From 644c242b0e8f908d16f1d6dfc5533fedbcda805b Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Wed, 25 Aug 2021 13:10:31 +0200 Subject: [PATCH 1/5] nextcloud bump to 22 unstable --- hosts/architect/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index 65b332f..a6ca9e8 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -12,6 +12,8 @@ with import ./network.nix; enable = true; hostName = "${nextclouddomain}"; https = true; + package = pkgs.unstable.nextcloud22; + caching.redis = true; autoUpdateApps.enable = true; From 66a9a87d9077066d2db3194e069cfb578fa41bf8 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 27 Aug 2021 10:24:16 +0200 Subject: [PATCH 2/5] updated plex --- hosts/architect/plex.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index 07290b6..253ce92 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -1,6 +1,22 @@ +{ pkgs, ...}: + with import ./network.nix; { - services.plex.enable = true; + services.plex = { + enable = true; + package = pkgs.plex.overrideAttrs (x: let + # see https://www.plex.tv/media-server-downloads/ for 64bit rpm + version = "1.24.1.4931-1a38e63c6"; + sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89"; + in { + name = "plex-${version}"; + src = pkgs.fetchurl { + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; + inherit sha1; + }; + } + ); + }; services.nginx = { enable = true; From baedfb28fbeb08d965bce3b112d60376af846715 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Tue, 31 Aug 2021 16:35:51 +0200 Subject: [PATCH 3/5] added 8448 matrix, removed turn ports --- hosts/architect/firewall.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index f6f0a63..ed2d898 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -7,20 +7,12 @@ let 22 # ssh 80 # http 443 # https - 3478 # turn + 8448 # matrix 10022 # gitea - 40000 - 40001 - 40002 - 40003 ]; open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ 1194 # wireguard 3478 # turn - 40000 - 40001 - 40002 - 40003 ]; in { networking = { From a1b24c1db6404f26bf141ecf16d484b3ad934829 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Tue, 31 Aug 2021 16:36:26 +0200 Subject: [PATCH 4/5] added dima and al wireguard --- hosts/architect/network.nix | 2 ++ hosts/architect/wireguard.nix | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix index be3e4e5..7d3957c 100644 --- a/hosts/architect/network.nix +++ b/hosts/architect/network.nix @@ -35,6 +35,8 @@ rec { germano-wg = "10.3.0.19"; flavio-wg = "10.3.0.20"; tommy-wg = "10.3.0.21"; + alain-wg = "10.3.0.22"; + dima-wg = "10.3.0.23"; eleonora-wg = "10.3.0.100"; broccolino-wg = "10.3.0.200"; hotpottino-wg = "10.3.0.201"; diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index ee2c6a1..6be1324 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -165,6 +165,18 @@ with import ./network.nix; allowedIPs = [tommy-wg]; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; } + + { + # alain + allowedIPs = [alain-wg]; + publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; + } + + { + # dima + allowedIPs = [dima-wg]; + publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; + } ]; }; }; From 8256e7920a26d3e40e77ac056a5591f7b3a4127d Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Tue, 31 Aug 2021 16:36:42 +0200 Subject: [PATCH 5/5] telegram bridge matrix --- hosts/architect/matrix.nix | 58 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 3 deletions(-) diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index 12711cd..a009dd6 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, config, tmp, ... }: with import ./network.nix; { @@ -11,7 +11,10 @@ with import ./network.nix; registration_shared_secret = "runas!"; dynamic_thumbnails = true; enable_registration = true; - app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ]; + app_service_config_files = [ + "/var/lib/matrix-synapse/discord-registration.yaml" + "/var/lib/matrix-synapse/telegram-registration.yaml" + ]; extraConfig = '' auto_join_rooms: - "#infra:matrix.giugl.io" @@ -79,7 +82,7 @@ with import ./network.nix; enableACME = true; forceSSL = true; - root = pkgs.element-web.override { + root = pkgs.unstable.element-web.override { conf = { default_server_config."m.homeserver" = { "base_url" = "https://${matrixdomain}"; @@ -90,6 +93,7 @@ with import ./network.nix; }; }; + # discord bridge matrix-appservice-discord = { enable = true; environmentFile = /secrets/matrix-appservice-discord/tokens.env; @@ -103,8 +107,56 @@ with import ./network.nix; }; }; }; + + # telegram bridge + + mautrix-telegram = { + enable = true; + environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env; + + settings = { + homeserver = { + address = "https://${matrixdomain}"; + domain = "${matrixdomain}"; + }; + + appservice = { + provisioning.enabled = false; + id = "telegram"; + }; + + bridge = { + permissions = { + "@pepe:${matrixdomain}" = "admin"; + "${matrixdomain}" = "puppeting"; + }; + + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; }; + }; + + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; + networking.extraHosts = '' 127.0.0.1 ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain}