tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

chore(continuwuity): Switch to new upstream module #174

Merged
tlater merged 1 commit from tlater/refactor into master 2026-02-24 18:27:20 +00:00
Conversation 0 Commits 1 Files changed 4 +16 -21
4 changed files with 16 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 3011625e51 - Show all commits

4
configuration/hardware-specific/hetzner/disko.nix
View file

@ -80,7 +80,7 @@
inherit mountOptions;
mountpoint = "/var";
};
"/volume/var/lib/private/matrix-conduit" = {
"/volume/var/lib/private/continuwuity" = {
mountOptions = [
# Explicitly don't compress here, since
# conduwuit's database does compression by
@ -89,7 +89,7 @@
# if btrfs compresses it)
"noatime"
];
mountpoint = "/var/lib/private/matrix-conduit";
mountpoint = "/var/lib/private/continuwuity";
};
"/volume/nix-store" = {
inherit mountOptions;

27
configuration/services/conduit/default.nix
View file

@ -7,7 +7,7 @@
let
inherit (lib.strings) concatMapStringsSep;
cfg = config.services.matrix-conduit;
cfg = config.services.matrix-continuwuity;
domain = "matrix.${config.services.nginx.domain}";
turn-realm = "turn.${config.services.nginx.domain}";
in
@ -45,14 +45,14 @@ in
};
services = {
matrix-conduit = {
matrix-continuwuity = {
enable = true;
package = pkgs.matrix-continuwuity;
settings.global = {
address = "127.0.0.1";
address = [ "127.0.0.1" ];
server_name = domain;
new_user_displayname_suffix = "🦆";
allow_check_for_updates = true;
turn_secret_file = "/run/credentials/continuwuity.service/turn-secret";
# Set up delegation: https://docs.conduit.rs/delegation.html#automatic-recommended
# This is primarily to make sliding sync work
@ -173,35 +173,30 @@ in
locations = {
"/_matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}";
# Recommended by conduit
extraConfig = ''
proxy_buffering off;
'';
};
"/.well-known/matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
proxyPass = "http://${lib.head cfg.settings.global.address}:${toString cfg.settings.global.port}";
};
};
};
backups.conduit = {
user = "root";
paths = [ "/var/lib/private/matrix-conduit/" ];
paths = [ "/var/lib/private/matrix-continuwuity/" ];
# Other services store their data in conduit, so no other services
# need to be shut down currently.
pauseServices = [ "conduit.service" ];
pauseServices = [ "continuwuity.service" ];
};
};
systemd.services.conduit.serviceConfig = {
ExecStart = lib.mkForce "${config.services.matrix-conduit.package}/bin/conduwuit";
# Pass in the TURN secret via EnvironmentFile, not supported by
# upstream module currently.
#
# See also https://gitlab.com/famedly/conduit/-/issues/314
EnvironmentFile = config.sops.secrets."turn/env".path;
};
systemd.services.continuwuity.serviceConfig.LoadCredential = "turn-secret:${
config.sops.secrets."turn/env".path
}";
systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group

4
configuration/services/conduit/heisenbridge.nix
View file

@ -5,7 +5,7 @@
...
}:
let
conduitCfg = config.services.matrix-conduit;
conduitCfg = config.services.matrix-continuwuity;
matrixLib = pkgs.callPackage ./lib.nix { };
in
{
@ -36,7 +36,7 @@ in
{
description = "Matrix<->IRC bridge";
wantedBy = [ "multi-user.target" ];
after = [ "conduit.service" ];
after = [ "continuwuity.service" ];
serviceConfig = {
Type = "exec";

2
configuration/services/crowdsec.nix
View file

@ -65,7 +65,7 @@
whitelist = {
reason = "whitelist false positive for matrix";
expression = [
"evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-conduit.settings.global.server_name}'"
"evt.Overflow.Alert.Events[0].GetMeta('target_fqdn') == '${config.services.matrix-continuwuity.settings.global.server_name}'"
"evt.Overflow.Alert.GetScenario() in ['crowdsecurity/http-probing', 'crowdsecurity/http-crawl-non_statics']"
];
};