diff options
-rwxr-xr-x | build.sh | 2 | ||||
-rwxr-xr-x | flake.nix | 3 | ||||
-rwxr-xr-x | host/Rory-synapse/configuration.nix | 91 | ||||
-rwxr-xr-x | host/Rory-synapse/post-rebuild.sh | 4 | ||||
-rwxr-xr-x | modules/base-server.nix | 2 |
5 files changed, 67 insertions, 35 deletions
diff --git a/build.sh b/build.sh index 7542303..b89de4b 100755 --- a/build.sh +++ b/build.sh @@ -10,7 +10,7 @@ if [ "$1" = "/" ]; then [ -f "host/${2}/pre-rebuild.sh" ] && host/$2/pre-rebuild.sh nixos-generate-config --show-hardware-config > hardware-configuration.nix git add -f hardware-configuration.nix - nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all + nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all || exit 1 [ -f "host/${2}/post-rebuild.sh" ] && host/$2/post-rebuild.sh git rm --cached hardware-configuration.nix exit diff --git a/flake.nix b/flake.nix index dc5d08d..e3edd4a 100755 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,8 @@ inputs = { nixpkgs = { - url = "github:NixOS/nixpkgs/nixos-unstable"; + #url = "github:NixOS/nixpkgs/nixos-unstable"; + url="path:/Rory-Open-Architecture/nixpkgs"; }; botcore-v4 = { url = "gitlab:BotCore-Devs/BotCore-v4/staging"; diff --git a/host/Rory-synapse/configuration.nix b/host/Rory-synapse/configuration.nix index a805e5f..46da7b6 100755 --- a/host/Rory-synapse/configuration.nix +++ b/host/Rory-synapse/configuration.nix @@ -121,8 +121,6 @@ }; url_preview_enabled = true; - - database = { name = "psycopg2"; args = { @@ -141,37 +139,63 @@ plugins = with pkgs.matrix-synapse-plugins; [ # Alicia - need to port draupnir... #matrix-synapse-mjolnir-antispam - matrix-synapse-pam +# matrix-synapse-pam ]; - extraConfigFiles = [ - (pkgs.writeTextFile { - name = "matrix-synapse-extra-config.yml"; - text = '' - modules: - - module: "pam_auth_provider.PAMAuthProvider" - config: - create_users: true - skip_user_check: false - ''; - }) - ]; +# extraConfigFiles = [ +# (pkgs.writeTextFile { +# name = "matrix-synapse-extra-config.yml"; +# text = '' +# modules: +# - module: "pam_auth_provider.PAMAuthProvider" +# config: +# create_users: true +# skip_user_check: false +# ''; +# }) +# ]; }; # Alicia - doesnt work yet... until in nixpkgs... - #services.draupnir = { - # enable = true; - # pantalaimon = { - # enable = true; - # username = "draupnir"; - # passwordFile = "/run/secrets/draupnir-password"; - # options = { - # homeserver = "http://localhost:8008"; - # ssl = false; - # }; - # - # }; - # managementRoom = "#draupnir-mgmt:rory.gay"; - #}; + services.draupnir = { + enable = true; + + pantalaimon = { + enable = true; + username = "draupnir"; + passwordFile = "/etc/draupnir-password"; + options = { + homeserver = "http://localhost:8008"; + ssl = false; + }; + + }; + managementRoom = "#draupnir-mgmt:rory.gay"; + homeserverUrl = "http://localhost:8008"; + verboseLogging = false; + settings = { + recordIgnoredInvites = false; + automaticallyRedactForReasons = [ "*" ]; + fasterMembershipChecks = true; + backgroundDelayMS = 100; + pollReports = true; + admin.enableMakeRoomAdminCommand = true; + commands.ban.defaultReasons = [ + "spam" + "harassment" + "transphobia" + "scam" + ]; + protections = { + wordlist = { + words = [ + "tranny" + "faggot" + ]; + minutesBeforeTrusting = 0; + }; + }; + }; + }; systemd.services.matrix-synapse-reg-token = { description = "Random registration token for Synapse."; @@ -179,7 +203,14 @@ wantedBy = ["multi-user.target"]; after = ["network.target"]; - script = ''cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt''; + script = '' + + if [ ! -f "registration_shared_secret.txt" ] + then + cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt + else + echo Not generating key, key exists; + fi''; serviceConfig = { User = "matrix-synapse"; Group = "matrix-synapse"; diff --git a/host/Rory-synapse/post-rebuild.sh b/host/Rory-synapse/post-rebuild.sh index 7be1383..27028d9 100755 --- a/host/Rory-synapse/post-rebuild.sh +++ b/host/Rory-synapse/post-rebuild.sh @@ -24,8 +24,8 @@ register(){ -PASSWD=`cat /run/keys/matrix-user-pass` -for u in {Alicia,Emma,Rory,root} +PASSWD=`cat /etc/matrix-user-pass` +for u in {draupnir,Alicia,Emma,Rory,root} do register $u $PASSWD done diff --git a/modules/base-server.nix b/modules/base-server.nix index 6404ae9..756769f 100755 --- a/modules/base-server.nix +++ b/modules/base-server.nix @@ -6,7 +6,7 @@ ./base.nix ./users/chris.nix ]; - + documentation.nixos.enable = false; # My servers always use /dev/sda as boot disk... boot = { kernelPackages = pkgs.linuxPackages_latest; |