kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: so many appservices, so little time...

Browse source
This commit is contained in:
Kat Inskip 2024-04-21 15:04:27 -07:00
parent 2b5630d487
commit bd69ebe901
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
16 changed files with 655 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -17,6 +17,14 @@ creation_rules:
age:
- *yukari
- *koishi
- path_regex: nixos/servers/[^/]+/.*\.yaml$
shamir_threshold: 1
key_groups:
- pgp:
- *kat
age:
- *yukari
- *koishi
- path_regex: systems/.*\.yaml$
shamir_threshold: 1
key_groups:

150
flake.lock generated
View file

@ -129,11 +129,11 @@
]
},
"locked": {
"lastModified": 1711763326,
"narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=",
"lastModified": 1713543876,
"narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083",
"rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed",
"type": "github"
},
"original": {
@ -308,11 +308,11 @@
]
},
"locked": {
"lastModified": 1712390667,
"narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=",
"lastModified": 1713713092,
"narHash": "sha256-rvyr6BBtn3cq5B/48rhJlbIOpxprwlO/71663sd9Gik=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b787726a8413e11b074cde42704b4af32d95545c",
"rev": "2846d5230a3c3923618eabb367deaf8885df580f",
"type": "github"
},
"original": {
@ -338,11 +338,11 @@
]
},
"locked": {
"lastModified": 1712339458,
"narHash": "sha256-j8pv3tL2EFLGuvFoO64dHWD8YzNvD77hRb4EEx5ADgE=",
"lastModified": 1713612213,
"narHash": "sha256-zJboXgWNpNhKyNF8H/3UYzWkx7w00TOCGKi3cwi+tsw=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "981b6617822dadc40246a6c70194d02dfc12e4c6",
"rev": "cab4746180f210a3c1dd3d53e45c510e309e90e1",
"type": "github"
},
"original": {
@ -364,11 +364,11 @@
]
},
"locked": {
"lastModified": 1710180874,
"narHash": "sha256-ZSn3wXQuRz36Ta/L+UCFKuUVG6QpwK2QmRkPjpQprU4=",
"lastModified": 1713472482,
"narHash": "sha256-7Ft5WZTMIjXOGgRCf31DZBwK6RK8xkeKlD5vFXz3gII=",
"owner": "hyprwm",
"repo": "hypridle",
"rev": "4395339a2dc410bcf49f3e24f9ed3024fdb25b0a",
"rev": "7cff4581a3753154fc5b41f39a098fad49b777b1",
"type": "github"
},
"original": {
@ -386,6 +386,7 @@
"hyprlang": [
"hyprlang"
],
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"nixpkgs"
],
@ -398,11 +399,11 @@
]
},
"locked": {
"lastModified": 1712420323,
"narHash": "sha256-2isV2NOIm+EKQej7RNyFxtW5gdxDGoI9YkBYczxscF8=",
"lastModified": 1713720783,
"narHash": "sha256-YBS7VaRsi2bAH5rR3RvchG2jm8SnqKHpJ1hPeXS0i/0=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "265c7924d85e2ad5f2ff0e9f59c03403028eaef4",
"rev": "75c87bde3cfa38105a8c882c790e235503dc46bd",
"type": "github"
},
"original": {
@ -444,11 +445,11 @@
]
},
"locked": {
"lastModified": 1711671891,
"narHash": "sha256-C/Wwsy/RLxHP1axFFl+AnwJRWfd8gxDKKoa8nt8Qk3c=",
"lastModified": 1713121246,
"narHash": "sha256-502X0Q0fhN6tJK7iEUA8CghONKSatW/Mqj4Wappd++0=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "c1402612146ba06606ebf64963a02bc1efe11e74",
"rev": "78fcaa27ae9e1d782faa3ff06c8ea55ddce63706",
"type": "github"
},
"original": {
@ -470,11 +471,11 @@
]
},
"locked": {
"lastModified": 1711884603,
"narHash": "sha256-y1Om75muuJcEoLd/FOYGIZ5/ja/Mc4iBX/9S7vWF0C8=",
"lastModified": 1713552491,
"narHash": "sha256-qsXB8swg2FkVRYx8FdD28iXQsz5Pyd0hxV8pnyI49aI=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "071ebcefb9070e4397d75103f5f535b58dacf250",
"rev": "307e473759d1268b50a087095cc005c941f3bb0d",
"type": "github"
},
"original": {
@ -507,6 +508,31 @@
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1713619586,
"narHash": "sha256-fIhNlYhPhG5AJ8DxX3LaitnccnQ+X2MCL39W2Abp7mM=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "9e13e0915273959bfd98a10662f678c15ac71c77",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"konawall-py": {
"inputs": {
"flake-utils": [
@ -517,11 +543,11 @@
]
},
"locked": {
"lastModified": 1712427525,
"narHash": "sha256-AC9iR6PdtG9v/gHSXxiEAUAIGErkzTNAKwCE3V110xs=",
"lastModified": 1713139346,
"narHash": "sha256-GlRonqewugWqLK96LPZ0X+bdnQNuOqfVdQZiY2DQkvk=",
"owner": "kittywitch",
"repo": "konawall-py",
"rev": "2ab1de269d735822ab0f4c6c897dafa630fa0a94",
"rev": "e3bf98deafef4876230253622fce04272af38d13",
"type": "github"
},
"original": {
@ -600,11 +626,11 @@
]
},
"locked": {
"lastModified": 1712366100,
"narHash": "sha256-JHNo5nvz5Rk9u+nrkbCSCZqAeBo0yVe4lEYz7m40xV0=",
"lastModified": 1713662596,
"narHash": "sha256-R39U32sB61tp5XFx1GYzWBV1TrukgtoaM/cpZNm+oDU=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "2f2d1ab110ca24f3d926e9a2aa9f4706a98ce711",
"rev": "7dbbff1a72b3b0f0fa3788e20a2bfd8b5271387f",
"type": "github"
},
"original": {
@ -620,11 +646,11 @@
]
},
"locked": {
"lastModified": 1711854532,
"narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=",
"lastModified": 1713668931,
"narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7",
"rev": "07ece11b22217b8459df589f858e92212b74f1a1",
"type": "github"
},
"original": {
@ -635,11 +661,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1712324865,
"narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=",
"lastModified": 1713521961,
"narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c",
"rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
"type": "github"
},
"original": {
@ -650,11 +676,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"lastModified": 1713537308,
"narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
"type": "github"
},
"original": {
@ -682,11 +708,11 @@
},
"nur": {
"locked": {
"lastModified": 1712418268,
"narHash": "sha256-ada/cxhkwk0D7/iuklXUv/EOx7ooYIn27LYAyYuoQ3o=",
"lastModified": 1713721479,
"narHash": "sha256-HfmkPAtMyU794rzBGsSS089qsv7MIwcTy/rrlST4Ta0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "ade3664ee297f453ea7f31945af6b751cf800b84",
"rev": "8b05bbd9f0ef32148e81a6dc7e794b977687125a",
"type": "github"
},
"original": {
@ -705,11 +731,11 @@
]
},
"locked": {
"lastModified": 1712081763,
"narHash": "sha256-+xImkX19gde0Qac6kbJtJAXKXTOgcUE5z3RsBxVtseo=",
"lastModified": 1713552700,
"narHash": "sha256-R2+GRjHFEapDa08FnuJjweAiE+5W7VKnBxNo3tC/Yzo=",
"owner": "pjones",
"repo": "plasma-manager",
"rev": "96a90a7f5ce6b29e01d7da83d082e870e4462174",
"rev": "bd743369ef402d269885225af93064f22b640990",
"type": "github"
},
"original": {
@ -862,11 +888,11 @@
]
},
"locked": {
"lastModified": 1711855048,
"narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
"lastModified": 1713668495,
"narHash": "sha256-4BvlfPfyUmB1U0r/oOF6jGEW/pG59c5yv6PJwgucTNM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
"rev": "09f1bc8ba3277c0f052f7887ec92721501541938",
"type": "github"
},
"original": {
@ -975,20 +1001,18 @@
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1709983277,
"narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
"type": "gitlab"
"lastModified": 1713699467,
"narHash": "sha256-wQ18I2j/lUEz6FELuSphPBgROHx1POz/R2fjLA+QP8A=",
"owner": "hyprwm",
"repo": "wlroots-hyprland",
"rev": "b9063af512a2326d5c519edc6a759da875deab21",
"type": "github"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
"type": "gitlab"
"owner": "hyprwm",
"repo": "wlroots-hyprland",
"rev": "b9063af512a2326d5c519edc6a759da875deab21",
"type": "github"
}
},
"wsl": {
@ -1004,11 +1028,11 @@
]
},
"locked": {
"lastModified": 1710519878,
"narHash": "sha256-0dbc10OBFUVYyXC+C+N6vRUd8xyBSRxkcZ4Egipbx0M=",
"lastModified": 1713528946,
"narHash": "sha256-IBQta+xrEaI2S5UmYrXcgV7Tu7rGLQu2V3TeJseLPSg=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "aef95bdb6800a3a2af7aa7083d6df03067da6592",
"rev": "63c1247e12f269396ed2df8cdec3aed1f0f3928c",
"type": "github"
},
"original": {
@ -1033,11 +1057,11 @@
]
},
"locked": {
"lastModified": 1709299639,
"narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=",
"lastModified": 1713214484,
"narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "2d2fb547178ec025da643db57d40a971507b82fe",
"rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61",
"type": "github"
},
"original": {

15
home/environments/xfce/ssh.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
pkgs,
...
}: let
inherit (lib.strings) fileContents;
in {
home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1";
# Disable gnome-keyring ssh-agent
xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = ''
${fileContents "${pkgs.gnome3.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"}
Hidden=true
'';
}

205
modules/nixos/mautrix-signal.nix Normal file
View file

@ -0,0 +1,205 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.services.mautrix-signal;
dataDir = "/var/lib/mautrix-signal";
registrationFile = "${dataDir}/signal-registration.yaml";
settingsFile = "${dataDir}/config.json";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-signal-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json {};
appservicePort = 29328;
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
defaultConfig = {
homeserver.address = "http://localhost:8448";
appservice = {
hostname = "[::]";
port = appservicePort;
database.type = "sqlite3";
database.uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate";
id = "signal";
bot = {
username = "signalbot";
displayname = "Signal Bridge Bot";
};
as_token = "";
hs_token = "";
};
bridge = {
username_template = "signal_{{.}}";
displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}";
double_puppet_server_map = {};
login_shared_secret_map = {};
command_prefix = "!signal";
permissions."*" = "relay";
relay.enabled = true;
};
logging = {
min_level = "info";
writers = lib.singleton {
type = "stdout";
format = "pretty-colored";
time_format = " ";
};
};
};
in {
options.services.mautrix-signal = {
enable = lib.mkEnableOption (lib.mdDoc "mautrix-signal, a puppeting/relaybot bridge between Matrix and Signal.");
settings = lib.mkOption {
type = settingsFormat.type;
default = defaultConfig;
description = lib.mdDoc ''
{file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in
[example-config.yaml](https://github.com/mautrix/signal/blob/master/example-config.yaml).
Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set.
'';
example = {
appservice = {
database = {
type = "postgres";
uri = "postgresql:///mautrix_signal?host=/run/postgresql";
};
id = "signal";
ephemeral_events = false;
};
bridge = {
history_sync = {
request_full_sync = true;
};
private_chat_portal_meta = true;
mute_bridging = true;
encryption = {
allow = true;
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
};
permissions = {
"example.com" = "user";
};
};
};
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = lib.mdDoc ''
File containing environment variables to be passed to the mautrix-signal service,
in which secret tokens can be specified securely by optionally defining a value for
`MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET`.
'';
};
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit;
defaultText = lib.literalExpression ''
optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnits
'';
description = lib.mdDoc ''
List of Systemd services to require and wait for when starting the application service.
'';
};
};
config = lib.mkIf cfg.enable {
users.users.mautrix-signal = {
isSystemUser = true;
group = "mautrix-signal";
home = dataDir;
description = "Mautrix-Signal bridge user";
};
users.groups.mautrix-signal = {};
services.mautrix-signal.settings = lib.mkMerge (map mkDefaults [
defaultConfig
# Note: this is defined here to avoid the docs depending on `config`
{homeserver.domain = config.services.matrix-synapse.settings.server_name;}
]);
systemd.services.mautrix-signal = {
description = "Mautrix-Signal Service - A Signal bridge for Matrix";
wantedBy = ["multi-user.target"];
wants = ["network-online.target"] ++ cfg.serviceDependencies;
after = ["network-online.target"] ++ cfg.serviceDependencies;
preStart = ''
# substitute the settings file by environment variables
# in this case read from EnvironmentFile
test -f '${settingsFile}' && rm -f '${settingsFile}'
old_umask=$(umask)
umask 0177
${pkgs.envsubst}/bin/envsubst \
-o '${settingsFile}' \
-i '${settingsFileUnsubstituted}'
umask $old_umask
# generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${pkgs.mautrix-signal}/bin/mautrix-signal \
--generate-registration \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi
chmod 640 ${registrationFile}
umask 0177
${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
| .[0].appservice.hs_token = .[1].hs_token
| .[0]' '${settingsFile}' '${registrationFile}' \
> '${settingsFile}.tmp'
mv '${settingsFile}.tmp' '${settingsFile}'
umask $old_umask
'';
serviceConfig = {
User = "mautrix-signal";
Group = "mautrix-signal";
EnvironmentFile = cfg.environmentFile;
StateDirectory = baseNameOf dataDir;
WorkingDirectory = dataDir;
ExecStart = ''
${pkgs.mautrix-signal}/bin/mautrix-signal \
--config='${settingsFile}' \
--registration='${registrationFile}'
'';
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = "30s";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = ["@system-service"];
Type = "simple";
UMask = 0027;
};
restartTriggers = [settingsFileUnsubstituted];
};
};
meta.maintainers = with lib.maintainers; [niklaskorz];
}

1
nixos/environments/xfce/xfce.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
services.gnome.gnome-keyring.enable = true;
services.xserver = {
enable = true;
libinput.touchpad = {

2
nixos/servers/grafana-stack/telegraf.nix
View file

@ -41,8 +41,6 @@
};
diskio = {
};
io = {
};
net = {
};
mem = {

14
nixos/servers/matrix/discord.nix Normal file
View file

@ -0,0 +1,14 @@
{config, ...}: {
services.mx-puppet-discord = {
enable = config.services.matrix-synapse.enable;
settings = {
bridge = {
bindAddress = "localhost";
domain = "kittywit.ch";
homeserverUrl = "https://yukari.gensokyo.zone";
};
provisioning.whitelist = ["@kat:kittywit.ch"];
relay.whitelist = ["@.*:kittywit.ch"];
};
};
}

33
nixos/servers/matrix/restic.nix Normal file
View file

@ -0,0 +1,33 @@
{config, ...}: {
sops.secrets.restic-password-file = {
sopsFile = ./restic.yaml;
};
services.restic.backups = {
"${config.networking.hostName}/matrix" = {
paths = [
"/var/lib/matrix-synapse"
"/var/lib/mx-puppet-discord"
"/var/lib/mautrix-whatsapp"
"/var/lib/mautrix-signal"
"/var/lib/mautrix-telegram"
];
exclude = [
];
extraOptions = [
"sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 6"
];
initialize = true;
passwordFile = config.sops.secrets.restic-password-file.path;
repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
}

51
nixos/servers/matrix/restic.yaml Normal file
View file

@ -0,0 +1,51 @@
restic-password-file: ENC[AES256_GCM,data:0U96CkrV8VyEvg0nm+ZfdWMo2TjxDfRF6YBFNe8jfps=,iv:TEad//eKY/tCNMLCs6EZ+gn+7cxz7nGB+y1a4Dv+Wd4=,tag:s/E0QlE812TwgC6gRKlWbA==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucVprY3BObU8rUzdnMkM4
bTh3WWZKM29DMUhteFdVUUdoUmVUc0d0TlhRCkZHSmpnVGozMG12MUloOER1RElE
RkRJc2lhZHJOZjF3T3RBSDE4OHM0cFkKLS0tIEs0RkQzVjBjS21YTjR5dmdrR3F3
bXM3OVBzRzl2Rjd4STlOaFdNbmswL3MK80DU00rZ/D6rTnGkGsrgXqihm0Ew5FRA
X9Lor6cfGe2x6ygZMsLCYf3feKqRyAoke17IHxA99XqzEGiTqNgkkg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSmR3Nm53UDJLZlBnSWgy
WHpBeHBtZGczeUZRdVhTN0FkNWczUEJEL1VjClRhT2FjSzNld0NES1pyTk5zOUZS
eEhRMkduZ2J5YVAxMnFHSFFEcTFWQ0UKLS0tIFB5MjJNMFlYb29OVnlCSkkydTll
Z0QvRVBWb3hoZ0FoQmtKTmRweU1IRlEKUYwURRVLK2udhfuR2yuPenS2j2gkxu0s
5O2b9BMMtC7IGm7PsEZBIG6AOoEKY2HdhNqTQWp/u202fXIhWeZ7SA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T18:13:24Z"
mac: ENC[AES256_GCM,data:eDKIeCDMIKCrfypT09VUWbvUzSWze8xE9l3on6vgYOcxAnIFDlF7UnlZP/G+rU2+grxEluZV+ApUwC71LuunTNHHvEjudxp6yGHV7OrYUu+i5PuTzL0KNpt+cLr5pNYGiYWE2J4RpWmilbthVnLLJDuHlKqSAWjwdNIrEgOokR4=,iv:Yqu28Wjut7scV/iDMQVMffqdduHDbUetWvu3CVjVz3I=,tag:gggRhdXvVXxfGS7/Wp5jwg==,type:str]
pgp:
- created_at: "2024-04-21T18:13:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ/+MTe8Q8NpjT7BLPK5qHjA8LcF0Qs+yf8UrQddS1aEMEru
6lVLy2MdPKPjeb1PFu3ldZznOFD3vUet3B8mlFwv1AidQJcZPimHEVvxF7wfpJYq
m+9e232Y/eVbGYduHVM1ehm2mjYiL//xXWmLwxB3j5D7bll1VT/LZRKMMlc84FOb
S87dt/voJmXIa8lj8VJEcKyd0oS+1+Q2i6gy+phKHc7kT7z0KYnPcHhy+vpra+l5
orSV73e5jyf9ZGVqypeI7ZfzALXxLQWnFYAtg34F5H9drZJjzKbzUsEtO5L7ybKq
ofam9QrdRcXhHKZLN55XETR1ONi/gdpNQOTvltZRyBLdiyqmWEvvvIBIR+8gbt89
44tuKU3xEy4A/4pWxmRBO+H0XL2qupNPbCBf8ky/jsLlaIb+DihH+VeOlwIPztvY
PO9PPT8TgAGKQZsboBgTD5Zbrpu3moQlj36yhTrL0AHRRp+/w/71CP+/kGaj1V4n
rjVIek1V/v/34bd1ype2KgvAf4YMiXRf6ydH5c1H+GVUFXVU5FRBwwaa5n8FiX86
nCKsh04mQvLXI8TOvrW5AmVzZa5Mghj8cYIKhS39SUVF3tRs0Se/+9GXTBNy5m5v
DDNdZUdkxwBFSerDj1n4t46N8ZLV0qh7YN1v1Wxc+rMg3BwhaSR+ZKBlA0MEn4bS
XgFGxWOX26uYzAVdWjk9NxXUOvZoTEhX6oe/wU+INUAmddUo90AYtIoETwsrlR8e
36Fw+Zqh5Dz+FgRKe6nQdLt25e7zRwqPdLC0ltxvk6VoRBDFm2MmFs8VW4AjPq8=
=w6oq
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1

27
nixos/servers/matrix/signal.nix Normal file
View file

@ -0,0 +1,27 @@
{config, ...}: {
sops.secrets.mautrix-signal-environment = {
sopsFile = ./signal.yaml;
};
services.mautrix-signal = {
enable = config.services.matrix-synapse.enable;
environmentFile = config.sops.secrets.mautrix-signal-environment.path;
settings = {
homeserver = {
domain = "kittywit.ch";
address = "https://yukari.gensokyo.zone";
software = "standard";
};
appservice = {
port = 9048;
};
signal = {
};
bridge = {
permissions = {
"kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin";
};
};
};
};
}

51
nixos/servers/matrix/signal.yaml Normal file
View file

@ -0,0 +1,51 @@
mautrix-signal-environment: ENC[AES256_GCM,data:eoRyc9dHVRPWkZjq4XIsKYbo9qy9xmA2KAEUffZ7rrfAB6z2tFPuIQDLbLpils73V63/hu6hwVT1Jprn+++GaAR/NogG1UqBBmv5N/sEjUXvUQJoNRGDNbZa+s/ttB40gfElpHr2F5lWqoE4zfvGdTH03QaVZKEfJKz3+VvCbI8JB/zeEK7Ze+bzzm8gXhmrsShAkWX+7jbboVCwvyX8L0UCjpaMLioORODPEWX8f8n9JpkoLgavlyCPDde18HxpReO1HV0=,iv:D8u528qWlgPAzekv9ZmeLtrSq9Az/ldRWMIAvZqiUh8=,tag:pJ1iD6QEcbupZfvPcFWaMw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSCtsT1pPUXpXdnhjcTR6
aUVLb0x4NzFsSlJONUlkYzZNUTloMm96K0ZnCnAzcW9yclZrSldLNXhZRXg4V01Q
YUx2a2RLeVVaNTNhZnJTdHg4RFUrS3MKLS0tIExyQVpVM1ZSNnZUanpvSUdTRFp6
OXBObGJDaUVENXo0eGFUZTRPUUUwek0KDptKKzMHR6bs4wPH9eqsPGhqzmf//261
TDSQz+ep0FsP9ZnuJs3YdmsZAiUXlHKoFt7B2Ar2rMSfA3hYF+eTRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTE5jS1d5NnNacW5mLzVo
VFlnK3B2VkpNUjV5QUVlYTcrdUsreklUMkd3CmU5MlBUeGp1bzVVMGV1bkNZQkJV
dHdVMDVyYUpueTBONjVOZFh3Y3N4MWsKLS0tIEF1YnpxcFRuSm9JU2VKdFJjVi9u
SndnKzY3R0MzV3pqbmxyYjNXV2p6bkEKS27XLdXlFy28qy6HlKlebp2/sqP4WKf1
tCy/n4Dk8Gh+2Ss5+r+pqgoTHiZG/a6NqvJCpsxRsNxx+GZOpr6RcQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T21:52:05Z"
mac: ENC[AES256_GCM,data:BkNzMwxzX+ny7/Xn9eHScJKPu+VzzqISk2q1hTMKC62vV5xQ65d6MqDE86ljqEInQktX1DB+vExF8m4UFd0blmK6V2aK6ybT8GQWaojuzl149QKnZslhDFhijvfJL7qBZX3r3ovyQn8pobUrNHItlBWdyhFP1lCpxFufuX6zR4s=,iv:cL2q0S63wbq0rbA/ul6qqz0caCDEz9G3ic/ib+xV+xY=,tag:X4iMblIurYWsto1cyHEmKw==,type:str]
pgp:
- created_at: "2024-04-21T21:50:24Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ//YGGe9BTb6b1uJ7YOCLXev7M1hewxFSN6u7ExbLlsaLYK
q1qAsmpFXL63jzT698sCdg66HA0I00+OHbs3e21lIB8jA5GpE902LrN8H7CTJeaI
44+uKHEcpKJEVS7VjoaHirrIJLd52GCvXbHtHqJ+s3ReJ2E1nP9Y7EVv6Z0c8BGB
xpNgPry5K3CrcTh1ehjARn2gxt74HuktGkd9HPbeqODdulHyb+PXShhpuT4KgiI0
Afw0pNHxHfaJFypYaC4jldrTapRqYpAWF9KC4J8ZrROdvn7kf4B5QdTTVBjl9ec7
l2TMMorlR+M02Yc9J/4BsqK25DOZ3UQJ84QiGasrXyCA/rSyU8OZNmib7nr+uE1y
029YsCytKAYnDLgpTkB0ot/fqt6bLG0m3lYrcwBoC760nw6+JkGOuoNJjmSSpiKg
eih/9LskXGHmNesSHiM+2b4aNRUKLwmj5ewdGjNOQ3cfVYNxYrhGqmI5su4wakwD
Ug6KYXx+qDrOPNi547Qog4xDJ0nKcIuq1/DPVBU6kk6quzT73Z4tgiDJMsf0FoKH
10LT0uwZ5pyudpKG6Hdvst9xkDt5iLDk72eJRbjBIulwYfWngtUvG0ZjUrjUCP4q
8jFYZXSEFdgJJQQFyDsxkBLXHC1v/jFas1zKJ0lGZbj+u9lay+E7ZiBspNc2uP7S
XAHUxbuLhQtgoKBu5MWXEvQ6mvj3gqh9XXpbZMhEnBanVkD2QVl7MRnHtOChgjDf
k3hRdlGoaKykniKGwdKjdhqOSKFDeWEAOtxv/YKtzMW3d2XHSKGs1I4SiXqc
=ITAO
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1

7
nixos/servers/matrix/synapse.nix
View file

@ -23,6 +23,13 @@ in {
registration_shared_secret = "!!MATRIX_SHARED_REGISTRATION_SECRET!!";
allow_guest_access = true;
suppress_key_server_warning = true;
use_appservice_legacy_authorization = true;
app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
];
log_config = pkgs.writeText "nya.yaml" ''
version: 1
formatters:

27
nixos/servers/matrix/telegram.nix Normal file
View file

@ -0,0 +1,27 @@
{config, ...}: {
sops.secrets.mautrix-telegram-environment = {
sopsFile = ./telegram.yaml;
};
services.mautrix-telegram = {
enable = config.services.matrix-synapse.enable;
environmentFile = config.sops.secrets.mautrix-telegram-environment.path;
settings = {
homeserver = {
domain = "kittywit.ch";
address = "https://yukari.gensokyo.zone";
software = "standard";
};
appservice = {
port = 9047;
};
telegram = {
};
bridge = {
permissions = {
"kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin";
};
};
};
};
}

51
nixos/servers/matrix/telegram.yaml Normal file
View file

@ -0,0 +1,51 @@
mautrix-telegram-environment: ENC[AES256_GCM,data:/SYgmAFD7hsq829JsOvX+iDvy0uByfuhV8RnRVuEIlwkTZyfKpZYcqfi3/6fk3OlgtE68ULO9ZKY/tmNl2JFKiRiO8wln+oebDMjTAWlUFvjzFAcM5rCb7OQHY4ODZMzEMMtqatCyKztaS7Ql3v7gEZdD98yHzhdpGGPe5eS6ClGdSDRz5hahNIGrpcr1lJIMXBq3F3jKqipUzf3uiJZ8FrakSwUPQyVZhRNsrir4oSOi/gWevJ59Ey3FKr5NjK2DhxRx2/bvJZzNo16e/M8V4pdUkDbl7aOvYsTg+swTQmTNk+bGsWgZjmc/hrwRIJYnNJ/uhMhqHzk5zzMYNS/gCAsZeDWS/XAdFj4jWAcEA6Em34hAw59rpq9liuRJX8i2ewXblWz5dYoUqgv6dHIR5tyLFr4YPBl,iv:70Bn00Rz40m1DvmitbnCNibiLHWmmDc6WN2wQOiyNXc=,tag:qxAISRF4JF6WycS1si+FKQ==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMnd1ZW9RNDdLeno4SGJC
QlBldUMyb0I3R2FnWVFCL3VDWENqalhBb2o0CmdHWVprVHl4cGhtbDJ3TWNINGdl
cHlKVWxNRkFBQTNJQm5lRjUwdlk1aTgKLS0tIHdnd3ROaDVPdE5GZHF5M2VJNnRs
N3ZzdTYvb1dRWGREdGpBeXFhZlViOG8Kz5LXrmv15SJO66Br1tFMHucah7VIbqh0
sYlfWvw2YOHlZROSjHtQSA8rvwvXdYUko6QxgLsXsE4jcwOy+9QP2g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscUtTeVlRb1ZKei82bHd0
TU5VUXQxWW9SenhEOHJtVG1ndWNVTGtLWGs4CjR6SXBlYzduSUVEZ1Y5eldYb28v
MDRNME5rT2pPbVpZRUNTY09PTGlBclEKLS0tIHFQY29td2NqUXh2c1RTSmY0STNS
dktRcWMxdEpVOTJNN3lBam1kZEhIYm8Kl3wo4mPpdz1Q2UyLxHxfFEWmpBo/gQxU
9LBzKX9SDcFEfFbR75zhmnRTvNb0Rm7GC4Y7Xa8Pvbkli6AeELmXDg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T21:17:03Z"
mac: ENC[AES256_GCM,data:FxmPFJXQ1oCFA7K3bXuAcKDDCzDQpVsVSZksz9NHw3p7J5kKNy/M3PulXJdlC8pw5NbtK8nLlYP6mcjgSRICaXXUbked13gDD2bbB6DrjcXjhes5ccwcPOb4kLuUcTgGJ8q5BSD3isLOO31E4RZHmX10F8lJLPqR5whoDs3IajE=,iv:FExSdR/+CdFkcP2V6C7n4NgvbdibRol3lTVBjUlhWWE=,tag:nSHHoo/ykTzZNZlXDePW5g==,type:str]
pgp:
- created_at: "2024-04-21T20:44:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UAQ//bj8ST8QZfc7WPOpSv5CtYa10jaKt3XwLMeFvOuY/5F6Y
K/LnSbkv1W55Cpi+XwRBDmfVDSnIGtx3a3+K5QPQbQfvj5csd94SmNrVDh4gSrLo
7uz84uTf6KuL535+JrGNeEPqQHmSkHwaaBWATwWWSs7CbUg6hVbeGG6xveEKAQhB
ZxUUTceaL02NAqTsFqZ6poY2fcCWDUWBZTIwmH3/nFus2wIqvR0SrThg2TyypKAx
s7fwf1tJtPpl/XKvsC7ywFNBM5LYCfDyNz7qicHirCy7sbptoCoDNy1aIKMxbsEr
quDKEI9u/GicW7hymSI2b/CG/jRRdg218qZciiDf/HyB0/JsYZBnI6cVOpFqe7Fn
a0eAGp/ZS0p8VyrGd3T4G/0SX5jj1RxQ33J7t0Cso4Z3eZ6CwPkjQsmMi4g4jPjy
vKRVVi5rCkFFstMG6KzACCvv5yMIvVDqaKI+kNCxkCMZaHcQJsaGD4ibF1Ch78cc
7BsD5hXsVZwlXS+7OYWbvWqBSMTV9JXxrL/NkkKOt3fqS7yVQ1hyxl8wnLYULGcv
aeS1oIEy7diPLKXNmK6D2Ve7fM8tHEio5kdfJqM14kDaMWhBJcHlzta33Kupltn0
oxg58Vzrl1womxFOjuG7lU3ZYFCFhFhLak3rMlcaZk5MIkWqousIb9tj9AWLtCnS
XAExxNtxPDWHPnSgB44irxkGOvSJyRrhX1bww9Ax5MUzfjTDh+yghA/y60TDTkFD
xFoPVvPymnL3XPonbtyU8GXCYDf5K1vfThm7r+jTwVqRH1negthAn3vCju6C
=dL3u
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1

27
nixos/servers/matrix/whatsapp.nix Normal file
View file

@ -0,0 +1,27 @@
{config, ...}: {
sops.secrets.mautrix-whatsapp-environment = {
sopsFile = ./whatsapp.yaml;
};
services.mautrix-whatsapp = {
enable = config.services.matrix-synapse.enable;
environmentFile = config.sops.secrets.mautrix-whatsapp-environment.path;
settings = {
homeserver = {
domain = "kittywit.ch";
address = "https://yukari.gensokyo.zone";
software = "standard";
};
appservice = {
port = 9049;
};
whatsapp = {
};
bridge = {
permissions = {
"kittywit.ch" = "full";
"@kat:kittywit.ch" = "admin";
};
};
};
};
}

51
nixos/servers/matrix/whatsapp.yaml Normal file
View file

@ -0,0 +1,51 @@
mautrix-whatsapp-environment: ENC[AES256_GCM,data:yfyECUKpmXyOFSsl1i1SupOdnAF2yisuY94v5JYjEsOi4aqoJ8c3ryErHp6/3mDosJRQm5E8YsuHDbs5t/OD6JcgIVff5V5igRcN06mvtfA0URDNOOetIwWreJOJRqD4DW7tdKKfGg1fDZpcJ4rEe+uV2LMB1owyTzCViT4bD9czxwxPUp145ss8KY03MEkO5/FwWZ2K/sZB/cAOZPqe9zWT2PhWebhKOflCbGiqOu5vD7wQSVOJHvmo6zW0KA99XixxtD1zeutp7jzK,iv:LeVF/OgzQJgOPiaqxUAuRaYBZmkLqtkQietvJBDA3sU=,tag:HhBXbPh1x7E+rJheZOvEDw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYWMwcEh0SVZKbWlybEp3
bjhYdFN5dmhHWDlJeTBNcWlOcCtzV1gxZGhJCnk2MnJjSlNOMitQR1NBVUdDRjdL
dXhoL2I1WUZWeDI0SGZINGVDWGxWdkEKLS0tIHkrdEJUbERLbjd6bndaSnFvTUxm
YWhFK2FNYWVRaDhndkdLYjV4QkhjaFkKl2x+nwGz7Zh3GqQBEAJ9nqTDzd4ZK1nG
PV9eJz6P9uSDDix0klyg5e/DDnw38OZZo9Sh04TVm6x0ehVCdz2L4A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETUE0ZHNZS3F3OC9oSERC
Z1ZxM0VwRkVEaXZsbE55bUM5Mk5JN0Y3OFhBCmxPc0RnQVozSTNmclZIVENJbVM2
WVVBcWRHeVY3M2VCUFJzSTNQclo3NWMKLS0tIDBiYUQ5LzRYRVRSdWdWWm5jRktJ
c1UySUtGYTc4R1hoeHZkUnV2eGRhU1UKK7OG7F4AGspRUxKlp9HBAIe5vtlZxHO3
hZ5qMO00qcNzeWaxrIP2R2I6yxEieGDsR8pgq+q1Ma8Y/uJiiW756A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T22:01:48Z"
mac: ENC[AES256_GCM,data:MWwXYxo4dC9XlJWA1Tnp0qBzt31E/UuYyIPtMZNjY5o+km0BZrxuGhFwewUadyRajk6vXhbMW2nOYCQBlEjiOENrUOO0sLAIdu8QC00bZ9c4UlSL/OZJosTUVvkFrE14Os697gYV2RNenFZS/+QyvAdiMgVjgNeLjBRj3nt9QBg=,iv:ZVVfiDkUpO9WeusJq91FSTtmhGXnX08WTNW3okqqKxo=,tag:ERe7uNv2p0WcZDwJnWCNpA==,type:str]
pgp:
- created_at: "2024-04-21T22:01:11Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAvNJgY/53bCwRN4MNQa8mhx3+5xNWeiX33LVbUCrYK6YF
eI4bZ7xIlo14xGxY+aSqS4J7GWeMfLz24J3NhOFUO7O3J4gFE18+qdaWQ/7Q+Caa
/MVSk86qb0Ol3U8S4lERyUExjLokayWbokolx0LZ/uaVAPmEmLwCYBgJxM4Hw+81
YMmizVNUqe+QsClshxc+/bdeJom7WTuowtpRN4sZnqcXq4J/uYudpHCl/tXvggKf
lH0Q4E3BAumi3rjJU9S61bTreZRIUeromveUK/GDCW2mwX3RbF5Luy+Mr1P6QEuV
FOBHk2ln/9ZXd64qjn3UkrC5m8SkgNk9K6StJ0x8ZTGv6TYexvWY+43D9QWRsP4F
uSaqr8SarUFRIr4LwOWLdKjroL3rPsIe5kEMjNxTS2Gj1CZzD1ViqCfQUzW17LC3
iJQd8HgKvvUaK4vqoZfM9lId/JL1hxjzE8dwiIWdWJqlAGHHGEN4jgvSqm8Csuwc
BbpVV+voXZErZvrZv+GRg5/2ESQYqBgpjvz4y6JD9Yir9KCnr6pT3i9DT8IVi1YS
24HcG4aPw8gB2WSB9BUmCaYqvDTSNx6mPU2tDgk+PTUTlhgGQi4NHloAqYREN6/v
IuBF+DfJ66dQHji/0sZGHsr+zJJWCXbgtquvqwo+E3keKOowppAeNlgTqqQU2DXS
XAHBBhDoF0G5m3vRARohGks69OLBwgfwZRPfNucFyr0pIDvTurTE9jXVS8HiOaXj
Rg8QFm2oaRloq5Y+OtO/UgiIPzzUqn8HIw5VNTC4MnMqIr1Xotf1IZ2PNnz4
=IQHS
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.8.1