felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-06-27 17:23:30 +02:00
Code Issues Projects Releases Wiki Activity

WIP: bicep/ooye: init

Browse Source
This commit is contained in:
h7x4 2025-06-21 23:43:30 +02:00
parent 7601734651
commit 4fa544b430
No known key found for this signature in database
GPG Key ID: 9F2F7D8250F35146
5 changed files with 80 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -92,9 +92,13 @@
inputs.matrix-next.nixosModules.default inputs.matrix-next.nixosModules.default
inputs.pvv-calendar-bot.nixosModules.default inputs.pvv-calendar-bot.nixosModules.default
self.nixosModules.gickup self.nixosModules.gickup
self.nixosModules.matrix-ooye
]; ];
overlays = [ overlays = [
inputs.pvv-calendar-bot.overlays.x86_64-linux.default inputs.pvv-calendar-bot.overlays.x86_64-linux.default
(final: prev: {
inherit (self.packages.${prev.system}) out-of-your-element;
})
]; ];
}; };
bekkalokk = stableNixosConfig "bekkalokk" { bekkalokk = stableNixosConfig "bekkalokk" {
@ -166,7 +170,7 @@
snappymail = ./modules/snappymail.nix; snappymail = ./modules/snappymail.nix;
robots-txt = ./modules/robots-txt.nix; robots-txt = ./modules/robots-txt.nix;
gickup = ./modules/gickup; gickup = ./modules/gickup;
ooye = ./modules/matrix-ooye.nix; matrix-ooye = ./modules/matrix-ooye.nix;
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {

3
hosts/bicep/services/matrix/default.nix
View File

@ -9,7 +9,8 @@
./coturn.nix ./coturn.nix
./mjolnir.nix ./mjolnir.nix
./discord.nix # ./discord.nix
./out-of-your-element.nix
./hookshot ./hookshot
]; ];

2
hosts/bicep/services/matrix/discord.nix
View File

@ -45,7 +45,7 @@ in
}; };
services.mx-puppet-discord.enable = true; services.mx-puppet-discord.enable = false;
services.mx-puppet-discord.settings = { services.mx-puppet-discord.settings = {
bridge = { bridge = {
bindAddress = "localhost"; bindAddress = "localhost";

64
hosts/bicep/services/matrix/out-of-your-element.nix Normal file
View File

@ -0,0 +1,64 @@
{ config, pkgs, fp, ... }:
let
cfg = config.services.matrix-ooye;
in
{
users.groups.keys-matrix-registrations = { };
sops.secrets = {
"matrix/ooye/as_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/as_token";
};
"matrix/ooye/hs_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/hs_token";
};
"matrix/ooye/discord_token" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/discord_token";
};
"matrix/ooye/discord_client_secret" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "ooye/discord_client_secret";
};
};
services.matrix-ooye = {
enable = true;
homeserver = "https://matrix.pvv.ntnu.no";
homeserverName = "matrix.pvv.ntnu.no";
discordTokenPath = config.sops.secrets."matrix/ooye/discord_token".path;
discordClientSecretPath = config.sops.secrets."matrix/ooye/discord_client_secret".path;
bridgeOrigin = "https://ooye.pvv.ntnu.no";
enableSynapseIntegration = false;
};
systemd.services."matrix-synapse" = {
after = [
"matrix-ooye-pre-start.service"
"network-online.target"
];
requires = [ "matrix-ooye-pre-start.service" ];
serviceConfig = {
LoadCredential = [
"matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
];
ExecStartPre = [
"+${pkgs.coreutils}/bin/cp /run/credentials/matrix-synapse.service/matrix-ooye-registration ${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
"+${pkgs.coreutils}/bin/chown matrix-synapse:keys-matrix-registrations ${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
];
};
};
services.matrix-synapse-next.settings = {
app_service_config_files = [
"${config.services.matrix-synapse-next.dataDir}/ooye-registration.yaml"
];
};
services.nginx.virtualHosts."ooye.pvv.ntnu.no" = {
locations."/".proxyPass = "http://localhost:${cfg.socket}";
};
}

15
secrets/bicep/matrix.yaml
View File

@ -9,14 +9,15 @@ mjolnir:
discord: discord:
as_token: ENC[AES256_GCM,data:cnPZjBbODZUA1p0kLNeWpKh1oGkDPxDw/g7163XnoRCIgpqk,iv:Uu4L36uDPMBgzdXE2Lt9U0qrBSl3Xuufh1313BD8B/U=,tag:nTm6s7IGd4vNzZ95mfxDpA==,type:str] as_token: ENC[AES256_GCM,data:cnPZjBbODZUA1p0kLNeWpKh1oGkDPxDw/g7163XnoRCIgpqk,iv:Uu4L36uDPMBgzdXE2Lt9U0qrBSl3Xuufh1313BD8B/U=,tag:nTm6s7IGd4vNzZ95mfxDpA==,type:str]
hs_token: ENC[AES256_GCM,data:UzcaNsJtJPKvFT4gQDNfat0nmyJzmQ6OcSI73pANibzOVrWl,iv:ujgRM2jb1rbeloPB4UPLBEvQ7uue4a+bHiqsZAHIqtk=,tag:uIfuaTWSTeVvpQx5o28HPA==,type:str] hs_token: ENC[AES256_GCM,data:UzcaNsJtJPKvFT4gQDNfat0nmyJzmQ6OcSI73pANibzOVrWl,iv:ujgRM2jb1rbeloPB4UPLBEvQ7uue4a+bHiqsZAHIqtk=,tag:uIfuaTWSTeVvpQx5o28HPA==,type:str]
ooye:
hs_token: ENC[AES256_GCM,data:QBrdRt4ozAh2XYJtssm82uHlk9aGO1Nr0fEZetmWfLvmw52FZEq8ijyKOgwS6uTcndMi4gGKkq9r4eapLwcMdQ==,iv:VHOAqxR1WGzZ9dmNx+FmjGAKRpUFjWOwyOVmgDswpE0=,tag:k5it/yx7pOfGbJXZUlV69Q==,type:str]
as_token: ENC[AES256_GCM,data:RMkY0xVj14FwDbYaAysSmzB0IlJuk0ucicNhhTmVAEgiU05PxWG+qk3/elFcaFwaXRFgQQtVyGFZEcK5gpE9hA==,iv:8JgNrTe7GQqPMdUCxEaxJ9qV7Uec2fkYBmF9LmH4X3o=,tag:tRnFpRAZs9kO3u2SDMwNnA==,type:str]
discord_token: ENC[AES256_GCM,data:6rzv3glW03jcYiJ7sAvDcvDmQHs9iVbV11tIFwgD3GuTkVn6mbAoQhjUaz3zpb/OeoGt+j/pCBRlZgk=,iv:JwkqLpeGYhgwLX7SACNh0AUO53XSx9IKgncI0+KkvyU=,tag:30C0X9nVSlEYPITVzuN0qA==,type:str]
discord_client_secret: ENC[AES256_GCM,data:wbM7bPZCWa2+UNUqXi27fP0ppdinRkEC4N9KB68TJzg=,iv:Y2j+8oI+kI7DMrBfFU3G5HtFWguNxDpxbNvJkpK5lQs=,tag:GntocbTCybCVqZ2T3lNSIQ==,type:str]
hookshot: hookshot:
as_token: ENC[AES256_GCM,data:L4vEw5r4RhcgritOeDTLHN5E/dM=,iv:pC8BLzxf6NaVAGsotoq6chOceBVdMLvrsQn1LGw9H9w=,tag:SI3CDFHAvgQZEvf/oms3EA==,type:str] as_token: ENC[AES256_GCM,data:L4vEw5r4RhcgritOeDTLHN5E/dM=,iv:pC8BLzxf6NaVAGsotoq6chOceBVdMLvrsQn1LGw9H9w=,tag:SI3CDFHAvgQZEvf/oms3EA==,type:str]
hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str] hs_token: ENC[AES256_GCM,data:2ufSJfYzzAB5IO+edwKSra5d/+M=,iv:cmTycGzNL+IeRRKZGbkhTtiksYTtbxED0k0B5haFw7k=,tag:FmWe5sGi9rlapUeAE6lKvg==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 - recipient: age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
enc: | enc: |
@ -72,8 +73,8 @@ sops:
WEh5NFN6SFF1TlltdWFWTGw4MHRHUkUKrKIvC87xjEmwxPQhH8dN+ZuaJTCgPY28 WEh5NFN6SFF1TlltdWFWTGw4MHRHUkUKrKIvC87xjEmwxPQhH8dN+ZuaJTCgPY28
pR62KxmoKFICLTHPpYP3euiAx5M9BWvgvCnA/US/5klpk8MtlreNFA== pR62KxmoKFICLTHPpYP3euiAx5M9BWvgvCnA/US/5klpk8MtlreNFA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-13T23:30:01Z" lastmodified: "2025-06-21T21:23:24Z"
mac: ENC[AES256_GCM,data:vdsAZmg7gPqzeucBhLhPemtRVkcxRecIdB6PXZ4paU+Uv5UorBKcTZ3jseN2cLi6ot3ycTIm+UI6uhlCy87vAJVynVJhuJS+ICFRS2+DfoVyuttLjZQGC2sr3+dEBHxIH7sZJSo9PIzbIWw3qHrpOPAZj0//1pFyp/k15k3vidM=,iv:jWtV+WAPt08lgdrVvtXOl35rDB4QflkZWuGBW1+ESyw=,tag:YxSHncZZOAW5uDxXtb/krw==,type:str] mac: ENC[AES256_GCM,data:bEJoCzxph/MOnTOJKdrRiQmbVWmAgsKy8vbD5YBeWagWUCJPDAZNDFLzEzmPvt0jDBol04JosrSIKZS1JzJIIm0zRkcOWSqERQCgjgtGdAYmfp0V6ddseDUVfKlZYJDkt6Bdkqg+9LzrP8dDVm2tMDXpo8vzs02o9dTYFm7imVQ=,iv:buP/297JMfvEm9+IdMWRGV7AgZwF0+G6Z2YIeYw/z1o=,tag:+zG612MJA4Ui8CZBgxM+AQ==,type:str]
pgp: pgp:
- created_at: "2024-08-04T00:03:46Z" - created_at: "2024-08-04T00:03:46Z"
enc: |- enc: |-
@ -96,4 +97,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.10.2