From ea06138a9b856982b82611723e76e830e959af7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 5 Nov 2022 16:00:50 +0000 Subject: [PATCH 1/2] flake.nix: Add packages for utility scripts to enable `nix build` --- flake.nix | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index f190d89..2dc31c0 100644 --- a/flake.nix +++ b/flake.nix @@ -72,13 +72,15 @@ lib = nixpkgs.lib; }; - #################### - # VM launch script # - #################### - apps.${system} = let + ################### + # Utility scripts # + ################### + packages.${system} = let inherit (nixpkgs.legacyPackages.${system}) writeShellScript; in { - default = let + default = self.packages.${system}.run-vm; + + run-vm = let vm = self.lib.makeNixosSystem { inherit system; extraModules = [(import ./configuration/hardware-specific/vm.nix)]; @@ -91,23 +93,33 @@ "8448" = "8448"; # Matrix "21025" = "21025"; # Starbound }; - in { - type = "app"; - program = builtins.toString (writeShellScript "run-vm" '' + in + writeShellScript "run-vm" '' export QEMU_OPTS="-m 3941 -smp 2 -display curses" export QEMU_NET_OPTS="${qemuNetOpts}" "${vm.config.system.build.vm}/bin/run-tlaternet-vm" - ''); - }; + ''; update-nextcloud-apps = let nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher"; - in { - type = "app"; - program = builtins.toString (writeShellScript "update-nextcloud-apps" '' + in + writeShellScript "update-nextcloud-apps" '' cd "$(git rev-parse --show-toplevel)/pkgs" ${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml - ''); + ''; + }; + + apps.${system} = let + inherit (nixpkgs.legacyPackages.${system}) writeShellScript; + in { + default = { + type = "app"; + program = builtins.toString self.packages.${system}.run-vm; + }; + + update-nextcloud-apps = { + type = "app"; + program = builtins.toString self.packages.${system}.update-nextcloud-apps; }; }; -- 2.44.1 From 598c4390024a0d2b4d9316bf83093707ff731314 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sat, 5 Nov 2022 16:01:18 +0000 Subject: [PATCH 2/2] conduit: Disable turns, remove the user limits and add all relay IPs --- configuration/services/conduit.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix index b60b668..13be08f 100644 --- a/configuration/services/conduit.nix +++ b/configuration/services/conduit.nix @@ -1,4 +1,10 @@ -{config, ...}: let +{ + config, + lib, + ... +}: let + inherit (lib.strings) concatMapStringsSep; + cfg = config.services.matrix-conduit; domain = "matrix.${config.services.nginx.domain}"; turn-realm = "turn.${config.services.nginx.domain}"; @@ -16,8 +22,6 @@ in { in [ "turn:${address}?transport=udp" "turn:${address}?transport=tcp" - "turns:${tls-address}?transport=udp" - "turns:${tls-address}?transport=tcp" ]; }; }; @@ -68,11 +72,9 @@ in { denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - allowed-peer-ip=178.79.137.55 - # Limit number of rooms - user-quota=12 - total-quota=36 + # *Allow* any IP addresses that we explicitly set as relay IPs + ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips} # Various other security settings no-tlsv1 -- 2.44.1