commit 482fed56576b019912e15cc4e0e994ff96120684
parent 013b96664bba953d4e397fe82c5a95a0f1c15bca
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 23 Apr 2025 11:16:32 +0200
parent 013b96664bba953d4e397fe82c5a95a0f1c15bca
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 23 Apr 2025 11:16:32 +0200
configurations/nixos/websites/matrix.ctu.cx.nix: switch form `conduwuit` to `grapevine`
5 files changed, 62 insertions(+), 27 deletions(-)
M
|
71
+++++++++++++++++++++++++++++++++++++++++++++++------------------------
diff --git a/configurations/nixos/services/matrixBridges/mautrix-signal.nix b/configurations/nixos/services/matrixBridges/mautrix-signal.nix @@ -25,7 +25,7 @@ relay.enabled = false; backfill.enabled = true; - double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; +# double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "signal";
diff --git a/configurations/nixos/services/matrixBridges/mautrix-telegram.nix b/configurations/nixos/services/matrixBridges/mautrix-telegram.nix @@ -27,7 +27,7 @@ backfill.enabled = true; backfill.max_initial_messages = 400; - double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; +# double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "telegram";
diff --git a/configurations/nixos/services/matrixBridges/mautrix-whatsapp.nix b/configurations/nixos/services/matrixBridges/mautrix-whatsapp.nix @@ -36,7 +36,7 @@ backfill.enabled = true; backfill.max_initial_messages = 100; - double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; +# double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "whatsapp";
diff --git a/configurations/nixos/websites/matrix.ctu.cx.nix b/configurations/nixos/websites/matrix.ctu.cx.nix @@ -1,44 +1,67 @@ -{ inputs, secrets, pkgs, lib, config, ... }: +{ secrets, pkgs, lib, config, ... }: { dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ]; - age.secrets.resticConduwuit.file = secrets."${config.networking.hostName}".restic.conduwuit; + age.secrets.resticGrapevine.file = secrets."${config.networking.hostName}".restic.grapevine; - restic-backups.conduwuit = { - passwordFile = config.age.secrets.resticConduwuit.path; + restic-backups.grapevine = { + passwordFile = config.age.secrets.resticGrapevine.path; paths = [ - "/var/lib/conduwuit/databaseBackup" - "/var/lib/conduwuit/media" + "/var/lib/grapevine/database" + "/var/lib/grapevine/media" ]; }; - systemd.services.conduwuit.onFailure = [ "ntfysh-notify-failure@%i.service" ]; - systemd.services.conduwuit.serviceConfig.ExecStart = lib.mkForce "${config.services.conduwuit.package}/bin/conduwuit"; - - services.conduwuit = { - enable = true; - package = inputs.conduwuit.packages."${config.nixpkgs.system}".default; - settings.global = { - server_name = "ctu.cx"; - address = [ "::1" ]; - port = [ 6167 ]; - allow_registration = false; - registration_token = "foobar123"; - database_backup_path = "/var/lib/conduwuit/databaseBackup"; - database_backups_to_keep = 1; - query_trusted_key_servers_first = false; + systemd.services.grapevine = { + onFailure = [ "ntfysh-notify-failure@%i.service" ]; + serviceConfig.ExecStartPre = pkgs.writeShellScript "createDirs" '' + mkdir -p /var/lib/grapevine/media; + mkdir -p /var/lib/grapevine/database; + ''; + }; + + services.grapevine = { + enable = true; + + settings = { + server_name = "ctu.cx"; + max_request_size = 52428800; + + media.allow_unauthenticated_access = true; + + allow_registration = false; + registration_token = "foobar123"; + + database.backend = "rocksdb"; + database.cache_capacity_mb = 128; + + federation.max_concurrent_requests = 10000; + federation.self_test = false; # somehow this fails to unexpected server version + + server_discovery.server.authority = "ctu.cx:443"; + server_discovery.client.base_url = "https://ctu.cx"; + + observability.logs.format = "pretty"; + + listen = [{ + type = "tcp"; + address = "::1"; + port = 6167; + }]; }; }; + services.nginx = { enable = true; virtualHosts = let + grapevineListen = lib.last config.services.grapevine.settings.listen; matrixServerConfig = { "m.server" = "matrix.ctu.cx:443"; }; matrixClientConfig = { "m.homeserver".base_url = "https://matrix.ctu.cx/"; }; in { - "${config.services.conduwuit.settings.global.server_name}" = { + "${config.services.grapevine.settings.server_name}" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; @@ -59,13 +82,13 @@ kTLS = true; locations = { "/_matrix" = { - proxyPass = "http://[${lib.last config.services.conduwuit.settings.global.address}]:${toString (lib.last config.services.conduwuit.settings.global.port)}"; + proxyPass = "http://[${grapevineListen.address}]:${toString (grapevineListen.port)}"; proxyWebsockets = true; }; "/".root = pkgs.cinny.override { conf = { defaultHomeserver = 0; - homeserverList = [ config.services.conduwuit.settings.global.server_name ]; + homeserverList = [ config.services.grapevine.settings.server_name ]; hashRouter.enabled = true; allowCustomHomesevrers = false; };
diff --git a/secrets/hector/restic/grapevine.age b/secrets/hector/restic/grapevine.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbXhKNitOZlp6WlZFWVlZ +aXBmK3Jpc2pOYnY4NE5TM2szejRoaGdYY1NNCjRtOVhRY1Z4aHUvdHlQNFpVNHlW +R1IrQWs2N1MyaEUvelNYUGNQR0d0dlEKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIEdX +UXBsSkRhbWlacWxsTFJFejJOdS9DSEM3dnYyT1E3cExNSXc3NGM5azgKdzJLMU8x +RENOQWg2bms0MjB6VXdHOW16ZytVVk94alVaeTMyZ2gzTUpnNAotPiBJPz9VWS1n +cmVhc2UgRD4tWVggSSUgPk5KPQp5aGdKblNqR3R1ZlJreDhZV0lEQVRUeHdmRGlK +Y1M0TTdxbHA3UHdTODRKZEdRZE45QXF0WHp2UFRVUStLY3hCCkpxc2VBYVJwcVZh +cwotLS0ga1RqY0dFNkdJRHdVRkJ0cnhmSUlVczgrTUNTbm1QR2VIdDJsTzByN2xG +bwrYnXbuOZgjKb6dVtirxC03MUw8XyyY8Bort0famAd6Jc4Wfj2kDyyVJJtuRxzd +sSncbWGo2OG6f0oBiBg= +-----END AGE ENCRYPTED FILE-----