stuff i guess

clients/nova/matrix/zulip.nix

@@ -1 +1,51 @@
-{ }
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+{
+  systemd.services.matrix-zulip-bridge = {
+    description = "matrix-zulip-bridge server";
+    wantedBy = [ "multi-user.target" ];
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+
+    serviceConfig =
+      let
+        secretName = "matrix-zulip-bridge-secrets";
+      in
+      {
+        LoadCredential = [
+          "${secretName}:${config.age.secrets."zulipRegistration.age".path}"
+        ];
+        ExecStart = "${lib.getExe pkgs.matrix-zulip-bridge} --config /run/credentials/matrix-zulip-bridge.service/${secretName} --owner @quadradical:${config.quad.matrix.domain} ${config.services.matrix-continuwuity.settings.global.well_known.client}";
+        DynamicUser = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        PrivateDevices = true;
+        PrivateMounts = true;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        ProtectHome = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+          "~@resources"
+        ];
+        Restart = "always";
+        RestartSec = 5;
+      };
+  };
+}

clients/quadraticserver/matrix/bridges.nix

@@ -7,13 +7,13 @@
 }:
 let
   client = config.services.matrix-continuwuity.settings.global.well_known.client;
-  server_name = config.services.matrix-continuwuity.settings.global.server_name;
+  domain = config.quad.matrix.domain;
 
   settings = {
     backfill.enabled = true;
 
     homeserver = {
-      domain = server_name;
+      inherit domain;
       address = client;
     };
 
@@ -24,8 +24,8 @@ let
     };
 
     bridge.permissions = {
-      "${server_name}" = "user";
-      "@quadradical:${server_name}" = "admin";
+      "${domain}" = "user";
+      "@quadradical:${domain}" = "admin";
     };
   };
 in
@@ -66,7 +66,7 @@ in
       matrix-ooye = {
         enable = true;
         homeserver = client;
-        homeserverName = server_name;
+        homeserverName = domain;
         discordTokenPath = config.age.secrets."discordToken.age".path;
         discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
         socket = "8081";

clients/quadraticserver/matrix/call.nix

@@ -34,7 +34,7 @@
              default_server_config = {
                "m.homeserver" = {
                  "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
-                 "server_name" = config.services.matrix-continuwuity.settings.global.server_name;
+                 "server_name" = config.quad.matrix.domain;
                };
              };
              livekit.livekit_service_url = "https://${domain}/livekit";

clients/quadraticserver/matrix/draupnir.nix

@@ -4,7 +4,7 @@
     enable = false; # Blocked on https://forgejo.ellis.link/continuwuation/continuwuity/issues/1098
     settings =
       let
-        serverName = config.services.matrix-continuwuity.settings.global.server_name;
+        serverName = config.quad.matrix.domain;
         homeserverUrl = config.services.matrix-continuwuity.settings.global.well_known.client;
       in
       {

clients/quadraticserver/searxng.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ pkgs, lib, ... }:
 {
   services =
     let
@@ -8,6 +8,9 @@
     {
       searx = {
         enable = true;
+        package = pkgs.searxng.overrideAttrs {
+          patches = [ ./google.patch ];
+        };
         settings =
           let
             enginesByCategory = {