Compare commits
3 Commits
85ea8f5ac3
...
69949e872d
Author | SHA1 | Date |
---|---|---|
Felix Albrigtsen | 69949e872d | |
Felix Albrigtsen | b553f83da8 | |
Felix Albrigtsen | bfcb4f7dce |
2
base.nix
2
base.nix
|
@ -82,7 +82,7 @@
|
||||||
|
|
||||||
users.users.felixalb = {
|
users.users.felixalb = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = lib.mkDefault [
|
extraGroups = [
|
||||||
"wheel"
|
"wheel"
|
||||||
"docker"
|
"docker"
|
||||||
];
|
];
|
||||||
|
|
|
@ -12,6 +12,12 @@
|
||||||
group = "matrix-synapse";
|
group = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."matrix/slidingsyncsecret" = {
|
||||||
|
restartUnits = [ "matrix-synapse.service" ];
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
group = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
services.matrix-synapse-next = {
|
services.matrix-synapse-next = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableNginx = true;
|
enableNginx = true;
|
||||||
|
@ -75,6 +81,8 @@
|
||||||
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
||||||
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
||||||
|
|
||||||
|
enableSlidingSync = true;
|
||||||
|
|
||||||
oidc_providers = [
|
oidc_providers = [
|
||||||
{
|
{
|
||||||
idp_id = "keycloak";
|
idp_id = "keycloak";
|
||||||
|
@ -93,10 +101,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresqlBackup.databases = [ "matrix-synapse" ];
|
services.matrix-synapse.sliding-sync.environmentFile = config.sops.secrets."matrix/slidingsyncsecret".path;
|
||||||
|
|
||||||
services.redis.servers."".enable = true;
|
services.redis.servers."".enable = true;
|
||||||
|
|
||||||
|
services.postgresqlBackup.databases = [ "matrix-synapse" ];
|
||||||
|
|
||||||
services.nginx.virtualHosts."matrix.feal.no" = {
|
services.nginx.virtualHosts."matrix.feal.no" = {
|
||||||
listen = [
|
listen = [
|
||||||
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
|
|
|
@ -12,8 +12,6 @@ in {
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
|
||||||
virtualHosts."git.feal.no".default = true;
|
|
||||||
|
|
||||||
defaultListen = [
|
defaultListen = [
|
||||||
{
|
{
|
||||||
addr = "192.168.10.175";
|
addr = "192.168.10.175";
|
||||||
|
@ -56,17 +54,19 @@ in {
|
||||||
'';
|
'';
|
||||||
} // overrides;
|
} // overrides;
|
||||||
in {
|
in {
|
||||||
"cloud.feal.no" = publicProxy "" {
|
# "cloud.feal.no" = publicProxy "" {
|
||||||
locations."/" = {
|
# locations."/" = {
|
||||||
proxyPass = "http://challenger.home.feal.no";
|
# proxyPass = "http://challenger.home.feal.no";
|
||||||
extraConfig = ''
|
# extraConfig = ''
|
||||||
client_max_body_size 8G;
|
# client_max_body_size 8G;
|
||||||
'';
|
# '';
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {
|
||||||
|
default = true;
|
||||||
};
|
};
|
||||||
};
|
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" { };
|
||||||
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {};
|
"iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
|
||||||
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" {};
|
"music.feal.no" = publicProxy "http://challenger.home.feal.no/" { };
|
||||||
"iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" {};
|
|
||||||
"music.feal.no" = publicProxy "http://challenger.home.feal.no/" {};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,7 +33,6 @@
|
||||||
|
|
||||||
users.users.felixalb = {
|
users.users.felixalb = {
|
||||||
uid = 1328256;
|
uid = 1328256;
|
||||||
extraGroups = [ "wheel" ];
|
|
||||||
openssh.authorizedKeys.keys = [ ];
|
openssh.authorizedKeys.keys = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@ matrix:
|
||||||
synapse:
|
synapse:
|
||||||
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
|
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
|
||||||
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
|
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
|
||||||
|
slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
|
||||||
domeneshop:
|
domeneshop:
|
||||||
netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
|
netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
|
@ -39,9 +40,8 @@ sops:
|
||||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-08T00:14:52Z"
|
lastmodified: "2024-09-25T17:49:30Z"
|
||||||
mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str]
|
mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue