tlaternet/tlaternet-server
1
0
Fork 0
Code Issues10 Pull requests Releases Activity

chore(treewide): Upgrade to NixOS 25.05

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-05-24 22:53:33 +08:00
parent b067bbc8c0
commit fc6be0c4c2
Signed by: tlater
GPG key ID: 49670FD774E43268
6 changed files with 43 additions and 29 deletions
configuration/services
conduit
default.nixmatrix-hookshot.nix
metrics
grafana.nix
nextcloud.nix

3
configuration/services/conduit/default.nix
View file

@ -1,6 +1,5 @@
{
pkgs,
flake-inputs,
config,
lib,
...
@ -21,7 +20,7 @@ in
services = {
matrix-conduit = {
enable = true;
package = flake-inputs.continuwuity.packages.${pkgs.system}.default;
package = pkgs.matrix-continuwuity;
settings.global = {
address = "127.0.0.1";
server_name = domain;

42
configuration/services/conduit/matrix-hookshot.nix
View file

@ -29,16 +29,29 @@ let
};
# Encryption support
extraSettings = {
"de.sorunome.msc2409.push_ephemeral" = true;
push_ephemeral = true;
"org.matrix.msc3202" = true;
};
# TODO(tlater): Enable when
# https://github.com/matrix-org/matrix-hookshot/issues/1060 is
# fixed
# extraSettings = {
# "de.sorunome.msc2409.push_ephemeral" = true;
# push_ephemeral = true;
# "org.matrix.msc3202" = true;
# };
runtimeRegistration = "${cfg.registrationFile}";
};
in
{
# users = {
# users.matrix-hookshot = {
# home = "/run/matrix-hookshot";
# group = "matrix-hookshot";
# isSystemUser = true;
# };
# groups.matrix-hookshot = { };
# };
systemd.services.matrix-hookshot = {
serviceConfig = {
Type = lib.mkForce "exec";
@ -49,6 +62,7 @@ in
# Some library in matrix-hookshot wants a home directory
Environment = [ "HOME=/run/matrix-hookshot" ];
# User = "matrix-hookshot";
DynamicUser = true;
StateDirectory = "matrix-hookshot";
RuntimeDirectory = "matrix-hookshot";
@ -62,7 +76,11 @@ in
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
RestrictAddressFamilies = [
# "AF_UNIX"
"AF_INET"
"AF_INET6"
];
LockPersonality = true;
RestrictRealtime = true;
ProtectProc = "invisible";
@ -71,6 +89,11 @@ in
};
};
# services.redis.servers.matrix-hookshot = {
# enable = true;
# user = "matrix-hookshot";
# };
services.matrix-hookshot = {
enable = true;
@ -89,6 +112,8 @@ in
bot.displayname = "Hookshot";
# cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}";
generic = {
enabled = true;
outbound = false;
@ -98,7 +123,10 @@ in
allowJsTransformationFunctions = true;
};
encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
# TODO(tlater): Enable when
# https://github.com/matrix-org/matrix-hookshot/issues/1060 is
# fixed
# encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore";
permissions = [
{

9
configuration/services/metrics/grafana.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
config,
flake-inputs,
...
}:
{ pkgs, config, ... }:
let
domain = "metrics.${config.services.nginx.domain}";
in
@ -35,7 +30,7 @@ in
declarativePlugins = [
pkgs.grafanaPlugins.victoriametrics-metrics-datasource
flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.grafanaPlugins.victoriametrics-logs-datasource
pkgs.grafanaPlugins.victoriametrics-logs-datasource
];
provision = {

6
configuration/services/nextcloud.nix
View file

@ -5,7 +5,7 @@
...
}:
let
nextcloud = pkgs.nextcloud30;
nextcloud = pkgs.nextcloud31;
hostName = "nextcloud.${config.services.nginx.domain}";
in
{
@ -19,10 +19,10 @@ in
packageOverrides = _: prev: {
extensions = prev.extensions // {
pgsql = prev.extensions.pgsql.overrideAttrs (_: {
configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package.pg_config}" ];
});
pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: {
configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package.pg_config}" ];
});
};
};