grimm-nix-server/modules/mjolnir.nix
2024-01-26 09:14:45 +00:00

69 lines
1.8 KiB
Nix

{ config, ... } :
let
in {
age.secrets = {
matrix_mjolnir_pass = {
file = ../secrets/matrix_mjolnir_pass.age;
owner = "mjolnir";
group = "mjolnir";
mode = "0600";
};
matrix_mjolnir_tle_pass = {
file = ../secrets/matrix_mjolnir_tle_pass.age;
owner = "mjolnir";
group = "mjolnir";
mode = "0777"; # not ideal, but containers are weird
};
};
# global mjolnir
services.mjolnir = {
enable = true;
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
protectedRooms = [
"https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de"
];
managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de";
pantalaimon = {
enable = true;
username = "mjolnir";
options = {
homeserver = config.services.matrix-synapse-next.settings.public_baseurl;
};
passwordFile = config.age.secrets.matrix_mjolnir_pass.path;
};
};
services.logrotate.checkConfig = false; # needed or this explodes
containers.mjolnirtle = let
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
in {
privateNetwork = false; # don't want nat
autoStart = true;
bindMounts."${pass_file}".isReadOnly = true;
config = { config, ... }: {
system.stateVersion = "unstable";
# tle mjolnir
services.logrotate.checkConfig = false;
services.mjolnir = {
enable = true;
homeserverUrl = baseurl;
protectedRooms = [
"https://matrix.to/#/!BgDBnHgMgilMMnPMyp:grimmauld.de"
];
managementRoom = "!NQedmlMeoQErGgAwxm:grimmauld.de";
pantalaimon = {
enable = true;
username = "mjolnir_tle";
options = {
homeserver = baseurl;
};
passwordFile = pass_file;
};
};
};
};
}