add mjolnir
This commit is contained in:
parent
8137ef1b86
commit
76988d47bb
9 changed files with 105 additions and 2 deletions
|
@ -40,6 +40,8 @@ in {
|
||||||
lshw
|
lshw
|
||||||
pciutils
|
pciutils
|
||||||
gitea
|
gitea
|
||||||
|
matrix-synapse-tools.synadm
|
||||||
|
matrix-synapse
|
||||||
# ffmpeg-full
|
# ffmpeg-full
|
||||||
|
|
||||||
pufferpanel
|
pufferpanel
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
./modules/nextcloud.nix
|
./modules/nextcloud.nix
|
||||||
./modules/prometheus.nix
|
./modules/prometheus.nix
|
||||||
./modules/letsencrypt.nix
|
./modules/letsencrypt.nix
|
||||||
|
./modules/mjolnir.nix
|
||||||
./modules/fail2ban.nix
|
./modules/fail2ban.nix
|
||||||
./modules/email.nix
|
./modules/email.nix
|
||||||
./modules/mastodon.nix
|
./modules/mastodon.nix
|
||||||
|
|
|
@ -68,11 +68,14 @@ host replication all ::1/128 md5
|
||||||
suppress_key_server_warning = true;
|
suppress_key_server_warning = true;
|
||||||
server_name = root_host;
|
server_name = root_host;
|
||||||
public_baseurl = "https://${root_host}";
|
public_baseurl = "https://${root_host}";
|
||||||
enable_registration = false;
|
enable_registration = true;
|
||||||
enable_registration_without_verification = true;
|
registration_requires_token = true;
|
||||||
|
registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
|
||||||
|
# enable_registration_without_verification = true;
|
||||||
# mainLogConfig = ./matrix_synapse_log_config.yaml;
|
# mainLogConfig = ./matrix_synapse_log_config.yaml;
|
||||||
|
|
||||||
# registrations_require_3pid = [ "email" ];
|
# registrations_require_3pid = [ "email" ];
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
name = "psycopg2";
|
name = "psycopg2";
|
||||||
args = {
|
args = {
|
||||||
|
@ -101,6 +104,13 @@ host replication all ::1/128 md5
|
||||||
group = "matrix-synapse";
|
group = "matrix-synapse";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
|
age.secrets.synapse_registration_shared_secret = {
|
||||||
|
file = ../secrets/synapse_registration_shared_secret.age;
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
group = "matrix-synapse";
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
38
modules/mjolnir.nix
Normal file
38
modules/mjolnir.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, ... } :
|
||||||
|
let
|
||||||
|
|
||||||
|
in {
|
||||||
|
age.secrets = {
|
||||||
|
matrix_mjolnir_pass = {
|
||||||
|
file = ../secrets/matrix_mjolnir_pass.age;
|
||||||
|
owner = "mjolnir";
|
||||||
|
group = "mjolnir";
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
matrix_mjolnir_token = {
|
||||||
|
file = ../secrets/matrix_mjolnir_token.age;
|
||||||
|
owner = "mjolnir";
|
||||||
|
group = "mjolnir";
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.mjolnir = {
|
||||||
|
enable = true;
|
||||||
|
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
|
||||||
|
protectedRooms = [
|
||||||
|
"https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de"
|
||||||
|
];
|
||||||
|
# accessTokenFile = config.age.secrets.matrix_mjolnir_token.path;
|
||||||
|
managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de";
|
||||||
|
pantalaimon = {
|
||||||
|
enable = true;
|
||||||
|
username = "mjolnir";
|
||||||
|
options = {
|
||||||
|
homeserver = config.services.matrix-synapse-next.settings.public_baseurl;
|
||||||
|
};
|
||||||
|
passwordFile = config.age.secrets.matrix_mjolnir_pass.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
16
secrets/matrix_admin_pass.age
Normal file
16
secrets/matrix_admin_pass.age
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa jWbwAg
|
||||||
|
Y34uAa+VEd/xy3iIs0rDEpF9iBQVpU//AQcTpP/lo1idGdUbVS2KeqkWZiGFfiOL
|
||||||
|
PZNBZ9TkQhqKvw4dD7xdVNZoO9R2O9KApMIAtf4XRN+YvNA6l9dnpu/UDLFzh2F0
|
||||||
|
NJY4TXRXJPRB3k5ngbCvYv2anQ6yMi7cpHZNEIgM/LdKGJ/56YHXQAxtOe4o+0Mz
|
||||||
|
Q1FQOsEFGa2Kb5f5D9wdjfZvDkoUzG9W2Cao2GAKdtJQx0yAP3T4uEt+22nYo5OB
|
||||||
|
mOuKJ0qNwfoSk0ErC+dYlkgknG6W4QsxA/G7ZMzFq/E70yNzAOAViXPMRSnJYpr2
|
||||||
|
p2C8nhQ3lhlS2bFu46Jgi4NTj9FvnABVH+QiwL3P+WtqCMGy+LRfHDMJ1i14M35/
|
||||||
|
6cTaeSw1d4UiZekxgCsHXrT4BipC70pH+9vZYGTVzP3SxfkbilwhQJvpREnNZq1o
|
||||||
|
e2vfMHod3syDvZfYEILayODY+WwuqVp4O6NIOoPNygKwdoN+DiYKs7vhUFXU/AWA
|
||||||
|
iVL5jQ0p4fI7qQm/jrNL3E7Mj+FMYQMBKTvSjF8O/YFBymsDtcN0bLlKIOdSdLP/
|
||||||
|
Tm0tffNargbnrF9a4ZNjOihbNYocDfID7hyFsdpqF9TsANXeiRkBGWT/RnOzMBs0
|
||||||
|
QZLz3iChOR87PPC4loqZJpQSYLnQ77m7ZcODzDnScwo
|
||||||
|
--- UWFxzIGon0JaPMjmKUkZQGNLa44SSusFKXVb3eGhyFE
|
||||||
|
̶¼w“ÂT©XP=žïÓ/m$nyßwϧç¿ð«‰,þïoùïƒØNé0Fò ’ø±,øî<C3B8>
|
||||||
|
¡d+ËSâ”
|
16
secrets/matrix_mjolnir_pass.age
Normal file
16
secrets/matrix_mjolnir_pass.age
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa jWbwAg
|
||||||
|
jXawkbb/FkE0/pdY3wvHC+iVx9RgIB7ytAKsk+mxx0hhwAOZL4oswvvKsnYdkUjv
|
||||||
|
5UMexnENT9I1+ZLyVMusvxvlMM+LxZtkNOLCylFF4G/Xyrq6QS5NMFK5aD0slT1U
|
||||||
|
nwufnIABuheku4yK3W/lYJcwsHT+lFfkSyqXw214AMHI37YVnsSxgjgV3KhC9ZhG
|
||||||
|
dxWG010li/7uFh1+/006+DKoa7VejrJM7OUeUVCjBjSwYazMUAi8okuaZzhMeeWG
|
||||||
|
sC8v7RmnZTM/mS0nBu0wcZxUB7Vz2c2evBNUuARELfMzxRfh9yIQMzg3k5A7xNqC
|
||||||
|
qjj3KchocgNPoTrzG/x4uFFhCmF523LJ/85IlFIQ8X/1MrAgZg/L5N5fEmhHLRG6
|
||||||
|
yVGRm0xs9wEWf1ZzSPALHO/fLUa6K+9IEo9e5Ne3+HtzeiSrlBTgAThm4iS/j9gJ
|
||||||
|
Gh5cnAuG8dmvZsnV0VJLZCCa938PugsKxsbEGRgtIwj5FaBudLd6DzNwqq9n88Y3
|
||||||
|
H3Vnc56ru/XWHVTnVNKAstXkUmAxCH2SKpETXgb2Nd7aLBEYd0Dp334wdYOYaBnR
|
||||||
|
3p0jTTpU2TFA8zfLJRy0CnElfC11YYp5aF3+ONEuGFbiAdFSoixRd0xUdxKvQ6Ym
|
||||||
|
KK875Yhl3KBCbQGHGzT9TRwqFv4GM5gntoV6QFXv8R4
|
||||||
|
--- mty/HLWaSdsD6bxDTO2KJ9itaRpuI1OKyH3+KAMX6TM
|
||||||
|
j©¡©Ÿžƒ÷¼ÍhŒV¹4*µ °á
|
||||||
|
ÿÞ…tñÝ3šJ0ð!ÁhFB‚¹”'Ráxí¶}jÒJ¥
|
16
secrets/matrix_mjolnir_token.age
Normal file
16
secrets/matrix_mjolnir_token.age
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa jWbwAg
|
||||||
|
GW+ky3+OLl0Q1pGVEH5Dqe5VTDrjDT+aCQxOtGDe35j9KWP1FetwlE/OpptKiV+R
|
||||||
|
aKtWBHApRWXVTv5MhidcrAqTQ7E/D3Lly1QTscymRoXDXUeuybbAus/Dq8ZwFAsY
|
||||||
|
/Wae0hvVtPoVi4P/HO9KHZ6oMGBzmBgASjblry84QEpY3XCWMUr92ZeXKO70bw/F
|
||||||
|
uoGnBsvDqQTSWiYLD7yyw96f9t/nOUiEmtXvJvlDf/CzVjMEmZV9qgiAFVLbx03v
|
||||||
|
8EE+I2cwPDXk/ELrxZQ7aNOepYKaHABewARZpgzvgCylnpdm2qqlbs2mcvQgnjrF
|
||||||
|
MiVP8XQOjB5Tsmcl9qZxyGHdTouDulneOdkHuqHvXV1qM4LRptyCftgsxvWjwSk/
|
||||||
|
sp/5dVYEKBtFhV3vdbc/NJM2/Xm2ZiXpKU5MBQU4igkvoDqd5vKRzGbyLW5XnDzj
|
||||||
|
ynQ7sQ/cRXDXGRU96mm0wqCvTkPc93bUvaHjy5pvSqsLLHWyF/RzJ05DnaxNNSUe
|
||||||
|
L7LEz11p+d3VPl9B3whd2+XJPoUg7WxP5HEplK3+ioEgSxZHUj7AIIOnxWBeWQKB
|
||||||
|
c7SpfrOi8/Xyxzjsprzz6EEjNVj6oj9JXMDdon8D40dmHNX5fLmhyOhGrRpYMfq8
|
||||||
|
9e62FJpqL+ArlfvT6wnH2aQ0tBl0751fR+baCSHDWBg
|
||||||
|
--- pOWxhByGuQR+DCAWTEUID2qtKDmWxUmeAMENrwNueOQ
|
||||||
|
B+Ä=ã²9Ö44“<34>x³Úâ0v%ä`Hsâ·T
|
||||||
|
u«’!D©-óŠÜQÅàÙ_)<19>l«jƒm/è$ÉvWß:¼wåܵ‹<C2B5>û
|
|
@ -9,4 +9,8 @@ in
|
||||||
"grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];
|
"grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];
|
||||||
"nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ];
|
"nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ];
|
||||||
"nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ];
|
"nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ];
|
||||||
|
"synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ];
|
||||||
|
"matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ];
|
||||||
|
"matrix_mjolnir_token.age".publicKeys = [ contabo_nix_pub ];
|
||||||
|
"matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/synapse_registration_shared_secret.age
Normal file
BIN
secrets/synapse_registration_shared_secret.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue