From 297589362fc97bf5325d0892309bcdf8f6571370 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 16 Jun 2026 15:54:09 +0200 Subject: [PATCH] Removed new nginx entry; fixed mautrix discord --- nixos/roles/matrix/discord-bridge.nix | 134 ++++++++++++++------------ nixos/roles/nginx.nix | 20 ++-- 2 files changed, 83 insertions(+), 71 deletions(-) diff --git a/nixos/roles/matrix/discord-bridge.nix b/nixos/roles/matrix/discord-bridge.nix index c603555..295b05a 100644 --- a/nixos/roles/matrix/discord-bridge.nix +++ b/nixos/roles/matrix/discord-bridge.nix @@ -17,78 +17,90 @@ }; }; - systemd.services.mautrix-discord-env = { - before = [ "mautrix-discord-registration.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p /run/mautrix-discord - echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env - echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env - echo "DISCORD_PICKLE_KEY=$(cat ${config.sops.secrets.discord_pickle_key.path})" >> /run/mautrix-discord/env - chmod 600 /run/mautrix-discord/env - chown mautrix-discord:mautrix-discord /run/mautrix-discord/env - ''; - }; + systemd = { + services = { + mautrix-discord-env = { + before = [ "mautrix-discord-registration.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p /run/mautrix-discord + echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env + echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env + echo "DISCORD_PICKLE_KEY=$(cat ${config.sops.secrets.discord_pickle_key.path})" >> /run/mautrix-discord/env + chmod 600 /run/mautrix-discord/env + chown mautrix-discord:mautrix-discord /run/mautrix-discord/env + ''; + }; - services.postgresql = { - ensureUsers = [ - { - name = "mautrix-discord"; - ensureDBOwnership = true; - } + mautrix-discord-registration.serviceConfig.UMask = lib.mkForce "0750"; + }; + tmpfiles.rules = [ + "z /var/lib/mautrix-discord/discord-registration.yaml 0640 mautrix-discord mautrix-discord -" ]; - ensureDatabases = [ "mautrix-discord" ]; }; - services.mautrix-discord = { - enable = true; - environmentFile = "/run/mautrix-discord/env"; - settings = { - homeserver = { - address = "http://127.0.0.1:8008"; - domain = "cyperpunk.de"; - }; - appservice.database = { - type = "postgres"; - uri = "postgres:///mautrix-discord?host=/run/postgresql&sslmode=disable"; - }; - bridge = { - permissions = { - "cyperpunk.de" = "user"; - "@dergrumpf:cyperpunk.de" = "admin"; - }; + services = { + postgresql = { + ensureUsers = [ + { + name = "mautrix-discord"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ "mautrix-discord" ]; - backfill = { - limits = { - initial = { - channel = 10000; - thread = 500; + mautrix-discord = { + enable = true; + environmentFile = "/run/mautrix-discord/env"; + settings = { + homeserver = { + address = "http://127.0.0.1:8008"; + domain = "cyperpunk.de"; + }; + appservice.database = { + type = "postgres"; + uri = "postgres:///mautrix-discord?host=/run/postgresql&sslmode=disable"; + }; + bridge = { + permissions = { + "cyperpunk.de" = "user"; + "@dergrumpf:cyperpunk.de" = "admin"; }; - missed = { - channel = 500; + + backfill = { + limits = { + initial = { + channel = 10000; + thread = 500; + }; + missed = { + channel = 500; + }; + }; + }; + encryption = { + allow = true; + default = true; + pickle_key = "$DISCORD_PICKLE_KEY"; + verification_levels = { + receive = "unverified"; + send = "unverified"; + share = "cross-signed-tofu"; + }; }; }; - }; - encryption = { - allow = true; - default = true; - pickle_key = "$DISCORD_PICKLE_KEY"; - verification_levels = { - receive = "unverified"; - send = "unverified"; - share = "cross-signed-tofu"; + discord = { + client_id = "$DISCORD_CLIENT_ID"; + bot_token = "$DISCORD_BOT_TOKEN"; }; }; }; - discord = { - client_id = "$DISCORD_CLIENT_ID"; - bot_token = "$DISCORD_BOT_TOKEN"; - }; }; }; - systemd.services.mautrix-discord-registration.serviceConfig.UMask = lib.mkForce "0022"; + + users.users.matrix-synapse.extraGroups = [ "mautrix-discord" ]; } diff --git a/nixos/roles/nginx.nix b/nixos/roles/nginx.nix index 0637d8f..f5eb516 100644 --- a/nixos/roles/nginx.nix +++ b/nixos/roles/nginx.nix @@ -74,16 +74,16 @@ in "calvin.cyperpunk.de" = mkWsProxy 15006; "auth.cyperpunk.de" = mkHttpsProxy 8444; - "home.cyperpunk.de" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/www/home.cyperpunk.de"; - extraConfig = '' - try_files $uri $uri/ =404; - ''; - }; - }; + #"home.cyperpunk.de" = { + # forceSSL = true; + # enableACME = true; + # locations."/" = { + # root = "/var/www/home.cyperpunk.de"; + # extraConfig = '' + # try_files $uri $uri/ =404; + # ''; + # }; + #}; "www.cyperpunk.de" = { forceSSL = true;