darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request 'move synapse to the cloud' (#89) from move-synapse into main

Browse source 
Reviewed-on: #89
This commit is contained in:
Charlotte 🦝 Delenk 2023-06-06 11:25:05 +00:00
commit 63e83e401d
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
6 changed files with 31 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/instance-20221213-1915.nix
View file

@ -25,6 +25,7 @@
./services/mautrix-whatsapp.nix
./services/mautrix-signal.nix
./services/kubo.nix
./services/synapse.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];

1
config/nas.nix
View file

@ -19,7 +19,6 @@
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./services/hostapd.nix
./services/synapse.nix
./services/router.nix
./services/syncthing.nix
../modules/tc-cake.nix

1
config/services/synapse.nix
View file

@ -120,7 +120,6 @@
withJemalloc = true;
};
sops.secrets."services/synapse/private_key" = {owner = "matrix-synapse";};
sops.secrets."services/synapse/discord-dev-registration.yaml" = {owner = "matrix-synapse";};
services.postgresql.ensureDatabases = [
"synapse"
];

6
secrets/instance-20221213-1915.yaml
View file

@ -8,6 +8,8 @@ security:
restic:
password: ENC[AES256_GCM,data:80XNExfwBIG3aVNQBc8T2fdN9oA=,iv:JM/HU7vhx28VA9EppxpFc3xRVcAt+kp3JwTuHmFpL78=,tag:pC73+XCsFGTdA+MbTihD7Q==,type:str]
services:
synapse:
private_key: ENC[AES256_GCM,data:E2BWj1/dBHJ47NhqUkEAbbkI3nPWmNM5XoD5ZBu40lBv9xvPxP9SCbLQdFMcxNY/Xew91OZL8NvlNxk=,iv:X6V0YFmkWA6C5j7REFijZt8/gNfB2wHT6U8/iSjLAFA=,tag:DF3ZyQlYLUXBxmnfqoNYnw==,type:str]
ipfs:
access_grant: ENC[AES256_GCM,data:WFWKgRf4VG0fViy9hSvRclwxQxICoV94eOpaVjGv6HJ/SeHLF2FaXG9PPNvU35JsNrWQhovYK33QPqE9IV6rgoo7xtH7FYlr91YYJ6a/x4SQnkIu5aUYIpsTk+I97T/5gfLJZK2Sr05lrnCBth5F2eu+ITILt8AUizrqLLW+KWpeCkzz6G8pJGwnOqp/CIDkTCybgnzM0piF4F0lVukAjnrUhYGR3szi8zpy6ZSQHFvXgz37DfEaTgcJlt/tx/xozkSor+KweXHDA71d1nugQ1p7DhLdP4rpm7PrdfZmwc56p2OkK15jdDPeOTBpOWvFt+wdPKR4PMfwYFHO5adE8ZNkdBafICtrdEV552qkTZ4LDYqY9qCi0tKU3TbuArxKoMPshoiaeqEuP2itPsZonqYVv9CXeOLSlA==,iv:NU4rJgOTg6SPOCiYvOqQH0w9i3aJR8IvfNcm+eykoVI=,tag:/LRTOtGRd/Y9QJlK0X1jvA==,type:str]
attic: ENC[AES256_GCM,data:piBIi+r/WKVnGwl00q1lZjdyQz2PqFGrM8xTxf5/0MOv4UTJjw9I/9HdQAKgMH7okiAh94BTyGCM4EzwiHRbErQoQC9OihIgUkvQW6/SzIeSgSw3n8oBe7UKiXIedsjzLoPNjH1gDg8lLDgg5Iq389+AY+qPFfmF61tpcG35bkvKd1XWUL/elTMff+yILndu9fvcmmkDk4IGSdzB2fVcB+1k6JOWiL5Mo42RF2dUu7cvbnrsh/MpC0nzMrkQUBENfhPPuEjMGZ2ZwSqbW2B6FfZI9uCtdmRpXhwytzHBgwxetbKKe61a+mPTjSyItG/bqoSw4v+O8T8UBy2y/aAmZjvw+fhl+sb+ro90sOZMzY9jNVenZqVvTyZk12gD/ljpzRbGpIxE9l0WdLLlB9aNIaRa3EGbe9oNpGg4p6I+kEe4mx1+qhUpNgrCpv1jUORyfbKGNrPp//NiO3C7nrm//5D2U+Y4vg4Xc80RHsHTrHuKdpk=,iv:SoK0B7bf8TiFXCPTWYr2G1+XoFzFIIJzruwXfOjCsxg=,tag:bxsUXluNqqcuOixOz6cSjA==,type:str]
@ -49,8 +51,8 @@ sops:
bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ
QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-23T04:33:43Z"
mac: ENC[AES256_GCM,data:hSrZDZa3l6HnqyJcRoMDr1Lu8I5M1DuWEYYGSc1Gp8JtPWjU4U+nOvtATYu8ZwvEF+5bod2glIWXK7vaQ82aSZ3FViAGBkgTosZGEXaMk5NQieIXqGHIjeKY5mwoc5nhny9sAQw7EhoKP8QuCrMjQmstJMIjjY78+mJWlqnaL4k=,iv:Q5DOdVW7RPAJYhvU/y8m1U0PmWv5XXfdURB+kdgvWZw=,tag:iLdW7JZ5NlPXr1VkbLIoIQ==,type:str]
lastmodified: "2023-06-06T07:06:40Z"
mac: ENC[AES256_GCM,data:48wikd5/7pjHG+IcvqVgcEp8zcdzX9F3ewxJgQu3gM1ntVhaqNLVUByx4DsRvRR89UV0LEsYzK7t5qz5eZobVuxHNjMtOWet+NEbq6uxh6YOb3Fmz7O2rWsmyv2KwT/bnBmmc137gN9TIlVqCWROgCKG4C01IffAInOfCfw84J4=,iv:KVnDWXs2UvDX1xTplCIm3PjcCuvabkt/H3uaqPUFMSM=,tag:XByrMLLxfu4h/ebm+MMd0w==,type:str]
pgp:
- created_at: "2022-12-14T15:34:13Z"
enc: |

12
secrets/nas.yaml
View file

@ -4,14 +4,6 @@ network:
services:
woodpecker: ENC[AES256_GCM,data:L0WJG4pKrjd3TEbHJNKxVklg65F9IIuk2f82h8Tv/sxXOO1iDQ4VxoXXWxUEcD6hckvq0miWp74nh4LLqpcH3v/+nkIpTaDc9lqmTyxKPgys0+ZnsMr0cbZyP+FyK+r7Nh1oNTAxDEukOJZanPlzmJEqqq018oMES8DlsiLwDWc4kRsQ3QpFtGkTk8dHwhiiLu1XTAOjrkpNjWNmOn9/6mofxeMw7LflJNSZVyn0wthUkEO9o13QlTc5aDj3HWb7tI3FxV5clPf8Dc2Fyxt/x6abmL4f7OgYJDj+mM8RnP+ZmEXkNRYWjLHJZDlu3F8CRlBx5mOF25wTpUSGnyXRH6rjZpfGRl0Zco6PXPl0EJ8K8hlCOs7mR6tjvBpYRJH9yJiTYmqeGwLGLkD/455gWTqzi0PqUZUzMvz9HWZPBJ/ujCf3OsHYs/Uuq+ZRss2DwrACRKSNYniyI2HgNlJfnq3jnEhECkZITVWrEY9CE9EihBuknvQPKgBloiy7ZfE3FV8MEbl2s+Nltbv5qo5l32jwlkEIFfKx6rts1FNWuMk8XT/cLZ6nyQLC666wtz4a8dWwB+HamXSOqYenh5SPOuxUf+HP1q17UMnuID4Jv5bfTWAtUP0ifBee6VcvJ/cj96fg2GV/9Fs4alGmmaNSK9eqJmVWaimq0rFgxK/GKMBi,iv:K499RiuQVH5PbjcSkCODySCYJB98Lnz64E+g8OWQGSA=,tag:2kHHFgtf2t6zBBeOAs/1jw==,type:str]
woodpecker-runner: ENC[AES256_GCM,data:ziTD8BK99FgMBLgilghrKd5G5F5liC7TEQh6mqbh7npbzAqeeP6KPh1ea7PYVUDZKU8r/JjaYFY1zaPEcMfl+Ft/K5rYvkVUe4qp8HHJwAnOY+ivVOszstM=,iv:xQfqqYnoz4cdb6whdmppAMur2gtBxQrrk3T2g98/F18=,tag:A4xfr5XJREP+vr52LewmFw==,type:str]
synapse:
private_key: ENC[AES256_GCM,data:yU7yftN4QRbNgoR3MKeZeZMAlZP/WLIuO11SDmovyot1siq8sfS6enWlHdpxOurB0PWqsLSbkDoPO9g=,iv:GvIBst7+m8gWLhFpou2NJ5Sx7zNNURcumGbjYiCBTK0=,tag:whbtqezK7MHr3+veCHAzcw==,type:str]
discord-dev-registration.yaml: ENC[AES256_GCM,data:gWZmExd/SiHRWY7fnwsmGzubVpPVxdSbjzwJBHPOO1G9icB+htjIlSdnRAdDCUEMz66As2mNAW6yMb9l8JCvyN6+54hxKMAHFBb0M2fcCnH3/ZYOEb8uW6HJ1lASRhM05BwTRkSXwESe4IJHexzVMAg8+cL+zfXNJCGi2ii1Y3gzKNfaUHo+plevkeVTINzh0bqFeaOsAl9SOTAoCgLEJ/VxUpsyIzvXly2GoGSAcp01D8FSmNbNLZctZ885oKmgc9cO6Hy1u0DSaaq6Z8VMhyzbIYtOTuaA4Y5Du0f5PN9HfmFJbagy4Kjjfedx6woxG58OzHQ/6dx0qGnlXUp7oguAZzb4IUXFR/zGLRdAtBXkAZ5Iz1si1jkMgP68MkSwwQb3VvFcDVQ6WlYP3puP6w6iTUxpG17R1o47WWENOf/AoaHwpbzpjYY/U46hrt3F5P+mBTigO5TnnunO/DOWNCGbff7wohX7XdVN6hV1jchYlVKtFLldVGGSkDFqbSYHPaDiNSQ2MZICQWqT34cDzqEFXh6Xv74I+9jAy2tW1aRIwowRIvWJpOHSL5csbOzKMRfdyenoti0Yv4qadIbaKsOvhxHS5Sr5jodSrry6fdDd98unrOyCvXTsY//Hli5WNXAiXjpnUR79hR6od26WbfW7LgRp0BQvSviaR6+oJkOyNTUMkg19da2BdWAQnLYo6KmivF1/ZBdAgMsMwdqvPU3D2nLCPXxT5IPPC8i4OSh5a36yvvE9H9nUMuMfo2yEIvCdjpYJp/rU,iv:DdY/L7QZOTBH/2ZX2+C57YSB5ChlbOLypCzNoS8tTv4=,tag:MObnLxAf9MYdIKoLbsRl/w==,type:str]
mautrix:
discord.yaml: ENC[AES256_GCM,data:+c2DWNY0IIvFhlZrxiz90Sx1/WA0Ae6x0i4Mc8H6komVEbaxLuj/8VKQkQdCxaWditpiYOP6uusNx1OtxjIdfot+uJeFa3eqszBv81UmRxe8I4BLRQmTuqAHVGZkxtNSeZNh5JtkyeFQb99tDNu4NXG3BhVZ93prOVNI3Pes5caVG8+4FGGsv+RtBuD3cj/GPRT9gxv1rLOiJDP0+yeKpmH364+QWVvxs8PM+/Oqz/8sJYpg0TzMuC31nucrMsT1eKsCihh8dFnq9aeFUvgHl7Yz9oY4nEkUgTRJPvM27+ZlCN29x03RxD9jZU2WSHUADBsti15NtBqaB3y18ljiCaqUZRAnHaZPR3IIo8T8tsb/qauiCzJoh7Ftib/5EC8RguZOWEH+etvrFM/OlswamFGZefGvkkO8Z2tgQ6UG5jx8jVU3lh4ZGLKpKMAeM59pE+8AzMmYW1Soq8UcmSKVP3tsnK84ypLY21uMMuRdSoxWHrqUIdFKm3Vg4P6nABygUcShSXdurRRAP24FSobw6QECDaltjZUBvF3Rzdpoa/05GoAdSkmopumphWCzMmcckzjvc/2Bu8Al5NAulN5meNb59hkEAZ+CZAbPfyMypInzudK9zjjGfAO1TLBNpGUb+Xs9+lblVp49af7Lcu1QBw==,iv:tRZm2JeizCr0B1IQOQdEIMuGCb+CCKqCruuxA5kzojU=,tag:jyLNBT3SjFD/ruMINO73gw==,type:str]
signal.yaml: ENC[AES256_GCM,data:s8UncHHFW3Ky9y3OsR6BCFvoQnSf4Tin5FsC/QeLn+1QFqlqPMjeol6djSAvTLkVt98pxvgHWN5gbKtTjgFmujLveoB0aGW5Y5W0+EaPalRn6UnpSZB0HDSdEZdnT53CF3nEb2F3huNQezV5H27+0W+jnqxwlU2DcRTldq8OHkg7V9r62B/mLlG/EOVCl/Frexot/wcB2n594e6Gfjnm3jxv8ozpl5Lw8k6hyrA0pfdnRDysjtEUxmumz6Rtr4gu6adn2O7bQY1mDIHOObZscoQqG0Gi/qBQ708k64PHlrEATSamabNeqh7rzsvPelFfy9PibiFHVKEEt7BQnYCf0d5F105HwyX/a8LOzI2eHDwpzqNCUNnQjbYgrlZJKt8dlfEQ/REQdgR8diiCMdW956TPwkUdMeKf9/8fhHnttG1M9iuSByqEN25I0cx3S0NfnFC+Sp7H9PKoOC3+qTnta/0B6X5Nu/UIQMav47hCum2MCF4JoO8XW86PzmGFsWKKnbW/n6amtTAOOjsEGEqvLMpYZ4AuSoJYR2THycc5ZelmQ6YwXWvisOxWyw7auP7OwM2k73KblNxD2fTosaMEyOS+YgTbL1p8FkNGPnjXsNDz1mqpQSWfiTCNkPfsw8sf9IIUMoPi6QI3FwX2XGwfr0VYHeEWGD5tSjHey5v68GBIR8f9U+yo/4PwKjw=,iv:WWKSMeoPgI6hQnegEKhjzhW7miAadbJ/YIHliIj1p1w=,tag:ZSuC4GEFFJD136p4c2FNNQ==,type:str]
telegram.yaml: ENC[AES256_GCM,data:ZhT+xePqjHrgPel8GI9Wp5L5q3LrBAcd5GbXUI4AXRTRtm188yYRBYTg/1NQmrJIEfZIqL4MCWH/OQJ8sLZi6MJqftJfyK0gzrTZ+uxRoptWzXiaT3fJw0v2nwPjNYmWgVEX7UYEuEACZUj7S8IVrxNdxUyr/YkaYGTe9epd58hIAZfWdTf99Qs+HxG748l0qqO1R13BalZ/rGKiEtrNt9F4S+EBgFCZuIF1mdusiC3rqZvkHKZ8Ljsq1j+D+irUhoeMtwT/SodzfWyv6kNEFXksz4TzkI1Q8G6p9efiMJknFZbLwzwNpbKBcdsE6rfYGx1f94OflIMrVQHup3yRPnrZRT7Vfsyn7k2eEu5SiWMpcqf4mHaSrT3yFiKij17oYJqAa+hn0FPzOV49cq3zI/joUYqy2DKrHz4GDA0WXgwGHwVE7P8UA6P1d8aM3y518diyWLtSf6rJJdEOLz/HqBhrzRlwZGXhJAREYUShOtGQbeN5GqTR3IS9HMJGsUYwHOFf/nmP7t/HW+Rtm5wzUAot3KUFjhwkQU/OnyoDFylwffvnsIR5efvIVQGnoyOZYQnHby0QtQpwe45V7lYiO/lo4RkYACWaIhd0abevtno6UwvY3QUtDDZgs9u1fN4v/sshGrr+8WHtvIaBOHgWcYSKk99KT0Q/tx5Pr1rCDTUUsH1o6j8y9MAHE+2HSfmblRnE/Vr7VlI9d9aytEyyQlj1e+YCFyYzNfifsHVW4bOIp/s6kjoKcVbAh+KrtpUby46trZGmBg5Sza8=,iv:oWpenQMR2J1NWf3aAwOCXGCdFnCXpPPb7mSexmSRPgA=,tag:IsNqvloHerv31e+bhiFGIQ==,type:str]
whatsapp.yaml: ENC[AES256_GCM,data:nb8x+/+YsUDnoLB34yx7CG5HKY4z1erK734xhIfmZ5NL4bKL3SybykDgUbR1GSEYzY2Filws5KqOjSl7imPtPAAbo/s7Tn88TrllKwV8cgn1I7tj6R5qSE6YpBEoK5rjwuZgdy7OfbhlpK27WDns7x+pzq9kfOBPUfH+EKhI3ikObbrxOgZaF4GwLu50qDZCPwPkQZokFnHzUrzUSW9fbSto6iCT7iojZsThqj3+IfIPkRz98gBUCb874vkToS/ygBH65eRDdItpYSoHGjErqPp6ofYd3NQMHP9nZflEJAO5oFL8zQqMCQz9bweLPW8kca2ZPLcJzXa/xPbd92BP3LPxMQ1YzntETvkB99DdxNnNFNlQTSKAn2MFe1DqVjOS736YP0aqCXTR4xfXZ9z/oEPnDQmqguYFnUGh3kuaVUcTchaZEs2PISP8xTK3hnisn95oOcZv6C25baMXsGZFR9ItUpjnQjCbVSpa5mkWceeYQJtcl3+GTOsiOIVtF6vMgRSiVSI2hV0ScIF3e/+l1xMWiTD/5LJEF/XwoPrQBM1xhmRaNmWQlPfEmVxcI702/ahMTXMFWLRZjWZerl5BRse7ZBqPI0kFHC/bAwh2h3Rz/tWB9TB6FDpuSBSvNdFWzAXOpBPkbuAl0DfSDmrhGeJtsS0=,iv:PxYvGt6cSOHYIHU1UJYi0RbzfzzUvv78IhoAxo4+dEI=,tag:8yjnUXJOmhfRi0FwCTqnvQ==,type:str]
hydra:
cache-key: ENC[AES256_GCM,data:359HiOnMunY5vQowyl79OOYX7ELs1jGkyCMjvuUXUaVnPWu/Nui5UM51O4VKD6+cLvVKyy5QXJxxOVfPO5DHL7gb+rlcbcusdBs8iCLaqlxD7yHqDE6FsncFSB7OqqUKNw==,iv:/NBm6p/vpurdhFzrN7HA9Tu13g6FbWREbKh4yNPryB4=,tag:xTs/KwTOgAQwaukU8+ek0A==,type:str]
gitea_token: ENC[AES256_GCM,data:v0Ej8841I1F/dK5ZplRzZlvngpueMQKspM5USzX9VkOEmpCs2NA3+Q==,iv:fZisAuyqk7ATFx6qHYkScUeS8SsikjiPzVovZjGnUYM=,tag:7+O+Sn7unPDy88a6T70Jmg==,type:str]
@ -53,8 +45,8 @@ sops:
WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-25T07:33:13Z"
mac: ENC[AES256_GCM,data:L5jnCDJ1GQyJ3/Seakowpzkdp7RXlVc1OGFO+eTzRakENj4ZJR/3UCWTE9y8zzMxYocFjVSqhm983zobYmn2mA78bH9hzDTqz/rBqb7pqtkcbwmKRvbsST7t2bp08AFUJ+1zBbXteF0x9GPDuKgNXRVCgpnYNdn59mSzNl2H3XA=,iv:b/v9bgFWJEjjI21SrP145vEtZ4IVgYQmYDw0J7tdrMk=,tag:95vQA/6kJpclDQgTs6VZ/A==,type:str]
lastmodified: "2023-06-06T07:06:29Z"
mac: ENC[AES256_GCM,data:iuH+6PiDx+8iQlxds8/twFNaf2g2JuuBpCfQIppRxZPEWeVvWpLEaMEuFk+kKZagIrFIhl9LhyXXVqaGKDnXHmo3bOAGksWNq51PWlCODIe1gfWN6hMZHWFrZlcxv0JjyH2Zqou3udsEIc+Fkj3llGYeiNJw30M0lLhd9ORa5tA=,iv:Kdse9i3iT+Iuhxf6c7zGzgA/Jy3mDmGegQ+xcMqnXzk=,tag:ooWhhNvVbLPl+H6R9VODhw==,type:str]
pgp:
- created_at: "2022-04-24T10:34:20Z"
enc: |

48
zones/int.chir.rs.nix
View file

@ -15,7 +15,7 @@ in {
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 23;
serial = 24;
};
NS = [
"ns1.chir.rs."
@ -85,27 +85,27 @@ in {
}
];
/*
subdomains = {
_tcp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
_udp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
};
*/
subdomains = {
_tcp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
_udp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
};
*/
HTTPS = [
{
svcPriority = 1;
@ -284,11 +284,11 @@ in {
backup.CNAME = [(ttl zoneTTL (cname "nas"))];
hydra.CNAME = [(ttl zoneTTL (cname "nas"))];
mastodon.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix.CNAME = [(ttl zoneTTL (cname "instance-20221213-1915"))];
rspamd.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
woodpecker.CNAME = [(ttl zoneTTL (cname "nas"))];
moa.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix-admin.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix-admin.CNAME = [(ttl zoneTTL (cname "instance-20221213-1915"))];
mautrix-discord.CNAME = [(ttl zoneTTL (cname "instance-20221213-1915"))];
mautrix-signal.CNAME = [(ttl zoneTTL (cname "instance-20221213-1915"))];
mautrix-telegram.CNAME = [(ttl zoneTTL (cname "instance-20221213-1915"))];