From d5254c453cc9d60f3fa42386c150c9b1f503880e Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Sun, 14 Sep 2025 16:33:36 -0400 Subject: [PATCH] continuwuity migration --- clients/quadraticserver/auth.nix | 42 +++-- clients/quadraticserver/matrix/bot.nix | 86 ++++++----- clients/quadraticserver/matrix/bridges.nix | 94 ++++++----- clients/quadraticserver/matrix/call.nix | 87 ++++++----- .../quadraticserver/matrix/continuwuity.nix | 45 ++++++ clients/quadraticserver/matrix/grapevine.nix | 44 ------ flake.nix | 146 ++++++++++-------- 7 files changed, 299 insertions(+), 245 deletions(-) create mode 100644 clients/quadraticserver/matrix/continuwuity.nix delete mode 100644 clients/quadraticserver/matrix/grapevine.nix diff --git a/clients/quadraticserver/auth.nix b/clients/quadraticserver/auth.nix index 714052e..da82ecf 100644 --- a/clients/quadraticserver/auth.nix +++ b/clients/quadraticserver/auth.nix @@ -2,20 +2,34 @@ inputs, config, ... -}: { - imports = [inputs.matrixoidc.nixosModules.default]; +}: +{ + imports = [ inputs.matrixoidc.nixosModules.default ]; - services = let - socket = "/var/run/matrixoidc/socket"; - domain = "auth.federated.nexus"; - in { - matrixoidc = { - enable = true; - jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path; - args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"]; - group = "caddy"; + services = + let + socket = "/var/run/matrixoidc/socket"; + domain = "auth.federated.nexus"; + in + { + matrixoidc = { + enable = true; + jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path; + args = [ + "--socket" + socket + "--homeserver" + config.services.matrix-continuwuity.settings.global.well_known.client + "--issuer" + "https://${domain}" + "--authorizeEndpoint" + "https://federated.nexus/login" + "--serviceDomain" + "federated.nexus" + ]; + group = "caddy"; + }; + + caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; }; - - caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; - }; } diff --git a/clients/quadraticserver/matrix/bot.nix b/clients/quadraticserver/matrix/bot.nix index d3963ce..aa55e7b 100644 --- a/clients/quadraticserver/matrix/bot.nix +++ b/clients/quadraticserver/matrix/bot.nix @@ -2,48 +2,50 @@ inputs, config, ... -}: { - imports = [inputs.nexusbot.nixosModules.default]; +}: +{ + imports = [ inputs.nexusbot.nixosModules.default ]; - services = let - socket = "/var/run/nexusbot/socket"; - domain = "register.federated.nexus"; - alias = - "inf" + "o@f" + "edera" + "ted.n" + "exus"; - in { - nexusbot = { - enable = true; - botPasswordFile = config.age.secrets."botPassword.age".path; - smtpPasswordFile = config.age.secrets."smtpPassword.age".path; - args = [ - "--socket" - socket - "--homeserver" - config.services.grapevine.settings.server_discovery.client.base_url - "--name" - "nexusbot" - "--adminRoom" - "#admins:federated.nexus" - "--successUri" - "https://federated.nexus/success" - "--failureUri" - "https://federated.nexus/failure" - "--inviteTo" - "#community:federated.nexus" - "--adminName" - "grapevine" - "--email" - config.services.caddy.email - "--emailAlias" - alias - "--mailDomain" - "mail.henryhiles.com" - "--mailName" - "Federated Nexus" - ]; - group = "caddy"; + services = + let + socket = "/var/run/nexusbot/socket"; + domain = "register.federated.nexus"; + alias = "inf" + "o@f" + "edera" + "ted.n" + "exus"; + in + { + nexusbot = { + enable = true; + botPasswordFile = config.age.secrets."botPassword.age".path; + smtpPasswordFile = config.age.secrets."smtpPassword.age".path; + args = [ + "--socket" + socket + "--homeserver" + config.services.matrix-continuwuity.settings.global.well_known.client + "--name" + "nexusbot" + "--adminRoom" + "#admins:federated.nexus" + "--successUri" + "https://federated.nexus/success" + "--failureUri" + "https://federated.nexus/failure" + "--inviteTo" + "#community:federated.nexus" + "--adminName" + "conduit" + "--email" + config.services.caddy.email + "--emailAlias" + alias + "--mailDomain" + "mail.henryhiles.com" + "--mailName" + "Federated Nexus" + ]; + group = "caddy"; + }; + + caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; }; - - caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; - }; } diff --git a/clients/quadraticserver/matrix/bridges.nix b/clients/quadraticserver/matrix/bridges.nix index 38e23df..2a8b57e 100644 --- a/clients/quadraticserver/matrix/bridges.nix +++ b/clients/quadraticserver/matrix/bridges.nix @@ -4,7 +4,11 @@ inputs, config, ... -}: let +}: +let + client = config.services.matrix-continuwuity.settings.global.well_known.client; + server_name = config.services.matrix-continuwuity.settings.global.server_name; + settings = { backfill.enabled = true; @@ -14,8 +18,8 @@ }; homeserver = { - domain = config.services.grapevine.settings.server_name; - address = config.services.grapevine.settings.server_discovery.client.base_url; + domain = server_name; + address = client; }; bridge = { @@ -25,49 +29,61 @@ require = false; }; permissions = { - "${config.services.grapevine.settings.server_name}" = "user"; - "@quadradical:${config.services.grapevine.settings.server_name}" = "admin"; + "${server_name}" = "user"; + "@quadradical:${server_name}" = "admin"; }; }; }; -in { - imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default]; +in +{ + imports = [ + inputs.nix-matrix-appservices.nixosModule + inputs.ooye.modules.default + ]; - services = let - domain = "ooye.federated.nexus"; - in { - matrix-appservices.services = builtins.mapAttrs (name: value: - value - // { - inherit settings; - format = "mautrix-go"; - port = 8000; - package = value.package.override {withGoolm = true;}; - }) { - whatsapp = { - host = "127.0.0.4"; - serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path; - package = pkgs.mautrix-whatsapp; + services = + let + domain = "ooye.federated.nexus"; + in + { + matrix-appservices.services = + builtins.mapAttrs + ( + name: value: + value + // { + inherit settings; + format = "mautrix-go"; + port = 8000; + package = value.package.override { withGoolm = true; }; + } + ) + { + whatsapp = { + host = "127.0.0.4"; + serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path; + package = pkgs.mautrix-whatsapp; + }; + gmessages = { + host = "127.0.0.5"; + serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path; + package = pkgs.mautrix-gmessages; + }; + }; + + matrix-ooye = { + enable = true; + homeserver = client; + homeserverName = "federated.nexus"; + discordTokenPath = config.age.secrets."discordToken.age".path; + discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; + socket = "8081"; + bridgeOrigin = "https://${domain}"; }; - gmessages = { - host = "127.0.0.5"; - serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path; - package = pkgs.mautrix-gmessages; - }; - }; - matrix-ooye = { - enable = true; - homeserver = config.services.grapevine.settings.server_discovery.client.base_url; - homeserverName = "federated.nexus"; - discordTokenPath = config.age.secrets."discordToken.age".path; - discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; - socket = "8081"; - bridgeOrigin = "https://${domain}"; + caddy.virtualHosts."${domain}".extraConfig = + "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}"; }; - caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}"; - }; - systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always"; } diff --git a/clients/quadraticserver/matrix/call.nix b/clients/quadraticserver/matrix/call.nix index d2d58fa..af16111 100644 --- a/clients/quadraticserver/matrix/call.nix +++ b/clients/quadraticserver/matrix/call.nix @@ -3,51 +3,56 @@ pkgs, config, ... -}: { +}: +{ systemd.services = { livekit.serviceConfig.Restart = lib.mkForce "always"; lk-jwt-service.serviceConfig.Restart = lib.mkForce "always"; }; - services = let - domain = "call.federated.nexus"; - in { - livekit = { - enable = true; - keyFile = config.age.secrets."livekitKeys.age".path; + services = + let + domain = "call.federated.nexus"; + in + { + livekit = { + enable = true; + keyFile = config.age.secrets."livekitKeys.age".path; + }; + + lk-jwt-service = { + enable = true; + livekitUrl = "wss://${domain}/livekit/sfu"; + keyFile = config.services.livekit.keyFile; + }; + + caddy.virtualHosts."${domain}".extraConfig = '' + root * ${pkgs.element-call} + route { + respond /config.json `${ + builtins.toJSON { + default_server_config = { + "m.homeserver" = { + "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client; + "server_name" = config.services.matrix-continuwuity.settings.global.server_name; + }; + }; + livekit.livekit_service_url = "https://${domain}/livekit"; + } + }` 200 + + handle /livekit/sfu/get { + uri strip_prefix /livekit + reverse_proxy 127.0.0.1:8080 + } + + handle_path /livekit/sfu* { + reverse_proxy 127.0.0.1:7880 + } + + try_files {path} {path}/ /index.html + file_server + } + ''; }; - - lk-jwt-service = { - enable = true; - livekitUrl = "wss://${domain}/livekit/sfu"; - keyFile = config.services.livekit.keyFile; - }; - - caddy.virtualHosts."${domain}".extraConfig = '' - root * ${pkgs.element-call} - route { - respond /config.json `${builtins.toJSON { - default_server_config = { - "m.homeserver" = { - "base_url" = config.services.grapevine.settings.server_discovery.client.base_url; - "server_name" = config.services.grapevine.settings.server_name; - }; - }; - livekit.livekit_service_url = "https://${domain}/livekit"; - }}` 200 - - handle /livekit/sfu/get { - uri strip_prefix /livekit - reverse_proxy 127.0.0.1:8080 - } - - handle_path /livekit/sfu* { - reverse_proxy 127.0.0.1:7880 - } - - try_files {path} {path}/ /index.html - file_server - } - ''; - }; } diff --git a/clients/quadraticserver/matrix/continuwuity.nix b/clients/quadraticserver/matrix/continuwuity.nix new file mode 100644 index 0000000..d8b0c48 --- /dev/null +++ b/clients/quadraticserver/matrix/continuwuity.nix @@ -0,0 +1,45 @@ +{ + inputs, + pkgs, + lib, + ... +}: +{ + systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always"; + + services = + let + domain = "federated.nexus"; + subdomain = "matrix.${domain}"; + socket = "/var/run/continuwuity/continuwuity.sock"; + in + { + matrix-continuwuity = { + enable = true; + package = inputs.continuwuity.packages.${pkgs.system}.default; + group = "caddy"; + settings.global = { + server_name = domain; + unix_socket_path = socket; + new_user_displayname_suffix = ""; + allow_public_room_directory_over_federation = true; + trusted_servers = [ + "matrix.org" + "tchncs.de" + "maunium.net" + ]; + ignore_messages_from_server_names = [ ]; + url_preview_domain_explicit_allowlist = [ "*" ]; + + well_known = { + client = "https://${subdomain}"; + server = "${subdomain}:443"; + support_email = "henry@henryhiles.com"; + support_mxid = "@quadradical:${domain}"; + }; + }; + }; + + caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}"; + }; +} diff --git a/clients/quadraticserver/matrix/grapevine.nix b/clients/quadraticserver/matrix/grapevine.nix deleted file mode 100644 index 8e3280d..0000000 --- a/clients/quadraticserver/matrix/grapevine.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - inputs, - lib, - ... -}: { - imports = [inputs.grapevine.nixosModules.default]; - networking.firewall.allowedTCPPorts = [8448]; - - systemd.services.grapevine.serviceConfig.Restart = lib.mkForce "always"; - - services = let - domain = "federated.nexus"; - subdomain = "matrix.${domain}"; - address = "127.0.0.3"; - in { - grapevine = { - enable = true; - settings = { - server_name = domain; - database.backend = "rocksdb"; - media.allow_unauthenticated_access = true; - federation = { - max_concurrent_requests = 10000; - self_test = false; - trusted_servers = ["matrix.org" "tchncs.de" "maunium.net"]; - }; - - server_discovery = { - server.authority = "${subdomain}:443"; - client.base_url = "https://${subdomain}"; - }; - - listen = [ - { - type = "tcp"; - inherit address; - } - ]; - }; - }; - - caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy ${address}:6167"; - }; -} diff --git a/flake.nix b/flake.nix index d7477b8..5a00398 100755 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,6 @@ url = "github:lordgrimmauld/run0-sudo-shim"; inputs.nixpkgs.follows = "nixpkgs"; }; - grapevine = { - url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery"; - inputs.nixpkgs.follows = "nixpkgs"; - }; stylix = { url = "github:danth/stylix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -64,39 +60,49 @@ }; }; - outputs = inputs: let - lib = inputs.nixpkgs.lib; - dirUtils = { - opt = lib.optionals; - dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir); - }; - system = info: - lib.nixosSystem { - inherit (info) system; - specialArgs = { - inherit inputs dirUtils; - inherit (info) type; + outputs = + inputs: + let + lib = inputs.nixpkgs.lib; + dirUtils = { + opt = lib.optionals; + dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir); + }; + system = + info: + lib.nixosSystem { + inherit (info) system; + specialArgs = { + inherit inputs dirUtils; + inherit (info) type; - crossPkgs = import inputs.nixpkgs { - hostPlatform = info.system; - localSystem = info.system; - buildPlatform = "x86_64-linux"; + crossPkgs = import inputs.nixpkgs { + hostPlatform = info.system; + localSystem = info.system; + buildPlatform = "x86_64-linux"; - overlays = let path = ./cross-overlays/${info.hostname}; in dirUtils.opt (builtins.pathExists path) (map (file: import file inputs) (lib.filesystem.listFilesRecursive path)); + overlays = + let + path = ./cross-overlays/${info.hostname}; + in + dirUtils.opt (builtins.pathExists path) ( + map (file: import file inputs) (lib.filesystem.listFilesRecursive path) + ); - config.permittedInsecurePackages = [ - "libsoup-2.74.3" - ]; + config.permittedInsecurePackages = [ + "libsoup-2.74.3" + ]; + }; }; - }; - modules = let - clientPath = ./clients/${info.hostname}; - in - with dirUtils; + modules = + let + clientPath = ./clients/${info.hostname}; + in + with dirUtils; [ ./wrappers/default.nix - {networking.hostName = info.hostname;} + { networking.hostName = info.hostname; } inputs.agenix.nixosModules.default inputs.run0-sudo-shim.nixosModules.default ] @@ -112,45 +118,55 @@ ./stylix.nix ] ); - }; - in - inputs.flake-parts.lib.mkFlake {inherit inputs;} { - systems = ["aarch64-linux" "x86_64-linux"]; + }; + in + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "aarch64-linux" + "x86_64-linux" + ]; - perSystem = {pkgs, ...}: { - apps.image = { - type = "app"; - program = pkgs.writeShellApplication { - name = "image"; - runtimeInputs = with pkgs; [nix-output-monitor]; - text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image"; + perSystem = + { pkgs, ... }: + { + apps.image = { + type = "app"; + program = pkgs.writeShellApplication { + name = "image"; + runtimeInputs = with pkgs; [ nix-output-monitor ]; + text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image"; + }; }; }; - }; - flake.nixosConfigurations = builtins.mapAttrs (name: value: - system ( + flake.nixosConfigurations = + builtins.mapAttrs + ( + name: value: + system ( + { + system = "x86_64-linux"; + graphical = true; + hostname = name; + } + // value + ) + ) { - system = "x86_64-linux"; - graphical = true; - hostname = name; - } - // value - )) { - "quadraticpc".type = "desktop"; - "quadtop".type = "desktop"; - "quadraticserver" = { - type = "server"; - graphical = false; - }; - "quadphone" = { - type = "mobile"; - system = "aarch64-linux"; - }; - "everquad" = { - type = "mobile"; - system = "aarch64-linux"; - }; - }; + "quadraticpc".type = "desktop"; + "quadtop".type = "desktop"; + "quadraticserver" = { + type = "server"; + graphical = false; + }; + "quadphone" = { + type = "mobile"; + system = "aarch64-linux"; + }; + "everquad" = { + type = "mobile"; + system = "aarch64-linux"; + }; + }; }; }