darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

update matrix cfg

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-06-26 07:11:44 +02:00
parent ecdf52e5e6
commit 577ff561a5
8 changed files with 40 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
config/services/matrix-media-repo.nix
View file

@ -72,10 +72,6 @@
};
featureSupport = {
};
sentry = {
enabled = true;
dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
};
rateLimit.enabled = false;
thumbnails = {
maxSourceBytes = 0;
@ -122,35 +118,8 @@ in {
ExecStart = "${matrix-media-repo}/bin/media_repo -config /var/lib/matrix-media-repo/config.yml";
};
};
systemd.services.purge-old-media = {
path = [pkgs.curl];
description = "Purge unused media";
script = ''
export MATRIX_TOKEN=$(cat ${config.sops.secrets."services/matrix-media-repo/matrix-token".path})
for i in $(seq 1000); do
curl -H "Authorization: Bearer $MATRIX_TOKEN" -X POST https://matrix.chir.rs/_matrix/media/unstable/admin/purge/old\?before_ts=$(date -d "3 months ago" +%s%3N)\&include_local=true && exit 0
done
'';
serviceConfig = {
Type = "oneshot";
User = "matrix-media-repo";
Group = "matrix-media-repo";
};
};
systemd.timers.purge-old-media = {
description = "Purge unused media";
after = ["network.target" "matrix-media-repo.service"];
requires = ["purge-old-media.service"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnUnitInactiveSec = 300;
RandomizedDelaySec = 300;
};
};
sops.secrets."services/matrix-media-repo/access-key-id".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/secret-access-key".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/matrix-token".owner = "matrix-media-repo";
users.users.matrix-media-repo = {
description = "Matrix Media Repository";
home = "/var/lib/matrix-media-repo";

12
config/services/mautrix-discord.nix
View file

@ -1,11 +1,15 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
imports = [
../../modules/matrix/mautrix-discord.nix
];
services.mautrix-discord = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -58,9 +62,13 @@
"@miifox:chir.rs" = "user";
"@lotte:chir.rs" = "admin";
};
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_discord"
];

6
config/services/mautrix-signal.nix
View file

@ -5,7 +5,7 @@
}: {
services.mautrix-signal = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -43,9 +43,13 @@
"@lotte:chir.rs" = "admin";
};
relay.enabled = true;
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_signal"
];

3
config/services/mautrix-telegram.nix
View file

@ -55,6 +55,9 @@
"@miifox:chir.rs" = "full";
"@lotte:chir.rs" = "admin";
};
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
telegram = {
api_id = "$API_ID";

12
config/services/mautrix-whatsapp.nix
View file

@ -1,11 +1,15 @@
{pkgs, ...}: {
{
config,
pkgs,
...
}: {
imports = [
../../modules/matrix/mautrix-whatsapp.nix
];
services.mautrix-whatsapp = {
enable = true;
environmentFile = pkgs.emptyFile;
environmentFile = config.sops.secrets."services/mautrix/shared_secret".path;
settings = {
homeserver = {
address = "https://matrix.chir.rs";
@ -58,9 +62,13 @@
"@lotte:chir.rs" = "admin";
};
relay.enabled = true;
login_shared_secret_map = {
"chir.rs" = "as_token:$SHARED_AS_TOKEN";
};
};
};
};
sops.secrets."services/mautrix/shared_secret" = {};
services.postgresql.ensureDatabases = [
"mautrix_whatsapp"
];

11
config/services/synapse.nix
View file

@ -11,6 +11,7 @@
config.sops.secrets."synapse/mautrix-discord".path
config.sops.secrets."synapse/mautrix-telegram".path
config.sops.secrets."synapse/mautrix-whatsapp".path
config.sops.secrets."synapse/doublepuppet".path
];
server_name = "chir.rs";
public_baseurl = "https://matrix.chir.rs/";
@ -33,11 +34,6 @@
admin_contact = "mailto:lotte@chir.rs";
retention = {
enabled = true;
default_policy = {
max_lifetime = "12w";
};
max_lifetime = "12w";
allowed_lifetime_max = "12w";
purge_jobs = [
{
longest_max_lifetime = "3d";
@ -114,7 +110,6 @@
msc3967_enabled = true;
msc2659_enabled = true;
};
sentry.dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
};
withJemalloc = true;
};
@ -182,4 +177,8 @@
key = "services/mautrix/whatsapp.yaml";
owner = "matrix-synapse";
};
sops.secrets."synapse/doublepuppet" = {
key = "services/mautrix/doublepuppet.yaml";
owner = "matrix-synapse";
};
}

8
secrets/nas.yaml
View file

@ -5,11 +5,13 @@ services:
synapse:
private_key: ENC[AES256_GCM,data:KOOrWnhvgmiH8ZrXyhOxMBpNMasRs7rz3Bakod9zM0gOH9f0iZKNk/VcAjU3pQSHIX/wtKP9LwRaQ2g=,iv:sP3pgVnVmnR+JlD3Y2j0hDJR175sq2kRCepNHPQMB6U=,tag:JkSVD4y6HxbYaXJkm9sOrw==,type:str]
mautrix:
telegram: ENC[AES256_GCM,data:7G4uRhomr62ZF32yz7zOUhr3etCEgybo7gp1WZzx8A9tnbqfLcm1buvd8z7/2wypNVt8wWr9Z8DMwACojZjtni7mSwJgfFmbBIs8jAjATZYwGWSs0JYyPsEmdNI3Jeo0XA1faqzq3m7CSLS7axUhZd0MzfkOy78Nf8+MiOcgPnC2VRj252yy+Z8fBq7bsyb7M+rOIgNBWhzfknx8ID/fdZrcYSYoDbTYFOecjzRtDkrRq10hJko3z/JR5tCj/heU5fjBy6ZgAeqgKVQoRH6bsCXkQCQtfxbcWsHJVRo60nvJBp/Djf7A4cVca75FYN91jYSFQ15njLdiyd/z4+cd//EFDxbgpA==,iv:kfDJtNpsaPCf86PLRJYFWzud/qEfxPKDTPqfSNCqN+g=,tag:DkpaHhu5fHSqKkaKbql5FQ==,type:str]
telegram: ENC[AES256_GCM,data:wwnyH5cd9UYUSSrQlo7L9j3C6cJmmS4VRsSXVjW40L17oO4FdvlDkihq2Soe/5FchjyRO3acRMPjGoNr77AsfwEylqsQ6eyray3PAHQ3oNimDwdkrsMIT3XQ44ujGK05wqlU6ywYMFtlQYkuOqQOxEnRngVwufMhKs7Yo1ycxVPc+CIE3Hlju93xTuTuIJZY9pEKCrOtdP13OmvnFf6rMvstiJrN2i+EzTwqbqSfs3uubRxpSnrKKLlkaL5TuIphU7sFcL1irzh5MCTM7aaX7RdJJuP6KuAT2iHaPz8aCOnGzHXbibrSb+6enj12P60xv0J9ayTXjL7iDLKCYBndfXNZUl05PazTL9zRhm8jSQjkYXXsMmawbdVcrH7/1UFXd1AJPWQ/O2KvDipstw==,iv:ICa1U4B1A+8qCPrK+sWO0/mJoyJxUVWyR+HaD/cC+LI=,tag:q63tvOJhDKnN6AgzvLiKJA==,type:str]
shared_secret: ENC[AES256_GCM,data:k43actfw+7pbrjOJ68dVBAPD+ZBgJaPRRDNpv/CDTCJI5HFSqE0N,iv:LaT32Dfdgs5lsz2FBusVq8tp+1clNcSGi17+BOmsL0Y=,tag:6WO20t7pPq8gjJBtZWtwzw==,type:str]
discord.yaml: ENC[AES256_GCM,data:YQrvIe8PlrJZ5c4YAEAqaW80ls+F281EdQw4dWE4LA5BZyw4B/TuPL//oYaYGXYgFvbxHGsCqYvEeag4uOv9PclVl5LfAwc1X+rNpmww0lBUE3odFSL8D7+e9uf9DD934Yr3oXKX5igQODSp5PfuOETrMXizaImtCOvAajZtg9/Cg7xKVcti2kO0I3/lugfvSWExYYu1XlSi8Bpaq+e2WfxVQcggoN0p2uTRnKMzoSyHMUADr500VNXXuQlhusLgnYI+FGfZd7dWe0vtBNKieQEr4V5fkN5xSSlppK2b23WuGUnz/UFc86QnVqchtgSeqPv+cs4/hMgHRhDrt4PA0d9Gn5UdQtS4p4XSyUAs4Df74BGSogHHy7HhLU1ScbhPoRDCWSmM2PqBLCCd4qgQ2sYnoiW5wahiIgLVyEYIZN+UEzgs/TkMErsa4YwyH/NjNrTaGCew87lOEMRlmElOB5jenrB9Udo643CzB52HIv9BuGM/HFBKLrG0LsBpF/7mha6rPQ/+oRDeo56JjYpMH5DqxnHziX4obzG2MO5mPLEpFmLT08gat41LrgTzeh9wHGJxosSqrBvQKpDeTMtZGeU48/ed3MAMsRgqW37NIbcsDFwCOwK//IFBY//D7e/8iqU5Lyr9umQKdor80doeVg==,iv:Bt+jGfXVeT5hk9wL2wRYCeYD89oQzOGky/OksfDpLjo=,tag:DmKS5a26t/JWHmm2ok9SjQ==,type:str]
signal.yaml: ENC[AES256_GCM,data:8/cn9tIIBhfOLbIHOWKr2I+UG8PcnsYozTuIuyFgkcTCuGemid4hw29KWXahQ/ILtu7e9gVVOYu6fi/bionXKAdyk2bDr7ZC+b4MGaAsLbvKvyZ03Q9aIK8t9JEFTrY9VlhfP3/84ohAoS5P7hnaoO06LFtrApG+0WOoS2TLydlS5e7xuqQxbJkutEi1kmITVTYT21HLdz9Shgmo7s9ZxLQ51kTWVhZBH8ixj4t1BwX7oql+4HCmtEltGUmY31PsINmm3GjKi/D0nuf2oWTpWRCjFkX7wjboPFFmZPV0KTm2gOqDWIXtfgLzyNXsF0kyMM0p9h7UiqiuHSJRmFu3AwQTkTsDVuTh9YmVkyhkyI6fNjrniAckj3UfYyY7AiEeA7QK9fengntwnHDODLxHkwzripxCXRPBa0BUREV3dT5gPW1pDhSNiLE0UGsmIDf80JWDsll053kxe744NBI2bFJYD2dZTbVSmYKLiwjuc2FgofZnR9N0yA+OiVOZMxb9VfoXQC0K10vJd9540UH1UdDgOgM0Z+VW6UIrK9x/UKY4U2nKqD1W8kAC2aHQjIHAs37RzboLfagbAWQ7YeKXXoaaV3a9fTI4bxiTTG8EeYzfulcbtPNMYvZaNZFj34zIvuGJAOsOf67XRtJ5ywvWbagumIW1pyyeJ2Q9onKqzBY+VSDhUNxTyueHB8A=,iv:YI4ugoPUYs9PXaRmaIYY9N+7b8qspNHCSE8qUBKtn8M=,tag:YQ0pWwarrTWQMbb1yara7g==,type:str]
telegram.yaml: ENC[AES256_GCM,data:cK/6xsY0k43X5L7pDZTyKBULtIXSw+VpmK344oRhg9Bp+Ga1W+qUvcJ/ryT7LDC1pJ/8LP5r3/IimlARnFynhkxjJCs52/TPjSSLLTbkwPZG1Mhxp00tE5/+naH7HKs5mlnZHXjNRqtI51xAec9p9gQEvYUDoWmJGV/eYIi1yiVYLy9ce5+rGQMwbWJmLoIKfuOebmqtkX93O8m3ZUOYeRRi05RdNpiKwwrqtpbEfX4IuttFqPltOd7TaFksn081+sRCUFlvfRYlcHWd0d66ekKH9yNheVtOM5fsNwfP418kjPxhf4JcgcXOn7IGUvG/0q7tdLbdfo11fmFDH3Do2J/ua6hEWxjVT/jRhRZgPl6T8nN5TF16oj1kDFJb5EOS8/ZO6dN1f/66/kb3r+JG0auBspfI0jT+2+LPxDf0GoK9/WEE/ZDeNRB08TWE9fNh4MtbPwoZGhl/Z9jzUIgQnSBkM92hRQHq8H5lL52Az+koUFULWa4lSiPuzicVByqsyhv71SwMTKWuMNQoWHIAMANSitTNWfX37/ounBDBahoo8fDob90zFvdTbY6Adyh/amZkbrPB2XLDuuFjsMTqU7ZjY84PteuR2kE48ROzHRyBKv6ECOLZarsinrs2ymQkayaBHPwQd4NsQkmjIn+U80As4G9/HgnJ+g8pCq6tUepdw6m9umgA1WFFXHcRUZtybeFBFWDXhdPtwctM162X6k8CDvUiWv93ijPMbbeU7/MJxP8nrvps7G8CZdofQH8ZiQs10i6fBE11Ew4=,iv:4Q6Nl6mogqHMhlvCppV6hcV2/uXTU/kZi/zvJKOuxYc=,tag:de9gsEpzeSW9u5+Sgm1M0Q==,type:str]
whatsapp.yaml: ENC[AES256_GCM,data:7c2mmpzaDXWlcd+DwPi8mOBeyNMXewsEmIfKIzKPtgmyKUXxTKf0ryvEwIv1hccGPalCs2xZC8rzphUqQbIgow+xgRLn9rOrAXdnZMqJvNx7HWSkq07PPJKN51wvMI24hLQXBKSocZR8MTG0cKqh6V/lUuxv/9lzpH4G5Tn6tADojfaV8B34STe8+ZnoP3+oVkEJYd85fpG10BVyJ7hj0tT3LjwhZnnRUtZ9XzFtZrQZPsXyL+XxkFfSwWn4oFRoqS6lQyS8HiUeaBR8BiA71+Bus6W/MqTFAM9+aQYzB9YHZziEnFAAUcj76khMEqS2XniQunYtGD6isaI6lMpgefarJZirbK5jQsU0RkKNx2VJFOwKMhsPHYNY2E0CzvOuDD4bh3hx4G0oL6xMA1F6rtSa5t6MuuJlLUPQIAITNXhOi8YuS1wQ/7dUmlWR4QEhtLLjJBNTillZm2gecrmBmxmmQDNF8UHe4wlce19A732XiUBs39D4UgQZom99NulfEvWQc9ZmgWPNk9b/OBt0RyjSfagEySPD9wOPYCyLueCrrw2qv7XlEsBGYD5MbRun3jsTeVntgXhsAAipZ/R8YSUUD1/3qCA9lxaHxuLguKN6nZvHcRYTxlXMiqRpmDp0XdjGO8ZjlluyJmv97IOwvS1z7cE=,iv:rGVcLY1MGNzqgXwuSacCuJGg3sBMa3vyLsBT0+EgBT8=,tag:hMFU/o9Gt4eh9Qu2eXybiA==,type:str]
doublepuppet.yaml: ENC[AES256_GCM,data:7EpOPC6vGhSdY08HR6VLtnKlQnqYRyH2ECdbjV14WdPkEYKJIN8wTr6erNMHGcw0P6XC3YZNVur/MpP1nadvGUBguIIkmnkfCLnD8usoJWRG5f+kpzfn2DtTHZ01S1/pdKUsZ+gLw29IK11KJZp2P3bALeHiuhB97QH4lwSwUbSx921LrQV5OZ+lo7GuSVXMsPhewqGu4YeSumyouN7763J5HDcA3eRAJyatxe6wRbUs5gPWHbEOYUPJgTbkc+F63rhAaBvPVaJKdIijWC4M7aByP9FTZeyzrFuwCCmjCbJacaa3e6dYjW+qqg==,iv:YNtupHWmydh6iHTlwfJeixvyA6C2GtDtQ8fngQhBf/I=,tag:qSfKhAtEdiPUbGBs8gafow==,type:str]
hydra:
cache-key: ENC[AES256_GCM,data:CLCu9BTtbIFQ3epWbJYwnj+q7Gnxe/Gs8a53pxiEFObVp9EKMMArNHsvGBIBnuBG4vU6muRw/3EhF3LwDgT/YqVaI7KFKYn0myiTviSQ1hBcWHvTdWnbrlrB0kplBcv4oQ==,iv:kw2me7DIkeq4p+vmgl/bH6yvs6Bn2ifJDh56UT5XkaM=,tag:0ZQITx1NyQ67nyuTM6anCw==,type:str]
gitea_token: ENC[AES256_GCM,data:dEXglNtESY30IOKEmTamv8Ce5w63D5T4AJWJBO4XNC2iv9/me5zOuw==,iv:DYjWgu0oQMmMmTFiULcn2ZTV8bKVGR8bouItsNYL9/4=,tag:+/G9dzBaQ130r66PQYVxzA==,type:str]
@ -57,8 +59,8 @@ sops:
Kytvc1lyRHRrRXRjaEV0V3ZDcUgzVVkKkqr0FcWUCkTYLIXJKuY5/LJX1odVaF4s
P2BLyjXj81078QjKwTyXskFV36uWM70LoVfkxBRTMZO/4O+BCwRpkg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-06T11:49:06Z"
mac: ENC[AES256_GCM,data:IH4QwCM9ieZeJ46w5LbKVDiCxueFDqriR8mFjcSXDFt11l2kpROtDzkORCk3WwTmtNl6mXa6hntJ4ZmkSvMwaGah4oI/VnXe5s6PZ/dIa8ZeYmWx3M2bUg0kTA7c6fVcXsQ2qmye2hF0QCZlXSwcqWQTPpodruMiw9/e3IInZHk=,iv:9gpbdREasNv2914WvlJRkbh1KkPo7gmQILUMaV54gd8=,tag:B5ePK5cf7QpgbYmATLRBDQ==,type:str]
lastmodified: "2024-06-25T07:41:49Z"
mac: ENC[AES256_GCM,data:ct+TcTzTZ3cAK8XIypBFdmlDtadUeN3b8jVSpre8aZ4YHiEibY3jp55EG3qOvi26bClGkfaWn7Jw/QmUjs530s7830HK2YzOY7FaMRFS9hcvoM9AuHnI7tIoaeaeIYZfsciIkVAZ0Cj0gXlQHE5UFbdIMV2GnCO4EsmaDPDR5mI=,iv:n9N01RZ7ovXwTyyCvaAt/x8AL7QXH9iu+/uU7qPltSE=,tag:rN85ZJNzOuC7tuFQw4fhug==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

5
secrets/nixos-8gb-fsn1-1.yaml
View file

@ -24,7 +24,6 @@ services:
matrix-media-repo:
access-key-id: ENC[AES256_GCM,data:qFc3bua0z3cCydNwoM0hA9T3zbI=,iv:zox8zBO7p+CpyHUbXt1WIbsXVtJd16L5UHRS2HAGLpU=,tag:Rv/F8TmcLm9gIz8YMrZlCQ==,type:str]
secret-access-key: ENC[AES256_GCM,data:DiQmiDXGkSe1oFUrv1oDAAp0P5keo84BXMusSIGaRmeMNw2/cKy0tA==,iv:nEhRuPBgYY7/mHJwB86qzuZ9bgJBX3f5PJU+VdIRAuk=,tag:laAam0N7/0e8I7J/BiiNpg==,type:str]
matrix-token: ENC[AES256_GCM,data:pY+qeZY087urzwoYmA6lKc7j4HzsXswG6bkS7uSxFHXhRcoClTB2,iv:9+8uM07QeYBDWZFthMn2NqBBvIYrbkCuXzvieA6eGMQ=,tag:/kXekfgLG+iJZD6Dz7sQOQ==,type:str]
hydra:
gitea_token: ENC[AES256_GCM,data:NkEXwLbofK2QnWrUuxY5QvUkYPWzY7Brsgl9FvV5Me0J5mWuHUc0Dg==,iv:UhA4JUKV/+D5lOTAx3fC+rsr61lYQJRioSyKQ3s1e0Y=,tag:E/HB2S90o7dLmeWBLsOP9w==,type:str]
gitea: ENC[AES256_GCM,data:J614G1lGr+XLRDrXoQtMHDFKrweRHWX5cvB6h4mOV63lRJEKB8c3/w==,iv:+no/ER8Ef5vsdBBT/evfguTwj3nc6aFFcOS16USEqgQ=,tag:LjNY9bRPCu5qM4ngowAlmA==,type:str]
@ -88,8 +87,8 @@ sops:
M0tUV1E2dndCTXRsOVJBU2ZNVHRFS2MKhBezoPFc0mdXassxViUfsmFTQCVbP1Js
bEpByfdW69GUCjR0HmcjF3NX/Cd5N5uivy+yLp3IrincHAz8LBIXyw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-06T08:54:33Z"
mac: ENC[AES256_GCM,data:H8sm4uNLWYHQNBaQr6/atrukO9UpD/4v0mnLmflKsuZXnQBeX5IcHfK/UTkOHrs3L32kf5NK71wBu91POQRjYb+Pa6MfBhjcb5WZFBIwLIYCeDSacLWZxl5yZ0aqFEaH9/GrhFHWgZTwzfuUlDbQI/tt4bs/R5GCMYa15GF7E48=,iv:sAQBKI7MKTtLLbHujx957+mRryYiawqZPwpWd8UPN4Y=,tag:RmPQ7zttzGruKvAb8TpC5w==,type:str]
lastmodified: "2024-06-25T06:52:54Z"
mac: ENC[AES256_GCM,data:FhxxJOAZNyaAOIj3cEiFnNgLZzc4AmY2N0lI338zqy3rStYvJACu7aGXRtuUjZnij7MyZmvPgBk+wPRvyiup44FJp/aPuUuVK8nOLkoLPvZH+8gZqS4NxOCaJcKXFKgJVVfbKa417oEwRN8jbb6ocIq/RYhycKECTFiGw7eLrM4=,iv:LJUJH01z16yyrm7u/dvpgKo4g7vmYVFNKDD9aSjLz4g=,tag:DkPXQgRiisL6EwUUD3ArMw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1