Removed new nginx entry; fixed mautrix discord

nixos/roles/matrix/discord-bridge.nix

@@ -17,78 +17,90 @@
     };
   };
 
-  systemd.services.mautrix-discord-env = {
+  systemd = {
-    before = [ "mautrix-discord-registration.service" ];
+    services = {
-    wantedBy = [ "multi-user.target" ];
+      mautrix-discord-env = {
-    serviceConfig = {
+        before = [ "mautrix-discord-registration.service" ];
-      Type = "oneshot";
+        wantedBy = [ "multi-user.target" ];
-      RemainAfterExit = true;
+        serviceConfig = {
-    };
+          Type = "oneshot";
-    script = ''
+          RemainAfterExit = true;
-      mkdir -p /run/mautrix-discord
+        };
-      echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env
+        script = ''
-      echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env
+          mkdir -p /run/mautrix-discord
-      echo "DISCORD_PICKLE_KEY=$(cat ${config.sops.secrets.discord_pickle_key.path})" >> /run/mautrix-discord/env
+          echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env
-      chmod 600 /run/mautrix-discord/env
+          echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env
-      chown mautrix-discord:mautrix-discord /run/mautrix-discord/env
+          echo "DISCORD_PICKLE_KEY=$(cat ${config.sops.secrets.discord_pickle_key.path})" >> /run/mautrix-discord/env
-    '';
+          chmod 600 /run/mautrix-discord/env
-  };
+          chown mautrix-discord:mautrix-discord /run/mautrix-discord/env
+        '';
+      };
 
-  services.postgresql = {
+      mautrix-discord-registration.serviceConfig.UMask = lib.mkForce "0750";
-    ensureUsers = [
+    };
-      {
+    tmpfiles.rules = [
-        name = "mautrix-discord";
+      "z /var/lib/mautrix-discord/discord-registration.yaml 0640 mautrix-discord mautrix-discord -"
-        ensureDBOwnership = true;
-      }
     ];
-    ensureDatabases = [ "mautrix-discord" ];
   };
 
-  services.mautrix-discord = {
+  services = {
-    enable = true;
+    postgresql = {
-    environmentFile = "/run/mautrix-discord/env";
+      ensureUsers = [
-    settings = {
+        {
-      homeserver = {
+          name = "mautrix-discord";
-        address = "http://127.0.0.1:8008";
+          ensureDBOwnership = true;
-        domain = "cyperpunk.de";
+        }
-      };
+      ];
-      appservice.database = {
+      ensureDatabases = [ "mautrix-discord" ];
-        type = "postgres";
-        uri = "postgres:///mautrix-discord?host=/run/postgresql&sslmode=disable";
-      };
-      bridge = {
-        permissions = {
-          "cyperpunk.de" = "user";
-          "@dergrumpf:cyperpunk.de" = "admin";
-        };
 
-        backfill = {
+      mautrix-discord = {
-          limits = {
+        enable = true;
-            initial = {
+        environmentFile = "/run/mautrix-discord/env";
-              channel = 10000;
+        settings = {
-              thread = 500;
+          homeserver = {
+            address = "http://127.0.0.1:8008";
+            domain = "cyperpunk.de";
+          };
+          appservice.database = {
+            type = "postgres";
+            uri = "postgres:///mautrix-discord?host=/run/postgresql&sslmode=disable";
+          };
+          bridge = {
+            permissions = {
+              "cyperpunk.de" = "user";
+              "@dergrumpf:cyperpunk.de" = "admin";
             };
-            missed = {
+
-              channel = 500;
+            backfill = {
+              limits = {
+                initial = {
+                  channel = 10000;
+                  thread = 500;
+                };
+                missed = {
+                  channel = 500;
+                };
+              };
+            };
+            encryption = {
+              allow = true;
+              default = true;
+              pickle_key = "$DISCORD_PICKLE_KEY";
+              verification_levels = {
+                receive = "unverified";
+                send = "unverified";
+                share = "cross-signed-tofu";
+              };
             };
           };
-        };
+          discord = {
-        encryption = {
+            client_id = "$DISCORD_CLIENT_ID";
-          allow = true;
+            bot_token = "$DISCORD_BOT_TOKEN";
-          default = true;
-          pickle_key = "$DISCORD_PICKLE_KEY";
-          verification_levels = {
-            receive = "unverified";
-            send = "unverified";
-            share = "cross-signed-tofu";
           };
         };
       };
-      discord = {
-        client_id = "$DISCORD_CLIENT_ID";
-        bot_token = "$DISCORD_BOT_TOKEN";
-      };
     };
   };
-  systemd.services.mautrix-discord-registration.serviceConfig.UMask = lib.mkForce "0022";
+
+  users.users.matrix-synapse.extraGroups = [ "mautrix-discord" ];
 }

nixos/roles/nginx.nix

@@ -74,16 +74,16 @@ in
       "calvin.cyperpunk.de" = mkWsProxy 15006;
       "auth.cyperpunk.de" = mkHttpsProxy 8444;
 
-      "home.cyperpunk.de" = {
+      #"home.cyperpunk.de" = {
-        forceSSL = true;
+      #  forceSSL = true;
-        enableACME = true;
+      #  enableACME = true;
-        locations."/" = {
+      #  locations."/" = {
-          root = "/var/www/home.cyperpunk.de";
+      #    root = "/var/www/home.cyperpunk.de";
-          extraConfig = ''
+      #    extraConfig = ''
-            try_files $uri $uri/ =404;
+      #      try_files $uri $uri/ =404;
-          '';
+      #    '';
-        };
+      #  };
-      };
+      #};
 
       "www.cyperpunk.de" = {
         forceSSL = true;