tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

Add conduit service #67

Manually merged
tlater merged 2 commits from tlater/conduit into master 2022-10-22 21:28:14 +01:00
Conversation 0 Commits 2 Files changed 5 +104 -19
5 changed files with 104 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

13
configuration/default.nix
View file

@ -8,6 +8,7 @@
"${modulesPath}/profiles/headless.nix" "${modulesPath}/profiles/headless.nix"
(import ../modules) (import ../modules)
./services/conduit.nix
./services/gitea.nix ./services/gitea.nix
./services/nextcloud.nix ./services/nextcloud.nix
./services/webserver.nix ./services/webserver.nix
@ -49,7 +50,17 @@
useDHCP = false; useDHCP = false;
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
firewall.allowedTCPPorts = [80 443 2222 21025]; firewall.allowedTCPPorts = [
# http
80
443
# ssh
2222
# matrix
8448
# starbound
21025
];
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";

53
configuration/services/conduit.nix Normal file
View file

@ -0,0 +1,53 @@
{config, ...}: let
cfg = config.services.matrix-conduit;
domain = "matrix.${config.services.nginx.domain}";
in {
services.matrix-conduit = {
enable = true;
settings.global = {
address = "127.0.0.1";
server_name = domain;
database_backend = "rocksdb";
};
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::0]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::0]";
port = 8488;
ssl = true;
}
];
addSSL = true;
extraConfig = ''
merge_slashes off;
'';
locations."/_matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
# Recommended by conduit
extraConfig = ''
proxy_buffering off;
'';
};
};
}

17
flake.lock generated
View file

@ -289,6 +289,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1666424192,
"narHash": "sha256-rb/a7Kg9s31jqkvdOQHFrUc5ig5kB+O2ZKB8mjU2kW8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f8287f3d597c73b0d706cfad028c2d51821f64d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1665466769, "lastModified": 1665466769,
@ -390,6 +406,7 @@
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nvfetcher": "nvfetcher", "nvfetcher": "nvfetcher",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"tlaternet-webserver": "tlaternet-webserver" "tlaternet-webserver": "tlaternet-webserver"

32
flake.nix
View file

@ -3,6 +3,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
@ -21,6 +22,7 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unstable,
sops-nix, sops-nix,
nvfetcher, nvfetcher,
deploy-rs, deploy-rs,
@ -66,7 +68,7 @@
# Helper functions # # Helper functions #
#################### ####################
lib = import ./lib { lib = import ./lib {
inherit nixpkgs sops-nix tlaternet-webserver; inherit nixpkgs nixpkgs-unstable sops-nix tlaternet-webserver;
lib = nixpkgs.lib; lib = nixpkgs.lib;
}; };
@ -86,6 +88,7 @@
"2222" = "2222"; "2222" = "2222";
"3080" = "80"; "3080" = "80";
"3443" = "443"; "3443" = "443";
"8448" = "8448"; # Matrix
"21025" = "21025"; # Starbound "21025" = "21025"; # Starbound
}; };
in { in {
@ -111,23 +114,16 @@
########################### ###########################
# Development environment # # Development environment #
########################### ###########################
devShells.${system}.default = let devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key; sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
deploy-rs-bin = deploy-rs.packages.${system}.default; nativeBuildInputs = [
pkgs = nixpkgs.legacyPackages.${system}; sops-nix.packages.${system}.sops-import-keys-hook
in ];
nixpkgs.legacyPackages.${system}.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = [
sops-import-keys-hook
];
packages = with pkgs; [ packages = [
nixfmt sops-nix.packages.${system}.sops-init-gpg-key
git-lfs deploy-rs.packages.${system}.default
sops-init-gpg-key ];
deploy-rs-bin };
];
};
}; };
} }

8
lib/default.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
nixpkgs, nixpkgs,
nixpkgs-unstable,
sops-nix, sops-nix,
tlaternet-webserver, tlaternet-webserver,
}: let }: let
@ -24,6 +25,13 @@ in {
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
tlaternet-webserver.nixosModules.default tlaternet-webserver.nixosModules.default
(import ../configuration) (import ../configuration)
{
nixpkgs.overlays = [
(self: super: {
matrix-conduit = nixpkgs-unstable.legacyPackages.${system}.matrix-conduit;
})
];
}
] ]
++ extraModules; ++ extraModules;
}; };