Grimmauld/grimm-nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add second mjolnir instance for tle

Browse source
This commit is contained in:
Grimmauld 2024-01-01 08:58:03 +00:00
parent 76988d47bb
commit 74ff3d0d23
4 changed files with 51 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
modules/mjolnir.nix
View file

@ -2,29 +2,29 @@
let let
in { in {
age.secrets = { age.secrets = {
matrix_mjolnir_pass = { matrix_mjolnir_pass = {
file = ../secrets/matrix_mjolnir_pass.age; file = ../secrets/matrix_mjolnir_pass.age;
owner = "mjolnir"; owner = "mjolnir";
group = "mjolnir"; group = "mjolnir";
mode = "0600"; mode = "0600";
}; };
matrix_mjolnir_token = {
file = ../secrets/matrix_mjolnir_token.age; matrix_mjolnir_tle_pass = {
file = ../secrets/matrix_mjolnir_tle_pass.age;
owner = "mjolnir"; owner = "mjolnir";
group = "mjolnir"; group = "mjolnir";
mode = "0600"; mode = "0777"; # not ideal, but containers are weird
}; };
}; };
# global mjolnir
services.mjolnir = { services.mjolnir = {
enable = true; enable = true;
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl; homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
protectedRooms = [ protectedRooms = [
"https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de" "https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de"
]; ];
# accessTokenFile = config.age.secrets.matrix_mjolnir_token.path;
managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de"; managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de";
pantalaimon = { pantalaimon = {
enable = true; enable = true;
@ -35,4 +35,33 @@ in {
passwordFile = config.age.secrets.matrix_mjolnir_pass.path; passwordFile = config.age.secrets.matrix_mjolnir_pass.path;
}; };
}; };
containers.mjolnirtle = let
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
in {
privateNetwork = false; # don't want nat
autoStart = true;
bindMounts."${pass_file}".isReadOnly = true;
config = { config, ... }: {
system.stateVersion = "unstable";
# tle mjolnir
services.mjolnir = {
enable = true;
homeserverUrl = baseurl;
protectedRooms = [
"https://matrix.to/#/!BgDBnHgMgilMMnPMyp:grimmauld.de"
];
managementRoom = "!NQedmlMeoQErGgAwxm:grimmauld.de";
pantalaimon = {
enable = true;
username = "mjolnir_tle";
options = {
homeserver = baseurl;
};
passwordFile = pass_file;
};
};
};
};
} }

15
secrets/matrix_mjolnir_tle_pass.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-rsa jWbwAg
MbJMn9f+sg1SygW+O6rIF8fXmieYHkQFnSuI/U71YG3JIJwMDQLMqN8dB1pi5fvg
j4wQU2211KdUsOjmpSFAoylielEMVRSm8ae+0pMDrCli6z8xb0Izd495EMexxwH8
+FWQORHvrXIaxPgHcOQ4g0SApkDAhEGl8XrI3dvC2szEy9tM5ph3LrXIAV6GBKp/
SlHD385bgZkuN8lwaczKGTjBktYiK2h1lpJBb+sQkuOP3h8rpHetU6CCbooJkQ4c
x8ND7fu3ptd/YhzVRAhTMOaQU62f1FEJoGP67hsm79rOm+0vnH5K1r16gAB2jjAh
RHXYFhzpPLrYUUCwdklGGtCFcTRc2g4gRglDx4IutTZ+2EBkrzePZ8OqXpR5/2xO
yROb3L3wex0bm9MqIyClaPFq9eUtSI4ca8s5TCZV///6FrzJVEsAlj0xZFQFGTT3
T1zOOEEzEX4f9878Wj/Rl+MZhtZUJYG39fwonFS799Omgks+NcSXi5pnPTMXnONq
cVXQM1y2wvLlxf9qbPkFCnvkqq6pWMXma18BTiAakbOZ0y/EpOGQG+vAz+zZ5wq1
le3fgfiKPM4oXuPrMPxuCd1QsmoHj5YYDSSGPWYgxHt3kKKpDVadpqgRp2FyrFGA
KGKGwqbOv12pbzmP2S3WlbAhQiUodg6my93H4kroPPM
--- q4gCKxg3dPi7iXSqByd4F3dQ6hv2h8ZH4vz1Abzzovo
„źŇgyÂŢşňŹIîŻnó<6E>ÔŚşeË*é(¨a5ĘTüÓ}ÚâDú%€ĽŔÇľUqg4\b ˘ýc5´ĆÜoY

16
secrets/matrix_mjolnir_token.age
View file

@ -1,16 +0,0 @@
age-encryption.org/v1
-> ssh-rsa jWbwAg
GW+ky3+OLl0Q1pGVEH5Dqe5VTDrjDT+aCQxOtGDe35j9KWP1FetwlE/OpptKiV+R
aKtWBHApRWXVTv5MhidcrAqTQ7E/D3Lly1QTscymRoXDXUeuybbAus/Dq8ZwFAsY
/Wae0hvVtPoVi4P/HO9KHZ6oMGBzmBgASjblry84QEpY3XCWMUr92ZeXKO70bw/F
uoGnBsvDqQTSWiYLD7yyw96f9t/nOUiEmtXvJvlDf/CzVjMEmZV9qgiAFVLbx03v
8EE+I2cwPDXk/ELrxZQ7aNOepYKaHABewARZpgzvgCylnpdm2qqlbs2mcvQgnjrF
MiVP8XQOjB5Tsmcl9qZxyGHdTouDulneOdkHuqHvXV1qM4LRptyCftgsxvWjwSk/
sp/5dVYEKBtFhV3vdbc/NJM2/Xm2ZiXpKU5MBQU4igkvoDqd5vKRzGbyLW5XnDzj
ynQ7sQ/cRXDXGRU96mm0wqCvTkPc93bUvaHjy5pvSqsLLHWyF/RzJ05DnaxNNSUe
L7LEz11p+d3VPl9B3whd2+XJPoUg7WxP5HEplK3+ioEgSxZHUj7AIIOnxWBeWQKB
c7SpfrOi8/Xyxzjsprzz6EEjNVj6oj9JXMDdon8D40dmHNX5fLmhyOhGrRpYMfq8
9e62FJpqL+ArlfvT6wnH2aQ0tBl0751fR+baCSHDWBg
--- pOWxhByGuQR+DCAWTEUID2qtKDmWxUmeAMENrwNueOQ
B+Ä=ã²9Ö44“<34>x³Úâ0v%ä`Hsâ·T
!D©-óŠÜQÅàÙ_)<19>l«jƒm/è$ÉvWß:¼wåܵ<C2B5>û

2
secrets/secrets.nix
View file

@ -11,6 +11,6 @@ in
"nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ]; "nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ];
"synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ]; "synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ];
"matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ]; "matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_token.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ]; "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
} }