Merge branch 'master' of ssh://git.giugl.io:10022/peperunas/nixos

2021-08-31 15:37:11 +01:00 · 2021-08-31 15:37:11 +01:00 · cc42975add
commit cc42975add
parent 353fb4e4d2 8256e7920a
6 changed files with 89 additions and 13 deletions
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -7,20 +7,12 @@ let
    22    # ssh
    80    # http
    443   # https
-    3478  # turn
+    8448  # matrix
    10022 # gitea
-    40000
-    40001
-    40002
-    40003
  ];
  open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
    1194  # wireguard
    3478  # turn
-    40000
-    40001
-    40002
-    40003
  ];
 in {
  networking = {
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, tmp, ... }:

 with import ./network.nix;
 {
@ -11,7 +11,10 @@ with import ./network.nix;
      registration_shared_secret = "runas!";
      dynamic_thumbnails = true;
      enable_registration = true;
-      app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ];
+      app_service_config_files = [ 
+        "/var/lib/matrix-synapse/discord-registration.yaml" 
+        "/var/lib/matrix-synapse/telegram-registration.yaml" 
+      ];
      extraConfig = ''
        auto_join_rooms:
          - "#infra:matrix.giugl.io"
@ -79,7 +82,7 @@ with import ./network.nix;
        enableACME = true;
        forceSSL = true;

-        root = pkgs.element-web.override {
+        root = pkgs.unstable.element-web.override {
          conf = {
            default_server_config."m.homeserver" = {
              "base_url" = "https://${matrixdomain}";
@ -90,6 +93,7 @@ with import ./network.nix;
      };
    };

+    # discord bridge
    matrix-appservice-discord = {
      enable = true;
      environmentFile = /secrets/matrix-appservice-discord/tokens.env;
@ -103,8 +107,56 @@ with import ./network.nix;
        };
      };
    };
+
+    # telegram bridge
+    
+  mautrix-telegram = {
+    enable = true;
+    environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
+
+    settings = {
+      homeserver = {
+        address = "https://${matrixdomain}";
+        domain = "${matrixdomain}";
+      };
+
+      appservice = {
+        provisioning.enabled = false;
+        id = "telegram";
+      };
+
+      bridge = {
+        permissions = {
+          "@pepe:${matrixdomain}" = "admin";
+          "${matrixdomain}" = "puppeting";
+        };
+
+        # Animated stickers conversion requires additional packages in the
+        # service's path.
+        # If this isn't a fresh installation, clearing the bridge's uploaded
+        # file cache might be necessary (make a database backup first!):
+        # delete from telegram_file where \
+        #   mime_type in ('application/gzip', 'application/octet-stream')
+        animated_sticker = {
+          target = "gif";
+          args = {
+            width = 256;
+            height = 256;
+            fps = 30;               # only for webm
+            background = "020202";  # only for gif, transparency not supported
+          };
+        };
+      };
+    };
  };

+  };
+
+  systemd.services.mautrix-telegram.path = with pkgs; [
+    lottieconverter  # for animated stickers conversion, unfree package
+    ffmpeg           # if converting animated stickers to webm (very slow!)
+  ];
+
  networking.extraHosts = ''
        127.0.0.1 ${matrixdomain} ${matrixwebdomain}
        ${architect-lan} ${matrixdomain} ${matrixwebdomain}
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@ -35,6 +35,8 @@ rec {
  germano-wg       = "10.3.0.19";
  flavio-wg        = "10.3.0.20";
  tommy-wg         = "10.3.0.21";
+  alain-wg         = "10.3.0.22";
+  dima-wg          = "10.3.0.23";
  eleonora-wg      = "10.3.0.100";
  broccolino-wg    = "10.3.0.200";
  hotpottino-wg    = "10.3.0.201";
--- a/hosts/architect/nextcloud.nix
+++ b/hosts/architect/nextcloud.nix
@ -12,6 +12,8 @@ with import ./network.nix;
      enable = true;
      hostName = "${nextclouddomain}";
      https = true;
+      package = pkgs.unstable.nextcloud22;
+
      caching.redis = true;

      autoUpdateApps.enable = true;
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@ -1,6 +1,22 @@
+{ pkgs, ...}:
+
 with import ./network.nix;
 {
-  services.plex.enable = true;
+  services.plex = {
+    enable = true;
+    package = pkgs.plex.overrideAttrs (x: let
+        # see https://www.plex.tv/media-server-downloads/ for 64bit rpm
+        version = "1.24.1.4931-1a38e63c6";
+        sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89";
+      in {
+        name = "plex-${version}";
+        src = pkgs.fetchurl {
+          url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb";
+          inherit sha1;
+        };
+      }
+    );
+  };

  services.nginx = {
    enable = true;
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@ -165,6 +165,18 @@ with import ./network.nix;
          allowedIPs = [tommy-wg];
          publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo=";
        }
+
+        {
+          # alain
+          allowedIPs = [alain-wg];
+          publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
+        }
+
+        {
+          # dima
+          allowedIPs = [dima-wg];
+          publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
+        }
      ];
    };
  };