commit 102da60e7ddfb136a46dc63015c2b63b3eaf4403
parent 467d02713a08a276bc3060e4a7455edce812abf7
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 21 Mar 2025 15:56:28 +0100
parent 467d02713a08a276bc3060e4a7455edce812abf7
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 21 Mar 2025 15:56:28 +0100
machines/hector: remove synapse (matrix) server and bridges
9 files changed, 0 insertions(+), 330 deletions(-)
D
|
126
-------------------------------------------------------------------------------
D
|
60
------------------------------------------------------------
D
|
74
--------------------------------------------------------------------------
diff --git a/configurations/nixos/services/matrix-synapse.nix b/configurations/nixos/services/matrix-synapse.nix @@ -1,126 +0,0 @@ -{ secrets, config, lib, pkgs, ... }: - -{ - - dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ]; - - age.secrets = { - resticMatrixSynapse.file = secrets."${config.networking.hostName}".restic.matrixSynapse; - matrixRegistrationSharedSecret = { - file = secrets."${config.networking.hostName}".matrixSynapse.registrationSharedSecret; - owner = "matrix-synapse"; - }; - "mautrixAppServiceRegistration.yaml" = { - file = secrets."${config.networking.hostName}".matrixSynapse.mautrixAppServiceRegistration; - owner = "matrix-synapse"; - }; - }; - - restic-backups.matrix-synapse = { - user = "matrix-synapse"; - passwordFile = config.age.secrets.resticMatrixSynapse.path; - postgresDatabases = [ "matrix-synapse" ]; - paths = [ "/var/lib/matrix-synapse" ]; - }; - - systemd.services.matrix-synapse = { - onFailure = [ "email-notify@%i.service" ]; - }; - - services = { - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - matrix-synapse = { - enable = true; - withJemalloc = true; - settings = { - server_name = "ctu.cx"; - public_baseurl = "https://matrix.ctu.cx/"; - max_upload_size = "100M"; - dynamic_thumbnails = true; - app_service_config_files = [ config.age.secrets."mautrixAppServiceRegistration.yaml".path ]; - enable_registration = false; - enable_registration_without_verification = false; - registration_shared_secret_file = config.age.secrets.matrixRegistrationSharedSecret.path; - listeners = [{ - bind_addresses = [ "::1" ]; - port = 8008; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" ]; compress = true; } - { names = [ "federation" ]; compress = false; } - ]; - }]; - }; - }; - - nginx = { - enable = true; - virtualHosts = let - matrixServerConfig = { "m.server" = "matrix.ctu.cx:443"; }; - matrixClientConfig = { - "m.homeserver" = { "base_url" = config.services.matrix-synapse.settings.public_baseurl; }; - "org.matrix.msc3575.proxy" = { "url" = config.services.matrix-synapse.settings.public_baseurl; }; - }; - in { - "ctu.cx" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/.well-known/matrix/server".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixServerConfig}'; - ''; - locations."/.well-known/matrix/client".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixClientConfig}'; - ''; - }; - - "matrix.ctu.cx" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations = { - "/_matrix".proxyPass = "http://[::1]:8008"; -# "/_synapse".proxyPass = "http://[::1]:8008"; -# "/admin/".alias = "${pkgs.synapse-admin}/"; - - "/.well-known/matrix/server".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixServerConfig}'; - ''; - - "/.well-known/matrix/client".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixClientConfig}'; - ''; - - "/".root = pkgs.cinny.override { - conf = { - defaultHomeserver = 0; - homeserverList = [ "matrix.ctu.cx" ]; - allowCustomHomeservers = false; - hashRouter.enabled = true; - }; - }; - }; - }; - - }; - }; - - }; - -}
diff --git a/configurations/nixos/services/mautrix-signal.nix b/configurations/nixos/services/mautrix-signal.nix @@ -1,60 +0,0 @@ -{ secrets, config, pkgs, ... }: - -{ - - age.secrets.mautrixSignalEnv.file = secrets."${config.networking.hostName}".matrixSynapse.mautrixSignalEnv; - - users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ]; - - nixpkgs.overlays = [ (final: prev: { - mautrix-signal = prev.mautrix-signal.override { withGoolm = true; }; - }) ]; - - services.mautrix-signal = { - enable = true; - environmentFile = config.age.secrets.mautrixSignalEnv.path; - settings = { - network.device_name = "Mautix-Signal bridge (ctu.cx)"; - network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)"; - - homeserver.address = "https://matrix.ctu.cx"; - homeserver.domain = "ctu.cx"; - - database.type = "sqlite3-fk-wal"; - database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate"; - - backfill.enabled = true; - - double_puppet.secrets."ctu.cx" = "as_token:$MAUTRIX_SIGNAL_BRIDGE_DP_LOGIN_SHARED_SECRET"; - - appservice = { - hostname = "[::1]"; - port = 29328; - id = "signal"; - }; - - bridge = { - personal_filtering_spaces = true; - - permissions."ctu.cx" = "admin"; - - cleanup_on_logout = { - enabled = true; - manual = { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - }; - bad_credentials = { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/nixos/services/mautrix-whatsapp.nix b/configurations/nixos/services/mautrix-whatsapp.nix @@ -1,74 +0,0 @@ -{ secrets, config, pkgs, lib, ... }: - -{ - - age.secrets.mautrixWhatsAppEnv.file = secrets."${config.networking.hostName}".matrixSynapse.mautrixWhatsAppEnv; - - users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ]; - - nixpkgs.overlays = [ (final: prev: { - mautrix-whatsapp = prev.mautrix-whatsapp.override { withGoolm = true; }; - })]; - - - # disable PreStart script, because it seems to break double-puppeting setings currently - # note: this disables the usage of the specified settings in nix! - systemd.services.mautrix-whatsapp.serviceConfig.ExecStartPre = lib.mkForce ""; - - services.mautrix-whatsapp = { - enable = true; - environmentFile = config.age.secrets.mautrixWhatsAppEnv.path; - settings = { - network.displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)"; - network.os_name = "Mautrix-WhatsApp bridge (ctu.cx)"; - network.identity_change_notices = true; - network.url_previews = true; - network.history_sync = { - request_full_sync = true; - full_sync_config.days_limit = 365; - full_sync_config.size_mb_limit = 1024; - full_sync_config.storage_quota_mb = 1024; - }; - - homeserver.address = "https://matrix.ctu.cx"; - homeserver.domain = "ctu.cx"; - - database.type = "sqlite3-fk-wal"; - database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; - - backfill.enabled = true; - backfill.max_initial_messages = 100; - - double_puppet.secrets."ctu.cx" = "as_token:$MAUTRIX_WHATSAPP_BRIDGE_DP_LOGIN_SHARED_SECRET"; - - appservice = { - hostname = "[::1]"; - port = 29318; - id = "whatsapp"; - }; - - bridge = { - personal_filtering_spaces = true; - - permissions."ctu.cx" = "admin"; - - cleanup_on_logout = { - enabled = true; - manual = { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - }; - bad_credentials = { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - }; - }; - }; - }; - }; - -}
diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix @@ -52,10 +52,6 @@ # mailserver ctucxConfig.services.mailserver - # matrix server - ctucxConfig.services.matrix-synapse - ctucxConfig.services.mautrix-whatsapp - ctucxConfig.services.mautrix-signal ]; dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address;
diff --git a/secrets/hector/matrixSynapse/mautrixAppServiceRegistration.age b/secrets/hector/matrixSynapse/mautrixAppServiceRegistration.age @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWGREYXR6OGludzRZU1Qr -TE45NThEWUp4OHpSVVhCWVk2Vk5kWjJwTngwCkFrRmxFTElxNlY5L0ZWWm9ncURL -T3dIc1BIblIrWExEQkhha29PVVc1cEkKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIC9E -aFNkdUVlbkEyWmJoRktTWXpMN2JsQnB6RjJtYUdZR3hmNmpvUVc3Z28KRUdpUFR6 -OEhJdVQrZnRnWVhCajRKOEY4cFNTc1BDblRYZ0tUUld5bVA1dwotPiBwWUx+dkAt -Z3JlYXNlICkKUVNONVVEbmxBTmZiK3MzUlZYcnhUbzNKdyt6OUo0MkRCQ1AzRVpY -WUJzVU01MVF3K1Vza29saElONUdPUGhCbAp2dXhBWWcKLS0tIGhVd2tCMElMUjNT -RFJYeUp1aW9vUmRzUHc2dEtMY0lxemdUYmxLZEtHL2sKtLjj8C7vsyCtX0nfcwRc -caZGctwVibbzAwcuIqYC9TNfZCJjEz9vKK8yJ7bZAburWapfMJAbxLpv+Gwyyk9l -r1z+rSnl59PhJtYxzNk37w9lWDSZ6yMwPpZGaeugyequU1PoVRtLoDjaix7DwV0A -m5M1VcdTH5rvzJm3xIbMydMrAMI2YMEXj6tg5obCot7lVmzxDKB7X8S1NR45zdwp -Z3/xD/41+AT83uvtifp++dmgxsIE3sqxKUMH41pvBekwhrGxtlw7+Z8t5UIYLpqx -W/EU+luDSKaWqAvtVw9ANRCO/5Ae5euxuOfbztFKg1jmJ1cWCP7rerPfRzHhB4+l -06W5EMBXICWdUwdTq3e0 ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/matrixSynapse/mautrixSignalEnv.age b/secrets/hector/matrixSynapse/mautrixSignalEnv.age @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dmt2bFNldHd2USt4R0xB -Y2dHV1E4cHBwdFp1OU5TbXlqVjg4MWxSOVJnCkVoV2NLWmxaOE9ZRG1OaFVqNlFu -NWRrQVI2cEl6Z0F5S3RWVGJsQVpuYVEKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFR6 -R2NoQ0VsYmhaN1Y4S0RIbkRFUmVsZDRqM1pOU3BZZEd0RUVKQ2h2alkKZUFmVHk5 -NUQrSitFMVBwazI3QUNia2xucXJMRDkxbURnaXFzWVlvRmp3NAotPiB6bDVHRlct -Z3JlYXNlIDlUO3NsREUgfQpETEp4Y0o4KzVNVXc0QUh2VUErVXA3MjA4RzdidENl -dm1tb0QwT21HSzgrdjhUSDF0WmtUSjZWSDMyMU9IOVFGCnhEUTRIcVFpWVV6eXF2 -cXVVd2FveWRERTRleVErZmZUOEgyRDh0dkZiQ1V6OFd6aWdBa05rWTdqUXcKLS0t -IHBXTHZMaVA4SlpGR01zS0I2bWNXNEY1T3NIaTJlNzdxdHFhUWpQLzVYcFkKSlhR -TEGY5qz7h/0m4zPcQckK2D3rviLzompbVOWMFzUC+H1UitgVjBZH7zEt0q53/08B -WX0stZi186sf8pOfutX9dRl0TkkyXX8DfNxpR2+nkgxW5KEkWHdxntDrrKwx2WDv -qEJ1SGgaseybG2A= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/matrixSynapse/mautrixWhatsAppEnv.age b/secrets/hector/matrixSynapse/mautrixWhatsAppEnv.age @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMU5oeGVHakMyQ1dxSkh3 -anRpdTk0eENYN2xtOVI1azVFcDVKQzlTclNnCnVyd3hkVVM2TkVVdHo2b0p5S2Zz -K2lDUUpLZi9ITTZoUGZvc0xiQXc0TEEKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIDl3 -OEd0azBTNkJWSks1ZXdLcjFsMkJxVi83d2FKOXRpTEdyTURtN2JZSDQKd1E0VDc2 -Q2lmcE5qL29TemVIT2pGSmIvV0ZPTFdUN0JScko0ZFU2TFptbwotPiBxUS1ncmVh -c2UgYk02LGYgXDpeY0BcIEYyfCBSMDxANWZ9CnBjM09Jek5SRklDUTFzemVlUmht -U0VLTTZSNAotLS0gTGhvVXcxU2dZeFFpYm9VcTQ1SG5CL2JZejY2eVFPQXl0TnFQ -eHk0TWUvSQqKUTaRxw/OE+xqBzHS1TYY8PNkjqbFVUiLTrX1xlwcAK1WBiYHgpsz -poBsv61cBH94yMhUSi/C+bUMWfrnt+XKWnbeuZh9mYTKDm+jrPWZGpLFEigIgkkq -mLZezWp7wWGOwx8WgVqpgDSJTnNyqYC2 ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/matrixSynapse/registrationSharedSecret.age b/secrets/hector/matrixSynapse/registrationSharedSecret.age @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnT0JEZ0tNY0V1ZTVYMkFS -SFFaeXFNS2RjcCtaWHpDMUROMWJjVEJYQ1ZzCnd0TkRyR2srK0MvaHFYRzVPZWJi -Qi9YcG9IWEtZYTB4aTlvR2dPYVVWcVkKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFlL -N3BBM1JKdkRCVGNDN2tsZmRUak10NWtNWHE5ak9TZUFKdm5kUHNTemsKaGJBd0NW -VUFOOWFpSFQyazA3eU83bVcvaitKS2xOa256M0FqZXR3WldsWQotPiBrSDV2Wk9R -LWdyZWFzZSBWJCUmQCIgOToKczhlN2lJZlN2YU1wTUszbWVrUXdWODdlVitoWTlP -TWNKRjk5ZFFlaUdoR0QvMmo2NEFLeVYzSWsrVS9NVG9uKworOTRDQ2J3T1Z5YUt5 -dEFPRFdqVEl5Tmw1QlkvYnpNWG9YMnoKLS0tIFdhNi93NCtIQUNqL3BVc3BFSVRs -YnRYaDNKQnRldVAweWxkWU1hem14MGsKAIzYPLSg8o3732X1wWD72kAecu92IHIn -80oBzRWv/5hipSPdh0HuKvCkMuOVzdvUYDSHx+Hv2vqHDT64wGdhYo8= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/restic/matrixSynapse.age b/secrets/hector/restic/matrixSynapse.age @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZzMwZW81ZE5yMzdZbmhl -RUh1d25LUDZjQ2J5aHdQcTEwWGhTNVlraFY0CmdQZWdRVW84eDg2ZU5xeGxGUUVp -dDV6cUFuSCtlVm8xWjZ0VDE4d0ZqVmsKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIGNv -d3JWbVBaNHIzSWtiVHI4d1NTVzhBTzkwNW50dlcwNXVSQ3UzZlpLMjAKdy84bktD -a2laNHRBeXF1ZXlJTUx5blNOZk0wWmJ3bHREQU1yQ0thdEtrNAotPiA6ci1ncmVh -c2UgeFtWPS05ZCA/UVFaCmxrcDdLZytUb2tKd1A4TE0vcnZRU1c5QURQa2kzdW5J -Sm02Um00K05TSG9xdUtSZlh6OXh4ZE1laTBoTG9Pb0EKUlhhYitoYWgwbU40R1JW -SHowWEhyT1htWUZVQmZVR01sWitzaFEKLS0tIDMvSkVVTzFRVHpsb1JvYXVWcVhl -L1BEekpHTnVZWk0waSsvY1VBekZQd3cK3FmDiW5BqHaD9rO4OjiISRL5mjstHTHz -YpnqbHLYDG4b3y/tLuQQ0VOCxGlkZkF/OTo4E9+wRFgNTg== ------END AGE ENCRYPTED FILE-----