Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

stuff i guess

Browse source
This commit is contained in:
Henry Hiles 2025-10-24 12:14:48 -04:00
commit 9766e1447a
No known key found for this signature in database
6 changed files with 75 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

52
clients/nova/matrix/zulip.nix
View file

@ -1 +1,51 @@
{ } {
lib,
pkgs,
config,
...
}:
{
systemd.services.matrix-zulip-bridge = {
description = "matrix-zulip-bridge server";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig =
let
secretName = "matrix-zulip-bridge-secrets";
in
{
LoadCredential = [
"${secretName}:${config.age.secrets."zulipRegistration.age".path}"
];
ExecStart = "${lib.getExe pkgs.matrix-zulip-bridge} --config /run/credentials/matrix-zulip-bridge.service/${secretName} --owner @quadradical:${config.quad.matrix.domain} ${config.services.matrix-continuwuity.settings.global.well_known.client}";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
ProtectHome = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
"~@resources"
];
Restart = "always";
RestartSec = 5;
};
};
}

10
clients/quadraticserver/matrix/bridges.nix
View file

@ -7,13 +7,13 @@
}: }:
let let
client = config.services.matrix-continuwuity.settings.global.well_known.client; client = config.services.matrix-continuwuity.settings.global.well_known.client;
server_name = config.services.matrix-continuwuity.settings.global.server_name; domain = config.quad.matrix.domain;
settings = { settings = {
backfill.enabled = true; backfill.enabled = true;
homeserver = { homeserver = {
domain = server_name; inherit domain;
address = client; address = client;
}; };
@ -24,8 +24,8 @@ let
}; };
bridge.permissions = { bridge.permissions = {
"${server_name}" = "user"; "${domain}" = "user";
"@quadradical:${server_name}" = "admin"; "@quadradical:${domain}" = "admin";
}; };
}; };
in in
@ -66,7 +66,7 @@ in
matrix-ooye = { matrix-ooye = {
enable = true; enable = true;
homeserver = client; homeserver = client;
homeserverName = server_name; homeserverName = domain;
discordTokenPath = config.age.secrets."discordToken.age".path; discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
socket = "8081"; socket = "8081";

2
clients/quadraticserver/matrix/call.nix
View file

@ -34,7 +34,7 @@
default_server_config = { default_server_config = {
"m.homeserver" = { "m.homeserver" = {
"base_url" = config.services.matrix-continuwuity.settings.global.well_known.client; "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
"server_name" = config.services.matrix-continuwuity.settings.global.server_name; "server_name" = config.quad.matrix.domain;
}; };
}; };
livekit.livekit_service_url = "https://${domain}/livekit"; livekit.livekit_service_url = "https://${domain}/livekit";

2
clients/quadraticserver/matrix/draupnir.nix
View file

@ -4,7 +4,7 @@
enable = false; # Blocked on https://forgejo.ellis.link/continuwuation/continuwuity/issues/1098 enable = false; # Blocked on https://forgejo.ellis.link/continuwuation/continuwuity/issues/1098
settings = settings =
let let
serverName = config.services.matrix-continuwuity.settings.global.server_name; serverName = config.quad.matrix.domain;
homeserverUrl = config.services.matrix-continuwuity.settings.global.well_known.client; homeserverUrl = config.services.matrix-continuwuity.settings.global.well_known.client;
in in
{ {

5
clients/quadraticserver/searxng.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: { pkgs, lib, ... }:
{ {
services = services =
let let
@ -8,6 +8,9 @@
{ {
searx = { searx = {
enable = true; enable = true;
package = pkgs.searxng.overrideAttrs {
patches = [ ./google.patch ];
};
settings = settings =
let let
enginesByCategory = { enginesByCategory = {

19
secrets/zulipRegistration.age
View file

@ -1,8 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBTSExM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBSMW56
ZDRISFJsVUJhalR0V3FWVW1lamlVcUlUZDNIUUFDRnQ2Q1AxOUVFCkpwN0JMQVph RnhUTkplcDUvaWVhWG9lTzNOTlloVUY4RVVUN1hkdHdKaG84Mmc0Cnl1bWNFbm9x
NFpVS2o3Y2RiZGYyd0tKdURzc0g3clBvV1lVN3ZhbzFoMEEKLT4gKG5MLWdyZWFz ZTVTbk1ZLzROd1lsc3ArOW9EYjA5VnBoV2R4cFZPNCs5TTQKLT4gL2RTaGlVby1n
ZSBLdEl7UkRlOyBQeiBsLgpvajZ2aEpmcGpnTnZwMnBHbUZ4T3JLcVZFZ0kKLS0t cmVhc2UgZSBzCkNpb0JDelQ1c3RjdTJYK0lacTNFY2dFTDQzSUEzdjhmQ0JRCi0t
IHJlL1VIWDE0anZ5a3czbFNqNml2RkVoZzdrZ0dNT3NPcDNkMjJUNmN2SEUKo+lX LSB0MDZUd2NCdWpEcFoveXVHdTNUWDFZVmMwdEJIWVcrWm13VG9wdE1tNmZBCq0a
j6VNWaIiS7zIAMyZW7h72T3s9NfDEACSpcNiADGsQbcOIA== VyxFKbGEgLVT8cKpKhScmqG2BdggLpF/UbKIX158hoijYlIvf9YyuycS69fVfthZ
/jkeVzZ9dmkVxBdyLiq88Pfgtim2yp66C8kYW7U9CL2ckLq4gn87S/KSiMUS+oPB
CVOijzeO6/AFRSp9Hbg8b93PnfIApeQhIgP07zpr9Sn9Ys0WCQBklDCHRRS9JBM0
URmBu+2Jac8jGcBLf20z1Ixo7Vpp+Xr3/pwFLlqhHaYfpackX9siYfp9F52zOQif
pGwiLVjUGu86jpTDV2DqnRgrPMo94CGaVkF/jjqNP5dt6uCe8PlZ1MYCKd+OZhdu
wsBdKiJ2f4JPoZUK8sTvIXlK/zNti59AvxmKnRb2Pa1tnahodmHGHH7qoZBdAYOZ
sXvg5MN77lAXNQN2j7urHIrEwXCHb++yFk2ZC6WjMO9vyHmXJeLuxL0JC9AAUoO2
T0hrul3f0myG5s9/O5mqwZDPE9fWk+DOwSq8iIvIAlSH9LjIPjI=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----