defiant: Configure matrix-synapse. Remove janeway.

2023-12-25 00:06:26 +01:00
parent c8316cfc70
commit a22084db75
10 changed files with 80 additions and 119 deletions
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -6,6 +6,10 @@
      ../../base.nix
      ../../common/metrics-exporters.nix
      ./hardware-configuration.nix
+
+      ./services/postgresql.nix
+      ./services/nginx.nix
+      ./services/matrix-synapse.nix
  ];

  networking = {
@@ -13,13 +17,13 @@
    defaultGateway = "192.168.10.1";
    interfaces.enp3s0.ipv4 = {
      addresses = [
-      { address = "192.168.10.175"; prefixLength = 24; }
+        { address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
      ];
    };
    hostId = "8e84f235";
  };

-  # sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
+  sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;

  environment.variables = { EDITOR = "vim"; };
  environment.systemPackages = with pkgs; [
--- a/hosts/defiant/services/matrix-synapse.nix
+++ b/hosts/defiant/services/matrix-synapse.nix
@@ -73,11 +73,12 @@
  };

  services.redis.servers."".enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx.virtualHosts."matrix.feal.no" = {
-    enableACME = lib.mkForce false;
-    forceSSL = lib.mkForce false;
+    listen = [
+      { addr = "192.168.10.175"; port = 43443; ssl = true; }
+      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+    ];
  };

 }
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@@ -0,0 +1,30 @@
+{ config, values, ... }:
+{
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    defaultListen = [
+      {
+        addr = "192.168.10.175";
+        port = "80";
+        ssl = false;
+      }
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [
+       80   443 # Internal / Default
+    43080 43443 # External / Publicly exposed
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "felix@albrigtsen.it";
+  };
+}
--- a/hosts/defiant/services/postgresql.nix
+++ b/hosts/defiant/services/postgresql.nix
--- a/hosts/janeway/configuration.nix
+++ b/hosts/janeway/configuration.nix
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/virtualisation/proxmox-lxc.nix")
-      ../../base.nix
-      ../../common/metrics-exporters.nix
-
-      ./services/nginx.nix
-      ./services/postgresql.nix
-      ./services/matrix-synapse.nix
-  ];
-
-  # Boot and console is handled by proxmoxLXC.
-  boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
-
-  # Override proxmox networking
-  proxmoxLXC.manageNetwork = true;
-  networking = {
-    hostName = "janeway";
-    defaultGateway = "192.168.10.1";
-    interfaces."eth0".ipv4 = {
-      addresses = [
-        { address = "192.168.10.183"; prefixLength = 24; }
-      ];
-    };
-    hostId = "bed956ff";
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    bottom
-  ];
-
-  sops.defaultSopsFile = ../../secrets/janeway/janeway.yaml;
-
-  system.stateVersion = "23.05";
-}
-
--- a/hosts/janeway/services/bridge-discord.nix
+++ b/hosts/janeway/services/bridge-discord.nix
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.mx-puppet-discord = {
-    enable = true;
-
-    serviceDependencies = [
-      "matrix-synapse.service"
-      "postgresql.service"
-    ];
-
-    settings = {
-      bridge = {
-        bindAddress = "localhost";
-        domain = "feal.no";
-        homeserverUrl = "https://matrix.feal.no";
-        # homeserverUrl = "http://127.0.1.2:8008";
-
-        port = 8434;
-        enableGroupSync = true;
-      };
-
-      database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
-
-      provisioning.whitelist = [ "@felixalb:feal\\.no" ];
-      relay.whitelist = [ ".*" ];
-      selfService.whitelist = [ "@felixalb:feal\\.no" ];
-
-    };
-  };
-
-  services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
-}
--- a/hosts/janeway/services/nginx.nix
+++ b/hosts/janeway/services/nginx.nix
@@ -1,19 +0,0 @@
-{ config, values, ... }:
-{
-  services.nginx = {
-    enable = true;
-    enableReload = true;
-
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  /* security.acme = { */
-  /*   acceptTerms = true; */
-  /*   email = "felix@albrigtsen.it"; */
-  /* }; */
-}