From 7010d98995fea8eda3c578fbfd13aecca918b7d9 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Tue, 28 Mar 2023 21:03:46 +0200 Subject: Initial commit --- host/Rory-postgres/configuration.nix | 51 ++++++++++ host/Spacebar-nginx/configuration.nix | 37 +++++++ host/Spacebar-nginx/hosts/spacebar.chat/root.nix | 10 ++ host/Spacebar-synapse/configuration.nix | 121 +++++++++++++++++++++++ host/Spacebar-synapse/post-rebuild.sh | 30 ++++++ host/Spacebar-synapse/pre-rebuild.sh | 9 ++ 6 files changed, 258 insertions(+) create mode 100755 host/Rory-postgres/configuration.nix create mode 100755 host/Spacebar-nginx/configuration.nix create mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/root.nix create mode 100755 host/Spacebar-synapse/configuration.nix create mode 100755 host/Spacebar-synapse/post-rebuild.sh create mode 100755 host/Spacebar-synapse/pre-rebuild.sh (limited to 'host') diff --git a/host/Rory-postgres/configuration.nix b/host/Rory-postgres/configuration.nix new file mode 100755 index 0000000..33e4f6b --- /dev/null +++ b/host/Rory-postgres/configuration.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ../../modules/base.nix + ]; + + networking = { + hostName = "Spacebar-postgres"; + interfaces.ens18.ipv4.addresses = [ { + address = "192.168.1.3"; + prefixLength = 24; + } ]; + interfaces.ens19.ipv4.addresses = [ { + address = "10.10.11.3"; + prefixLength = 16; + } ]; + }; + + systemd.tmpfiles.rules = [ "d /data/pg 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_14; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host matrix-synapse-spacebar-chat matrix-synapse-spacebar-chat 192.168.1.5/32 trust + host all all 0.0.0.0/0 md5 + ''; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE ROLE matrix-synapse-spacebar-chat WITH LOGIN PASSWORD '${pkgs.postgresql_14}' CREATEDB; + CREATE DATABASE matrix-synapse-spacebar-chat; + GRANT ALL PRIVILEGES ON DATABASE matrix-synapse-spacebar-chat TO matrix-synapse-spacebar-chat; + ''; + dataDir = "/data/pg"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix new file mode 100755 index 0000000..19b8dc0 --- /dev/null +++ b/host/Spacebar-nginx/configuration.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ../../modules/base-server.nix + ]; + + networking = { + hostName = "Spacebar-nginx"; + interfaces.ens18.ipv4.addresses = [ { + address = "192.168.1.2"; + prefixLength = 24; + } ]; + interfaces.ens19.ipv4.addresses = [ { + address = "10.10.11.2"; + prefixLength = 16; + } ]; + }; + + services = { + nginx = { + enable = true; + package = pkgs.nginxQuic; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "mail.spacebar.chat" = import ./hosts/spacebar.chat/mail.nix; + }; + }; + }; + systemd.services.nginx.requires = [ "data.mount" ]; + security.acme.acceptTerms = true; + security.acme.defaults.email = "chris@spacebar.chat"; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/root.nix b/host/Spacebar-nginx/hosts/spacebar.chat/root.nix new file mode 100755 index 0000000..a859950 --- /dev/null +++ b/host/Spacebar-nginx/hosts/spacebar.chat/root.nix @@ -0,0 +1,10 @@ +{ + root = "/data/nginx/html_boorunav"; + enableACME = true; + addSSL = true; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Spacebar-synapse/configuration.nix b/host/Spacebar-synapse/configuration.nix new file mode 100755 index 0000000..a06a83d --- /dev/null +++ b/host/Spacebar-synapse/configuration.nix @@ -0,0 +1,121 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ../../modules/base-server.nix + ]; + + networking = { + hostName = "Spacebar-synapse"; + interfaces.ens18.ipv4.addresses = [ { + address = "192.168.1.5"; + prefixLength = 24; + } ]; + interfaces.ens19.ipv4.addresses = [ { + address = "10.10.11.5"; + prefixLength = 16; + } ]; + }; + + # Discord bridge + services.matrix-appservice-discord = { + enable = false; # Alicia - figure out secret first... + environmentFile = /etc/keyring/matrix-appservice-discord/tokens.env; + settings = { + bridge = { + domain = "spacebar.chat"; + homeserverUrl = "https://matrix.spacebar.chat"; + }; + database = { + connString = "postgres://postgres@192.168.1.3/matrix-appservice-discord"; + }; + }; + }; + + services.matrix-synapse = { + enable = true; + settings = { + server_name = "spacebar.chat"; + enable_registration = false; + registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; + # Alicia - types: https://github.com/NixOS/nixpkgs/blob/release-22.11/nixos/modules/services/matrix/synapse.nix#L410 + listeners = [ + { + port = 8008; + bind_addresses = [ "192.168.1.5" "127.0.0.1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; + } ]; + } + ]; + dynamic_thumbnails = true; + presence = { + enable = true; + update_interval = 60; + }; + url_preview_enabled = true; + + database = { + name = "psycopg2"; + args = { + user = "matrix-synapse-spacebar-chat"; + password = "somepassword"; + database = "matrix-synapse-spacebar-chat"; + host = "192.168.1.3"; + }; + }; + app_service_config_files = [ ]; + }; + + plugins = with pkgs.matrix-synapse-plugins; [ ]; + }; + + # Alicia - doesnt work yet... until in nixpkgs... + services.draupnir = { + enable = true; + + pantalaimon = { + enable = true; + username = "draupnir"; + passwordFile = "/etc/draupnir-password"; + options = { + homeserver = "http://localhost:8008"; + ssl = false; + }; + }; + managementRoom = "#draupnir-mgmt:spacebar.chat"; + homeserverUrl = "http://localhost:8008"; + verboseLogging = false; + settings = { + recordIgnoredInvites = false; + automaticallyRedactForReasons = [ "*" ]; + fasterMembershipChecks = true; + backgroundDelayMS = 100; + pollReports = true; + admin.enableMakeRoomAdminCommand = true; + commands.ban.defaultReasons = [ + "spam" + "harassment" + "transphobia" + "scam" + ]; + protections = { + wordlist = { + words = [ + "tranny" + "faggot" + ]; + minutesBeforeTrusting = 0; + }; + }; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Spacebar-synapse/post-rebuild.sh b/host/Spacebar-synapse/post-rebuild.sh new file mode 100755 index 0000000..8dc0e7d --- /dev/null +++ b/host/Spacebar-synapse/post-rebuild.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused nix coreutils jq openssl +#set -x +REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt` +LOCALPART='rory.gay' +REACHABLE_DOMAIN='http://localhost:8008' + +# -- LICENSE: CNPL v7+ - https://thufie.lain.haus/files/CNPLv7.md +# Modified from Nyaaori (https://nyaaori.cat) <+@nyaaori.cat> +# Explicit authorisation to use the code has been granted by the original author +# for use by members of the Rory system (https://rory.gay) + +# the magic function: +register(){ + echo "Registering $1 with password $2" + _nonce=`curl http://localhost:8008/_synapse/admin/v1/register | jq -r .nonce` + #data: nonce, domain, username, password + _hmac=`printf '%s\0%s\0%s\0%s' "$_nonce" "$1" "$2" "admin" | openssl dgst -sha1 -hmac "$REG_KEY" | awk '{print $2}'` + curl -XPOST -d '{"nonce": "'"$_nonce"'", "username": "'"$1"'", "displayname": "'"$1"'", "password": "'"$2"'", "admin": true, "mac": "'"$_hmac"'"}' $REACHABLE_DOMAIN/_synapse/admin/v1/register | tee -a matrix-user-tokens.txt +} + +# -- END OF LICENSED CODE + + + +PASSWD=`cat /etc/matrix-user-pass` +for u in {draupnir,rory,chris,maddy,cat} +do + register $u $PASSWD +done diff --git a/host/Spacebar-synapse/pre-rebuild.sh b/host/Spacebar-synapse/pre-rebuild.sh new file mode 100755 index 0000000..32905e3 --- /dev/null +++ b/host/Spacebar-synapse/pre-rebuild.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env sh +set -x +mkdir -p /var/lib/matrix-synapse +if [ ! -f "/var/lib/matrix-synapse/registration_shared_secret.txt" ] +then + cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 | tee /var/lib/matrix-synapse/registration_shared_secret.txt +else + echo Not generating key, key exists +fi \ No newline at end of file -- cgit 1.4.1