diff --git a/data.nix b/data.nix index a68c345..53b78df 100644 --- a/data.nix +++ b/data.nix @@ -26,7 +26,6 @@ rec { soju = 6697; soju-ws = 6698; - matrix-synapse = 8008; vaultwarden = 8222; headscale = 8080; hass = 8123; diff --git a/flake.nix b/flake.nix index e8871a7..4bd9595 100644 --- a/flake.nix +++ b/flake.nix @@ -170,17 +170,9 @@ motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; root-passwd-hash.file = ./secrets/root_passwd_hash.age; - photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age; - headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age; sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; - grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age; letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age; - vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age; - - synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age; - synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age; - synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age; syncthing-key.file = ./secrets/vno1-oh2/syncthing/key.pem.age; syncthing-cert.file = ./secrets/vno1-oh2/syncthing/cert.pem.age; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 7a294e7..6bd313f 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -146,13 +146,6 @@ group = "users"; }; - matrix-synapse = { - enable = true; - signingKeyPath = config.age.secrets.synapse-jakstys-signing-key.path; - registrationSharedSecretPath = config.age.secrets.synapse-registration-shared-secret.path; - macaroonSecretKeyPath = config.age.secrets.synapse-macaroon-secret-key.path; - }; - remote-builder.client = let host = myData.hosts."fra1-b.servers.jakst"; diff --git a/modules/services/default.nix b/modules/services/default.nix index d17e0cd..1d4fea4 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -11,7 +11,6 @@ ./hass ./headscale ./jakstpub - ./matrix-synapse ./minidlna ./node_exporter ./nsd-acme diff --git a/modules/services/matrix-synapse/default.nix b/modules/services/matrix-synapse/default.nix deleted file mode 100644 index f2eb8d2..0000000 --- a/modules/services/matrix-synapse/default.nix +++ /dev/null @@ -1,129 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - options.mj.services.matrix-synapse = with lib.types; { - enable = lib.mkEnableOption "Enable matrix-synapse"; - signingKeyPath = lib.mkOption { type = path; }; - registrationSharedSecretPath = lib.mkOption { type = path; }; - macaroonSecretKeyPath = lib.mkOption { type = path; }; - }; - - config = lib.mkIf config.mj.services.matrix-synapse.enable { - services.matrix-synapse = { - enable = true; - extraConfigFiles = [ "/run/matrix-synapse/secrets.yaml" ]; - settings = { - server_name = "jakstys.lt"; - admin_contact = "motiejus@jakstys.lt"; - enable_registration = false; - report_stats = true; - signing_key_path = "/run/matrix-synapse/jakstys_lt_signing_key"; - log_config = pkgs.writeText "log.config" '' - version: 1 - formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - handlers: - console: - class: logging.StreamHandler - formatter: precise - loggers: - synapse.storage.SQL: - level: WARN - root: - level: ERROR - handlers: [console] - disable_existing_loggers: false - ''; - public_baseurl = "https://jakstys.lt/"; - database.name = "sqlite3"; - url_preview_enabled = false; - max_upload_size = "50M"; - rc_messages_per_second = 0.2; - rc_message_burst_count = 10.0; - federation_rc_window_size = 1000; - federation_rc_sleep_limit = 10; - federation_rc_sleep_delay = 500; - federation_rc_reject_limit = 50; - federation_rc_concurrent = 3; - allow_profile_lookup_over_federation = false; - thumbnail_sizes = [ - { - width = 32; - height = 32; - method = "crop"; - } - { - width = 96; - height = 96; - method = "crop"; - } - { - width = 320; - height = 240; - method = "scale"; - } - { - width = 640; - height = 480; - method = "scale"; - } - { - width = 800; - height = 600; - method = "scale"; - } - ]; - user_directory = { - enabled = true; - search_all_users = false; - prefer_local_users = true; - }; - allow_device_name_lookup_over_federation = false; - email = { - smtp_host = "127.0.0.1"; - smtp_port = 25; - notf_for_new_users = false; - notif_from = "Jakstys %(app)s homeserver "; - }; - include_profile_data_on_invite = false; - password_config.enabled = true; - require_auth_for_profile_requests = true; - }; - }; - - systemd.tmpfiles.rules = [ "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" ]; - - systemd.services = { - matrix-synapse = - let - # I tried to move this to preStart, but it complains: - # Config is missing macaroon_secret_key - secretsScript = pkgs.writeShellScript "write-secrets" '' - set -xeuo pipefail - umask 077 - ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys_lt_signing_key /run/matrix-synapse/jakstys_lt_signing_key - cat > /run/matrix-synapse/secrets.yaml < ssh-ed25519 gJrHQg roJixXCyrIi0sn3Ihaul3t71GI5kqH2+h6qd+rbhxF0 -Abr9ANwj9/xYEhXXq54SWPLTn4XJMyHW63BGmV1KpZQ --> X25519 Y3EdEBsUyisRpTQpEMgcCTvC250c115VKvHx+u6TAjI -FVxHaAzNfDHcVQ2IQ8ZMrhPexsuzuhqzgEutw+QzrDc --> X25519 e7CPnmPX9eWKk4mgxxqk/V6zldDibu4RQuu8+T2J4T8 -vG/MNO7BN8uzOy0d8ZJhe307EXNt26Hfis1U8oCQVcs --> piv-p256 +y2G/w A5P6sP2CD3YUUxKbPDRMSxfjJWKWRBYGZw0Ql+70y9yO -jwvb0r/zYUWz76FYpmO4mgc8T40SkK3idUzsRsqamms --> piv-p256 jNqd3A A0edI0cuJzCWja+0kLK8RTZaCw4Lu4L/rG/T5iIYL4LY -kPU8i4BMhiukZPW9ECpFobIdcecz8+4MUj1teuYRtQs ---- 0c431KBJyZkd2G7f72fzh6WJ1AVfTs8XZDl4Ux5WvQ8 -S28>i8;+4n -