diff options
4 files changed, 73 insertions, 0 deletions
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index 7a94254..a1f3938 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -94,6 +94,7 @@ initialPasswordFile = "/etc/matrix-user-pass"; }; containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; }; + containers."draupnir-fedora" = import ./services/containers/draupnir-fedora/container.nix { inherit pkgs lib nixpkgs-Draupnir; }; #containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; }; diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/container.nix b/host/Rory-nginx/services/containers/draupnir-fedora/container.nix new file mode 100644 index 0000000..4ab9009 --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-fedora/container.nix @@ -0,0 +1,28 @@ +{ nixpkgs-Draupnir, ... }: + +{ + privateNetwork = true; + autoStart = true; + specialArgs = { + inherit nixpkgs-Draupnir; + }; + config = + { lib, pkgs, ... }: + { + imports = [ + ../shared.nix + ./root.nix + ./services/draupnir.nix + "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix" + ]; + nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ]; + }; + hostAddress = "192.168.100.1"; + localAddress = "192.168.100.18"; + + bindMounts."draupnir-access-token" = { + hostPath = "/etc/draupnir-fedora-access-token"; + mountPoint = "/etc/draupnir-access-token"; + isReadOnly = true; + }; +} diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/root.nix b/host/Rory-nginx/services/containers/draupnir-fedora/root.nix new file mode 100644 index 0000000..e4da810 --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-fedora/root.nix @@ -0,0 +1,21 @@ +{ ... }: + +{ + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + + networking.hosts = { + "192.168.100.1" = [ + "matrix.rory.gay" + "rory.gay" + ]; + }; + + networking.firewall = { + enable = true; + }; +} diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix new file mode 100644 index 0000000..6573f4c --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services.draupnir = { + enable = true; + accessTokenFile = "/etc/draupnir-access-token"; + homeserverUrl = "https://matrix.rory.gay"; + + settings = { + managementRoom = "#draupnir-fedora-mgmt:rory.gay"; + recordIgnoredInvites = true; # We want to be aware of invites + autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ... + automaticallyRedactForReasons = [ "*" ]; # Always autoredact + fasterMembershipChecks = true; + + backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit + pollReports = false; + + admin.enableMakeRoomAdminCommand = false; + commands.ban.defaultReasons = [ "spam" ]; + }; + }; +} |