config

NixOS config
Log | Files | Refs | README | LICENSE
commit d28f8bc4cfb60c1949b801e930933a859fb79057 (tree)
parent b06a34c2225cc48dec1852885534ae5e1f79a696
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Sat,  3 Aug 2024 13:46:00 +0300

vno1-oh2: remove a bunch of stuff

Diffstat:

Mdata.nix | 1-


Mflake.nix | 8--------


Mhosts/vno1-oh2/configuration.nix | 7-------


Mmodules/services/default.nix | 1-


Dmodules/services/matrix-synapse/default.nix | 129-------------------------------------------------------------------------------


Msecrets.nix | 4----


Dsecrets/synapse/jakstys_lt_signing_key.age | 0


Dsecrets/synapse/macaroon_secret_key.age | 0


Dsecrets/synapse/registration_shared_secret.age | 15---------------


9 files changed, 0 insertions(+), 165 deletions(-)

diff --git a/data.nix b/data.nix
@@ -26,7 +26,6 @@ rec {
 
     soju = 6697;
     soju-ws = 6698;
-    matrix-synapse = 8008;
     vaultwarden = 8222;
     headscale = 8080;
     hass = 8123;
diff --git a/flake.nix b/flake.nix
@@ -170,17 +170,9 @@
                 motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
                 root-passwd-hash.file = ./secrets/root_passwd_hash.age;
 
-                photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age;
-                headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age;
                 sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
                 borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
-                grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
                 letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
-                vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
-
-                synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
-                synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;
-                synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age;
 
                 syncthing-key.file = ./secrets/vno1-oh2/syncthing/key.pem.age;
                 syncthing-cert.file = ./secrets/vno1-oh2/syncthing/cert.pem.age;
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
@@ -146,13 +146,6 @@
         group = "users";
       };
 
-      matrix-synapse = {
-        enable = true;
-        signingKeyPath = config.age.secrets.synapse-jakstys-signing-key.path;
-        registrationSharedSecretPath = config.age.secrets.synapse-registration-shared-secret.path;
-        macaroonSecretKeyPath = config.age.secrets.synapse-macaroon-secret-key.path;
-      };
-
       remote-builder.client =
         let
           host = myData.hosts."fra1-b.servers.jakst";
diff --git a/modules/services/default.nix b/modules/services/default.nix
@@ -11,7 +11,6 @@
     ./hass
     ./headscale
     ./jakstpub
-    ./matrix-synapse
     ./minidlna
     ./node_exporter
     ./nsd-acme
diff --git a/modules/services/matrix-synapse/default.nix b/modules/services/matrix-synapse/default.nix
@@ -1,129 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  options.mj.services.matrix-synapse = with lib.types; {
-    enable = lib.mkEnableOption "Enable matrix-synapse";
-    signingKeyPath = lib.mkOption { type = path; };
-    registrationSharedSecretPath = lib.mkOption { type = path; };
-    macaroonSecretKeyPath = lib.mkOption { type = path; };
-  };
-
-  config = lib.mkIf config.mj.services.matrix-synapse.enable {
-    services.matrix-synapse = {
-      enable = true;
-      extraConfigFiles = [ "/run/matrix-synapse/secrets.yaml" ];
-      settings = {
-        server_name = "jakstys.lt";
-        admin_contact = "motiejus@jakstys.lt";
-        enable_registration = false;
-        report_stats = true;
-        signing_key_path = "/run/matrix-synapse/jakstys_lt_signing_key";
-        log_config = pkgs.writeText "log.config" ''
-          version: 1
-          formatters:
-            precise:
-             format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-          handlers:
-            console:
-              class: logging.StreamHandler
-              formatter: precise
-          loggers:
-              synapse.storage.SQL:
-                  level: WARN
-          root:
-              level: ERROR
-              handlers: [console]
-          disable_existing_loggers: false
-        '';
-        public_baseurl = "https://jakstys.lt/";
-        database.name = "sqlite3";
-        url_preview_enabled = false;
-        max_upload_size = "50M";
-        rc_messages_per_second = 0.2;
-        rc_message_burst_count = 10.0;
-        federation_rc_window_size = 1000;
-        federation_rc_sleep_limit = 10;
-        federation_rc_sleep_delay = 500;
-        federation_rc_reject_limit = 50;
-        federation_rc_concurrent = 3;
-        allow_profile_lookup_over_federation = false;
-        thumbnail_sizes = [
-          {
-            width = 32;
-            height = 32;
-            method = "crop";
-          }
-          {
-            width = 96;
-            height = 96;
-            method = "crop";
-          }
-          {
-            width = 320;
-            height = 240;
-            method = "scale";
-          }
-          {
-            width = 640;
-            height = 480;
-            method = "scale";
-          }
-          {
-            width = 800;
-            height = 600;
-            method = "scale";
-          }
-        ];
-        user_directory = {
-          enabled = true;
-          search_all_users = false;
-          prefer_local_users = true;
-        };
-        allow_device_name_lookup_over_federation = false;
-        email = {
-          smtp_host = "127.0.0.1";
-          smtp_port = 25;
-          notf_for_new_users = false;
-          notif_from = "Jakstys %(app)s homeserver <noreply@jakstys.lt>";
-        };
-        include_profile_data_on_invite = false;
-        password_config.enabled = true;
-        require_auth_for_profile_requests = true;
-      };
-    };
-
-    systemd.tmpfiles.rules = [ "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" ];
-
-    systemd.services = {
-      matrix-synapse =
-        let
-          # I tried to move this to preStart, but it complains:
-          #   Config is missing macaroon_secret_key
-          secretsScript = pkgs.writeShellScript "write-secrets" ''
-            set -xeuo pipefail
-            umask 077
-            ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys_lt_signing_key /run/matrix-synapse/jakstys_lt_signing_key
-            cat > /run/matrix-synapse/secrets.yaml <<EOF
-            registration_shared_secret: "$(cat ''${CREDENTIALS_DIRECTORY}/registration_shared_secret)"
-            macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)"
-            EOF
-          '';
-        in
-        {
-          serviceConfig.ExecStartPre = [
-            ""
-            secretsScript
-          ];
-          serviceConfig.LoadCredential = with config.mj.services.matrix-synapse; [
-            "jakstys_lt_signing_key:${signingKeyPath}"
-            "registration_shared_secret:${registrationSharedSecretPath}"
-            "macaroon_secret_key:${macaroonSecretKeyPath}"
-          ];
-        };
-    };
-  };
-}
diff --git a/secrets.nix b/secrets.nix
@@ -33,10 +33,6 @@ in
 // mk ([ vno1-oh2 ] ++ motiejus) [
   "secrets/vno1-oh2/borgbackup/password.age"
 
-  "secrets/synapse/jakstys_lt_signing_key.age"
-  "secrets/synapse/registration_shared_secret.age"
-  "secrets/synapse/macaroon_secret_key.age"
-
   "secrets/vno1-oh2/syncthing/key.pem.age"
   "secrets/vno1-oh2/syncthing/cert.pem.age"
 ]
diff --git a/secrets/synapse/jakstys_lt_signing_key.age b/secrets/synapse/jakstys_lt_signing_key.age
Binary files differ.
diff --git a/secrets/synapse/macaroon_secret_key.age b/secrets/synapse/macaroon_secret_key.age
Binary files differ.
diff --git a/secrets/synapse/registration_shared_secret.age b/secrets/synapse/registration_shared_secret.age
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 gJrHQg roJixXCyrIi0sn3Ihaul3t71GI5kqH2+h6qd+rbhxF0
-Abr9ANwj9/xYEhXXq54SWPLTn4XJMyHW63BGmV1KpZQ
--> X25519 Y3EdEBsUyisRpTQpEMgcCTvC250c115VKvHx+u6TAjI
-FVxHaAzNfDHcVQ2IQ8ZMrhPexsuzuhqzgEutw+QzrDc
--> X25519 e7CPnmPX9eWKk4mgxxqk/V6zldDibu4RQuu8+T2J4T8
-vG/MNO7BN8uzOy0d8ZJhe307EXNt26Hfis1U8oCQVcs
--> piv-p256 +y2G/w A5P6sP2CD3YUUxKbPDRMSxfjJWKWRBYGZw0Ql+70y9yO
-jwvb0r/zYUWz76FYpmO4mgc8T40SkK3idUzsRsqamms
--> piv-p256 jNqd3A A0edI0cuJzCWja+0kLK8RTZaCw4Lu4L/rG/T5iIYL4LY
-kPU8i4BMhiukZPW9ECpFobIdcecz8+4MUj1teuYRtQs
---- 0c431KBJyZkd2G7f72fzh6WJ1AVfTs8XZDl4Ux5WvQ8
-S28>i8;+4n
-<K"}\]uBK	fR=<ά!vM28RGsW0O)
-\ No newline at end of file