From 52187e742e0bd4d33596694dc6e534cbcdbca502 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 31 Aug 2021 17:12:14 +0200
Subject: [PATCH 1/6] plex unstable

---
 hosts/architect/plex.nix | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix
index 253ce92..124d033 100644
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@@ -4,18 +4,7 @@ with import ./network.nix;
 {
   services.plex = {
     enable = true;
-    package = pkgs.plex.overrideAttrs (x: let
-        # see https://www.plex.tv/media-server-downloads/ for 64bit rpm
-        version = "1.24.1.4931-1a38e63c6";
-        sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89";
-      in {
-        name = "plex-${version}";
-        src = pkgs.fetchurl {
-          url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb";
-          inherit sha1;
-        };
-      }
-    );
+    package = pkgs.unstable.plex;
   };
 
   services.nginx = {

From 6756bf89d09ea53994b599115d33773f5c2d208f Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:21:14 +0200
Subject: [PATCH 2/6] add smartmontools to common

---
 common.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common.nix b/common.nix
index 24c72ae..e9efbde 100644
--- a/common.nix
+++ b/common.nix
@@ -47,6 +47,7 @@
     parted
     unzip
     tree
+    smartmontools
   ];
   
   fileSystems."/var/cache" = {

From 5c284d37601a5829db354314b7ba078d57876a52 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:22:07 +0200
Subject: [PATCH 3/6] plex unstable, add mikey and boogino to wireguard

---
 hosts/architect/default.nix   |  6 ++++++
 hosts/architect/network.nix   |  2 ++
 hosts/architect/plex.nix      |  7 +------
 hosts/architect/wireguard.nix | 12 ++++++++++++
 4 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index 066776a..0871c81 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -28,6 +28,7 @@ in
       ./plex.nix
       ./dns.nix
       ./minecraft.nix
+      ./plex.nix
     ];
 
     time.timeZone                                  = "Europe/Rome";
@@ -121,6 +122,10 @@ in
         ${germano-wg}         germano.devs.giugl.io
         ${dodino-wg}          dodino.devs.giugl.io
         ${tommy-wg}           tommy.devs.giugl.io
+        ${alain-wg}           alain.devs.giugl.io
+        ${dima-wg}            dima.devs.giugl.io
+        ${boogino-wg}         boogino.devs.giugl.io
+        ${mikey-wg}           mikey.devs.giugl.io
 
         # Blacklist
         0.0.0.0                metrics.plex.tv
@@ -164,6 +169,7 @@ in
       zfs.autoScrub.enable = true;
       xserver.videoDrivers = [ "nvidia" ];
       openssh.enable = true;
+      smartd.enable = true;
     };
 
     environment.variables = {
diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix
index 7d3957c..41ad687 100644
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@@ -37,10 +37,12 @@ rec {
   tommy-wg         = "10.3.0.21";
   alain-wg         = "10.3.0.22";
   dima-wg          = "10.3.0.23";
+  mikey-wg         = "10.3.0.24";
   eleonora-wg      = "10.3.0.100";
   broccolino-wg    = "10.3.0.200";
   hotpottino-wg    = "10.3.0.201";
   dodino-wg        = "10.3.0.202";
+  boogino-wg       = "10.3.0.203";
 
   # groups
   gdevices-wg      = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];
diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix
index 124d033..d4e0356 100644
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@@ -14,12 +14,7 @@ with import ./network.nix;
       forceSSL = true;
       enableACME = true;
       http2 = true;
-
       extraConfig = ''
-        allow 10.0.0.0/24;
-        allow 10.3.0.0/24;
-        deny all;
-
       #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
         send_timeout 100m;
 
@@ -76,7 +71,7 @@ with import ./network.nix;
         proxy_buffering off;
       '';
       locations."/" = {
-        proxyPass = "http://localhost:32400/";
+        proxyPass = "https://localhost:32400";
       };
     };
   };
diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix
index 6be1324..35507d2 100644
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@@ -177,6 +177,18 @@ with import ./network.nix;
           allowedIPs = [dima-wg];
           publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
         }
+
+        {
+          # boogino
+          allowedIPs = [boogino-wg];
+          publicKey = "p21tD9S04+b+TC27a1CvkJL7V6fcfjOpVU7Ke1FzV3A=";
+        }
+
+        {
+          # mikey
+          allowedIPs = [mikey-wg];
+          publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
+        }
       ];
     };
   };

From 68cc3c75f8d86c5c6f07851b2e29855784e9414b Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:22:40 +0200
Subject: [PATCH 4/6] enable home-manager on architect

---
 flake.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 38b411c..6237e1b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,7 +37,7 @@
           nix.registry.unstable.flake = nixos-unstable;
         }
 
-#        home-manager.nixosModules.home-manager
+        home-manager.nixosModules.home-manager
         ./hosts/architect/default.nix
       ];
     };

From 183df298a7e2f14188f181b55c115e7182bb20b4 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:23:56 +0200
Subject: [PATCH 5/6] indentation

---
 hosts/architect/dns.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix
index fce21d5..db0c6a3 100644
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@@ -6,10 +6,10 @@
       enable      = true;
       servers     = ["127.0.0.1#5353"];
       extraConfig = ''
-            localise-queries
-            min-cache-ttl=120
-            max-cache-ttl=2400
-            addn-hosts=/etc/adblock_hosts
+        localise-queries
+        min-cache-ttl=120
+        max-cache-ttl=2400
+        addn-hosts=/etc/adblock_hosts
       '';
     };
 

From f8ed25e743be764ac8fa1ddea9ad4b400ffc1d69 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:24:11 +0200
Subject: [PATCH 6/6] port synapse to postgres

---
 hosts/architect/matrix.nix | 69 ++++++++++++++++++++++----------------
 1 file changed, 41 insertions(+), 28 deletions(-)

diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix
index a009dd6..d4f7a83 100644
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@@ -6,11 +6,11 @@ with import ./network.nix;
     matrix-synapse = {
       enable = true;
       server_name = "${matrixdomain}";
-      database_type = "sqlite3";
+      database_name = "synapse";
       public_baseurl = "https://${matrixdomain}";
       registration_shared_secret = "runas!";
       dynamic_thumbnails = true;
-      enable_registration = true;
+      #enable_registration = true;
       app_service_config_files = [ 
         "/var/lib/matrix-synapse/discord-registration.yaml" 
         "/var/lib/matrix-synapse/telegram-registration.yaml" 
@@ -39,6 +39,19 @@ with import ./network.nix;
       ];
     };
 
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "synapse" ];
+      ensureUsers = [
+        {
+          name = "matrix-synapse";
+          ensurePermissions = {
+            "DATABASE synapse" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+    };
+
     nginx.virtualHosts = {
       # server
       ${matrixdomain} = {
@@ -109,28 +122,28 @@ with import ./network.nix;
     };
 
     # telegram bridge
-    
-  mautrix-telegram = {
-    enable = true;
-    environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
 
-    settings = {
-      homeserver = {
-        address = "https://${matrixdomain}";
-        domain = "${matrixdomain}";
-      };
+    mautrix-telegram = {
+      enable = true;
+      environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
 
-      appservice = {
-        provisioning.enabled = false;
-        id = "telegram";
-      };
-
-      bridge = {
-        permissions = {
-          "@pepe:${matrixdomain}" = "admin";
-          "${matrixdomain}" = "puppeting";
+      settings = {
+        homeserver = {
+          address = "https://${matrixdomain}";
+          domain = "${matrixdomain}";
         };
 
+        appservice = {
+          provisioning.enabled = false;
+          id = "telegram";
+        };
+
+        bridge = {
+          permissions = {
+            "@pepe:${matrixdomain}" = "admin";
+            "${matrixdomain}" = "puppeting";
+          };
+
         # Animated stickers conversion requires additional packages in the
         # service's path.
         # If this isn't a fresh installation, clearing the bridge's uploaded
@@ -150,18 +163,18 @@ with import ./network.nix;
     };
   };
 
-  };
+};
 
-  systemd.services.mautrix-telegram.path = with pkgs; [
-    lottieconverter  # for animated stickers conversion, unfree package
-    ffmpeg           # if converting animated stickers to webm (very slow!)
-  ];
+systemd.services.mautrix-telegram.path = with pkgs; [
+  lottieconverter  # for animated stickers conversion, unfree package
+  ffmpeg           # if converting animated stickers to webm (very slow!)
+];
 
-  networking.extraHosts = ''
+networking.extraHosts = ''
         127.0.0.1 ${matrixdomain} ${matrixwebdomain}
         ${architect-lan} ${matrixdomain} ${matrixwebdomain}
         ${architect-wg} ${matrixdomain} ${matrixwebdomain}
-  '';
+'';
 
-  users.groups.acme.members = [ "turnserver" ];
+users.groups.acme.members = [ "turnserver" ];
 }