update

matrix: setup delegation and misc configs
minecraft: update mods
2024-12-03 23:00:45 -05:00 · 2024-12-03 23:00:38 -05:00 · 2024-12-03 23:00:11 -05:00 · 2024-12-02 10:48:09 -05:00
8 changed files with 95 additions and 24 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,3 +3,4 @@ secrets/hashedPass filter=git-crypt diff=git-crypt
 secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt
 secrets/wg0.conf filter=git-crypt diff=git-crypt
 secrets/caddy_auth.nix filter=git-crypt diff=git-crypt
+secrets/matrix_reg_token.nix filter=git-crypt diff=git-crypt
--- a/configuration.nix
+++ b/configuration.nix
@@ -19,6 +19,8 @@
    ./services/wg.nix
    ./services/qbittorrent.nix
    ./services/bitmagnet.nix
+
+    ./services/matrix.nix
  ];

  systemd.targets = {
@@ -126,6 +128,8 @@

    tmux

+    wget
+
    (pkgs.writeScriptBin "mc-console" ''
      #!/bin/sh
      ${pkgs.tmux}/bin/tmux -S /run/minecraft/${service_configs.minecraft.server_name}.sock attach
--- a/flake.lock
+++ b/flake.lock
@@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1732499634,
-        "narHash": "sha256-RFtqNl1OOi5uKxP2UwYKz4zknpG7CnaocqOf7jcp1AY=",
+        "lastModified": 1733277378,
+        "narHash": "sha256-jPhKF6d2UXBr2nkJIFuUjVXdo6kEwLuIMK3RyJeA60s=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "6f29ed33273eef383a33ac7e10e6cfb4949ef3d4",
+        "rev": "ea8246bb2a70d33b5d332667a57da75e95c89af9",
        "type": "github"
      },
      "original": {
@@ -58,11 +58,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1732483221,
-        "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=",
+        "lastModified": 1733217105,
+        "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405",
+        "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9",
        "type": "github"
      },
      "original": {
@@ -74,11 +74,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1733212471,
+        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,6 @@

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    # nixpkgs.url = "github:NixOS/nixpkgs/master";

    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

@@ -97,14 +96,11 @@
            # import the `services.qbittorrent` module
            (nixpkgs-qbt + "/nixos/modules/services/torrent/qbittorrent.nix")

-            # get nix-minercaft working!
+            # get nix-minecraft working!
            nix-minecraft.nixosModules.minecraft-servers
-            (
-              { ... }:
-              {
-                nixpkgs.overlays = [ nix-minecraft.overlay ];
-              }
-            )
+            {
+              nixpkgs.overlays = [ nix-minecraft.overlay ];
+            }
          ]
          ++ (with nixos-hardware.nixosModules; [
            common-cpu-amd-pstate
--- a/secrets/matrix_reg_token.nix
+++ b/secrets/matrix_reg_token.nix
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -5,6 +5,9 @@
  pkgs,
  ...
 }:
+let
+  matrix_hostname = "matrix.${service_configs.https.domain}";
+in
 {
  services.caddy = {
    enable = true;
@@ -12,6 +15,12 @@
    virtualHosts = {
      ${service_configs.https.domain} = {
        extraConfig = ''
+
+          header /.well-known/matrix/* Content-Type application/json
+          header /.well-known/matrix/* Access-Control-Allow-Origin *
+          respond /.well-known/matrix/server `{"m.server": "${matrix_hostname}:443"}`
+          respond /.well-known/matrix/client `{"m.server":{"base_url":"https://${matrix_hostname}"},"m.homeserver":{"base_url":"https://${matrix_hostname}"},"org.matrix.msc3575.proxy":{"base_url":"https://${config.services.matrix-conduit.settings.global.server_name}"}}`
+
          root * ${service_configs.https.data_dir}
          file_server browse
        '';
@@ -51,25 +60,43 @@
        root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web
        file_server browse
      '';
+
+      "${matrix_hostname}".extraConfig = ''
+        reverse_proxy :${builtins.toString config.services.matrix-conduit.settings.global.port}
+      '';
+
+      # Exact duplicate of matrix.gardling.com
+      "${matrix_hostname}:8448".extraConfig =
+        config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
+        }".extraConfig;
    };
  };

  systemd.tmpfiles.rules = [
-    "d ${service_configs.https.data_dir} 0755 ${config.services.caddy.user} ${config.services.caddy.group}"
+    "d ${service_configs.https.data_dir} 0750 ${config.services.caddy.user} ${config.services.caddy.group}"
  ];

  systemd.packages = with pkgs; [ nssTools ];

  networking.firewall.allowedTCPPorts = [
    service_configs.ports.https
+
+    # http (but really acmeCA challenges)
    80
+
+    # for matrix federation
+    8448
  ];

  networking.firewall.allowedUDPPorts = [
    service_configs.ports.https
+
+    # for matrix federation
+    8448
  ];

  users.users.${config.services.caddy.user}.extraGroups = [
+    # for `map.gardling.com`
    "minecraft"
  ];

--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -0,0 +1,43 @@
+{
+  pkgs,
+  config,
+  service_configs,
+  ...
+}:
+{
+  imports = [
+    ../secrets/matrix_reg_token.nix
+  ];
+
+  services.matrix-conduit = {
+    enable = true;
+    package = pkgs.conduwuit;
+    # package = pkgs.conduwuit.overrideAttrs (old: {
+    #   cargoBuildFeatures = pkgs.lib.remove "release_max_log_level" old.cargoBuildFeatures;
+    # });
+
+    settings.global = {
+      port = 6167;
+      # server_name = "matrix.${service_configs.https.domain}";
+      server_name = service_configs.https.domain;
+      database_backend = "rocksdb";
+      allow_registration = true;
+
+      new_user_displayname_suffix = "";
+
+      trusted_servers = [
+        "matrix.org"
+        "constellatory.net"
+        "tchncs.de"
+        "envs.net"
+      ];
+
+      # without this, conduit fails to start
+      address = "0.0.0.0";
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/private/matrix-conduit 0750 conduit conduit"
+  ];
+}
--- a/services/minecraft.nix
+++ b/services/minecraft.nix
@@ -57,8 +57,8 @@ in
            };

            Lithium = fetchurl {
-              url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/QhCwdt4l/lithium-fabric-0.14.2-snapshot%2Bmc1.21.3-build.91.jar";
-              sha512 = "6c025877e0f5de8f87baca0be08e19bbad8fb7f6e2037d064f2497fd9779cdc3b979dfc80d228374934ef84014949c9cb4740c816cac0ac9ad0d566d1d7e4f0e";
+              url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/pZRO3EKX/lithium-fabric-0.14.3%2Bmc1.21.3.jar";
+              sha512 = "31ad08427ac50dd54cd2215c29452bd20430ce13f2bd8f4bdb8a6e2f6222b83df47d5727edac721f9397fa296db2998f9aa3eabe2c4c5d45619f8b5b00cd21fc";
            };

            NoChatReports = fetchurl {
@@ -73,8 +73,8 @@ in
            # };

            moonrise = fetchurl {
-              url = "https://cdn.modrinth.com/data/KOHu7RCS/versions/GD9TRt0g/Moonrise-Fabric-0.2.0-beta.4%2Be7510ed.jar";
-              sha512 = "32be95ce0c1526e2522cefbe3321024d6c12405742b5367edc2e373dc0ff203c25422c98c68cf81355375d7fcf52f90520749811bff1e2ac302671263caa58a6";
+              url = "https://cdn.modrinth.com/data/KOHu7RCS/versions/LMdPX7nZ/Moonrise-Fabric-0.2.0-beta.5%2Ba6cf977.jar";
+              sha512 = "550474a8c2fd94c97d30ec3a03456b343db8467eff0807487d4fb84bb8f3be1b36720c70a86f0b364a448103519315fc6d7752a3df8cabf140f2af4f4a0b5851";
            };

            mixintrace = fetchurl {
@@ -104,8 +104,8 @@ in
            # };

            squaremap = fetchurl {
-              url = "https://jenkins.jpenilla.xyz/job/squaremap/lastSuccessfulBuild/artifact/build/libs/squaremap-fabric-mc1.21.3-1.3.3-SNAPSHOT+6298c9d.jar";
-              sha256 = "TkXdjYimTSBsvCLstX8siq9AbupOmgIkEkHunQv8now=";
+              url = "https://jenkins.jpenilla.xyz/job/squaremap/lastSuccessfulBuild/artifact/build/libs/squaremap-fabric-mc1.21.3-1.3.4-SNAPSHOT+61898fc.jar";
+              sha256 = "k5PYfaO+9akftd1+43DGVHL8hGL5Ys02mEjV4Ici60g=";
            };
          }
        );
Author	SHA1	Message	Date
Simon Gardling	c38ac0e649	update	2024-12-03 23:00:45 -05:00
Simon Gardling	c466f9c89f	matrix: setup delegation and misc configs	2024-12-03 23:00:38 -05:00
Simon Gardling	9752ec40d9	minecraft: update mods	2024-12-03 23:00:11 -05:00
Simon Gardling	9b5af0c075	conduit and other changes	2024-12-02 10:48:09 -05:00