tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

chore(continuwuity): Switch to new upstream module

Browse source
This commit is contained in:
Tristan Daniël Maat 2026-02-25 01:56:32 +08:00
parent 4667044ea5
commit 3011625e51
Signed by: tlater
GPG key ID: 02E935006CF2E8E7
4 changed files with 16 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
configuration/hardware-specific/hetzner/disko.nix
View file

@ -80,7 +80,7 @@
inherit mountOptions; inherit mountOptions;
mountpoint = "/var"; mountpoint = "/var";
}; };
"/volume/var/lib/private/matrix-conduit" = { "/volume/var/lib/private/continuwuity" = {
mountOptions = [ mountOptions = [
# Explicitly don't compress here, since # Explicitly don't compress here, since
# conduwuit's database does compression by # conduwuit's database does compression by
@ -89,7 +89,7 @@
# if btrfs compresses it) # if btrfs compresses it)
"noatime" "noatime"
]; ];
mountpoint = "/var/lib/private/matrix-conduit"; mountpoint = "/var/lib/private/continuwuity";
}; };
"/volume/nix-store" = { "/volume/nix-store" = {
inherit mountOptions; inherit mountOptions;

27
configuration/services/conduit/default.nix
View file

@ -7,7 +7,7 @@
let let
inherit (lib.strings) concatMapStringsSep; inherit (lib.strings) concatMapStringsSep;
cfg = config.services.matrix-conduit; cfg = config.services.matrix-continuwuity;
domain = "matrix.${config.services.nginx.domain}"; domain = "matrix.${config.services.nginx.domain}";
turn-realm = "turn.${config.services.nginx.domain}"; turn-realm = "turn.${config.services.nginx.domain}";
in in
@ -45,14 +45,14 @@ in
}; };
services = { services = {
matrix-conduit = { matrix-continuwuity = {
enable = true; enable = true;
package = pkgs.matrix-continuwuity; package = pkgs.matrix-continuwuity;
settings.global = { settings.global = {
address = "127.0.0.1"; address = [ "127.0.0.1" ];
server_name = domain; server_name = domain;
new_user_displayname_suffix = "🦆"; new_user_displayname_suffix = "🦆";
allow_check_for_updates = true; turn_secret_file = "/run/credentials/continuwuity.service/turn-secret";
# Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended # Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
# This is primarily to make sliding sync work # This is primarily to make sliding sync work
@ -173,35 +173,30 @@ in
locations = { locations = {
"/_matrix" = { "/_matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}"; proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}";
# Recommended by conduit # Recommended by conduit
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
"/.well-known/matrix" = { "/.well-known/matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}"; proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}";
}; };
}; };
}; };
backups.conduit = { backups.conduit = {
user = "root"; user = "root";
paths = [ "/var/lib/private/matrix-conduit/" ]; paths = [ "/var/lib/private/matrix-continuwuity/" ];
# Other services store their data in conduit, so no other services # Other services store their data in conduit, so no other services
# need to be shut down currently. # need to be shut down currently.
pauseServices = [ "conduit.service" ]; pauseServices = [ "continuwuity.service" ];
}; };
}; };
systemd.services.conduit.serviceConfig = { systemd.services.continuwuity.serviceConfig.LoadCredential = "turn-secret:${
ExecStart = lib.mkForce "${config.services.matrix-conduit.package}/bin/conduwuit"; config.sops.secrets."turn/env".path
# Pass in the TURN secret via EnvironmentFile, not supported by }";
# upstream module currently.
#
# See also https://gitlab.com/famedly/conduit/-/issues/314
EnvironmentFile = config.sops.secrets."turn/env".path;
};
systemd.services.coturn.serviceConfig.SupplementaryGroups = [ systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group config.security.acme.certs."tlater.net".group

4
configuration/services/conduit/heisenbridge.nix
View file

@ -5,7 +5,7 @@
... ...
}: }:
let let
conduitCfg = config.services.matrix-conduit; conduitCfg = config.services.matrix-continuwuity;
matrixLib = pkgs.callPackage ./lib.nix { }; matrixLib = pkgs.callPackage ./lib.nix { };
in in
{ {
@ -36,7 +36,7 @@ in
{ {
description = "Matrix<->IRC bridge"; description = "Matrix<->IRC bridge";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "conduit.service" ]; after = [ "continuwuity.service" ];
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";

2
configuration/services/crowdsec.nix
View file

@ -65,7 +65,7 @@
whitelist = { whitelist = {
reason = "whitelist false positive for matrix"; reason = "whitelist false positive for matrix";
expression = [ expression = [
"evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-conduit.settings.global.server_name}'" "evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-continuwuity.settings.global.server_name}'"
"evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']" "evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']"
]; ];
}; };