diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index f6f0a63..ed2d898 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -7,20 +7,12 @@ let 22 # ssh 80 # http 443 # https - 3478 # turn + 8448 # matrix 10022 # gitea - 40000 - 40001 - 40002 - 40003 ]; open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ 1194 # wireguard 3478 # turn - 40000 - 40001 - 40002 - 40003 ]; in { networking = { diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index 12711cd..a009dd6 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, config, tmp, ... }: with import ./network.nix; { @@ -11,7 +11,10 @@ with import ./network.nix; registration_shared_secret = "runas!"; dynamic_thumbnails = true; enable_registration = true; - app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ]; + app_service_config_files = [ + "/var/lib/matrix-synapse/discord-registration.yaml" + "/var/lib/matrix-synapse/telegram-registration.yaml" + ]; extraConfig = '' auto_join_rooms: - "#infra:matrix.giugl.io" @@ -79,7 +82,7 @@ with import ./network.nix; enableACME = true; forceSSL = true; - root = pkgs.element-web.override { + root = pkgs.unstable.element-web.override { conf = { default_server_config."m.homeserver" = { "base_url" = "https://${matrixdomain}"; @@ -90,6 +93,7 @@ with import ./network.nix; }; }; + # discord bridge matrix-appservice-discord = { enable = true; environmentFile = /secrets/matrix-appservice-discord/tokens.env; @@ -103,8 +107,56 @@ with import ./network.nix; }; }; }; + + # telegram bridge + + mautrix-telegram = { + enable = true; + environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env; + + settings = { + homeserver = { + address = "https://${matrixdomain}"; + domain = "${matrixdomain}"; + }; + + appservice = { + provisioning.enabled = false; + id = "telegram"; + }; + + bridge = { + permissions = { + "@pepe:${matrixdomain}" = "admin"; + "${matrixdomain}" = "puppeting"; + }; + + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; }; + }; + + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; + networking.extraHosts = '' 127.0.0.1 ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain} diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix index be3e4e5..7d3957c 100644 --- a/hosts/architect/network.nix +++ b/hosts/architect/network.nix @@ -35,6 +35,8 @@ rec { germano-wg = "10.3.0.19"; flavio-wg = "10.3.0.20"; tommy-wg = "10.3.0.21"; + alain-wg = "10.3.0.22"; + dima-wg = "10.3.0.23"; eleonora-wg = "10.3.0.100"; broccolino-wg = "10.3.0.200"; hotpottino-wg = "10.3.0.201"; diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index 65b332f..a6ca9e8 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -12,6 +12,8 @@ with import ./network.nix; enable = true; hostName = "${nextclouddomain}"; https = true; + package = pkgs.unstable.nextcloud22; + caching.redis = true; autoUpdateApps.enable = true; diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index 07290b6..253ce92 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -1,6 +1,22 @@ +{ pkgs, ...}: + with import ./network.nix; { - services.plex.enable = true; + services.plex = { + enable = true; + package = pkgs.plex.overrideAttrs (x: let + # see https://www.plex.tv/media-server-downloads/ for 64bit rpm + version = "1.24.1.4931-1a38e63c6"; + sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89"; + in { + name = "plex-${version}"; + src = pkgs.fetchurl { + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; + inherit sha1; + }; + } + ); + }; services.nginx = { enable = true; diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index ee2c6a1..6be1324 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -165,6 +165,18 @@ with import ./network.nix; allowedIPs = [tommy-wg]; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; } + + { + # alain + allowedIPs = [alain-wg]; + publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; + } + + { + # dima + allowedIPs = [dima-wg]; + publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; + } ]; }; };