continuwuity migration

2025-09-14 16:33:36 -04:00 · 2025-09-14 16:33:36 -04:00 · d5254c453c
commit d5254c453c
parent 7869d962c0
7 changed files with 299 additions and 245 deletions
--- a/clients/quadraticserver/auth.nix
+++ b/clients/quadraticserver/auth.nix
@ -2,17 +2,31 @@
  inputs,
  config,
  ...
-}: {
+}:
+{
  imports = [ inputs.matrixoidc.nixosModules.default ];

-  services = let
+  services =
+    let
      socket = "/var/run/matrixoidc/socket";
      domain = "auth.federated.nexus";
-  in {
+    in
+    {
      matrixoidc = {
        enable = true;
        jwtSecretFile = config.age.secrets."oidcJwtSecret.age".path;
-      args = ["--socket" socket "--homeserver" config.services.grapevine.settings.server_discovery.client.base_url "--issuer" "https://${domain}" "--authorizeEndpoint" "https://federated.nexus/login" "--serviceDomain" "federated.nexus"];
+        args = [
+          "--socket"
+          socket
+          "--homeserver"
+          config.services.matrix-continuwuity.settings.global.well_known.client
+          "--issuer"
+          "https://${domain}"
+          "--authorizeEndpoint"
+          "https://federated.nexus/login"
+          "--serviceDomain"
+          "federated.nexus"
+        ];
        group = "caddy";
      };

--- a/clients/quadraticserver/matrix/bot.nix
+++ b/clients/quadraticserver/matrix/bot.nix
@ -2,15 +2,17 @@
  inputs,
  config,
  ...
-}: {
+}:
+{
  imports = [ inputs.nexusbot.nixosModules.default ];

-  services = let
+  services =
+    let
      socket = "/var/run/nexusbot/socket";
      domain = "register.federated.nexus";
-    alias =
-      "inf" + "o@f" + "edera" + "ted.n" + "exus";
-  in {
+      alias = "inf" + "o@f" + "edera" + "ted.n" + "exus";
+    in
+    {
      nexusbot = {
        enable = true;
        botPasswordFile = config.age.secrets."botPassword.age".path;
@ -19,7 +21,7 @@
          "--socket"
          socket
          "--homeserver"
-        config.services.grapevine.settings.server_discovery.client.base_url
+          config.services.matrix-continuwuity.settings.global.well_known.client
          "--name"
          "nexusbot"
          "--adminRoom"
@ -31,7 +33,7 @@
          "--inviteTo"
          "#community:federated.nexus"
          "--adminName"
-        "grapevine"
+          "conduit"
          "--email"
          config.services.caddy.email
          "--emailAlias"
--- a/clients/quadraticserver/matrix/bridges.nix
+++ b/clients/quadraticserver/matrix/bridges.nix
@ -4,7 +4,11 @@
  inputs,
  config,
  ...
-}: let
+}:
+let
+  client = config.services.matrix-continuwuity.settings.global.well_known.client;
+  server_name = config.services.matrix-continuwuity.settings.global.server_name;
+
  settings = {
    backfill.enabled = true;

@ -14,8 +18,8 @@
    };

    homeserver = {
-      domain = config.services.grapevine.settings.server_name;
-      address = config.services.grapevine.settings.server_discovery.client.base_url;
+      domain = server_name;
+      address = client;
    };

    bridge = {
@ -25,25 +29,36 @@
        require = false;
      };
      permissions = {
-        "${config.services.grapevine.settings.server_name}" = "user";
-        "@quadradical:${config.services.grapevine.settings.server_name}" = "admin";
+        "${server_name}" = "user";
+        "@quadradical:${server_name}" = "admin";
      };
    };
  };
-in {
-  imports = [inputs.nix-matrix-appservices.nixosModule inputs.ooye.modules.default];
+in
+{
+  imports = [
+    inputs.nix-matrix-appservices.nixosModule
+    inputs.ooye.modules.default
+  ];

-  services = let
+  services =
+    let
      domain = "ooye.federated.nexus";
-  in {
-    matrix-appservices.services = builtins.mapAttrs (name: value:
+    in
+    {
+      matrix-appservices.services =
+        builtins.mapAttrs
+          (
+            name: value:
            value
            // {
              inherit settings;
              format = "mautrix-go";
              port = 8000;
              package = value.package.override { withGoolm = true; };
-      }) {
+            }
+          )
+          {
            whatsapp = {
              host = "127.0.0.4";
              serviceConfig.EnvironmentFile = config.age.secrets."whatsapp.age".path;
@ -58,7 +73,7 @@ in {

      matrix-ooye = {
        enable = true;
-      homeserver = config.services.grapevine.settings.server_discovery.client.base_url;
+        homeserver = client;
        homeserverName = "federated.nexus";
        discordTokenPath = config.age.secrets."discordToken.age".path;
        discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
@ -66,7 +81,8 @@ in {
        bridgeOrigin = "https://${domain}";
      };

-    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
+      caddy.virtualHosts."${domain}".extraConfig =
+        "reverse_proxy 127.0.0.1:${config.services.matrix-ooye.socket}";
    };

  systemd.services.matrix-ooye.serviceConfig.Restart = lib.mkForce "always";
--- a/clients/quadraticserver/matrix/call.nix
+++ b/clients/quadraticserver/matrix/call.nix
@ -3,15 +3,18 @@
  pkgs,
  config,
  ...
-}: {
+}:
+{
  systemd.services = {
    livekit.serviceConfig.Restart = lib.mkForce "always";
    lk-jwt-service.serviceConfig.Restart = lib.mkForce "always";
  };

-  services = let
+  services =
+    let
      domain = "call.federated.nexus";
-  in {
+    in
+    {
      livekit = {
        enable = true;
        keyFile = config.age.secrets."livekitKeys.age".path;
@ -26,15 +29,17 @@
      caddy.virtualHosts."${domain}".extraConfig = ''
        root * ${pkgs.element-call}
        route {
-      	respond /config.json `${builtins.toJSON {
+        	respond /config.json `${
+           builtins.toJSON {
             default_server_config = {
               "m.homeserver" = {
-            "base_url" = config.services.grapevine.settings.server_discovery.client.base_url;
-            "server_name" = config.services.grapevine.settings.server_name;
+                 "base_url" = config.services.matrix-continuwuity.settings.global.well_known.client;
+                 "server_name" = config.services.matrix-continuwuity.settings.global.server_name;
               };
             };
             livekit.livekit_service_url = "https://${domain}/livekit";
-      }}` 200
+           }
+         }` 200

        	handle /livekit/sfu/get {
        	  uri strip_prefix /livekit
--- a/clients/quadraticserver/matrix/continuwuity.nix
+++ b/clients/quadraticserver/matrix/continuwuity.nix
@ -0,0 +1,45 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
+
+  services =
+    let
+      domain = "federated.nexus";
+      subdomain = "matrix.${domain}";
+      socket = "/var/run/continuwuity/continuwuity.sock";
+    in
+    {
+      matrix-continuwuity = {
+        enable = true;
+        package = inputs.continuwuity.packages.${pkgs.system}.default;
+        group = "caddy";
+        settings.global = {
+          server_name = domain;
+          unix_socket_path = socket;
+          new_user_displayname_suffix = "";
+          allow_public_room_directory_over_federation = true;
+          trusted_servers = [
+            "matrix.org"
+            "tchncs.de"
+            "maunium.net"
+          ];
+          ignore_messages_from_server_names = [ ];
+          url_preview_domain_explicit_allowlist = [ "*" ];
+
+          well_known = {
+            client = "https://${subdomain}";
+            server = "${subdomain}:443";
+            support_email = "henry@henryhiles.com";
+            support_mxid = "@quadradical:${domain}";
+          };
+        };
+      };
+
+      caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
+    };
+}
--- a/clients/quadraticserver/matrix/grapevine.nix
+++ b/clients/quadraticserver/matrix/grapevine.nix
@ -1,44 +0,0 @@
-{
-  inputs,
-  lib,
-  ...
-}: {
-  imports = [inputs.grapevine.nixosModules.default];
-  networking.firewall.allowedTCPPorts = [8448];
-
-  systemd.services.grapevine.serviceConfig.Restart = lib.mkForce "always";
-
-  services = let
-    domain = "federated.nexus";
-    subdomain = "matrix.${domain}";
-    address = "127.0.0.3";
-  in {
-    grapevine = {
-      enable = true;
-      settings = {
-        server_name = domain;
-        database.backend = "rocksdb";
-        media.allow_unauthenticated_access = true;
-        federation = {
-          max_concurrent_requests = 10000;
-          self_test = false;
-          trusted_servers = ["matrix.org" "tchncs.de" "maunium.net"];
-        };
-
-        server_discovery = {
-          server.authority = "${subdomain}:443";
-          client.base_url = "https://${subdomain}";
-        };
-
-        listen = [
-          {
-            type = "tcp";
-            inherit address;
-          }
-        ];
-      };
-    };
-
-    caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy ${address}:6167";
-  };
-}
--- a/flake.nix
+++ b/flake.nix
@ -14,10 +14,6 @@
      url = "github:lordgrimmauld/run0-sudo-shim";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    grapevine = {
-      url = "gitlab:matrix/grapevine?ref=olivia/openid-api&host=gitlab.computer.surgery";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
    stylix = {
      url = "github:danth/stylix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -64,13 +60,16 @@
    };
  };

-  outputs = inputs: let
+  outputs =
+    inputs:
+    let
      lib = inputs.nixpkgs.lib;
      dirUtils = {
        opt = lib.optionals;
        dirFiles = type: dir: lib.filter (lib.hasSuffix type) (lib.filesystem.listFilesRecursive dir);
      };
-    system = info:
+      system =
+        info:
        lib.nixosSystem {
          inherit (info) system;
          specialArgs = {
@ -82,7 +81,13 @@
              localSystem = info.system;
              buildPlatform = "x86_64-linux";

-            overlays = let path = ./cross-overlays/${info.hostname}; in dirUtils.opt (builtins.pathExists path) (map (file: import file inputs) (lib.filesystem.listFilesRecursive path));
+              overlays =
+                let
+                  path = ./cross-overlays/${info.hostname};
+                in
+                dirUtils.opt (builtins.pathExists path) (
+                  map (file: import file inputs) (lib.filesystem.listFilesRecursive path)
+                );

              config.permittedInsecurePackages = [
                "libsoup-2.74.3"
@ -90,7 +95,8 @@
            };
          };

-        modules = let
+          modules =
+            let
              clientPath = ./clients/${info.hostname};
            in
            with dirUtils;
@ -115,9 +121,14 @@
        };
    in
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
-      systems = ["aarch64-linux" "x86_64-linux"];
+      systems = [
+        "aarch64-linux"
+        "x86_64-linux"
+      ];

-      perSystem = {pkgs, ...}: {
+      perSystem =
+        { pkgs, ... }:
+        {
          apps.image = {
            type = "app";
            program = pkgs.writeShellApplication {
@ -128,7 +139,10 @@
          };
        };

-      flake.nixosConfigurations = builtins.mapAttrs (name: value:
+      flake.nixosConfigurations =
+        builtins.mapAttrs
+          (
+            name: value:
            system (
              {
                system = "x86_64-linux";
@ -136,7 +150,9 @@
                hostname = name;
              }
              // value
-        )) {
+            )
+          )
+          {
            "quadraticpc".type = "desktop";
            "quadtop".type = "desktop";
            "quadraticserver" = {