From 40bfa51153bb38e0471ab05937b018d0ba255f0d Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Wed, 6 Sep 2023 23:30:26 +0200 Subject: Add container --- .../containers/pluralcontactbotpoc/conduit.nix | 33 ++++++++++++++++++++++ .../containers/pluralcontactbotpoc/container.nix | 28 ++++++++++++++++++ .../containers/pluralcontactbotpoc/root.nix | 11 ++++++++ 3 files changed, 72 insertions(+) create mode 100755 host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix create mode 100755 host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix create mode 100755 host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix (limited to 'host/Rory-nginx/services/containers/pluralcontactbotpoc') diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix new file mode 100755 index 0000000..f2fdad6 --- /dev/null +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/conduit.nix @@ -0,0 +1,33 @@ +{ config, pkgs, lib, conduit, ... }: + +{ + services.matrix-conduit = { + package = conduit.packages.${pkgs.system}.default; + enable = true; + settings.global = { + address = "127.0.0.1"; + server_name = "pcpoc.rory.gay"; + database_backend = "rocksdb"; + enable_lightning_bolt = true; + max_concurrent_requests = 1000; + allow_check_for_updates = false; + allow_registration = false; + }; + }; + systemd.services.matrix-conduit-reg-token = { + description = "Random registration token for Conduit."; + before = ["conduit.service"]; # So the registration can be used by Conduit. + after = ["matrix-synapse-reg-token.service"]; + + script = '' + mkdir -p /run/systemd/system/conduit.service.d + echo Environment=\"CONDUIT_REGISTRATION_TOKEN=$(cat /var/lib/matrix-synapse/registration_shared_secret.txt)\" > /run/systemd/system/conduit.service.d/override.conf + systemctl daemon-reload''; + serviceConfig = { + User = "root"; + Group = "root"; + }; + }; + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix new file mode 100755 index 0000000..39f593e --- /dev/null +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix @@ -0,0 +1,28 @@ +{ pkgs, lib, ... }: + +{ +# imports = +# [ +# ./root.nix +# ]; + + privateNetwork = true; + autoStart = true; + + + # config is root.nix with networking overridden + config = import ./root.nix { + inherit config; + etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + }; + +} \ No newline at end of file diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix new file mode 100755 index 0000000..3dbf243 --- /dev/null +++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, botcore-v4, ... }: + +{ + imports = + [ + ./nginx.nix + ./conduit.nix + ]; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file -- cgit 1.4.1