add mjolnir

This commit is contained in:
Grimmauld 2023-12-31 18:06:33 +00:00
parent 8137ef1b86
commit 76988d47bb
9 changed files with 105 additions and 2 deletions

View file

@ -40,6 +40,8 @@ in {
lshw lshw
pciutils pciutils
gitea gitea
matrix-synapse-tools.synadm
matrix-synapse
# ffmpeg-full # ffmpeg-full
pufferpanel pufferpanel

View file

@ -32,6 +32,7 @@
./modules/nextcloud.nix ./modules/nextcloud.nix
./modules/prometheus.nix ./modules/prometheus.nix
./modules/letsencrypt.nix ./modules/letsencrypt.nix
./modules/mjolnir.nix
./modules/fail2ban.nix ./modules/fail2ban.nix
./modules/email.nix ./modules/email.nix
./modules/mastodon.nix ./modules/mastodon.nix

View file

@ -68,11 +68,14 @@ host replication all ::1/128 md5
suppress_key_server_warning = true; suppress_key_server_warning = true;
server_name = root_host; server_name = root_host;
public_baseurl = "https://${root_host}"; public_baseurl = "https://${root_host}";
enable_registration = false; enable_registration = true;
enable_registration_without_verification = true; registration_requires_token = true;
registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
# enable_registration_without_verification = true;
# mainLogConfig = ./matrix_synapse_log_config.yaml; # mainLogConfig = ./matrix_synapse_log_config.yaml;
# registrations_require_3pid = [ "email" ]; # registrations_require_3pid = [ "email" ];
database = { database = {
name = "psycopg2"; name = "psycopg2";
args = { args = {
@ -101,6 +104,13 @@ host replication all ::1/128 md5
group = "matrix-synapse"; group = "matrix-synapse";
mode = "0600"; mode = "0600";
}; };
age.secrets.synapse_registration_shared_secret = {
file = ../secrets/synapse_registration_shared_secret.age;
owner = "matrix-synapse";
group = "matrix-synapse";
mode = "0600";
};
services.nginx = { services.nginx = {
enable = true; enable = true;

38
modules/mjolnir.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, ... } :
let
in {
age.secrets = {
matrix_mjolnir_pass = {
file = ../secrets/matrix_mjolnir_pass.age;
owner = "mjolnir";
group = "mjolnir";
mode = "0600";
};
matrix_mjolnir_token = {
file = ../secrets/matrix_mjolnir_token.age;
owner = "mjolnir";
group = "mjolnir";
mode = "0600";
};
};
services.mjolnir = {
enable = true;
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
protectedRooms = [
"https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de"
];
# accessTokenFile = config.age.secrets.matrix_mjolnir_token.path;
managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de";
pantalaimon = {
enable = true;
username = "mjolnir";
options = {
homeserver = config.services.matrix-synapse-next.settings.public_baseurl;
};
passwordFile = config.age.secrets.matrix_mjolnir_pass.path;
};
};
}

View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-rsa jWbwAg
Y34uAa+VEd/xy3iIs0rDEpF9iBQVpU//AQcTpP/lo1idGdUbVS2KeqkWZiGFfiOL
PZNBZ9TkQhqKvw4dD7xdVNZoO9R2O9KApMIAtf4XRN+YvNA6l9dnpu/UDLFzh2F0
NJY4TXRXJPRB3k5ngbCvYv2anQ6yMi7cpHZNEIgM/LdKGJ/56YHXQAxtOe4o+0Mz
Q1FQOsEFGa2Kb5f5D9wdjfZvDkoUzG9W2Cao2GAKdtJQx0yAP3T4uEt+22nYo5OB
mOuKJ0qNwfoSk0ErC+dYlkgknG6W4QsxA/G7ZMzFq/E70yNzAOAViXPMRSnJYpr2
p2C8nhQ3lhlS2bFu46Jgi4NTj9FvnABVH+QiwL3P+WtqCMGy+LRfHDMJ1i14M35/
6cTaeSw1d4UiZekxgCsHXrT4BipC70pH+9vZYGTVzP3SxfkbilwhQJvpREnNZq1o
e2vfMHod3syDvZfYEILayODY+WwuqVp4O6NIOoPNygKwdoN+DiYKs7vhUFXU/AWA
iVL5jQ0p4fI7qQm/jrNL3E7Mj+FMYQMBKTvSjF8O/YFBymsDtcN0bLlKIOdSdLP/
Tm0tffNargbnrF9a4ZNjOihbNYocDfID7hyFsdpqF9TsANXeiRkBGWT/RnOzMBs0
QZLz3iChOR87PPC4loqZJpQSYLnQ77m7ZcODzDnScwo
--- UWFxzIGon0JaPMjmKUkZQGNLa44SSusFKXVb3eGhyFE
̶¼w“ÂT©XP=žïÓ/m$nyßwϧç¿ð«‰,þïo ùïƒØNé0Fò ’ø±,øî<C3B8>
¡d+ËSâ”

View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-rsa jWbwAg
jXawkbb/FkE0/pdY3wvHC+iVx9RgIB7ytAKsk+mxx0hhwAOZL4oswvvKsnYdkUjv
5UMexnENT9I1+ZLyVMusvxvlMM+LxZtkNOLCylFF4G/Xyrq6QS5NMFK5aD0slT1U
nwufnIABuheku4yK3W/lYJcwsHT+lFfkSyqXw214AMHI37YVnsSxgjgV3KhC9ZhG
dxWG010li/7uFh1+/006+DKoa7VejrJM7OUeUVCjBjSwYazMUAi8okuaZzhMeeWG
sC8v7RmnZTM/mS0nBu0wcZxUB7Vz2c2evBNUuARELfMzxRfh9yIQMzg3k5A7xNqC
qjj3KchocgNPoTrzG/x4uFFhCmF523LJ/85IlFIQ8X/1MrAgZg/L5N5fEmhHLRG6
yVGRm0xs9wEWf1ZzSPALHO/fLUa6K+9IEo9e5Ne3+HtzeiSrlBTgAThm4iS/j9gJ
Gh5cnAuG8dmvZsnV0VJLZCCa938PugsKxsbEGRgtIwj5FaBudLd6DzNwqq9n88Y3
H3Vnc56ru/XWHVTnVNKAstXkUmAxCH2SKpETXgb2Nd7aLBEYd0Dp334wdYOYaBnR
3p0jTTpU2TFA8zfLJRy0CnElfC11YYp5aF3+ONEuGFbiAdFSoixRd0xUdxKvQ6Ym
KK875Yhl3KBCbQGHGzT9TRwqFv4GM5gntoV6QFXv8R4
--- mty/HLWaSdsD6bxDTO2KJ9itaRpuI1OKyH3+KAMX6TM
j©¡©Ÿžƒ÷¼Í hŒV¹4*µ °á
ÿÞ…tñÝ3šJ0ð!ÁhFB¹”'Ráxí¶}jÒJ¥

View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-rsa jWbwAg
GW+ky3+OLl0Q1pGVEH5Dqe5VTDrjDT+aCQxOtGDe35j9KWP1FetwlE/OpptKiV+R
aKtWBHApRWXVTv5MhidcrAqTQ7E/D3Lly1QTscymRoXDXUeuybbAus/Dq8ZwFAsY
/Wae0hvVtPoVi4P/HO9KHZ6oMGBzmBgASjblry84QEpY3XCWMUr92ZeXKO70bw/F
uoGnBsvDqQTSWiYLD7yyw96f9t/nOUiEmtXvJvlDf/CzVjMEmZV9qgiAFVLbx03v
8EE+I2cwPDXk/ELrxZQ7aNOepYKaHABewARZpgzvgCylnpdm2qqlbs2mcvQgnjrF
MiVP8XQOjB5Tsmcl9qZxyGHdTouDulneOdkHuqHvXV1qM4LRptyCftgsxvWjwSk/
sp/5dVYEKBtFhV3vdbc/NJM2/Xm2ZiXpKU5MBQU4igkvoDqd5vKRzGbyLW5XnDzj
ynQ7sQ/cRXDXGRU96mm0wqCvTkPc93bUvaHjy5pvSqsLLHWyF/RzJ05DnaxNNSUe
L7LEz11p+d3VPl9B3whd2+XJPoUg7WxP5HEplK3+ioEgSxZHUj7AIIOnxWBeWQKB
c7SpfrOi8/Xyxzjsprzz6EEjNVj6oj9JXMDdon8D40dmHNX5fLmhyOhGrRpYMfq8
9e62FJpqL+ArlfvT6wnH2aQ0tBl0751fR+baCSHDWBg
--- pOWxhByGuQR+DCAWTEUID2qtKDmWxUmeAMENrwNueOQ
B+Ä=ã²9Ö44“<34>x³Úâ0v%ä`Hsâ·T
!D©-óŠÜQÅàÙ_)<19>l«jƒm/è$ÉvWß:¼wåܵ<C2B5>û

View file

@ -9,4 +9,8 @@ in
"grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ]; "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];
"nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ]; "nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ];
"nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ]; "nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ];
"synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ];
"matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_token.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
} }

Binary file not shown.