continuwuity migration

2025-09-14 16:33:36 -04:00 · 2025-09-14 16:33:36 -04:00 · d5254c453c
commit d5254c453c
parent 7869d962c0
7 changed files with 299 additions and 245 deletions
--- a/clients/quadraticserver/auth.nix
+++ b/clients/quadraticserver/auth.nix
@ -2,20 +2,34 @@
  inputs,
  config,
  ...
-}: {
-  imports = [inputs.matrixoidc.nixosModules.default];
+}:
+{
+  imports = [ inputs.matrixoidc.nixosModules.default ];

-  services = let
-    socket = "/var/run/matrixoidc/socket";
-    domain = "auth.federated.nexus";
-  in {
-    matrixoidc = {
-      enable = true;
-      jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
-      args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"];
-      group = "caddy";
+  services =
+    let
+      socket = "/var/run/matrixoidc/socket";
+      domain = "auth.federated.nexus";
+    in
+    {
+      matrixoidc = {
+        enable = true;
+        jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
+        args = [
+          "--socket"
+          socket
+          "--homeserver"
+          config.services.matrix-continuwuity.settings.global.well_known.client
+          "--issuer"
+          "https://${domain}"
+          "--authorizeEndpoint"
+          "https://federated.nexus/login"
+          "--serviceDomain"
+          "federated.nexus"
+        ];
+        group = "caddy";
+      };
+
+      caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
    };
-
-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
-  };
 }
--- a/clients/quadraticserver/matrix/bot.nix
+++ b/clients/quadraticserver/matrix/bot.nix
@ -2,48 +2,50 @@
  inputs,
  config,
  ...
-}: {
-  imports = [inputs.nexusbot.nixosModules.default];
+}:
+{
+  imports = [ inputs.nexusbot.nixosModules.default ];

-  services = let
-    socket = "/var/run/nexusbot/socket";
-    domain = "register.federated.nexus";
-    alias =
-      "inf" + "o@f" + "edera" + "ted.n" + "exus";
-  in {
-    nexusbot = {
-      enable = true;
-      botPasswordFile = config.age.secrets."botPassword.age".path;
-      smtpPasswordFile = config.age.secrets."smtpPassword.age".path;
-      args = [
-        "--socket"
-        socket
-        "--homeserver"
-        config.services.grapevine.settings.server_discovery.client.base_url
-        "--name"
-        "nexusbot"
-        "--adminRoom"
-        "#admins:federated.nexus"
-        "--successUri"
-        "https://federated.nexus/success"
-        "--failureUri"
-        "https://federated.nexus/failure"
-        "--inviteTo"
-        "#community:federated.nexus"
-        "--adminName"
-        "grapevine"
-        "--email"
-        config.services.caddy.email
-        "--emailAlias"
-        alias
-        "--mailDomain"
-        "mail.henryhiles.com"
-        "--mailName"
-        "Federated Nexus"
-      ];
-      group = "caddy";
+  services =
+    let
+      socket = "/var/run/nexusbot/socket";
+      domain = "register.federated.nexus";
+      alias = "inf" + "o@f" + "edera" + "ted.n" + "exus";
+    in
+    {
+      nexusbot = {
+        enable = true;
+        botPasswordFile = config.age.secrets."botPassword.age".path;
+        smtpPasswordFile = config.age.secrets."smtpPassword.age".path;
+        args = [
+          "--socket"
+          socket
+          "--homeserver"
+          config.services.matrix-continuwuity.settings.global.well_known.client
+          "--name"
+          "nexusbot"
+          "--adminRoom"
+          "#admins:federated.nexus"
+          "--successUri"
+          "https://federated.nexus/success"
+          "--failureUri"
+          "https://federated.nexus/failure"
+          "--inviteTo"
+          "#community:federated.nexus"
+          "--adminName"
+          "conduit"
+          "--email"
+          config.services.caddy.email
+          "--emailAlias"
+          alias
+          "--mailDomain"
+          "mail.henryhiles.com"
+          "--mailName"
+          "Federated Nexus"
+        ];
+        group = "caddy";
+      };
+
+      caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
    };
-
-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
-  };
 }
--- a/clients/quadraticserver/matrix/bridges.nix
+++ b/clients/quadraticserver/matrix/bridges.nix
@ -4,7 +4,11 @@
  inputs,
  config,
  ...
-}: let
+}:
+let
+  client = config.services.matrix-continuwuity.settings.global.well_known.client;
+  server_name = config.services.matrix-continuwuity.settings.global.server_name;
+
  settings = {
    backfill.enabled = true;

@ -14,8 +18,8 @@
    };

    homeserver = {
-      domain = config.services.grapevine.settings.server_name;
-      address = config.services.grapevine.settings.server_discovery.client.base_url;
+      domain = server_name;
+      address = client;
    };

    bridge = {
@ -25,49 +29,61 @@
        require = false;
      };
      permissions = {
-        "${config.services.grapevine.settings.server_name}" = "user";
-        "@quadradical:${config.services.grapevine.settings.server_name}" = "admin";
+        "${server_name}" = "user";
+        "@quadradical:${server_name}" = "admin";
      };
    };
  };
-in {
-  imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default];
+in
+{
+  imports = [
+    inputs.nix-matrix-appservices.nixosModule
+    inputs.ooye.modules.default
+  ];

-  services = let
-    domain = "ooye.federated.nexus";
-  in {
-    matrix-appservices.services = builtins.mapAttrs (name: value:
-      value
-      // {
-        inherit settings;
-        format = "mautrix-go";
-        port = 8000;
-        package = value.package.override {withGoolm = true;};
-      }) {
-      whatsapp = {
-        host = "127.0.0.4";
-        serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path;
-        package = pkgs.mautrix-whatsapp;
+  services =
+    let
+      domain = "ooye.federated.nexus";
+    in
+    {
+      matrix-appservices.services =
+        builtins.mapAttrs
+          (
+            name: value:
+            value
+            // {
+              inherit settings;
+              format = "mautrix-go";
+              port = 8000;
+              package = value.package.override { withGoolm = true; };
+            }
+          )
+          {
+            whatsapp = {
+              host = "127.0.0.4";
+              serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path;
+              package = pkgs.mautrix-whatsapp;
+            };
+            gmessages = {
+              host = "127.0.0.5";
+              serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path;
+              package = pkgs.mautrix-gmessages;
+            };
+          };
+
+      matrix-ooye = {
+        enable = true;
+        homeserver = client;
+        homeserverName = "federated.nexus";
+        discordTokenPath = config.age.secrets."discordToken.age".path;
+        discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
+        socket = "8081";
+        bridgeOrigin = "https://${domain}";
      };
-      gmessages = {
-        host = "127.0.0.5";
-        serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path;
-        package = pkgs.mautrix-gmessages;
-      };
-    };

-    matrix-ooye = {
-      enable = true;
-      homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
-      homeserverName = "federated.nexus";
-      discordTokenPath = config.age.secrets."discordToken.age".path;
-      discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
-      socket = "8081";
-      bridgeOrigin = "https://${domain}";
+      caddy.virtualHosts."${domain}".extraConfig =
+        "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
    };

-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
-  };
-
  systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always";
 }
--- a/clients/quadraticserver/matrix/call.nix
+++ b/clients/quadraticserver/matrix/call.nix
@ -3,51 +3,56 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  systemd.services = {
    livekit.serviceConfig.Restart = lib.mkForce "always";
    lk-jwt-service.serviceConfig.Restart = lib.mkForce "always";
  };

-  services = let
-    domain = "call.federated.nexus";
-  in {
-    livekit = {
-      enable = true;
-      keyFile = config.age.secrets."livekitKeys.age".path;
+  services =
+    let
+      domain = "call.federated.nexus";
+    in
+    {
+      livekit = {
+        enable = true;
+        keyFile = config.age.secrets."livekitKeys.age".path;
+      };
+
+      lk-jwt-service = {
+        enable = true;
+        livekitUrl = "wss://${domain}/livekit/sfu";
+        keyFile = config.services.livekit.keyFile;
+      };
+
+      caddy.virtualHosts."${domain}".extraConfig = ''
+        root * ${pkgs.element-call}
+        route {
+        	respond /config.json `${
+           builtins.toJSON {
+             default_server_config = {
+               "m.homeserver" = {
+                 "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
+                 "server_name" = config.services.matrix-continuwuity.settings.global.server_name;
+               };
+             };
+             livekit.livekit_service_url = "https://${domain}/livekit";
+           }
+         }` 200
+
+        	handle /livekit/sfu/get {
+        	  uri strip_prefix /livekit
+        	  reverse_proxy 127.0.0.1:8080
+        	}
+
+        	handle_path /livekit/sfu* {
+        	  reverse_proxy 127.0.0.1:7880
+        	}
+
+        	try_files {path} {path}/ /index.html
+        	file_server
+        }
+      '';
    };
-
-    lk-jwt-service = {
-      enable = true;
-      livekitUrl = "wss://${domain}/livekit/sfu";
-      keyFile = config.services.livekit.keyFile;
-    };
-
-    caddy.virtualHosts."${domain}".extraConfig = ''
-      root * ${pkgs.element-call}
-      route {
-      	respond /config.json `${builtins.toJSON {
-        default_server_config = {
-          "m.homeserver" = {
-            "base_url" = config.services.grapevine.settings.server_discovery.client.base_url;
-            "server_name" = config.services.grapevine.settings.server_name;
-          };
-        };
-        livekit.livekit_service_url = "https://${domain}/livekit";
-      }}` 200
-
-      	handle /livekit/sfu/get {
-      	  uri strip_prefix /livekit
-      	  reverse_proxy 127.0.0.1:8080
-      	}
-
-      	handle_path /livekit/sfu* {
-      	  reverse_proxy 127.0.0.1:7880
-      	}
-
-      	try_files {path} {path}/ /index.html
-      	file_server
-      }
-    '';
-  };
 }
--- a/clients/quadraticserver/matrix/continuwuity.nix
+++ b/clients/quadraticserver/matrix/continuwuity.nix
@ -0,0 +1,45 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
+
+  services =
+    let
+      domain = "federated.nexus";
+      subdomain = "matrix.${domain}";
+      socket = "/var/run/continuwuity/continuwuity.sock";
+    in
+    {
+      matrix-continuwuity = {
+        enable = true;
+        package = inputs.continuwuity.packages.${pkgs.system}.default;
+        group = "caddy";
+        settings.global = {
+          server_name = domain;
+          unix_socket_path = socket;
+          new_user_displayname_suffix = "";
+          allow_public_room_directory_over_federation = true;
+          trusted_servers = [
+            "matrix.org"
+            "tchncs.de"
+            "maunium.net"
+          ];
+          ignore_messages_from_server_names = [ ];
+          url_preview_domain_explicit_allowlist = [ "*" ];
+
+          well_known = {
+            client = "https://${subdomain}";
+            server = "${subdomain}:443";
+            support_email = "henry@henryhiles.com";
+            support_mxid = "@quadradical:${domain}";
+          };
+        };
+      };
+
+      caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
+    };
+}
--- a/clients/quadraticserver/matrix/grapevine.nix
+++ b/clients/quadraticserver/matrix/grapevine.nix
@ -1,44 +0,0 @@
-{
-  inputs,
-  lib,
-  ...
-}: {
-  imports = [inputs.grapevine.nixosModules.default];
-  networking.firewall.allowedTCPPorts = [8448];
-
-  systemd.services.grapevine.serviceConfig.Restart = lib.mkForce "always";
-
-  services = let
-    domain = "federated.nexus";
-    subdomain = "matrix.${domain}";
-    address = "127.0.0.3";
-  in {
-    grapevine = {
-      enable = true;
-      settings = {
-        server_name = domain;
-        database.backend = "rocksdb";
-        media.allow_unauthenticated_access = true;
-        federation = {
-          max_concurrent_requests = 10000;
-          self_test = false;
-          trusted_servers = ["matrix.org" "tchncs.de" "maunium.net"];
-        };
-
-        server_discovery = {
-          server.authority = "${subdomain}:443";
-          client.base_url = "https://${subdomain}";
-        };
-
-        listen = [
-          {
-            type = "tcp";
-            inherit address;
-          }
-        ];
-      };
-    };
-
-    caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy ${address}:6167";
-  };
-}