diff --git a/machines/default.nix b/machines/default.nix index 21d2f3c..4c11a83 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -88,15 +88,6 @@ inputs: { tags = [ "container" ]; }; }; - neo = { - config = import ./neo/configuration.nix inputs; - deploy = { - # host = "10.0.0.213"; - host = "neo.barn-beaver.ts.net"; - targetUser = "erwin"; - # tags = [ "container" ]; - }; - }; nix-cache = { config = import ./nix-cache/configuration.nix inputs; deploy = { diff --git a/machines/heimdall/caddy/default.nix b/machines/heimdall/caddy/default.nix index db9cc39..b00af09 100644 --- a/machines/heimdall/caddy/default.nix +++ b/machines/heimdall/caddy/default.nix @@ -41,22 +41,7 @@ "boskma.frl" = { extraConfig = '' - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - respond /.well-known/matrix/server `{"m.server":"matrix.boskma.frl:443"}` - respond /.well-known/matrix/client `{"m.homeserver": {"base_url":"https://matrix.boskma.frl"},"m.identity_server":{"base_url":"https://vector.im"},"org.matrix.msc3575.proxy":{"url":"https://syncv3.boskma.frl"}}` - ''; - }; - - "matrix.boskma.frl" = { - extraConfig = '' - reverse_proxy neo.barn-beaver.ts.net:8008 - ''; - }; - - "syncv3.boskma.frl" = { - extraConfig = '' - reverse_proxy neo.barn-beaver.ts.net:8009 + error "Nothing to see here." 404 ''; }; }; diff --git a/machines/neo/configuration.nix b/machines/neo/configuration.nix deleted file mode 100644 index 3b44cd0..0000000 --- a/machines/neo/configuration.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ self, ... }: -{ modulesPath, lib, ... }: -{ - imports = [ - (modulesPath + "/virtualisation/lxc-container.nix") - ../../users/root - ../../users/erwin - - ./dendrite - ./matrix-sliding-sync - ./postgresql - ]; - - eboskma = { - users.erwin = { - enable = true; - server = true; - }; - nix-common = { - enable = true; - remote-builders = true; - }; - tailscale.enable = true; - }; - - boot = { - isContainer = true; - }; - - time.timeZone = "Europe/Amsterdam"; - - system.configurationRevision = lib.mkIf (self ? rev) self.rev; - - networking = { - hostName = "neo"; - useDHCP = false; - useHostResolvConf = false; - networkmanager.enable = false; - useNetworkd = true; - nftables.enable = true; - - firewall.trustedInterfaces = [ "tailscale0" ]; - }; - - systemd.network = { - enable = true; - - wait-online.anyInterface = true; - - networks = { - "40-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - networkConfig = { - Address = "10.0.0.213/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; - }; - }; - }; - }; - - security = { - sudo-rs = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; - sudo.enable = false; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { - dendrite-env = { }; - dendrite-private-key = { }; - matrix-sliding-sync-env = { }; - }; - - system.stateVersion = "24.05"; -} diff --git a/machines/neo/dendrite/default.nix b/machines/neo/dendrite/default.nix deleted file mode 100644 index 58e7fc9..0000000 --- a/machines/neo/dendrite/default.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - - settingsFormat = pkgs.formats.yaml { }; - configurationYaml = settingsFormat.generate "dendrite.yaml" settings; - workingDir = "/var/lib/dendrite"; - - environmentFile = config.sops.secrets.dendrite-env.path; - - httpPort = 8008; - - settings = { - version = 2; - global = { - server_name = "boskma.frl"; - private_key = "$CREDENTIALS_DIRECTORY/private_key"; - - database = { - connection_string = "postgresql:///dendrite?host=/run/postgresql"; - max_open_conns = 90; - max_idle_conns = 5; - conn_max_lifetime = -1; - }; - - trusted_third_party_id_servers = [ - "matrix.org" - "vector.im" - ]; - disable_federation = false; - presence = { - inbound = true; - outbound = true; - }; - - server_notices = { - enabled = true; - local_part = "_server"; - display_part = "Tidingen"; - room_name = "Tidingen"; - }; - - metrics = { - enabled = true; - basic_auth = { - username = "metrics"; - password = "metrics"; - }; - }; - }; - client_api = { - registration_shared_secret = "$REGISTRATION_SECRET"; - }; - federation_api = { - key_perspectives = [ - { - server_name = "matrix.org"; - keys = [ - { - key_id = "ed25519:auto"; - public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; - } - { - key_id = "ed25519:a_RXGa"; - public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; - } - ]; - } - ]; - }; - sync_api = { - real_ip_header = "X-Forwarded-For"; - }; - mscs = { - mscs = [ - "msc2444" - "msc2753" - "msc2836" - ]; - }; - media_api = { - base_path = "${workingDir}/media_store"; - - max_file_size_bytes = 25 * 1024 * 1024; - thumbnail_sizes = [ - { - height = 32; - method = "crop"; - width = 32; - } - { - height = 96; - method = "crop"; - width = 96; - } - { - height = 480; - method = "scale"; - width = 640; - } - ]; - }; - - logging = [ - { - type = "std"; - level = "info"; - } - ]; - }; -in -{ - systemd.services.dendrite = { - description = "Dendrite Matrix homeserver"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - DynamicUser = true; - StateDirectory = "dendrite"; - WorkingDirectory = workingDir; - RuntimeDirectory = "dendrite"; - RuntimeDirectoryMode = "0700"; - LimitNOFILE = 65535; - EnvironmentFile = environmentFile; - LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ]; - ExecStartPre = [ - '' - ${pkgs.envsubst}/bin/envsubst \ - -i ${configurationYaml} \ - -o /run/dendrite/dendrite.yaml - '' - ]; - ExecStart = lib.strings.concatStringsSep " " ([ - "${pkgs.dendrite}/bin/dendrite" - "--config /run/dendrite/dendrite.yaml" - "--http-bind-address :${builtins.toString httpPort}" - ]); - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "on-failure"; - }; - }; -} diff --git a/machines/neo/matrix-sliding-sync/default.nix b/machines/neo/matrix-sliding-sync/default.nix deleted file mode 100644 index 6780b5f..0000000 --- a/machines/neo/matrix-sliding-sync/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, ... }: -{ - services.matrix-sliding-sync = { - enable = true; - - createDatabase = true; - - environmentFile = config.sops.secrets.matrix-sliding-sync-env.path; - - settings = { - SYNCV3_SERVER = "http://127.0.0.1:8008"; - SYNCV3_BINDADDR = "0.0.0.0:8009"; - }; - }; -} diff --git a/machines/neo/postgresql/default.nix b/machines/neo/postgresql/default.nix deleted file mode 100644 index 164b938..0000000 --- a/machines/neo/postgresql/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ pkgs, ... }: -{ - services = { - postgresql = { - enable = true; - - # version is tied to stateVersion - # manual update required - # MIGRATION REQUIRED WHEN UPDATING - package = pkgs.postgresql_15; - - ensureDatabases = [ - "dendrite" - "matrix-sliding-sync" - ]; - - ensureUsers = [ - { - name = "dendrite"; - ensureDBOwnership = true; - } - { - name = "matrix-sliding-sync"; - ensureDBOwnership = true; - } - ]; - }; - - postgresqlBackup = { - enable = true; - backupAll = true; - - # borg will do compression and deduplication - compression = "none"; - - startAt = "*-*-* 02:00:00"; - }; - }; -} diff --git a/machines/neo/secrets.yaml b/machines/neo/secrets.yaml deleted file mode 100644 index 96cf0e5..0000000 --- a/machines/neo/secrets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -dendrite-private-key: ENC[AES256_GCM,data:gA2xpUfmXUGaT5bPxBZTNTH2w+6Ovmzp3zUClV8+zlpo4Fyf15rd8nd0AJ70HhteYEFK+unlULWYrJtzrm+gAMQ/TAHbE4+y4aCOrr/pryDc+GXZ59maEXKif9PYvpI6b5l1S3SQIZDP3YNrh2LwkVn39CJceGZ0xfBqj2QFZYvWnT5rIzUSomc=,iv:ifiF9DzOibbtaXkERcP/A3Ty6EjNKoJ3XlOF4YCsJQ4=,tag:VDsMfuwGkJOSM3Y9nhGURA==,type:str] -dendrite-env: ENC[AES256_GCM,data:iETLbUzHKla+8zmftTM/asiDT2F6LUxRjFtKiWTMpl+p0nb7rMdpxTO9Wi4C23a0SZz4gcpvywpjd55ASpBGsNfTcnZ0ITKrtS5QkCcL2VR6S/3HaAH91cT7x/LwvszyeQdFmVUnWsauq/vd+Qp+RU0TcaiBsFHw3FrCfxeilvUtUAnbXmWj3g/YVQ6sZ8C8MoDinbE=,iv:HZK6AQcrb1LNW2YIBZQkJGsvIjULePhHex01DsiB26M=,tag:iMFi5lMMNZ8MGH3EWaG1Eg==,type:str] -matrix-sliding-sync-env: ENC[AES256_GCM,data:2K5d58v+hbIGto2PFnDLD05NL9cvp+vOIpyUInnZpU7MxfHo3rZtY5OJeDCjysLBChe7kIwoh9FR44IRq9xzWuc44B2eo7ByPTzgk4RWOA==,iv:NDSYRO5oLkimwhomCCP4vV9Hq8UchdNnpTkH/3ntBmA=,tag:W+iPqpEfWG8Aehasy8PN1Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZ3ByVUIyTjhUdURYMnZE - eDlQeEg0VE8weHhhd1BibllqTE1RVXRaZjJBCjZqZ1Y4dVcydGZ4alhoc0lLQWdr - KzNtTkEvajdxbmpaKzl5cERxQnFjL00KLS0tIFk2MHMvUjBDTGNBZzJJdXJpWkRp - Y25MQXp4WXBNYkZXM0grVkNYM0lKWFUKUaK3hDN7WbDiu9EgfJ5wmArjmM8PRtbY - TVIAp0htw+efC7PbCbaa0SaDltAR0Q19lIROUfccoLLpUCyk5mQvjg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWkZpd3ZvWWM3ZjRkbnc4 - NGRiZi9rMDJoaGRENjRDWHUwZllibEQ5aDBJCllFeE9XbTNlMnFSZTZBY1FVSmph - Z2cxTzdGSEdlQ0UzeWpzUENjM1Fpd2MKLS0tIGUvVUpjZTFqa2RvY2U3TlBXaXNB - VkdHS1FSdmlXKzdNRmltZDdmUWVZc0kK0TQeKRVafkIY2v0OBnxIQr48v9ilOEld - PpqwtEtH1HcSFwxhaFymUQpqg5Uvh5eXoPB/bnxOnOPlDYB+/HZQ0w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1s95yw988he30l6wegfwquh4nh03jst2tvyu4ykng4g88h7s3a3rs5zh5fp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxbCt0NDAvT0pCVmxpOUNh - TXpIanhKK01jN3FuaUdDeWJHZkFRdXBjMUhJCmNqWVNkN1owWnFOakJ6NWovQVZw - dnB5Vm4zMWpvZkZkODJqS2hxRVRaaDQKLS0tIERlMkozL2xBWVp4NWRlZnpiVVk5 - cnZiZ1YvTlBWUVdoSjNqYkVXaGZHTlEKe7w9qbDkzfxoW4CVxH2hmO9JFuCYCcgp - bguCZbLQpyjiS6LjpX5AqXQH9tRqWNnqhq8QTbB9v4VIw5rz7S9Hpw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-24T12:22:54Z" - mac: ENC[AES256_GCM,data:kyB5rwsn6gVutITtzmBwPFHY0x42SbsZMy98JF0wVGBfjDrfmwmxAeFOJ9KmvR0rUaEr7RPMOFCwT5w/zUUsColF7Dy5uoOSpV7JxPi6suVGUmz5BkGaPB5HvIQhtb/75owUx+9Fvjq4Vmnh8UX9vk/0Gj/ay0p3BFiypJegyuI=,iv:5mJC3xoeTyw6jv7+hSTyUUz9luffSuN6TrKPohTT95M=,tag:iq8aBa9dTjmC7z7DrcP3JQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1