Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

continuwuity migration

Browse source
This commit is contained in:
Henry Hiles 2025-09-14 16:33:36 -04:00
commit d5254c453c
No known key found for this signature in database
7 changed files with 299 additions and 245 deletions
Download patch file Download diff file Expand all files Collapse all files

42
clients/quadraticserver/auth.nix
View file

@ -2,20 +2,34 @@
inputs, inputs,
config, config,
... ...
}: { }:
imports = [inputs.matrixoidc.nixosModules.default]; {
imports = [ inputs.matrixoidc.nixosModules.default ];
services = let services =
socket = "/var/run/matrixoidc/socket"; let
domain = "auth.federated.nexus"; socket = "/var/run/matrixoidc/socket";
in { domain = "auth.federated.nexus";
matrixoidc = { in
enable = true; {
jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path; matrixoidc = {
args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"]; enable = true;
group = "caddy"; jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
args = [
"--socket"
socket
"--homeserver"
config.services.matrix-continuwuity.settings.global.well_known.client
"--issuer"
"https://${domain}"
"--authorizeEndpoint"
"https://federated.nexus/login"
"--serviceDomain"
"federated.nexus"
];
group = "caddy";
};
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
}; };
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
};
} }

86
clients/quadraticserver/matrix/bot.nix
View file

@ -2,48 +2,50 @@
inputs, inputs,
config, config,
... ...
}: { }:
imports = [inputs.nexusbot.nixosModules.default]; {
imports = [ inputs.nexusbot.nixosModules.default ];
services = let services =
socket = "/var/run/nexusbot/socket"; let
domain = "register.federated.nexus"; socket = "/var/run/nexusbot/socket";
alias = domain = "register.federated.nexus";
"inf" + "o@f" + "edera" + "ted.n" + "exus"; alias = "inf" + "o@f" + "edera" + "ted.n" + "exus";
in { in
nexusbot = { {
enable = true; nexusbot = {
botPasswordFile = config.age.secrets."botPassword.age".path; enable = true;
smtpPasswordFile = config.age.secrets."smtpPassword.age".path; botPasswordFile = config.age.secrets."botPassword.age".path;
args = [ smtpPasswordFile = config.age.secrets."smtpPassword.age".path;
"--socket" args = [
socket "--socket"
"--homeserver" socket
config.services.grapevine.settings.server_discovery.client.base_url "--homeserver"
"--name" config.services.matrix-continuwuity.settings.global.well_known.client
"nexusbot" "--name"
"--adminRoom" "nexusbot"
"#admins:federated.nexus" "--adminRoom"
"--successUri" "#admins:federated.nexus"
"https://federated.nexus/success" "--successUri"
"--failureUri" "https://federated.nexus/success"
"https://federated.nexus/failure" "--failureUri"
"--inviteTo" "https://federated.nexus/failure"
"#community:federated.nexus" "--inviteTo"
"--adminName" "#community:federated.nexus"
"grapevine" "--adminName"
"--email" "conduit"
config.services.caddy.email "--email"
"--emailAlias" config.services.caddy.email
alias "--emailAlias"
"--mailDomain" alias
"mail.henryhiles.com" "--mailDomain"
"--mailName" "mail.henryhiles.com"
"Federated Nexus" "--mailName"
]; "Federated Nexus"
group = "caddy"; ];
group = "caddy";
};
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
}; };
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
};
} }

94
clients/quadraticserver/matrix/bridges.nix
View file

@ -4,7 +4,11 @@
inputs, inputs,
config, config,
... ...
}: let }:
let
client = config.services.matrix-continuwuity.settings.global.well_known.client;
server_name = config.services.matrix-continuwuity.settings.global.server_name;
settings = { settings = {
backfill.enabled = true; backfill.enabled = true;
@ -14,8 +18,8 @@
}; };
homeserver = { homeserver = {
domain = config.services.grapevine.settings.server_name; domain = server_name;
address = config.services.grapevine.settings.server_discovery.client.base_url; address = client;
}; };
bridge = { bridge = {
@ -25,49 +29,61 @@
require = false; require = false;
}; };
permissions = { permissions = {
"${config.services.grapevine.settings.server_name}" = "user"; "${server_name}" = "user";
"@quadradical:${config.services.grapevine.settings.server_name}" = "admin"; "@quadradical:${server_name}" = "admin";
}; };
}; };
}; };
in { in
imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default]; {
imports = [
inputs.nix-matrix-appservices.nixosModule
inputs.ooye.modules.default
];
services = let services =
domain = "ooye.federated.nexus"; let
in { domain = "ooye.federated.nexus";
matrix-appservices.services = builtins.mapAttrs (name: value: in
value {
// { matrix-appservices.services =
inherit settings; builtins.mapAttrs
format = "mautrix-go"; (
port = 8000; name: value:
package = value.package.override {withGoolm = true;}; value
}) { // {
whatsapp = { inherit settings;
host = "127.0.0.4"; format = "mautrix-go";
serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path; port = 8000;
package = pkgs.mautrix-whatsapp; package = value.package.override { withGoolm = true; };
}
)
{
whatsapp = {
host = "127.0.0.4";
serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path;
package = pkgs.mautrix-whatsapp;
};
gmessages = {
host = "127.0.0.5";
serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path;
package = pkgs.mautrix-gmessages;
};
};
matrix-ooye = {
enable = true;
homeserver = client;
homeserverName = "federated.nexus";
discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
socket = "8081";
bridgeOrigin = "https://${domain}";
}; };
gmessages = {
host = "127.0.0.5";
serviceConfig.EnvironmentFile = config.age.secrets."gmessages.age".path;
package = pkgs.mautrix-gmessages;
};
};
matrix-ooye = { caddy.virtualHosts."${domain}".extraConfig =
enable = true; "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
homeserverName = "federated.nexus";
discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
socket = "8081";
bridgeOrigin = "https://${domain}";
}; };
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
};
systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always"; systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always";
} }

87
clients/quadraticserver/matrix/call.nix
View file

@ -3,51 +3,56 @@
pkgs, pkgs,
config, config,
... ...
}: { }:
{
systemd.services = { systemd.services = {
livekit.serviceConfig.Restart = lib.mkForce "always"; livekit.serviceConfig.Restart = lib.mkForce "always";
lk-jwt-service.serviceConfig.Restart = lib.mkForce "always"; lk-jwt-service.serviceConfig.Restart = lib.mkForce "always";
}; };
services = let services =
domain = "call.federated.nexus"; let
in { domain = "call.federated.nexus";
livekit = { in
enable = true; {
keyFile = config.age.secrets."livekitKeys.age".path; livekit = {
enable = true;
keyFile = config.age.secrets."livekitKeys.age".path;
};
lk-jwt-service = {
enable = true;
livekitUrl = "wss://${domain}/livekit/sfu";
keyFile = config.services.livekit.keyFile;
};
caddy.virtualHosts."${domain}".extraConfig = ''
root * ${pkgs.element-call}
route {
respond /config.json `${
builtins.toJSON {
default_server_config = {
"m.homeserver" = {
"base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
"server_name" = config.services.matrix-continuwuity.settings.global.server_name;
};
};
livekit.livekit_service_url = "https://${domain}/livekit";
}
}` 200
handle /livekit/sfu/get {
uri strip_prefix /livekit
reverse_proxy 127.0.0.1:8080
}
handle_path /livekit/sfu* {
reverse_proxy 127.0.0.1:7880
}
try_files {path} {path}/ /index.html
file_server
}
'';
}; };
lk-jwt-service = {
enable = true;
livekitUrl = "wss://${domain}/livekit/sfu";
keyFile = config.services.livekit.keyFile;
};
caddy.virtualHosts."${domain}".extraConfig = ''
root * ${pkgs.element-call}
route {
respond /config.json `${builtins.toJSON {
default_server_config = {
"m.homeserver" = {
"base_url" = config.services.grapevine.settings.server_discovery.client.base_url;
"server_name" = config.services.grapevine.settings.server_name;
};
};
livekit.livekit_service_url = "https://${domain}/livekit";
}}` 200
handle /livekit/sfu/get {
uri strip_prefix /livekit
reverse_proxy 127.0.0.1:8080
}
handle_path /livekit/sfu* {
reverse_proxy 127.0.0.1:7880
}
try_files {path} {path}/ /index.html
file_server
}
'';
};
} }

45
clients/quadraticserver/matrix/continuwuity.nix Normal file
View file

@ -0,0 +1,45 @@
{
inputs,
pkgs,
lib,
...
}:
{
systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
services =
let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in
{
matrix-continuwuity = {
enable = true;
package = inputs.continuwuity.packages.${pkgs.system}.default;
group = "caddy";
settings.global = {
server_name = domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [ ];
url_preview_domain_explicit_allowlist = [ "*" ];
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
support_email = "henry@henryhiles.com";
support_mxid = "@quadradical:${domain}";
};
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
};
}

44
clients/quadraticserver/matrix/grapevine.nix
View file

@ -1,44 +0,0 @@
{
inputs,
lib,
...
}: {
imports = [inputs.grapevine.nixosModules.default];
networking.firewall.allowedTCPPorts = [8448];
systemd.services.grapevine.serviceConfig.Restart = lib.mkForce "always";
services = let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
address = "127.0.0.3";
in {
grapevine = {
enable = true;
settings = {
server_name = domain;
database.backend = "rocksdb";
media.allow_unauthenticated_access = true;
federation = {
max_concurrent_requests = 10000;
self_test = false;
trusted_servers = ["matrix.org" "tchncs.de" "maunium.net"];
};
server_discovery = {
server.authority = "${subdomain}:443";
client.base_url = "https://${subdomain}";
};
listen = [
{
type = "tcp";
inherit address;
}
];
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy ${address}:6167";
};
}

146
flake.nix
View file

@ -14,10 +14,6 @@
url = "github:lordgrimmauld/run0-sudo-shim"; url = "github:lordgrimmauld/run0-sudo-shim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
grapevine = {
url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = { stylix = {
url = "github:danth/stylix"; url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -64,39 +60,49 @@
}; };
}; };
outputs = inputs: let outputs =
lib = inputs.nixpkgs.lib; inputs:
dirUtils = { let
opt = lib.optionals; lib = inputs.nixpkgs.lib;
dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir); dirUtils = {
}; opt = lib.optionals;
system = info: dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir);
lib.nixosSystem { };
inherit (info) system; system =
specialArgs = { info:
inherit inputs dirUtils; lib.nixosSystem {
inherit (info) type; inherit (info) system;
specialArgs = {
inherit inputs dirUtils;
inherit (info) type;
crossPkgs = import inputs.nixpkgs { crossPkgs = import inputs.nixpkgs {
hostPlatform = info.system; hostPlatform = info.system;
localSystem = info.system; localSystem = info.system;
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
overlays = let path = ./cross-overlays/${info.hostname}; in dirUtils.opt (builtins.pathExists path) (map (file: import file inputs) (lib.filesystem.listFilesRecursive path)); overlays =
let
path = ./cross-overlays/${info.hostname};
in
dirUtils.opt (builtins.pathExists path) (
map (file: import file inputs) (lib.filesystem.listFilesRecursive path)
);
config.permittedInsecurePackages = [ config.permittedInsecurePackages = [
"libsoup-2.74.3" "libsoup-2.74.3"
]; ];
};
}; };
};
modules = let modules =
clientPath = ./clients/${info.hostname}; let
in clientPath = ./clients/${info.hostname};
with dirUtils; in
with dirUtils;
[ [
./wrappers/default.nix ./wrappers/default.nix
{networking.hostName = info.hostname;} { networking.hostName = info.hostname; }
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.run0-sudo-shim.nixosModules.default inputs.run0-sudo-shim.nixosModules.default
] ]
@ -112,45 +118,55 @@
./stylix.nix ./stylix.nix
] ]
); );
}; };
in in
inputs.flake-parts.lib.mkFlake {inherit inputs;} { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = ["aarch64-linux" "x86_64-linux"]; systems = [
"aarch64-linux"
"x86_64-linux"
];
perSystem = {pkgs, ...}: { perSystem =
apps.image = { { pkgs, ... }:
type = "app"; {
program = pkgs.writeShellApplication { apps.image = {
name = "image"; type = "app";
runtimeInputs = with pkgs; [nix-output-monitor]; program = pkgs.writeShellApplication {
text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image"; name = "image";
runtimeInputs = with pkgs; [ nix-output-monitor ];
text = "nom build .#nixosConfigurations.\"$1\".config.system.build.image";
};
}; };
}; };
};
flake.nixosConfigurations = builtins.mapAttrs (name: value: flake.nixosConfigurations =
system ( builtins.mapAttrs
(
name: value:
system (
{
system = "x86_64-linux";
graphical = true;
hostname = name;
}
// value
)
)
{ {
system = "x86_64-linux"; "quadraticpc".type = "desktop";
graphical = true; "quadtop".type = "desktop";
hostname = name; "quadraticserver" = {
} type = "server";
// value graphical = false;
)) { };
"quadraticpc".type = "desktop"; "quadphone" = {
"quadtop".type = "desktop"; type = "mobile";
"quadraticserver" = { system = "aarch64-linux";
type = "server"; };
graphical = false; "everquad" = {
}; type = "mobile";
"quadphone" = { system = "aarch64-linux";
type = "mobile"; };
system = "aarch64-linux"; };
};
"everquad" = {
type = "mobile";
system = "aarch64-linux";
};
};
}; };
} }