titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

conduit and other changes

Browse Source
This commit is contained in:
Simon Gardling 2024-12-02 10:45:17 -05:00
parent 9665c744cf
commit 9b5af0c075
Signed by: titaniumtown
GPG Key ID: 9AB28AC10ECE533D
7 changed files with 73 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -3,3 +3,4 @@ secrets/hashedPass filter=git-crypt diff=git-crypt
secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt
secrets/wg0.conf filter=git-crypt diff=git-crypt secrets/wg0.conf filter=git-crypt diff=git-crypt
secrets/caddy_auth.nix filter=git-crypt diff=git-crypt secrets/caddy_auth.nix filter=git-crypt diff=git-crypt
secrets/matrix_reg_token.nix filter=git-crypt diff=git-crypt

2
configuration.nix
View File

@ -19,6 +19,8 @@
./services/wg.nix ./services/wg.nix
./services/qbittorrent.nix ./services/qbittorrent.nix
./services/bitmagnet.nix ./services/bitmagnet.nix
./services/matrix.nix
]; ];
systemd.targets = { systemd.targets = {

18
flake.lock generated
View File

@ -43,11 +43,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732499634, "lastModified": 1733104667,
"narHash": "sha256-RFtqNl1OOi5uKxP2UwYKz4zknpG7CnaocqOf7jcp1AY=", "narHash": "sha256-77V9I6NiwUaDswdsc5TilIREd7OFs8UAVQ3+++cIPN0=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "6f29ed33273eef383a33ac7e10e6cfb4949ef3d4", "rev": "5747ec35c936d9d9f58c281111f5ab7115fe13cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -58,11 +58,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1732483221, "lastModified": 1733139194,
"narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "narHash": "sha256-PVQW9ovo0CJbhuhCsrhFJGGdD1euwUornspKpBIgdok=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "rev": "c6c90887f84c02ce9ebf33b95ca79ef45007bf88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -74,11 +74,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1733015953,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
flake.nix
View File

@ -3,7 +3,6 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs.url = "github:NixOS/nixpkgs/master";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
@ -97,14 +96,11 @@
# import the `services.qbittorrent` module # import the `services.qbittorrent` module
(nixpkgs-qbt + "/nixos/modules/services/torrent/qbittorrent.nix") (nixpkgs-qbt + "/nixos/modules/services/torrent/qbittorrent.nix")
# get nix-minercaft working! # get nix-minecraft working!
nix-minecraft.nixosModules.minecraft-servers nix-minecraft.nixosModules.minecraft-servers
(
{ ... }:
{ {
nixpkgs.overlays = [ nix-minecraft.overlay ]; nixpkgs.overlays = [ nix-minecraft.overlay ];
} }
)
] ]
++ (with nixos-hardware.nixosModules; [ ++ (with nixos-hardware.nixosModules; [
common-cpu-amd-pstate common-cpu-amd-pstate

BIN
secrets/matrix_reg_token.nix Normal file
View File

Binary file not shown.

20
services/caddy.nix
View File

@ -51,25 +51,43 @@
root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web
file_server browse file_server browse
''; '';
"${config.services.matrix-conduit.settings.global.server_name}".extraConfig = ''
reverse_proxy :${builtins.toString config.services.matrix-conduit.settings.global.port}
'';
# Exact duplicate of matrix.gardling.com
"${config.services.matrix-conduit.settings.global.server_name}:8448".extraConfig =
config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
}".extraConfig;
}; };
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${service_configs.https.data_dir} 0755 ${config.services.caddy.user} ${config.services.caddy.group}" "d ${service_configs.https.data_dir} 0750 ${config.services.caddy.user} ${config.services.caddy.group}"
]; ];
systemd.packages = with pkgs; [ nssTools ]; systemd.packages = with pkgs; [ nssTools ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
service_configs.ports.https service_configs.ports.https
# http (but really acmeCA challenges)
80 80
# for matrix federation
8448
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
service_configs.ports.https service_configs.ports.https
# for matrix federation
8448
]; ];
users.users.${config.services.caddy.user}.extraGroups = [ users.users.${config.services.caddy.user}.extraGroups = [
# for `map.gardling.com`
"minecraft" "minecraft"
]; ];

38
services/matrix.nix Normal file
View File

@ -0,0 +1,38 @@
{
pkgs,
config,
service_configs,
...
}:
{
imports = [
../secrets/matrix_reg_token.nix
];
services.matrix-conduit = {
enable = true;
package = pkgs.conduwuit;
# package = pkgs.conduwuit.overrideAttrs (old: {
# cargoBuildFeatures = pkgs.lib.remove "release_max_log_level" old.cargoBuildFeatures;
# });
settings.global = {
port = 6167;
server_name = "matrix.${service_configs.https.domain}";
database_backend = "rocksdb";
allow_registration = true;
trusted_servers = [
"matrix.org"
"envs.net"
];
# without this, conduit fails to start
address = "0.0.0.0";
};
};
systemd.tmpfiles.rules = [
"d /var/lib/private/matrix-conduit 0750 conduit conduit"
];
}