peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.giugl.io:10022/peperunas/nixos

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-08-31 15:37:11 +01:00
commit cc42975add
6 changed files with 89 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/architect/firewall.nix
View File

@ -7,20 +7,12 @@ let
22 # ssh 22 # ssh
80 # http 80 # http
443 # https 443 # https
3478 # turn 8448 # matrix
10022 # gitea 10022 # gitea
40000
40001
40002
40003
]; ];
open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
1194 # wireguard 1194 # wireguard
3478 # turn 3478 # turn
40000
40001
40002
40003
]; ];
in { in {
networking = { networking = {

58
hosts/architect/matrix.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { pkgs, config, tmp, ... }:
with import ./network.nix; with import ./network.nix;
{ {
@ -11,7 +11,10 @@ with import ./network.nix;
registration_shared_secret = "runas!"; registration_shared_secret = "runas!";
dynamic_thumbnails = true; dynamic_thumbnails = true;
enable_registration = true; enable_registration = true;
app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ]; app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/telegram-registration.yaml"
];
extraConfig = '' extraConfig = ''
auto_join_rooms: auto_join_rooms:
- "#infra:matrix.giugl.io" - "#infra:matrix.giugl.io"
@ -79,7 +82,7 @@ with import ./network.nix;
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = pkgs.element-web.override { root = pkgs.unstable.element-web.override {
conf = { conf = {
default_server_config."m.homeserver" = { default_server_config."m.homeserver" = {
"base_url" = "https://${matrixdomain}"; "base_url" = "https://${matrixdomain}";
@ -90,6 +93,7 @@ with import ./network.nix;
}; };
}; };
# discord bridge
matrix-appservice-discord = { matrix-appservice-discord = {
enable = true; enable = true;
environmentFile = /secrets/matrix-appservice-discord/tokens.env; environmentFile = /secrets/matrix-appservice-discord/tokens.env;
@ -103,8 +107,56 @@ with import ./network.nix;
}; };
}; };
}; };
# telegram bridge
mautrix-telegram = {
enable = true;
environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
settings = {
homeserver = {
address = "https://${matrixdomain}";
domain = "${matrixdomain}";
};
appservice = {
provisioning.enabled = false;
id = "telegram";
};
bridge = {
permissions = {
"@pepe:${matrixdomain}" = "admin";
"${matrixdomain}" = "puppeting";
};
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
}; };
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${matrixdomain} ${matrixwebdomain} 127.0.0.1 ${matrixdomain} ${matrixwebdomain}
${architect-lan} ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain}

2
hosts/architect/network.nix
View File

@ -35,6 +35,8 @@ rec {
germano-wg = "10.3.0.19"; germano-wg = "10.3.0.19";
flavio-wg = "10.3.0.20"; flavio-wg = "10.3.0.20";
tommy-wg = "10.3.0.21"; tommy-wg = "10.3.0.21";
alain-wg = "10.3.0.22";
dima-wg = "10.3.0.23";
eleonora-wg = "10.3.0.100"; eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200"; broccolino-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201"; hotpottino-wg = "10.3.0.201";

2
hosts/architect/nextcloud.nix
View File

@ -12,6 +12,8 @@ with import ./network.nix;
enable = true; enable = true;
hostName = "${nextclouddomain}"; hostName = "${nextclouddomain}";
https = true; https = true;
package = pkgs.unstable.nextcloud22;
caching.redis = true; caching.redis = true;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;

18
hosts/architect/plex.nix
View File

@ -1,6 +1,22 @@
{ pkgs, ...}:
with import ./network.nix; with import ./network.nix;
{ {
services.plex.enable = true; services.plex = {
enable = true;
package = pkgs.plex.overrideAttrs (x: let
# see https://www.plex.tv/media-server-downloads/ for 64bit rpm
version = "1.24.1.4931-1a38e63c6";
sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89";
in {
name = "plex-${version}";
src = pkgs.fetchurl {
url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb";
inherit sha1;
};
}
);
};
services.nginx = { services.nginx = {
enable = true; enable = true;

12
hosts/architect/wireguard.nix
View File

@ -165,6 +165,18 @@ with import ./network.nix;
allowedIPs = [tommy-wg]; allowedIPs = [tommy-wg];
publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo=";
} }
{
# alain
allowedIPs = [alain-wg];
publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
}
{
# dima
allowedIPs = [dima-wg];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
}
]; ];
}; };
}; };