix b/host/Rory-ovh/services/containers/syntest1/services/synapse/db.nix
new file mode 100644
index 0000000..28dc79f
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/services/synapse/db.nix
@@ -0,0 +1,49 @@
+{
+ workerName ? null,
+ dbGroup ? null,
+}:
+{
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse";
+ password = "somepassword";
+ database = "matrix-synapse";
+ host = "/run/postgresql";
+ application_name = "matrix-synapse - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+ cp_min =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 5
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+ cp_max =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 10
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+
+ # cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129
+ # cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation
+ # check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set?
+ };
+
+ # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
+ # statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63
+ # allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99
+ # allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link
+ # txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564
+
+ statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs
+ txn_limit = 500; # maybe dropping old data from pg caches helps?
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/services/synapse/ratelimits.nix b/host/Rory-ovh/services/containers/syntest1/services/synapse/ratelimits.nix
new file mode 100644
index 0000000..85f51f2
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/services/synapse/ratelimits.nix
@@ -0,0 +1,97 @@
+{
+ # messages
+ rc_message = {
+ per_second = 1000000;
+ burst_count = 1000000;
+ };
+ rc_admin_redaction = {
+ per_second = 10000000;
+ burst_count = 10000000;
+ };
+
+ # room joins
+ rc_joins = {
+ local = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_joins_per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # room invites
+ rc_invites = {
+ per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_user = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_issuer = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_third_party_invite = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # federation
+ rc_federation = {
+ window_size = 10;
+ sleep_limit = 1000;
+ sleep_delay = 100;
+ reject_limit = 1000;
+ concurrent = 100;
+ };
+ federation_rr_transactions_per_room_per_second = 100;
+
+ # media
+ rc_media_create = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote_media_download_burst_count = "512G";
+ remote_media_download_per_second = "512G";
+
+ # authentication
+ rc_login = {
+ address = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ account = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ failed_attempts = {
+ per_second = 0.1;
+ burst_count = 3;
+ };
+ };
+ rc_3pid_validation = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ #presence
+ rc_presence.per_user = {
+ per_second = 1;
+ burst_count = 2;
+ };
+
+ #delayed events
+ rc_delayed_event_mgmt = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest1/services/synapse/synapse-main.nix b/host/Rory-ovh/services/containers/syntest1/services/synapse/synapse-main.nix
new file mode 100755
index 0000000..327d648
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest1/services/synapse/synapse-main.nix
@@ -0,0 +1,212 @@
+{
+ config,
+ pkgs,
+ matrix-synapse-patched,
+ ...
+}:
+
+{
+ services.matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+ dataDir = "/data/matrix-synapse";
+
+ settings =
+ {
+ server_name = "syntest1.rory.gay";
+
+ dummy_events_threshold = 5;
+ cleanup_extremities_with_dummy_events = true;
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "90s"; # 30 # default=60s
+ max_short_retries = 6; # 12
+ max_short_retry_delay = "10s"; # 5
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+
+ # rapid retry, small increments
+ destination_min_retry_interval = "1m"; # default=10m
+ destination_max_retry_interval = "12h"; # default=7d
+ destination_retry_multiplier = 1.1; # 1.2 # default=2
+ };
+
+ registration_shared_secret_path = "/data/secrets/synapse-shared-secret";
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "192.168.100.20" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [
+ "client"
+ "federation"
+ ];
+ compress = false;
+ }
+ ];
+ }
+ {
+ type = "http";
+ path = "/run/matrix-synapse/main.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ database = (
+ import ./db.nix {
+ workerName = "main";
+ dbGroup = "medium";
+ }
+ );
+
+ #region Media
+ max_upload_size = "512M";
+
+ max_avatar_size = "512M";
+ max_image_pixels = "250M";
+
+ max_pending_media_uploads = 512;
+ dynamic_thumbnails = true;
+
+ prevent_media_downloads_from = [
+ # none, give me all the media
+ ];
+ enable_authenticated_media = false;
+
+ url_preview_enabled = true;
+ max_spider_size = "50M";
+
+ #endregion
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+ experimental_features = {
+ "msc2409_to_device_messages_enabled" = true;
+ "msc2815_enabled" = true; # Redacted event content
+ "msc3026_enabled" = true; # Busy presence
+ "msc3202_transaction_extensions" = true; # appservice transaction extensions (device list/keys)
+ "msc3266_enabled" = true; # Room summary API
+ "msc3391_enabled" = true; # Remove account data
+ "msc3823_account_suspension" = true; # Account suspension
+ "msc3852_enabled" = true; # Last seen on /devices (CS-API/admin)
+ "msc3874_enabled" = true; # filtering /messages with rel_types / not_rel_types
+ "msc3890_enabled" = true; # communicate account data deletion to clients
+ "msc3912_enabled" = true; # /messages with rel_types / not_rel_types and event id
+ "msc3916_authenticated_media_enabled" = true; # Authenticated media
+ "msc4069_profile_inhibit_propagation" = true; # Inhibit profile update propagation
+ "msc4133_enabled" = true; # Custom profile fields
+ "msc4151_enabled" = true; # Report room API (CS-API)
+ "msc4210_enabled" = false; # Remove legacy mentions -- we want this *disabled* for moderation reasons
+ "msc4222_enabled" = true; # state_after in sync
+ };
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+ instance_map = {
+ main = {
+ # replication listener
+ path = "/run/matrix-synapse/main.sock";
+ };
+ };
+ }
+ // import ./ratelimits.nix
+ // import ./caches.nix;
+ };
+
+ services.redis = {
+ package = pkgs.valkey;
+ servers.matrix-synapse = {
+ enable = true;
+ user = "matrix-synapse";
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse"
+ "D /run/secrets 0755 nobody nobody"
+ ];
+
+ systemd.services."matrix-synapse-generate-token" = {
+ # generate /data/secrets/synapse-shared-secret
+ description = "Generate Synapse shared secret";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ before = [ "matrix-synapse.service" ];
+ script = ''
+ set -e -x -o pipefail
+ echo "Starting key generation"
+ if [ ! -f "/data/secrets/synapse-shared-secret" ]
+ then
+ echo "Generating new key"
+ ${pkgs.openssl}/bin/openssl rand -base64 32 > /data/secrets/synapse-shared-secret
+ echo "Key generation complete"
+ else
+ echo "Not generating key, key exists"
+ fi
+ echo "Script complete"
+ '';
+ };
+
+ systemd.services."matrix-synapse-postgres-init" = {
+ description = "Generate synapse postgres user";
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network.target"
+ "postgresql.service"
+ ];
+ before = [ "matrix-synapse.service" ];
+
+ script = ''
+ set -e -x -o pipefail
+ ${pkgs.postgresql}/bin/createuser ${config.services.matrix-synapse.settings.database.args.user} || true
+ ${pkgs.postgresql}/bin/createdb --encoding=UTF8 --locale=C --template=template0 --owner=${config.services.matrix-synapse.settings.database.args.user} ${config.services.matrix-synapse.settings.database.args.database} || true
+ '';
+ serviceConfig = {
+ User = "postgres";
+ Group = "postgres";
+ WorkingDirectory = config.services.postgresql.dataDir;
+ RemainAfterExit = true;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/container.nix b/host/Rory-ovh/services/containers/syntest2/container.nix
new file mode 100644
index 0000000..7cea11f
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/container.nix
@@ -0,0 +1,59 @@
+{
+ nixpkgs-master,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = { };
+ nixpkgs = nixpkgs-master;
+ config =
+ {
+ lib,
+ pkgs,
+ ...
+ }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/synapse/synapse-main.nix
+ ./services/postgres.nix
+ (
+ {
+ pkgs,
+ lib,
+ config,
+ ...
+ }:
+
+ {
+ options.virtualisation = {
+ isVmVariant = lib.mkOption {
+ default = false;
+ example = true;
+ description = "Whether this build is a VM build.";
+ type = lib.types.bool;
+ };
+ };
+ config = {
+ virtualisation.vmVariant = {
+ virtualisation.isVmVariant = true;
+ };
+ };
+ }
+ )
+ ];
+
+ networking.firewall.allowedTCPPorts = [ 8008 ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.21";
+
+ bindMounts."postgres" = {
+ hostPath = "/data/dedicated/postgres-syntest2";
+ mountPoint = "/data/postgres";
+ isReadOnly = false;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/root.nix b/host/Rory-ovh/services/containers/syntest2/root.nix
new file mode 100644
index 0000000..0ebce9e
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/root.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/services/postgres.nix b/host/Rory-ovh/services/containers/syntest2/services/postgres.nix
new file mode 100755
index 0000000..98d7155
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/services/postgres.nix
@@ -0,0 +1,99 @@
+{ config, pkgs, ... }:
+
+{
+ systemd.tmpfiles.rules = [ "d /data/postgres 0750 postgres postgres" ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_17_jit;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host discordbots discordbots 192.168.1.2/32 trust
+ host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ # initialScript = pkgs.writeText "backend-initScript" ''
+ # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+ # CREATE DATABASE nixcloud;
+ # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+ # '';
+ dataDir = "/data/postgres";
+ settings = {
+ # https://pgconfigurator.cybertec.at/
+ max_connections = 2500;
+ superuser_reserved_connections = 3;
+
+ shared_buffers = if config.virtualisation.isVmVariant then "128MB" else "64GB";
+ work_mem = if config.virtualisation.isVmVariant then "64MB" else "32GB";
+ maintenance_work_mem = if config.virtualisation.isVmVariant then "512MB" else "8GB";
+ huge_pages = "try";
+ effective_cache_size = if config.virtualisation.isVmVariant then "1GB" else "64GB"; # was 22
+ effective_io_concurrency = 100;
+ random_page_cost = 1.1;
+
+ # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
+ wal_level = "replica";
+ max_wal_senders = 0;
+ synchronous_commit = "on"; # was ond3
+
+ checkpoint_timeout = "15min";
+ checkpoint_completion_target = "0.9";
+ max_wal_size = "2GB";
+ min_wal_size = "1GB";
+
+ wal_compression = "off";
+ wal_buffers = "-1";
+ wal_writer_delay = "500ms"; # was 100
+ wal_writer_flush_after = "32MB"; # was 1
+ #checkpoint_segments = "64"; # additional
+ default_statistics_target = "250"; # additional
+
+ bgwriter_delay = "200ms";
+ bgwriter_lru_maxpages = "100";
+ bgwriter_lru_multiplier = "2.0";
+ bgwriter_flush_after = "0";
+
+ max_worker_processes = "64"; # was 14
+ max_parallel_workers_per_gather = "32"; # was 7
+ max_parallel_maintenance_workers = "32"; # was 7
+ max_parallel_workers = "64"; # was 14
+ parallel_leader_participation = "on";
+
+ enable_partitionwise_join = "on";
+ enable_partitionwise_aggregate = "on";
+ jit = "on";
+ max_slot_wal_keep_size = "1GB";
+ track_wal_io_timing = "on";
+ maintenance_io_concurrency = "4";
+ wal_recycle = "on";
+
+ };
+ };
+
+ # services.prometheus.exporters.postgres = {
+ # enable = true;
+ # port = 9187;
+ # extraFlags = [
+ # "--collector.database_wraparound"
+ # "--collector.long_running_transactions"
+ # "--collector.postmaster"
+ # "--collector.process_idle"
+ # "--collector.stat_activity_autovacuum"
+ # "--collector.stat_statements"
+ # #"--collector.stat_wal_receiver" #we dont have WAL receivers
+ # "--collector.statio_user_indexes"
+ # "--collector.xlog_location"
+ # ];
+ # };
+
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/services/synapse/caches.nix b/host/Rory-ovh/services/containers/syntest2/services/synapse/caches.nix
new file mode 100644
index 0000000..7ddb804
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/services/synapse/caches.nix
@@ -0,0 +1,25 @@
+{
+ gc_min_interval = [
+ "15m"
+ "30m"
+ "60m"
+ ];
+ gc_thresholds = [
+ 10000
+
+ 5000
+ 2500
+ ];
+ event_cache_size = "12000K"; # defaults to 10K
+ caches = {
+ global_factor = 500000.0;
+ cache_entry_ttl = "24h";
+ expire_caches = true;
+ sync_response_cache_duration = "15m";
+ cache_autotuning = {
+ max_cache_memory_usage = "65536M";
+ target_cache_memory_usage = "32768M";
+ min_cache_ttl = "6h";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/services/synapse/db.nix b/host/Rory-ovh/services/containers/syntest2/services/synapse/db.nix
new file mode 100644
index 0000000..28dc79f
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/services/synapse/db.nix
@@ -0,0 +1,49 @@
+{
+ workerName ? null,
+ dbGroup ? null,
+}:
+{
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse";
+ password = "somepassword";
+ database = "matrix-synapse";
+ host = "/run/postgresql";
+ application_name = "matrix-synapse - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+ cp_min =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 5
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+ cp_max =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 10
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+
+ # cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129
+ # cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation
+ # check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set?
+ };
+
+ # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
+ # statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63
+ # allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99
+ # allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link
+ # txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564
+
+ statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs
+ txn_limit = 500; # maybe dropping old data from pg caches helps?
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/services/synapse/ratelimits.nix b/host/Rory-ovh/services/containers/syntest2/services/synapse/ratelimits.nix
new file mode 100644
index 0000000..85f51f2
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/services/synapse/ratelimits.nix
@@ -0,0 +1,97 @@
+{
+ # messages
+ rc_message = {
+ per_second = 1000000;
+ burst_count = 1000000;
+ };
+ rc_admin_redaction = {
+ per_second = 10000000;
+ burst_count = 10000000;
+ };
+
+ # room joins
+ rc_joins = {
+ local = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_joins_per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # room invites
+ rc_invites = {
+ per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_user = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_issuer = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_third_party_invite = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # federation
+ rc_federation = {
+ window_size = 10;
+ sleep_limit = 1000;
+ sleep_delay = 100;
+ reject_limit = 1000;
+ concurrent = 100;
+ };
+ federation_rr_transactions_per_room_per_second = 100;
+
+ # media
+ rc_media_create = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote_media_download_burst_count = "512G";
+ remote_media_download_per_second = "512G";
+
+ # authentication
+ rc_login = {
+ address = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ account = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ failed_attempts = {
+ per_second = 0.1;
+ burst_count = 3;
+ };
+ };
+ rc_3pid_validation = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ #presence
+ rc_presence.per_user = {
+ per_second = 1;
+ burst_count = 2;
+ };
+
+ #delayed events
+ rc_delayed_event_mgmt = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/syntest2/services/synapse/synapse-main.nix b/host/Rory-ovh/services/containers/syntest2/services/synapse/synapse-main.nix
new file mode 100755
index 0000000..9c16039
--- /dev/null
+++ b/host/Rory-ovh/services/containers/syntest2/services/synapse/synapse-main.nix
@@ -0,0 +1,211 @@
+{
+ config,
+ pkgs,
+ ...
+}:
+
+{
+ services.matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+ dataDir = "/data/matrix-synapse";
+
+ settings =
+ {
+ server_name = "syntest2.rory.gay";
+
+ dummy_events_threshold = 5;
+ cleanup_extremities_with_dummy_events = true;
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "90s"; # 30 # default=60s
+ max_short_retries = 6; # 12
+ max_short_retry_delay = "10s"; # 5
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+
+ # rapid retry, small increments
+ destination_min_retry_interval = "1m"; # default=10m
+ destination_max_retry_interval = "12h"; # default=7d
+ destination_retry_multiplier = 1.1; # 1.2 # default=2
+ };
+
+ registration_shared_secret_path = "/data/secrets/synapse-shared-secret";
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "192.168.100.21" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [
+ "client"
+ "federation"
+ ];
+ compress = false;
+ }
+ ];
+ }
+ {
+ type = "http";
+ path = "/run/matrix-synapse/main.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ database = (
+ import ./db.nix {
+ workerName = "main";
+ dbGroup = "medium";
+ }
+ );
+
+ #region Media
+ max_upload_size = "512M";
+
+ max_avatar_size = "512M";
+ max_image_pixels = "250M";
+
+ max_pending_media_uploads = 512;
+ dynamic_thumbnails = true;
+
+ prevent_media_downloads_from = [
+ # none, give me all the media
+ ];
+ enable_authenticated_media = false;
+
+ url_preview_enabled = true;
+ max_spider_size = "50M";
+
+ #endregion
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+ experimental_features = {
+ "msc2409_to_device_messages_enabled" = true;
+ "msc2815_enabled" = true; # Redacted event content
+ "msc3026_enabled" = true; # Busy presence
+ "msc3202_transaction_extensions" = true; # appservice transaction extensions (device list/keys)
+ "msc3266_enabled" = true; # Room summary API
+ "msc3391_enabled" = true; # Remove account data
+ "msc3823_account_suspension" = true; # Account suspension
+ "msc3852_enabled" = true; # Last seen on /devices (CS-API/admin)
+ "msc3874_enabled" = true; # filtering /messages with rel_types / not_rel_types
+ "msc3890_enabled" = true; # communicate account data deletion to clients
+ "msc3912_enabled" = true; # /messages with rel_types / not_rel_types and event id
+ "msc3916_authenticated_media_enabled" = true; # Authenticated media
+ "msc4069_profile_inhibit_propagation" = true; # Inhibit profile update propagation
+ "msc4133_enabled" = true; # Custom profile fields
+ "msc4151_enabled" = true; # Report room API (CS-API)
+ "msc4210_enabled" = false; # Remove legacy mentions -- we want this *disabled* for moderation reasons
+ "msc4222_enabled" = true; # state_after in sync
+ };
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+ instance_map = {
+ main = {
+ # replication listener
+ path = "/run/matrix-synapse/main.sock";
+ };
+ };
+ }
+ // import ./ratelimits.nix
+ // import ./caches.nix;
+ };
+
+ services.redis = {
+ package = pkgs.valkey;
+ servers.matrix-synapse = {
+ enable = true;
+ user = "matrix-synapse";
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse"
+ "D /run/secrets 0755 nobody nobody"
+ ];
+
+ systemd.services."matrix-synapse-generate-token" = {
+ # generate /data/secrets/synapse-shared-secret
+ description = "Generate Synapse shared secret";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ before = [ "matrix-synapse.service" ];
+ script = ''
+ set -e -x -o pipefail
+ echo "Starting key generation"
+ if [ ! -f "/data/secrets/synapse-shared-secret" ]
+ then
+ echo "Generating new key"
+ ${pkgs.openssl}/bin/openssl rand -base64 32 > /data/secrets/synapse-shared-secret
+ echo "Key generation complete"
+ else
+ echo "Not generating key, key exists"
+ fi
+ echo "Script complete"
+ '';
+ };
+
+ systemd.services."matrix-synapse-postgres-init" = {
+ description = "Generate synapse postgres user";
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network.target"
+ "postgresql.service"
+ ];
+ before = [ "matrix-synapse.service" ];
+
+ script = ''
+ set -e -x -o pipefail
+ ${pkgs.postgresql}/bin/createuser ${config.services.matrix-synapse.settings.database.args.user} || true
+ ${pkgs.postgresql}/bin/createdb --encoding=UTF8 --locale=C --template=template0 --owner=${config.services.matrix-synapse.settings.database.args.user} ${config.services.matrix-synapse.settings.database.args.database} || true
+ '';
+ serviceConfig = {
+ User = "postgres";
+ Group = "postgres";
+ WorkingDirectory = config.services.postgresql.dataDir;
+ RemainAfterExit = true;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/email/maddy.nix b/host/Rory-ovh/services/email/maddy.nix
index 548cb1a..3f1d427 100644
--- a/host/Rory-ovh/services/email/maddy.nix
+++ b/host/Rory-ovh/services/email/maddy.nix
@@ -35,8 +35,8 @@
loader = "file";
certificates = [
{
- # certPath = "/var/lib/acme/mail.rory.gay/fullchain.pem";
- # keyPath = "/var/lib/acme/mail.rory.gay/key.pem";
+ # certPath = "/var/lib/acme/mail.rory.gay/fullchain.pem";
+ # keyPath = "/var/lib/acme/mail.rory.gay/key.pem";
certPath = "/run/credentials/maddy.service/acme-fullchain.pem";
keyPath = "/run/credentials/maddy.service/acme-key.pem";
}
@@ -60,7 +60,7 @@
fsType = "none";
options = [ "bind" ];
};
-
+
systemd.services.maddy.serviceConfig = {
LoadCredential = [
"acme-fullchain.pem:/var/lib/acme/rory.gay/fullchain.pem"
diff --git a/host/Rory-ovh/services/mastodon.nix b/host/Rory-ovh/services/mastodon.nix
index 56f1808..5febe3b 100644
--- a/host/Rory-ovh/services/mastodon.nix
+++ b/host/Rory-ovh/services/mastodon.nix
@@ -5,8 +5,8 @@
enable = true;
webProcesses = 8;
webThreads = 4;
-
- streamingProcesses = 63;
- localDomain = "rory.gay";
+
+ streamingProcesses = 63;
+ localDomain = "rory.gay";
};
}
diff --git a/host/Rory-ovh/services/matrix/synapse/caches.nix b/host/Rory-ovh/services/matrix/synapse/caches.nix
index f00c78c..7ddb804 100644
--- a/host/Rory-ovh/services/matrix/synapse/caches.nix
+++ b/host/Rory-ovh/services/matrix/synapse/caches.nix
@@ -6,7 +6,7 @@
];
gc_thresholds = [
10000
-
+
5000
2500
];
diff --git a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
index 7907927..65dba4e 100755
--- a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
+++ b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
@@ -207,7 +207,7 @@
# before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
-#
+ #
# script = ''
# set -e -x -o pipefail
# echo "Starting key generation"
@@ -264,7 +264,10 @@
systemd.services."matrix-synapse-postgres-init" = {
description = "Generate synapse postgres user";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
+ after = [
+ "network.target"
+ "postgresql.service"
+ ];
before = [ "matrix-synapse.service" ];
script = ''
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
index fee1573..72fbef0 100755
--- a/host/Rory-ovh/services/nginx/nginx.nix
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -41,7 +41,7 @@ in
#"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
# "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
# "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };
-#
+ #
#"siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
#"lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
#"git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
@@ -49,27 +49,29 @@ in
#"spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
#"terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
#"vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };
-#
+ #
# "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
# "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // {
# locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;";
# };
# "wad-api.rory.gay" = import ./rory.gay/wad-api.nix;
-#
+ #
#"thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
# "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
# "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
-#
+ #
"rory.gay" = import ./rory.gay/root.nix { inherit config; };
# "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };
-#
+ #
# "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
"cgit.rory.gay" = import ./rory.gay/cgit.nix { inherit config; };
# #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;
-#
+ #
# #matrix...
# "conduit.rory.gay" = import ./rory.gay/conduit.nix;
"matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; };
+ "syntest1.rory.gay" = import ./rory.gay/syntest1.nix { inherit config; };
+ "syntest2.rory.gay" = import ./rory.gay/syntest2.nix { inherit config; };
"libmatrix-fed-test.rory.gay" = import ./rory.gay/libmatrix-fed-test.nix { inherit config; };
"safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; };
"demo.safensound.rory.gay" = import ./rory.gay/demo.safensound.nix { inherit config; };
@@ -90,6 +92,9 @@ in
security.acme.defaults.email = "root@rory.gay";
networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
networking.firewall.allowedUDPPorts = [ 443 ];
}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
index b0ff075..0a44039 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/cgit.nix b/host/Rory-ovh/services/nginx/rory.gay/cgit.nix
index 7b49a42..7788e64 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/cgit.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/cgit.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix b/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix
index 231d5e3..b436336 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix
index f75c78b..40ecfb0 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix
@@ -1,13 +1,13 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
-# quic = true;
+ # quic = true;
http3 = !config.virtualisation.isVmVariant;
http3_hq = !config.virtualisation.isVmVariant;
kTLS = !config.virtualisation.isVmVariant;
root = "/data/nginx/html_safensound_demo";
-# reuseport = true;
+ # reuseport = true;
extraConfig = ''
brotli off;
brotli_static off;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/ec.nix b/host/Rory-ovh/services/nginx/rory.gay/ec.nix
index c50b1f9..18cf3e1 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/ec.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/ec.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix b/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix
index c2909d6..9284e8a 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix
index 1af3669..694a521 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrix.nix b/host/Rory-ovh/services/nginx/rory.gay/matrix.nix
index 45a507f..609b8af 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/matrix.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrix.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
@@ -65,8 +65,4 @@
}
}';
'';
-
- locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
- proxyPass = "http://localhost:8100";
- };
}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix b/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix
index f23f0dd..eae32f7 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/mru.nix b/host/Rory-ovh/services/nginx/rory.gay/mru.nix
index 6e685de..cb010b4 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/mru.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/mru.nix
@@ -1,13 +1,13 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
-# quic = true;
+ # quic = true;
http3 = !config.virtualisation.isVmVariant;
http3_hq = !config.virtualisation.isVmVariant;
kTLS = !config.virtualisation.isVmVariant;
root = "/data/nginx/html_mru";
-# reuseport = true;
+ # reuseport = true;
extraConfig = ''
brotli off;
brotli_static off;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/root.nix b/host/Rory-ovh/services/nginx/rory.gay/root.nix
index a7720ec..2f491cf 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/root.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/root.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
index 9208129..5c3cfd7 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
@@ -1,13 +1,13 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
-# quic = true;
+ # quic = true;
http3 = !config.virtualisation.isVmVariant;
http3_hq = !config.virtualisation.isVmVariant;
kTLS = !config.virtualisation.isVmVariant;
root = "/data/nginx/html_safensound";
-# reuseport = true;
+ # reuseport = true;
extraConfig = ''
brotli off;
brotli_static off;
diff --git a/host/Rory-ovh/services/nginx/rory.gay/stream.nix b/host/Rory-ovh/services/nginx/rory.gay/stream.nix
index caed22f..cad3d13 100755
--- a/host/Rory-ovh/services/nginx/rory.gay/stream.nix
+++ b/host/Rory-ovh/services/nginx/rory.gay/stream.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config }:
{
enableACME = !config.virtualisation.isVmVariant;
addSSL = !config.virtualisation.isVmVariant;
@@ -8,26 +8,26 @@
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
- proxy_ssl_verify off;
-# proxy_set_header Host youthapp.inuits.dev;
- proxy_ssl_server_name on;
+ proxy_ssl_verify off;
+ # proxy_set_header Host youthapp.inuits.dev;
+ proxy_ssl_server_name on;
- more_set_headers 'Access-Control-Allow-Origin: *';
- more_set_headers 'Access-Control-Allow-Methods: *';
- #
- # Custom headers and headers various browsers *should* be OK with but aren't
- #
- more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
- #
- # Tell client that this pre-flight info is valid for 20 days
- #
- more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
- if ($request_method = 'OPTIONS') {
- more_set_headers 'Content-Type: text/plain; charset=utf-8';
- more_set_headers 'Content-Length: 0';
- return 204;
- }
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
'';
};
};
diff --git a/host/Rory-ovh/services/nginx/rory.gay/syntest1.nix b/host/Rory-ovh/services/nginx/rory.gay/syntest1.nix
new file mode 100755
index 0000000..7c60eb0
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/syntest1.nix
@@ -0,0 +1,68 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://192.168.100.20:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "syntest1.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://syntest1.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://syntest1.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/syntest2.nix b/host/Rory-ovh/services/nginx/rory.gay/syntest2.nix
new file mode 100755
index 0000000..f1dbcc4
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/syntest2.nix
@@ -0,0 +1,68 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://192.168.100.21:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "syntest2.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://syntest2.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://syntest2.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+}
diff --git a/host/RoryNix/configuration.nix b/host/RoryNix/configuration.nix
index 891d3ad..8e3c0cc 100644
--- a/host/RoryNix/configuration.nix
+++ b/host/RoryNix/configuration.nix
@@ -147,7 +147,10 @@
zsh-completions
];
- fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono noto-fonts-monochrome-emoji ];
+ fonts.packages = with pkgs; [
+ nerd-fonts.jetbrains-mono
+ noto-fonts-monochrome-emoji
+ ];
nix = {
settings = {
experimental-features = [
diff --git a/host/uISO/development.nix b/host/uISO/development.nix
index 90ffcfb..6148c76 100644
--- a/host/uISO/development.nix
+++ b/host/uISO/development.nix
@@ -2,7 +2,7 @@
config,
lib,
pkgs,
-
+
#params
#enableBios ? true,
#enableEfi ? true,
@@ -25,7 +25,7 @@
#splashImage = null;
grubTheme = null;
};
-
+
boot = {
initrd = {
#systemd.enable = true;
@@ -48,4 +48,4 @@
btop
neofetch
];
-}
\ No newline at end of file
+}
diff --git a/host/uISO/iso-root.nix b/host/uISO/iso-root.nix
index 6f02772..5c1ff5d 100644
--- a/host/uISO/iso-root.nix
+++ b/host/uISO/iso-root.nix
@@ -3,7 +3,7 @@
lib,
pkgs,
nixpkgs,
-
+
#params
#enableBios ? true,
#enableEfi ? true,
@@ -19,7 +19,7 @@
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
];
- fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems;# // {
+ fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems; # // {
# "/".device = lib.mkForce "/dev/disk/by-label/NIXOS_ISO";
# "/nix/.ro-store".device = lib.mkForce "/sysroot/iso/nix-store.squashfs";
#};
@@ -31,16 +31,15 @@
makeUsbBootable = false;
makeBiosBootable = true;
};
-
- boot.supportedFilesystems = lib.mkForce [ ];
+ boot.supportedFilesystems = lib.mkForce [ ];
hardware.enableRedistributableFirmware = lib.mkForce false;
#environment.systemPackages = lib.mkForce [ ];
documentation.enable = lib.mkForce false;
documentation.nixos.enable = lib.mkForce false;
networking.wireless.enable = lib.mkForce false;
- system.extraDependencies = lib.mkForce [];
+ system.extraDependencies = lib.mkForce [ ];
boot = {
loader = {
@@ -56,7 +55,6 @@
enableContainers = lib.mkForce false;
};
-
#perlless profile
system.switch.enable = lib.mkForce false;
@@ -86,12 +84,12 @@
networking.networkmanager.enable = false;
systemd.coredump.enable = false;
services.timesyncd.enable = false;
-
+
services.nscd.enableNsncd = false;
networking.dhcpcd.enable = false;
services.udev.enable = false;
services.nscd.enable = false;
- system.nssModules = lib.mkForce [];
+ system.nssModules = lib.mkForce [ ];
systemd.oomd.enable = false;
#services.getty = {
@@ -119,10 +117,10 @@
boot.initrd.systemd.suppressedUnits = [
"systemd-hibernate-clear.service"
];
-
+
systemd.suppressedSystemUnits = [
"systemd-hibernate-clear.service"
"systemd-bootctl@.service"
"systemd-bootctl.socket"
];
-}
\ No newline at end of file
+}
diff --git a/host/uISO/overlays/grub-overlay.nix b/host/uISO/overlays/grub-overlay.nix
index abbed8e..14a36e8 100644
--- a/host/uISO/overlays/grub-overlay.nix
+++ b/host/uISO/overlays/grub-overlay.nix
@@ -1,18 +1,22 @@
final: prev: {
- grub2 = (prev.grub2.override {
- zfsSupport = false;
- efiSupport = false;
- xenSupport = false;
- }).overrideAttrs (oldAttrs: {
- doCheck = false;
- doInstallCheck = false;
- #remove --enable-grub-mount
- configureFlags = oldAttrs.configureFlags ++ [ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont" ];
- # remove unnecessary commands
- # postInstall = oldAttrs.postInstall + ''
- # rm -rf $out/share/locale
- # '';
- });
+ grub2 =
+ (prev.grub2.override {
+ zfsSupport = false;
+ efiSupport = false;
+ xenSupport = false;
+ }).overrideAttrs
+ (oldAttrs: {
+ doCheck = false;
+ doInstallCheck = false;
+ #remove --enable-grub-mount
+ configureFlags = oldAttrs.configureFlags ++ [
+ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont"
+ ];
+ # remove unnecessary commands
+ # postInstall = oldAttrs.postInstall + ''
+ # rm -rf $out/share/locale
+ # '';
+ });
grub2_light = final.grub2;
grub2_efi = final.grub2;
diff --git a/host/uISO/overlays/systemd-overlay.nix b/host/uISO/overlays/systemd-overlay.nix
index 69a4d3f..a1ddadd 100644
--- a/host/uISO/overlays/systemd-overlay.nix
+++ b/host/uISO/overlays/systemd-overlay.nix
@@ -18,7 +18,7 @@ final: prev: {
withFido2 = false;
withHomed = false;
withHostnamed = false;
- withHwdb = true; # required by nixos
+ withHwdb = true; # required by nixos
withImportd = false;
withIptables = false;
withKmod = true; # required by nixos
diff --git a/host/uISO/pkgs/resize.nix b/host/uISO/pkgs/resize.nix
index 5dc3b77..8ffd598 100644
--- a/host/uISO/pkgs/resize.nix
+++ b/host/uISO/pkgs/resize.nix
@@ -4,6 +4,9 @@ derivation {
name = "resize";
version = "1.0";
builder = "${pkgs.bash}/bin/bash";
- args = [ "-c" "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize" ];
+ args = [
+ "-c"
+ "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize"
+ ];
system = builtins.currentSystem;
-}
\ No newline at end of file
+}
diff --git a/modules/base.nix b/modules/base.nix
index 44909aa..386ba73 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -175,10 +175,10 @@
virtualisation = {
memorySize = 8192;
cores = 6;
- msize = 1*1024*1024;
+ msize = 1 * 1024 * 1024;
bios = pkgs.qboot;
};
-
+
monitoring.monitorAll = lib.mkForce false;
services.promtail.enable = lib.mkForce false;
networking.useDHCP = lib.mkOverride 51 true;
diff --git a/modules/software-templates/steam.nix b/modules/software-templates/steam.nix
index ac548a7..2054b7d 100644
--- a/modules/software-templates/steam.nix
+++ b/modules/software-templates/steam.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
programs.steam = {
enable = true;
gamescopeSession.enable = true;
@@ -7,9 +8,9 @@
proton-ge-bin
];
};
-
+
environment.systemPackages = with pkgs; [
steam-run
steam-acf
];
-}
\ No newline at end of file
+}
diff --git a/modules/software-templates/synapse-workers/generic.nix b/modules/software-templates/synapse-workers/generic.nix
index 7fa3967..899f156 100644
--- a/modules/software-templates/synapse-workers/generic.nix
+++ b/modules/software-templates/synapse-workers/generic.nix
@@ -29,8 +29,8 @@ let
++ lib.optional (lib.elem "stream_events" tasks) "events";
# recursive update list of attrs
-# recursiveMerge = list: lib.foldl (a: b: lib.recursiveUpdate a b) (lib.head list) (lib.tail list);
-# workerRoutes = recursiveMerge (lib.map (type: workerLib.workerRoutes.${type}) streamTypes);
+ # recursiveMerge = list: lib.foldl (a: b: lib.recursiveUpdate a b) (lib.head list) (lib.tail list);
+ # workerRoutes = recursiveMerge (lib.map (type: workerLib.workerRoutes.${type}) streamTypes);
in
{
config = lib.mkIf (cfg.accountDataStreamWriters > 0) {
@@ -84,7 +84,9 @@ in
];
}) enabledResources;
database = lib.recursiveUpdate (lib.recursiveUpdate config.services.matrix-synapse.settings.database {
- application_name = "matrix-synapse (${config.services.matrix-synapse.settings.server_name}) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+ application_name = "matrix-synapse (${config.services.matrix-synapse.settings.server_name}) - ${
+ if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName
+ }";
}) dbOverrides;
#region Media
diff --git a/modules/software-templates/synapse-workers/generic/auth.nix b/modules/software-templates/synapse-workers/generic/auth.nix
index 47064be..2ba5901 100644
--- a/modules/software-templates/synapse-workers/generic/auth.nix
+++ b/modules/software-templates/synapse-workers/generic/auth.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/generic/client-reader.nix b/modules/software-templates/synapse-workers/generic/client-reader.nix
index 9072988..3192860 100644
--- a/modules/software-templates/synapse-workers/generic/client-reader.nix
+++ b/modules/software-templates/synapse-workers/generic/client-reader.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/generic/event-creator.nix b/modules/software-templates/synapse-workers/generic/event-creator.nix
index e035405..6f1f4b3 100644
--- a/modules/software-templates/synapse-workers/generic/event-creator.nix
+++ b/modules/software-templates/synapse-workers/generic/event-creator.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/generic/federation-inbound.nix b/modules/software-templates/synapse-workers/generic/federation-inbound.nix
index af18e8e..8fa991d 100644
--- a/modules/software-templates/synapse-workers/generic/federation-inbound.nix
+++ b/modules/software-templates/synapse-workers/generic/federation-inbound.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/generic/federation-reader.nix b/modules/software-templates/synapse-workers/generic/federation-reader.nix
index 09e8419..acedf32 100644
--- a/modules/software-templates/synapse-workers/generic/federation-reader.nix
+++ b/modules/software-templates/synapse-workers/generic/federation-reader.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/generic/federation-sender.nix b/modules/software-templates/synapse-workers/generic/federation-sender.nix
index bf6cf51..ce4e75d 100644
--- a/modules/software-templates/synapse-workers/generic/federation-sender.nix
+++ b/modules/software-templates/synapse-workers/generic/federation-sender.nix
@@ -5,7 +5,7 @@ let
workers = lib.range 0 (cfg.federationSenders - 1);
workerName = "federation_sender";
tasks = [ ];
- workerRoutes = {};
+ workerRoutes = { };
enabledResources = lib.attrNames workerRoutes;
in
{
@@ -21,16 +21,16 @@ in
};
}) workers
);
-
+
# Federation sender
send_federation = lib.mkIf (lib.elem "federation_sender" tasks) false;
federation_sender_instances = lib.mkIf (lib.elem "federation_sender" tasks) [ workerName ];
outbound_federation_restricted_to = lib.mkIf (lib.elem "federation_sender" tasks) [ workerName ];
worker_replication_secret = "${workerName}_secret";
-
+
# Pusher
pusher_instances = lib.optional (lib.elem "pusher" tasks) "${workerName}";
-
+
# Media repo
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
@@ -71,7 +71,7 @@ in
workerName = "${workerName}-${toString index}";
}
);
-
+
# Media repo
enable_media_repo = lib.elem "media_repo" tasks;
rc_federation = {
diff --git a/modules/software-templates/synapse-workers/generic/pusher.nix b/modules/software-templates/synapse-workers/generic/pusher.nix
index 8c6b697..5d5b4ff 100644
--- a/modules/software-templates/synapse-workers/generic/pusher.nix
+++ b/modules/software-templates/synapse-workers/generic/pusher.nix
@@ -5,7 +5,7 @@ let
workers = lib.range 0 (cfg.pushers - 1);
workerName = "pusher";
tasks = [ ];
- workerRoutes = {};
+ workerRoutes = { };
enabledResources = lib.attrNames workerRoutes;
in
{
diff --git a/modules/software-templates/synapse-workers/generic/sync.nix b/modules/software-templates/synapse-workers/generic/sync.nix
index eb47e59..cafe4e2 100644
--- a/modules/software-templates/synapse-workers/generic/sync.nix
+++ b/modules/software-templates/synapse-workers/generic/sync.nix
@@ -23,7 +23,7 @@ in
};
}) workers
);
-
+
media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
};
diff --git a/modules/software-templates/synapse-workers/lib.nix b/modules/software-templates/synapse-workers/lib.nix
index c99e2ef..010ff8a 100644
--- a/modules/software-templates/synapse-workers/lib.nix
+++ b/modules/software-templates/synapse-workers/lib.nix
@@ -129,16 +129,16 @@
presence.client = [
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/"
];
-
+
accountData.client = [
"~ ^/_matrix/client/(r0|v3|unstable)/account_data"
"~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/account_data"
"~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/tags"
];
-
+
userDirectory.client = [
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"
-
+
#profile
"~ ^/_matrix/client/v3/profile/.*$"
"~ ^/_matrix/client/v3/profile/.*/(displayname|avatar_url)$"
diff --git a/modules/software-templates/synapse-workers/single/appservice.nix b/modules/software-templates/synapse-workers/single/appservice.nix
index 03a080b..871a7c1 100644
--- a/modules/software-templates/synapse-workers/single/appservice.nix
+++ b/modules/software-templates/synapse-workers/single/appservice.nix
@@ -6,7 +6,7 @@ let
dbGroup = "small";
workerName = "appservice";
tasks = [ "appservice" ];
- workerRoutes = {};
+ workerRoutes = { };
enabledResources = lib.attrNames workerRoutes;
in
{
diff --git a/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix
index 3f8363a..33ccc25 100644
--- a/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix
+++ b/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix
@@ -4,7 +4,7 @@ let
cfg = config.services.matrix-synapse;
workerLib = import ../lib.nix;
dbGroup = "medium";
-# streamWriterType = "account_data";
+ # streamWriterType = "account_data";
workers = lib.range 0 (cfg.accountDataStreamWriters - 1);
workerName = "account_data_stream_writer";
tasks = [ "stream_account_data" ];
@@ -12,7 +12,8 @@ let
in
let
enabledResources = lib.attrNames workerRoutes;
- streamTypes = []
+ streamTypes =
+ [ ]
++ lib.optional (lib.elem "stream_account_data" tasks) "account_data"
++ lib.optional (lib.elem "stream_presence" tasks) "presence"
++ lib.optional (lib.elem "stream_push_rules" tasks) "push_rules"
@@ -36,7 +37,7 @@ in
);
#stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
-# stream_writers = lib.listToA
+ # stream_writers = lib.listToA
# map `streams` to `workers`
stream_writers = lib.listToAttrs (
lib.map (stream: {
diff --git a/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix
index 6abce3f..3c72d46 100644
--- a/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix
+++ b/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix
@@ -7,8 +7,8 @@ let
workers = lib.range 0 (cfg.eventStreamWriters - 1);
workerName = "event_stream_writer";
tasks = [ ];
- workerRoutes = {};
- enabledResources = [];
+ workerRoutes = { };
+ enabledResources = [ ];
in
{
config = lib.mkIf (cfg.eventStreamWriters > 0) {
diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix
index 9667a3b..dbb2c4a 100755
--- a/modules/users/Rory.nix
+++ b/modules/users/Rory.nix
@@ -133,7 +133,7 @@
alias ytdl='nix run ${pkgs.path}\#yt-dlp -- -k --console-title --print-traffic'
alias ytdl-mp3='nix run ${pkgs.path}\#yt-dlp -- -k --console-title --print-traffic -x --audio-quality 0 --audio-format mp3 -i'
alias ytdl-mp3l='nix run ${pkgs.path}\#yt-dlp -- --console-title -x --audio-quality 0 --audio-format mp3 -o "%%(playlist)s/%%(playlist_index)s. %%(title)s.%%(ext)s" --download-archive archive.txt --embed-thumbnail --add-metadata -R 100 --http-chunk-size 64M --buffer-size 64M -i'
-
+
[ -f "$HOME/.profile" ] && . $HOME/.profile
'';
#alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
diff --git a/packages/matrix-spec.nix b/packages/matrix-spec.nix
index 01475bf..17cc4a3 100644
--- a/packages/matrix-spec.nix
+++ b/packages/matrix-spec.nix
@@ -5,10 +5,10 @@
buildGoModule,
hugo,
cacert,
-
+
pkgs,
-
- matrixSpecSrc
+
+ matrixSpecSrc,
}:
let
src = matrixSpecSrc;
@@ -27,12 +27,12 @@ buildGoModule {
# Nix doesn't play well with Hugo's "GitInfo" module, so disable it and inject
# the revision from the flake.
postPatch = ''
-# substituteInPlace ./site/layouts/shortcodes/gitinfo.html \
-# --replace "{{ .Page.GitInfo.Hash }}" "${rev}"
+ # substituteInPlace ./site/layouts/shortcodes/gitinfo.html \
+ # --replace "{{ .Page.GitInfo.Hash }}" "${rev}"
-# substituteInPlace ./config/_default/config.yaml \
-# --replace "enableGitInfo: true" "enableGitInfo: false"
- ${lib.getExe pkgs.lsd} -lAh .
+ # substituteInPlace ./config/_default/config.yaml \
+ # --replace "enableGitInfo: true" "enableGitInfo: false"
+ ${lib.getExe pkgs.lsd} -lAh .
'';
# Generate the Hugo site before building the Go application which embeds the
diff --git a/packages/overlays/matrix-synapse/patches/synapse-fast-links.patch b/packages/overlays/matrix-synapse/patches/0001-Fast-auth-links.patch
index c35ba87..0d92e4e 100644
--- a/packages/overlays/matrix-synapse/patches/synapse-fast-links.patch
+++ b/packages/overlays/matrix-synapse/patches/0001-Fast-auth-links.patch
@@ -1,8 +1,18 @@
+From 1b82f35b613e96c56bf18015e33f34328ad73188 Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Tue, 22 Jul 2025 05:07:01 +0200
+Subject: [PATCH 01/11] Fast auth links
+
+---
+ synapse/storage/database.py | 43 +++++++++++++++++++
+ .../databases/main/event_federation.py | 8 ++--
+ 2 files changed, 47 insertions(+), 4 deletions(-)
+
diff --git a/synapse/storage/database.py b/synapse/storage/database.py
-index cb4a585..1196781 100644
+index 6188195614..79af139543 100644
--- a/synapse/storage/database.py
+++ b/synapse/storage/database.py
-@@ -2503,6 +2503,49 @@ class DatabasePool:
+@@ -2558,6 +2558,49 @@ class DatabasePool:
return txn.fetchall()
@@ -53,7 +63,7 @@ index cb4a585..1196781 100644
def make_in_list_sql_clause(
database_engine: BaseDatabaseEngine,
diff --git a/synapse/storage/databases/main/event_federation.py b/synapse/storage/databases/main/event_federation.py
-index 46aa590..026f011 100644
+index 46aa5902d8..026f0114ed 100644
--- a/synapse/storage/databases/main/event_federation.py
+++ b/synapse/storage/databases/main/event_federation.py
@@ -52,6 +52,7 @@ from synapse.storage.database import (
@@ -85,3 +95,6 @@ index 46aa590..026f011 100644
)
txn.execute(sql % (clause,), args)
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0001-Hotfix-ignore-rejected-events-in-delayed_events.patch b/packages/overlays/matrix-synapse/patches/0002-Hotfix-ignore-rejected-events-in-delayed_events.patch
index 10bda30..3d5ea60 100644
--- a/packages/overlays/matrix-synapse/patches/0001-Hotfix-ignore-rejected-events-in-delayed_events.patch
+++ b/packages/overlays/matrix-synapse/patches/0002-Hotfix-ignore-rejected-events-in-delayed_events.patch
@@ -1,7 +1,7 @@
-From c9685b56adfec0f8917e2a04b792519c57f0baa4 Mon Sep 17 00:00:00 2001
+From 346fb5899fa42d4604b7bf0261c5e1774e6d2c04 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Sun, 20 Apr 2025 00:30:29 +0200
-Subject: [PATCH 01/10] Hotfix: ignore rejected events in delayed_events
+Subject: [PATCH 02/11] Hotfix: ignore rejected events in delayed_events
---
synapse/handlers/delayed_events.py | 7 ++++++-
diff --git a/packages/overlays/matrix-synapse/patches/0002-Add-too-much-logging-to-room-summary-over-federation.patch b/packages/overlays/matrix-synapse/patches/0003-Add-too-much-logging-to-room-summary-over-federation.patch
index 8441823..5f4e596 100644
--- a/packages/overlays/matrix-synapse/patches/0002-Add-too-much-logging-to-room-summary-over-federation.patch
+++ b/packages/overlays/matrix-synapse/patches/0003-Add-too-much-logging-to-room-summary-over-federation.patch
@@ -1,7 +1,7 @@
-From 12f5c44e7d1cedc9f11402fc5c06ce54a8c24915 Mon Sep 17 00:00:00 2001
+From 929d1e329ec26d2e351591206a82c6e235660437 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Wed, 23 Apr 2025 17:53:52 +0200
-Subject: [PATCH 02/10] Add too much logging to room summary over federation
+Subject: [PATCH 03/11] Add too much logging to room summary over federation
Signed-off-by: Rory& <root@rory.gay>
---
@@ -9,10 +9,10 @@ Signed-off-by: Rory& <root@rory.gay>
1 file changed, 36 insertions(+), 4 deletions(-)
diff --git a/synapse/handlers/room_summary.py b/synapse/handlers/room_summary.py
-index 91b131d09b..6e64930682 100644
+index 1f322ac263..59b63b2e7c 100644
--- a/synapse/handlers/room_summary.py
+++ b/synapse/handlers/room_summary.py
-@@ -700,23 +700,55 @@ class RoomSummaryHandler:
+@@ -715,23 +715,55 @@ class RoomSummaryHandler:
"""
# The API doesn't return the room version so assume that a
# join rule of knock is valid.
diff --git a/packages/overlays/matrix-synapse/patches/0003-Log-entire-room-if-accessibility-check-fails.patch b/packages/overlays/matrix-synapse/patches/0004-Log-entire-room-if-accessibility-check-fails.patch
index e1676c6..290f0da 100644
--- a/packages/overlays/matrix-synapse/patches/0003-Log-entire-room-if-accessibility-check-fails.patch
+++ b/packages/overlays/matrix-synapse/patches/0004-Log-entire-room-if-accessibility-check-fails.patch
@@ -1,7 +1,7 @@
-From feb88e251b0a7402095643444710f160b9e73daa Mon Sep 17 00:00:00 2001
+From 0ce933278f77e272e2cc894229a1178e1b4fb552 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Wed, 23 Apr 2025 18:24:57 +0200
-Subject: [PATCH 03/10] Log entire room if accessibility check fails
+Subject: [PATCH 04/11] Log entire room if accessibility check fails
Signed-off-by: Rory& <root@rory.gay>
---
@@ -9,10 +9,10 @@ Signed-off-by: Rory& <root@rory.gay>
1 file changed, 4 insertions(+)
diff --git a/synapse/handlers/room_summary.py b/synapse/handlers/room_summary.py
-index 6e64930682..1c39cfed1b 100644
+index 59b63b2e7c..b65ccdb510 100644
--- a/synapse/handlers/room_summary.py
+++ b/synapse/handlers/room_summary.py
-@@ -916,6 +916,10 @@ class RoomSummaryHandler:
+@@ -931,6 +931,10 @@ class RoomSummaryHandler:
if not room_entry or not await self._is_remote_room_accessible(
requester, room_entry.room_id, room_entry.room
):
diff --git a/packages/overlays/matrix-synapse/patches/0004-Log-policy-server-rejected-events.patch b/packages/overlays/matrix-synapse/patches/0005-Log-policy-server-rejected-events.patch
index 63903f1..ae59e63 100644
--- a/packages/overlays/matrix-synapse/patches/0004-Log-policy-server-rejected-events.patch
+++ b/packages/overlays/matrix-synapse/patches/0005-Log-policy-server-rejected-events.patch
@@ -1,17 +1,17 @@
-From d06fbc3b1b6158a1e3805d3dd282427268dea01a Mon Sep 17 00:00:00 2001
+From 0b5d4c8104bf25f7bbb4e4e7db229742f04199b6 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Tue, 27 May 2025 05:21:46 +0200
-Subject: [PATCH 04/10] Log policy server rejected events
+Subject: [PATCH 05/11] Log policy server rejected events
---
synapse/handlers/room_policy.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/synapse/handlers/room_policy.py b/synapse/handlers/room_policy.py
-index dcfebb128c..3a83c4d6ec 100644
+index 170c477d6f..df5585e4ee 100644
--- a/synapse/handlers/room_policy.py
+++ b/synapse/handlers/room_policy.py
-@@ -84,6 +84,13 @@ class RoomPolicyHandler:
+@@ -87,6 +87,13 @@ class RoomPolicyHandler:
policy_server, event
)
if recommendation != RECOMMENDATION_OK:
diff --git a/packages/overlays/matrix-synapse/patches/0005-Use-parse_boolean-for-unredacted-content.patch b/packages/overlays/matrix-synapse/patches/0006-Use-parse_boolean-for-unredacted-content.patch
index bfb3e75..1c2841c 100644
--- a/packages/overlays/matrix-synapse/patches/0005-Use-parse_boolean-for-unredacted-content.patch
+++ b/packages/overlays/matrix-synapse/patches/0006-Use-parse_boolean-for-unredacted-content.patch
@@ -1,17 +1,17 @@
-From 9c3f28c68cb89e81a98561e0898b00c43a280a65 Mon Sep 17 00:00:00 2001
+From 07d72fd39ea3044577322647d5ed1dd8cb6f77d9 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Tue, 27 May 2025 06:14:26 +0200
-Subject: [PATCH 05/10] Use parse_boolean for unredacted content
+Subject: [PATCH 06/11] Use parse_boolean for unredacted content
---
synapse/rest/client/room.py | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
-index bb41575d46..63ea52baf8 100644
+index 4600a87778..e838341fde 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
-@@ -914,10 +914,9 @@ class RoomEventServlet(RestServlet):
+@@ -915,10 +915,9 @@ class RoomEventServlet(RestServlet):
requester = await self.auth.get_user_by_req(request, allow_guest=True)
include_unredacted_content = self.msc2815_enabled and (
diff --git a/packages/overlays/matrix-synapse/patches/0006-Expose-tombstone-in-room-admin-api.patch b/packages/overlays/matrix-synapse/patches/0007-Expose-tombstone-in-room-admin-api.patch
index c12912e..719705e 100644
--- a/packages/overlays/matrix-synapse/patches/0006-Expose-tombstone-in-room-admin-api.patch
+++ b/packages/overlays/matrix-synapse/patches/0007-Expose-tombstone-in-room-admin-api.patch
@@ -1,7 +1,7 @@
-From 23c042aead65385a500be6e671ddd0e942a7e864 Mon Sep 17 00:00:00 2001
+From d3edb4aa9a225f521fdbc406c187fd40343b3963 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Tue, 27 May 2025 06:37:52 +0200
-Subject: [PATCH 06/10] Expose tombstone in room admin api
+Subject: [PATCH 07/11] Expose tombstone in room admin api
---
synapse/rest/admin/rooms.py | 5 ++++
@@ -33,10 +33,10 @@ index f8c5bf18d4..adac1f0362 100644
response = {
diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
-index 63ea52baf8..38230de0de 100644
+index e838341fde..f61152c35b 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
-@@ -918,7 +918,6 @@ class RoomEventServlet(RestServlet):
+@@ -919,7 +919,6 @@ class RoomEventServlet(RestServlet):
request,
"fi.mau.msc2815.include_unredacted_content"
)
@@ -45,7 +45,7 @@ index 63ea52baf8..38230de0de 100644
if include_unredacted_content and not await self.auth.is_server_admin(
requester
diff --git a/synapse/storage/databases/main/room.py b/synapse/storage/databases/main/room.py
-index 1df06a5171..347dbbba6b 100644
+index 58451d3ff1..66b79db4ed 100644
--- a/synapse/storage/databases/main/room.py
+++ b/synapse/storage/databases/main/room.py
@@ -610,6 +610,7 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
diff --git a/packages/overlays/matrix-synapse/patches/0007-fix-Always-recheck-messages-pagination-data-if-a-bac.patch b/packages/overlays/matrix-synapse/patches/0008-fix-Always-recheck-messages-pagination-data-if-a-bac.patch
index 4ebc20c..363204e 100644
--- a/packages/overlays/matrix-synapse/patches/0007-fix-Always-recheck-messages-pagination-data-if-a-bac.patch
+++ b/packages/overlays/matrix-synapse/patches/0008-fix-Always-recheck-messages-pagination-data-if-a-bac.patch
@@ -1,7 +1,7 @@
-From 99b146825a1a8257d05440ae3e331c68b8e1575a Mon Sep 17 00:00:00 2001
+From afecddceaa6ece4cf797ce27e226a99acb8e8a6d Mon Sep 17 00:00:00 2001
From: Jason Little <j.little@famedly.com>
Date: Wed, 30 Apr 2025 09:29:42 -0500
-Subject: [PATCH 07/10] fix: Always recheck `/messages` pagination data if a
+Subject: [PATCH 08/11] fix: Always recheck `/messages` pagination data if a
backfill might have been needed (#28)
---
@@ -10,7 +10,7 @@ Subject: [PATCH 07/10] fix: Always recheck `/messages` pagination data if a
2 files changed, 34 insertions(+), 37 deletions(-)
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
-index a6de3e824d..ff751d25f6 100644
+index 015fb3edca..a0bc955121 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -211,7 +211,7 @@ class FederationHandler:
diff --git a/packages/overlays/matrix-synapse/patches/0008-Fix-pagination-with-large-gaps-of-rejected-events.patch b/packages/overlays/matrix-synapse/patches/0009-Fix-pagination-with-large-gaps-of-rejected-events.patch
index 81a6d3f..ebed62e 100644
--- a/packages/overlays/matrix-synapse/patches/0008-Fix-pagination-with-large-gaps-of-rejected-events.patch
+++ b/packages/overlays/matrix-synapse/patches/0009-Fix-pagination-with-large-gaps-of-rejected-events.patch
@@ -1,7 +1,7 @@
-From 6eb23d3018f68744ba363fb7a89a9a4982d67a19 Mon Sep 17 00:00:00 2001
+From 2f2dd65326b8a8dc6b7ac99dbe7476abb2163469 Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Sun, 8 Jun 2025 23:14:31 +0200
-Subject: [PATCH 08/10] Fix pagination with large gaps of rejected events
+Subject: [PATCH 09/11] Fix pagination with large gaps of rejected events
---
synapse/handlers/pagination.py | 13 +++++++++++--
diff --git a/packages/overlays/matrix-synapse/patches/0009-Fix-nix-flake.patch b/packages/overlays/matrix-synapse/patches/0010-Fix-nix-flake.patch
index 09a7f5c..4df6090 100644
--- a/packages/overlays/matrix-synapse/patches/0009-Fix-nix-flake.patch
+++ b/packages/overlays/matrix-synapse/patches/0010-Fix-nix-flake.patch
@@ -1,7 +1,7 @@
-From 69d854a8250493f9c1e468f24031378ff334cf7f Mon Sep 17 00:00:00 2001
+From 448de6ea7bfe1c6073726f517988e5deeb510861 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Mon, 9 Jun 2025 17:38:34 +0200
-Subject: [PATCH 09/10] Fix nix flake
+Subject: [PATCH 10/11] Fix nix flake
---
flake.lock | 58 +++++++++++++++++++-----------------------------------
@@ -143,7 +143,7 @@ index a6a2aea328..4e2f01153b 100644
},
"root": "root",
diff --git a/flake.nix b/flake.nix
-index 749c10da1d..e33b233ece 100644
+index 4ff6518aed..76b3c1a4b0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -82,7 +82,7 @@
@@ -155,7 +155,7 @@ index 749c10da1d..e33b233ece 100644
# Additionally install the "rust-src" extension to allow diving into the
# Rust source code in an IDE (rust-analyzer will also make use of it).
extensions = [ "rust-src" ];
-@@ -118,6 +118,8 @@
+@@ -117,6 +117,8 @@
# For releasing Synapse
debian-devscripts # (`dch` for manipulating the Debian changelog)
libnotify # (the release script uses `notify-send` to tell you when CI jobs are done)
@@ -164,7 +164,7 @@ index 749c10da1d..e33b233ece 100644
];
# Install Python and manage a virtualenv with Poetry.
-@@ -140,6 +142,9 @@
+@@ -139,6 +141,9 @@
# force compiling those binaries locally instead.
env.POETRY_INSTALLER_NO_BINARY = "ruff";
@@ -174,7 +174,7 @@ index 749c10da1d..e33b233ece 100644
# Install dependencies for the additional programming languages
# involved with Synapse development.
#
-@@ -160,6 +165,9 @@
+@@ -159,6 +164,9 @@
services.postgres.initialDatabases = [
{ name = "synapse"; }
];
diff --git a/packages/overlays/matrix-synapse/patches/0010-Fix-gitignore-to-ignore-.venv.patch b/packages/overlays/matrix-synapse/patches/0011-Fix-gitignore-to-ignore-.venv.patch
index abe0eb3..82335db 100644
--- a/packages/overlays/matrix-synapse/patches/0010-Fix-gitignore-to-ignore-.venv.patch
+++ b/packages/overlays/matrix-synapse/patches/0011-Fix-gitignore-to-ignore-.venv.patch
@@ -1,14 +1,14 @@
-From 35c7dfe6a8df912f14d4f18642e2af2675d607af Mon Sep 17 00:00:00 2001
+From e1b50954048039a23c538cd260644ccc63d82941 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Mon, 9 Jun 2025 17:46:10 +0200
-Subject: [PATCH 10/10] Fix gitignore to ignore .venv
+Subject: [PATCH 11/11] Fix gitignore to ignore .venv
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
-index a89f149ec1..0567934c4e 100644
+index e333f2320b..3aec96e75e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,6 +30,7 @@ __pycache__/
|
