From f85442e1ab4723962f1000546d245fd0a0278881 Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Mon, 31 Mar 2025 19:29:43 -0400 Subject: [PATCH] WIP grapevine --- clients/quadraticserver/matrix.nix | 57 +++- clients/quadraticserver/vaultwarden.nix | 4 +- flake.lock | 342 +++++++++++++++++++++++- flake.nix | 1 + 4 files changed, 384 insertions(+), 20 deletions(-) diff --git a/clients/quadraticserver/matrix.nix b/clients/quadraticserver/matrix.nix index 4ee7d12..e45ae51 100644 --- a/clients/quadraticserver/matrix.nix +++ b/clients/quadraticserver/matrix.nix @@ -1,22 +1,63 @@ -{config, ...}: { +{inputs, ...}: { + imports = [inputs.grapevine.nixosModules.default]; networking.firewall.allowedTCPPorts = [8448]; + systemd.tmpfiles.rules = [ + "d /var/lib/private/matrix-conduit 0770 conduit conduit" + "d /var/lib/private/matrix-conduit/database 0770 conduit conduit" + "d /var/lib/private/matrix-conduit/media 0770 conduit conduit" + "L /var/lib/matrix-conduit /var/lib/private/matrix-conduit" + ]; + + users = { + groups.conduit = {}; + users.conduit = { + isSystemUser = true; + group = "conduit"; + }; + }; + + systemd.services.grapevine.serviceConfig = { + User = "conduit"; + Group = "conduit"; + }; + services = let domain = "matrix.henryhiles.com"; - socket = "/run/conduwuit/socket"; + # socket = "/run/grapvine/socket"; in { - conduwuit = { + grapevine = { enable = true; - group = config.services.caddy.group; - settings.global = { - server_name = "henryhiles.com"; - unix_socket_path = socket; + settings = { + server_name = domain; + conduit_compat = true; + database.backend = "rocksdb"; + + allow_registration = true; + registration_token = "test"; + + federation = { + max_concurrent_requests = 10000; + self_test = false; + }; + + server_discovery = { + server.authority = "${domain}:443"; + client.base_url = "https://${domain}"; + }; + + listen = [ + { + type = "tcp"; + address = "127.0.0.3"; + } + ]; }; }; caddy.virtualHosts."${domain}" = { serverAliases = ["${domain}:8448"]; - extraConfig = "reverse_proxy unix/${socket}"; + extraConfig = "reverse_proxy 127.0.0.3"; }; }; } diff --git a/clients/quadraticserver/vaultwarden.nix b/clients/quadraticserver/vaultwarden.nix index ea73c11..d9c8938 100644 --- a/clients/quadraticserver/vaultwarden.nix +++ b/clients/quadraticserver/vaultwarden.nix @@ -8,10 +8,10 @@ domain = "https://${domain}"; signupsAllowed = false; passwordHintsAllowed = false; - rocketAddress = "127.0.0.1"; + rocketAddress = "127.0.0.2"; }; }; - caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy localhost:8000"; + caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy 127.0.0.2:8000"; }; } diff --git a/flake.lock b/flake.lock index 0b51f66..215177c 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,30 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1738524606, + "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "main", + "repo": "attic", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -126,6 +150,44 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -148,6 +210,29 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "grapevine", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1742452566, + "narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=", + "owner": "nix-community", + "repo": "fenix", + "rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -212,6 +297,39 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -227,6 +345,28 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -267,6 +407,25 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": [ "stylix", @@ -368,6 +527,33 @@ "type": "github" } }, + "grapevine": { + "inputs": { + "attic": "attic", + "crane": "crane_2", + "fenix": "fenix", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_3", + "rocksdb": "rocksdb" + }, + "locked": { + "host": "gitlab.computer.surgery", + "lastModified": 1743378486, + "narHash": "sha256-OX4sPrEDoTO/qZklcBMhqwjMpUWjPmSFW5LWoYSJezE=", + "owner": "matrix", + "repo": "grapevine", + "rev": "6bcc4e310e26f742dd2e8508271b93bb9b61edce", + "type": "gitlab" + }, + "original": { + "host": "gitlab.computer.surgery", + "owner": "matrix", + "repo": "grapevine", + "type": "gitlab" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -430,6 +616,44 @@ "type": "github" } }, + "nix-filter": { + "locked": { + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1734435836, @@ -461,7 +685,55 @@ "type": "indirect" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1742889210, + "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1743095683, "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", @@ -477,7 +749,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_5": { "locked": { "lastModified": 1732014248, "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", @@ -492,7 +764,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_6": { "locked": { "lastModified": 1741513245, "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", @@ -510,7 +782,7 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "stylix", "nixpkgs" @@ -552,24 +824,59 @@ "type": "github" } }, + "rocksdb": { + "flake": false, + "locked": { + "lastModified": 1734381914, + "narHash": "sha256-G+DlQwEUyd7JOCjS1Hg1cKWmA/qAiK8UpUIKcP+riGQ=", + "owner": "facebook", + "repo": "rocksdb", + "rev": "ae8fb3e5000e46d8d4c9dbf3a36019c0aaceebff", + "type": "github" + }, + "original": { + "owner": "facebook", + "ref": "v9.10.0", + "repo": "rocksdb", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "agenix-cli": "agenix-cli", "firefox-gnome-theme": "firefox-gnome-theme", + "grapevine": "grapevine", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_4", "programsdb": "programsdb", "simple-nixos-mailserver": "simple-nixos-mailserver", "stylix": "stylix", "wrapper-manager": "wrapper-manager" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1742296961, + "narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { @@ -593,14 +900,14 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme_2", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_5", + "flake-utils": "flake-utils_3", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_6", "nur": "nur", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -666,6 +973,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index dd3604f..72f9467 100755 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; agenix-cli.url = "github:cole-h/agenix-cli"; + grapevine.url = "gitlab:matrix/grapevine?host=gitlab.computer.surgery"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; agenix = { url = "github:ryantm/agenix";