diff options
4 files changed, 119 insertions, 0 deletions
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index d7c9bcb..ce9c2ad 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -79,5 +79,9 @@ inherit pkgs lib nixpkgs-Draupnir; }; + containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { + inherit pkgs lib nixpkgs-Draupnir; + }; + system.stateVersion = "22.11"; # DO NOT EDIT! } diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix new file mode 100755 index 0000000..8d2bc44 --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix @@ -0,0 +1,41 @@ +{ + pkgs, + lib, + nixpkgs-Draupnir, + ... +}: + +{ + privateNetwork = true; + autoStart = true; + specialArgs = { + inherit nixpkgs-Draupnir; + }; + config = + { + lib, + pkgs, + ... + }: + { + imports = [ + ./root.nix + "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix" + ]; + nixpkgs.overlays = [ + (final: prev: { + draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; + }) + ]; + }; + hostAddress = "192.168.100.16"; + localAddress = "192.168.100.17"; + #hostAddress6 = "fc00::3"; + #localAddress6 = "fc00::4"; + + bindMounts."draupnir-access-token" = { + hostPath = "/etc/draupnir-linux-mint-access-token"; + mountPoint = "/etc/draupnir-access-token"; + isReadOnly = true; + }; +} diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix new file mode 100755 index 0000000..cf6f8c0 --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + imports = [ + ./services/draupnir.nix + ]; + + environment.systemPackages = with pkgs; [ + neofetch + lnav + zsh + lsd + htop + btop + duf + kitty.terminfo + neovim + jq + yq + pv + dig + ]; + + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + + networking.hosts = { + "192.168.100.16" = [ "matrix.rory.gay" "rory.gay" ]; + }; + + networking.firewall = { + enable = true; + }; +} diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix new file mode 100755 index 0000000..1eb159b --- /dev/null +++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix @@ -0,0 +1,31 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + services.draupnir = { + enable = true; + accessTokenFile = "/etc/draupnir-access-token"; + + settings = { + managementRoom = "#draupnir-linux-mint:rory.gay"; + recordIgnoredInvites = true; # We want to be aware of invites + autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ... + automaticallyRedactForReasons = [ "*" ]; # Always autoredact + fasterMembershipChecks = true; + homeserverUrl = "https://matrix.rory.gay"; + + backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit + pollReports = false; + + admin.enableMakeRoomAdminCommand = false; + commands.ban.defaultReasons = [ + "spam" + "code of conduct violation" + ]; + }; + }; +} |