Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

continuwuity migration

Browse source
This commit is contained in:
Henry Hiles 2025-09-14 16:33:36 -04:00
commit d5254c453c
No known key found for this signature in database
7 changed files with 299 additions and 245 deletions
Download patch file Download diff file Expand all files Collapse all files

24
clients/quadraticserver/auth.nix
View file

@ -2,17 +2,31 @@
inputs, inputs,
config, config,
... ...
}: { }:
imports = [inputs.matrixoidc.nixosModules.default]; {
imports = [ inputs.matrixoidc.nixosModules.default ];
services = let services =
let
socket = "/var/run/matrixoidc/socket"; socket = "/var/run/matrixoidc/socket";
domain = "auth.federated.nexus"; domain = "auth.federated.nexus";
in { in
{
matrixoidc = { matrixoidc = {
enable = true; enable = true;
jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path; jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"]; args = [
"--socket"
socket
"--homeserver"
config.services.matrix-continuwuity.settings.global.well_known.client
"--issuer"
"https://${domain}"
"--authorizeEndpoint"
"https://federated.nexus/login"
"--serviceDomain"
"federated.nexus"
];
group = "caddy"; group = "caddy";
}; };

18
clients/quadraticserver/matrix/bot.nix
View file

@ -2,15 +2,17 @@
inputs, inputs,
config, config,
... ...
}: { }:
imports = [inputs.nexusbot.nixosModules.default]; {
imports = [ inputs.nexusbot.nixosModules.default ];
services = let services =
let
socket = "/var/run/nexusbot/socket"; socket = "/var/run/nexusbot/socket";
domain = "register.federated.nexus"; domain = "register.federated.nexus";
alias = alias = "inf" + "o@f" + "edera" + "ted.n" + "exus";
"inf" + "o@f" + "edera" + "ted.n" + "exus"; in
in { {
nexusbot = { nexusbot = {
enable = true; enable = true;
botPasswordFile = config.age.secrets."botPassword.age".path; botPasswordFile = config.age.secrets."botPassword.age".path;
@ -19,7 +21,7 @@
"--socket" "--socket"
socket socket
"--homeserver" "--homeserver"
config.services.grapevine.settings.server_discovery.client.base_url config.services.matrix-continuwuity.settings.global.well_known.client
"--name" "--name"
"nexusbot" "nexusbot"
"--adminRoom" "--adminRoom"
@ -31,7 +33,7 @@
"--inviteTo" "--inviteTo"
"#community:federated.nexus" "#community:federated.nexus"
"--adminName" "--adminName"
"grapevine" "conduit"
"--email" "--email"
config.services.caddy.email config.services.caddy.email
"--emailAlias" "--emailAlias"

44
clients/quadraticserver/matrix/bridges.nix
View file

@ -4,7 +4,11 @@
inputs, inputs,
config, config,
... ...
}: let }:
let
client = config.services.matrix-continuwuity.settings.global.well_known.client;
server_name = config.services.matrix-continuwuity.settings.global.server_name;
settings = { settings = {
backfill.enabled = true; backfill.enabled = true;
@ -14,8 +18,8 @@
}; };
homeserver = { homeserver = {
domain = config.services.grapevine.settings.server_name; domain = server_name;
address = config.services.grapevine.settings.server_discovery.client.base_url; address = client;
}; };
bridge = { bridge = {
@ -25,25 +29,36 @@
require = false; require = false;
}; };
permissions = { permissions = {
"${config.services.grapevine.settings.server_name}" = "user"; "${server_name}" = "user";
"@quadradical:${config.services.grapevine.settings.server_name}" = "admin"; "@quadradical:${server_name}" = "admin";
}; };
}; };
}; };
in { in
imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default]; {
imports = [
inputs.nix-matrix-appservices.nixosModule
inputs.ooye.modules.default
];
services = let services =
let
domain = "ooye.federated.nexus"; domain = "ooye.federated.nexus";
in { in
matrix-appservices.services = builtins.mapAttrs (name: value: {
matrix-appservices.services =
builtins.mapAttrs
(
name: value:
value value
// { // {
inherit settings; inherit settings;
format = "mautrix-go"; format = "mautrix-go";
port = 8000; port = 8000;
package = value.package.override {withGoolm = true;}; package = value.package.override { withGoolm = true; };
}) { }
)
{
whatsapp = { whatsapp = {
host = "127.0.0.4"; host = "127.0.0.4";
serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path; serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path;
@ -58,7 +73,7 @@ in {
matrix-ooye = { matrix-ooye = {
enable = true; enable = true;
homeserver = config.services.grapevine.settings.server_discovery.client.base_url; homeserver = client;
homeserverName = "federated.nexus"; homeserverName = "federated.nexus";
discordTokenPath = config.age.secrets."discordToken.age".path; discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
@ -66,7 +81,8 @@ in {
bridgeOrigin = "https://${domain}"; bridgeOrigin = "https://${domain}";
}; };
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}"; caddy.virtualHosts."${domain}".extraConfig =
"reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
}; };
systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always"; systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always";

19
clients/quadraticserver/matrix/call.nix
View file

@ -3,15 +3,18 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
systemd.services = { systemd.services = {
livekit.serviceConfig.Restart = lib.mkForce "always"; livekit.serviceConfig.Restart = lib.mkForce "always";
lk-jwt-service.serviceConfig.Restart = lib.mkForce "always"; lk-jwt-service.serviceConfig.Restart = lib.mkForce "always";
}; };
services = let services =
let
domain = "call.federated.nexus"; domain = "call.federated.nexus";
in { in
{
livekit = { livekit = {
enable = true; enable = true;
keyFile = config.age.secrets."livekitKeys.age".path; keyFile = config.age.secrets."livekitKeys.age".path;
@ -26,15 +29,17 @@
caddy.virtualHosts."${domain}".extraConfig = '' caddy.virtualHosts."${domain}".extraConfig = ''
root * ${pkgs.element-call} root * ${pkgs.element-call}
route { route {
respond /config.json `${builtins.toJSON { respond /config.json `${
builtins.toJSON {
default_server_config = { default_server_config = {
"m.homeserver" = { "m.homeserver" = {
"base_url" = config.services.grapevine.settings.server_discovery.client.base_url; "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
"server_name" = config.services.grapevine.settings.server_name; "server_name" = config.services.matrix-continuwuity.settings.global.server_name;
}; };
}; };
livekit.livekit_service_url = "https://${domain}/livekit"; livekit.livekit_service_url = "https://${domain}/livekit";
}}` 200 }
}` 200
handle /livekit/sfu/get { handle /livekit/sfu/get {
uri strip_prefix /livekit uri strip_prefix /livekit

45
clients/quadraticserver/matrix/continuwuity.nix Normal file
View file

@ -0,0 +1,45 @@
{
inputs,
pkgs,
lib,
...
}:
{
systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
services =
let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in
{
matrix-continuwuity = {
enable = true;
package = inputs.continuwuity.packages.${pkgs.system}.default;
group = "caddy";
settings.global = {
server_name = domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [ ];
url_preview_domain_explicit_allowlist = [ "*" ];
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
support_email = "henry@henryhiles.com";
support_mxid = "@quadradical:${domain}";
};
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
};
}

44
clients/quadraticserver/matrix/grapevine.nix
View file

@ -1,44 +0,0 @@
{
inputs,
lib,
...
}: {
imports = [inputs.grapevine.nixosModules.default];
networking.firewall.allowedTCPPorts = [8448];
systemd.services.grapevine.serviceConfig.Restart = lib.mkForce "always";
services = let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
address = "127.0.0.3";
in {
grapevine = {
enable = true;
settings = {
server_name = domain;
database.backend = "rocksdb";
media.allow_unauthenticated_access = true;
federation = {
max_concurrent_requests = 10000;
self_test = false;
trusted_servers = ["matrix.org" "tchncs.de" "maunium.net"];
};
server_discovery = {
server.authority = "${subdomain}:443";
client.base_url = "https://${subdomain}";
};
listen = [
{
type = "tcp";
inherit address;
}
];
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy ${address}:6167";
};
}

46
flake.nix
View file

@ -14,10 +14,6 @@
url = "github:lordgrimmauld/run0-sudo-shim"; url = "github:lordgrimmauld/run0-sudo-shim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
grapevine = {
url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = { stylix = {
url = "github:danth/stylix"; url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -64,13 +60,16 @@
}; };
}; };
outputs = inputs: let outputs =
inputs:
let
lib = inputs.nixpkgs.lib; lib = inputs.nixpkgs.lib;
dirUtils = { dirUtils = {
opt = lib.optionals; opt = lib.optionals;
dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir); dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir);
}; };
system = info: system =
info:
lib.nixosSystem { lib.nixosSystem {
inherit (info) system; inherit (info) system;
specialArgs = { specialArgs = {
@ -82,7 +81,13 @@
localSystem = info.system; localSystem = info.system;
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
overlays = let path = ./cross-overlays/${info.hostname}; in dirUtils.opt (builtins.pathExists path) (map (file: import file inputs) (lib.filesystem.listFilesRecursive path)); overlays =
let
path = ./cross-overlays/${info.hostname};
in
dirUtils.opt (builtins.pathExists path) (
map (file: import file inputs) (lib.filesystem.listFilesRecursive path)
);
config.permittedInsecurePackages = [ config.permittedInsecurePackages = [
"libsoup-2.74.3" "libsoup-2.74.3"
@ -90,13 +95,14 @@
}; };
}; };
modules = let modules =
let
clientPath = ./clients/${info.hostname}; clientPath = ./clients/${info.hostname};
in in
with dirUtils; with dirUtils;
[ [
./wrappers/default.nix ./wrappers/default.nix
{networking.hostName = info.hostname;} { networking.hostName = info.hostname; }
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.run0-sudo-shim.nixosModules.default inputs.run0-sudo-shim.nixosModules.default
] ]
@ -114,21 +120,29 @@
); );
}; };
in in
inputs.flake-parts.lib.mkFlake {inherit inputs;} { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = ["aarch64-linux" "x86_64-linux"]; systems = [
"aarch64-linux"
"x86_64-linux"
];
perSystem = {pkgs, ...}: { perSystem =
{ pkgs, ... }:
{
apps.image = { apps.image = {
type = "app"; type = "app";
program = pkgs.writeShellApplication { program = pkgs.writeShellApplication {
name = "image"; name = "image";
runtimeInputs = with pkgs; [nix-output-monitor]; runtimeInputs = with pkgs; [ nix-output-monitor ];
text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image"; text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image";
}; };
}; };
}; };
flake.nixosConfigurations = builtins.mapAttrs (name: value: flake.nixosConfigurations =
builtins.mapAttrs
(
name: value:
system ( system (
{ {
system = "x86_64-linux"; system = "x86_64-linux";
@ -136,7 +150,9 @@
hostname = name; hostname = name;
} }
// value // value
)) { )
)
{
"quadraticpc".type = "desktop"; "quadraticpc".type = "desktop";
"quadtop".type = "desktop"; "quadtop".type = "desktop";
"quadraticserver" = { "quadraticserver" = {