Compare commits

..

3 Commits

5 changed files with 28 additions and 19 deletions

View File

@ -82,7 +82,7 @@
users.users.felixalb = { users.users.felixalb = {
isNormalUser = true; isNormalUser = true;
extraGroups = lib.mkDefault [ extraGroups = [
"wheel" "wheel"
"docker" "docker"
]; ];

View File

@ -12,6 +12,12 @@
group = "matrix-synapse"; group = "matrix-synapse";
}; };
sops.secrets."matrix/slidingsyncsecret" = {
restartUnits = [ "matrix-synapse.service" ];
owner = "matrix-synapse";
group = "matrix-synapse";
};
services.matrix-synapse-next = { services.matrix-synapse-next = {
enable = true; enable = true;
enableNginx = true; enableNginx = true;
@ -75,6 +81,8 @@
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt"; tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key"; tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
enableSlidingSync = true;
oidc_providers = [ oidc_providers = [
{ {
idp_id = "keycloak"; idp_id = "keycloak";
@ -93,10 +101,12 @@
}; };
}; };
services.postgresqlBackup.databases = [ "matrix-synapse" ]; services.matrix-synapse.sliding-sync.environmentFile = config.sops.secrets."matrix/slidingsyncsecret".path;
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
services.postgresqlBackup.databases = [ "matrix-synapse" ];
services.nginx.virtualHosts."matrix.feal.no" = { services.nginx.virtualHosts."matrix.feal.no" = {
listen = [ listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; } { addr = "192.168.10.175"; port = 43443; ssl = true; }

View File

@ -12,8 +12,6 @@ in {
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."git.feal.no".default = true;
defaultListen = [ defaultListen = [
{ {
addr = "192.168.10.175"; addr = "192.168.10.175";
@ -56,15 +54,17 @@ in {
''; '';
} // overrides; } // overrides;
in { in {
"cloud.feal.no" = publicProxy "" { # "cloud.feal.no" = publicProxy "" {
locations."/" = { # locations."/" = {
proxyPass = "http://challenger.home.feal.no"; # proxyPass = "http://challenger.home.feal.no";
extraConfig = '' # extraConfig = ''
client_max_body_size 8G; # client_max_body_size 8G;
''; # '';
# };
# };
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {
default = true;
}; };
};
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {};
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" { }; "jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" { };
"iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { }; "iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
"music.feal.no" = publicProxy "http://challenger.home.feal.no/" { }; "music.feal.no" = publicProxy "http://challenger.home.feal.no/" { };

View File

@ -33,7 +33,6 @@
users.users.felixalb = { users.users.felixalb = {
uid = 1328256; uid = 1328256;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ ]; openssh.authorizedKeys.keys = [ ];
}; };

View File

@ -2,6 +2,7 @@ matrix:
synapse: synapse:
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str] registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str] oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
domeneshop: domeneshop:
netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str] netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
hedgedoc: hedgedoc:
@ -39,9 +40,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-08T00:14:52Z" lastmodified: "2024-09-25T17:49:30Z"
mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str] mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1