From 496a2eba21adfd0c888674d5e89cf40e1a17998a Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Sat, 18 Apr 2026 09:50:12 +0200 Subject: [PATCH] Bit of a clean up --- nixos/roles/matrix.nix | 308 ------------------------------------- nixos/roles/postgresql.nix | 8 +- nixos/roles/restore.sh | 38 ----- nixos/roles/unifi.nix | 14 -- 4 files changed, 1 insertion(+), 367 deletions(-) delete mode 100644 nixos/roles/matrix.nix delete mode 100644 nixos/roles/restore.sh diff --git a/nixos/roles/matrix.nix b/nixos/roles/matrix.nix deleted file mode 100644 index 4d805e1..0000000 --- a/nixos/roles/matrix.nix +++ /dev/null @@ -1,308 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - flavours = [ - { - name = "Latte"; - slug = "latte"; - is_dark = false; - } - { - name = "Frappé"; - slug = "frappe"; - is_dark = true; - } - { - name = "Macchiato"; - slug = "macchiato"; - is_dark = true; - } - { - name = "Mocha"; - slug = "mocha"; - is_dark = true; - } - ]; - - accents = [ - "rosewater" - "flamingo" - "pink" - "mauve" - "red" - "maroon" - "peach" - "yellow" - "green" - "teal" - "sky" - "sapphire" - "blue" - "lavender" - ]; - - themeHashes = { - "latte/rosewater" = "0l1m4bhaxdam07rfqag6pjbzhdpyi5w3i14vp6rq7aj59pildw3a"; - "latte/flamingo" = "1m8hh2l87xv2rfgpnnl5vzddmam0n82h25fwadb37blgab08vhsr"; - "latte/pink" = "0ambrc42mvg0vdspfmnl31ka1nsxpdyv1p3nh045822y02q20wwh"; - "latte/mauve" = "1nnn2w6nsr24a45jy497c2vhi8v64bwg99fj2dyhpfsn89c63lhn"; - "latte/red" = "14lmw4c4llfz6zqvfymkc6k3msxcml2gwq9rhwsixdpc5mjjbn8n"; - "latte/maroon" = "0ydpng9451mpn7hv5ag1ck8hryx8pdvrml3zksvzm2fiwzzjkpcf"; - "latte/peach" = "1fn5804wv9z9iv65ikyv015b01a7c546rsaaks2a2sq2c37n75l0"; - "latte/yellow" = "0hzgiyhqmwgp3h3v1y23sx3x5qp712sw106472lbnxbywqlavcza"; - "latte/green" = "194kxv6d9hc4nixy16hy9nvf32qs3v214nr2r2qf2z9l89rk5pnp"; - "latte/teal" = "12n25d38zpqxsskglymhmza972klg2hj3c23v2nb3jfj82llw6v4"; - "latte/sky" = "0yghds3xpmbhkbcj2jkh8df82j6vrn9q1z0s2129nca7l5g5f9w2"; - "latte/sapphire" = "18dl1srxp3xccvvy56za6kp05n68d918l0wrxga11746g9sib7r3"; - "latte/blue" = "1zv9nap21d80flvd1jwmjph05jgykxngv5kqbhk95mvqh962ygnf"; - "latte/lavender" = "03j4fwbscip1qm6px1qxkha0c5csq2wwvzg9vwjkc2ja48v1mp9k"; - - "frappe/rosewater" = "032qbgj32mvgpankl9777x2lxk18451kglsxg5215k8zrwcg9y95"; - "frappe/flamingo" = "1grhgynn8q7isv18981km5k8ll72ihsjw2ciy8widl6wikv29j8p"; - "frappe/pink" = "0h33g721bph8ihd6lmbc7szxy4dq85ng1cgg5cxjb5y2m7wpdbsy"; - "frappe/mauve" = "121jmznc9q3p7crsy9p2khw8xnzvz4lxms26g1h5wqa67wqvalc4"; - "frappe/red" = "07wm4h1giyy6a5nlh0d3qdarfsp6ikyr5nmg94n13lj4q03d0cn0"; - "frappe/maroon" = "08vg70nr918n4ffi1wnbba4xrx5ak5vfgq7m5ik0rpkb2wdb4x6k"; - "frappe/peach" = "1cg753w2dxs0sx97d8y0g62s8aw3w6b9hrll0lsrw3bc1bvm23fl"; - "frappe/yellow" = "0g43g2if1pcm25i261zfw43bawqqdlgg2f6q2bqhyqvafk9yb3dy"; - "frappe/green" = "1n71mndzds3zldb271g8hdw1yn29s68svzvh8ckjcsz4sb9h1i74"; - "frappe/teal" = "0b6m9cibfwf8csh1pk5i76xi3wx3v2aqwgffzsidw8nwc7c1a3wk"; - "frappe/sky" = "1l4d44399ixshlc9fdsx7iqwxm6kdkp6k4z3z6bdyyx6adw3z4q5"; - "frappe/sapphire" = "03fa9rnclvs5ljd0lzz15vnkzpqpbrhfppg3zwfchs9fvak0n3ni"; - "frappe/blue" = "0r4jjn3pab77w1aanlv3143ch60400q44mdzaqmcjbcr6l2knmjh"; - "frappe/lavender" = "1mrkaz72w6j9hh4dpxwgd6ks5wsnq9ydgy6f9gms4jx1611aab96"; - - "macchiato/rosewater" = "001akfnhlvwaiz5faahl4qi0qp6as6ilvkbja6bjy9f5iasr4ygp"; - "macchiato/flamingo" = "06xq3pbx4cb3pyblx2vydr4bp0ylm7866d66agg5wg5qnr356wb3"; - "macchiato/pink" = "1hb32dj0n3wx4f1wxa4n7fib2mazghwsg2ljycza9macfn2n87qn"; - "macchiato/mauve" = "1yrnp162blizc10fz2n6ls1x0di1sdjk53vpsl7mifrkcr1k2nq7"; - "macchiato/red" = "1g9s39q7459lk830vhdrfqkbzz88p3fp8k98a2ygj2hz8sycpryq"; - "macchiato/maroon" = "0ad7rx8sbkygvsgywhpjvvzmyflyhz7jlm13dr7cxj3801rxhl6d"; - "macchiato/peach" = "1m5m6afcl8s1ghn2b9n1d20fhsygnhgn0205nhpxh4bih3kg8c8m"; - "macchiato/yellow" = "0zcc26d28jaq71mz8nqssz8p0hylczirjwjxr2dkha1133vjmvy5"; - "macchiato/green" = "055xdb5jilp5fq3a1g8773rv52zr68fp4l3hs56yj6dy3bq3q22v"; - "macchiato/teal" = "1sfci2g2nvmj0v72gnxqbj0k8053qz0rl6iphfxs3pgpi1b0rczq"; - "macchiato/sky" = "0vhfmdliy8cbb0vqq3v26isvcz4sxzq0xrb4p5a6gibvxaqi6bf3"; - "macchiato/sapphire" = "1744jiv57aqz4qi52n92nrx0s1rhylgg08qqc31jr2clk9h6bw18"; - "macchiato/blue" = "1arp8r2g8ivs1xipq39d3l6cvx0zrr1vwv9yac5j33d6c93wbb2i"; - "macchiato/lavender" = "0kak1f574c07gqjfafg3w5avrci584iqxjkmvrl2pv1879g84nn3"; - - "mocha/rosewater" = "0p3ck9crskrhk1za6knaznjlj464mx4sdkkadna6k2152m3czjpz"; - "mocha/flamingo" = "04xx1mky230saqxxqin2fph8cnnz1jhmvb9qd9f5yc3pai3q5wdw"; - "mocha/pink" = "1cj9zdd72vcc45ziav625yq6hrp1zw21f7xsic0ip065xcqzdl3p"; - "mocha/mauve" = "1wb0ibmdv6vn07bk570pikm43qdxj3n2zsqr5sip17ay05j5l6dm"; - "mocha/red" = "1mnzrk57ar2cphyi2ry2lg5ilmb26gm4pr7ixch2ls0hk8ilp9p9"; - "mocha/maroon" = "1mcpwz3yrg3kk0hkqv5nykxj07bm70403yyl8r60pqlh74dnhkbf"; - "mocha/peach" = "0jglpcs41rfqxcm45mvnbdqhma0bv4h07nc7c3nrwz3g3h2djmzr"; - "mocha/yellow" = "0jqkvcjiwid1zdvrj2ikqf5winm08qyd51nfsawfdspbfhqnzmis"; - "mocha/green" = "0bg0014a77yx7f2r6n4mxm7rqgdnymqq7cq6bvpgkfk2z1gyr38l"; - "mocha/teal" = "0kzvi3gfirpcxdhgsilm51lk3j1z6lavb7160chgd9jhzk0xg97c"; - "mocha/sky" = "057nmp2aywdxzrkmzi65bh2mvf1a9cnri0g0jdyzdnrn7f8bbsiw"; - "mocha/sapphire" = "0nfklzb0a7mxv6nzav7m2g0y9plm72vwadm06445myv3k9j3ffmj"; - "mocha/blue" = "06ay46x2aq1q5ghz2zhzhn6qyqkrrf4p9j59qywnxh1jvv728ns8"; - "mocha/lavender" = "0iip063f6km17998c7ak0lb3kq6iskyi3xv2phn618mhslnxhwm5"; - }; - - catppuccinThemes = lib.concatMap ( - flavour: - map ( - accent: - builtins.fromJSON ( - builtins.readFile ( - pkgs.fetchurl { - url = "https://element.catppuccin.com/${flavour.slug}/${accent}.json"; - sha256 = themeHashes."${flavour.slug}/${accent}"; - } - ) - ) - ) accents - ) flavours; - - elementConfig = builtins.toFile "element-config.json" ( - builtins.toJSON { - default_server_config = { - "m.homeserver" = { - base_url = "https://matrix.cyperpunk.de"; - server_name = "cyperpunk.de"; - }; - }; - setting_defaults = { - custom_themes = catppuccinThemes; - feature_custom_themes = true; - }; - } - ); - - elementWebConfigured = pkgs.element-web.overrideAttrs (old: { - postInstall = (old.postInstall or "") + '' - cp ${elementConfig} $out/config.json - ''; - }); - - synapseAdmin = pkgs.synapse-admin-etkecc.withConfig { - restrictBaseUrl = [ "https://matrix.cyperpunk.de" ]; - loginFlows = [ "password" ]; - }; -in -{ - networking.firewall = { - allowedTCPPorts = [ - 8008 # Matrix Synapse - 8009 # Cinny - 8010 # Element - 8011 # Synapse Admin - 8012 # FluffyChat - 8448 # Matrix federation - 3478 # TURN (coturn) - ]; - allowedUDPPorts = [ - 3478 # TURN (coturn) - ]; - allowedUDPPortRanges = [ - { - from = 49152; - to = 65535; # TURN relay ports (coturn) - } - ]; - }; - - sops.secrets = { - matrix_macaroon_secret = { }; - matrix_registration_secret = { - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - matrix_turn_secret = { - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - }; - - services = { - matrix-synapse = { - enable = true; - settings = { - server_name = "cyperpunk.de"; - public_baseurl = "https://matrix.cyperpunk.de"; - enable_registration = true; # TODO: disable - enable_registration_without_verification = true; - trusted_key_servers = [ { server_name = "matrix.org"; } ]; - suppress_key_server_warning = true; - registration_shared_secret_path = config.sops.secrets.matrix_registration_secret.path; - macaroon_secret_key = "$__file{${config.sops.secrets.matrix_macaroon_secret.path}}"; - - # TURN configuration - turn_uris = [ - "turn:turn.cyperpunk.de?transport=udp" - "turn:turn.cyperpunk.de?transport=tcp" - ]; - turn_shared_secret_path = config.sops.secrets.matrix_turn_secret.path; - turn_user_lifetime = "1h"; - experimental_features = { - "msc3266_enabled" = true; - }; - extra_well_known_client_content = { - "io.element.call.backend" = { - url = "https://call.element.io"; - }; - }; - - listeners = [ - { - port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = false; - } - ]; - } - ]; - }; - }; - - coturn = { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49152; - max-port = 65535; - use-auth-secret = true; - static-auth-secret-file = config.sops.secrets.matrix_turn_secret.path; - realm = "turn.cyperpunk.de"; - extraConfig = '' - no-multicast-peers - ''; - }; - - nginx.virtualHosts = { - "cinny.cyperpunk.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8009; - } - ]; - root = "${pkgs.cinny}"; - }; - - "element.cyperpunk.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8010; - } - ]; - root = "${elementWebConfigured}"; - }; - - "fluffy.cyperpunk.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8012; - } - ]; - locations."/" = { - proxyPass = "http://127.0.0.1:8082"; - }; - }; - - "admin.cyperpunk.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8011; - } - ]; - root = "${synapseAdmin}"; - }; - }; - }; - - virtualisation.oci-containers.containers.fluffychat = { - image = "ghcr.io/krille-chan/fluffychat:latest"; - ports = [ "127.0.0.1:8082:80" ]; - volumes = [ - "${ - builtins.toFile "fluffychat-config.json" ( - builtins.toJSON { - default_homeserver = "matrix.cyperpunk.de"; - preset_homeserver = "matrix.cyperpunk.de"; - } - ) - }:/app/config.json:ro" - ]; - }; -} diff --git a/nixos/roles/postgresql.nix b/nixos/roles/postgresql.nix index 03b753a..ff6330d 100644 --- a/nixos/roles/postgresql.nix +++ b/nixos/roles/postgresql.nix @@ -2,12 +2,6 @@ { services.postgresql = { enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + }; } diff --git a/nixos/roles/restore.sh b/nixos/roles/restore.sh deleted file mode 100644 index 74d1870..0000000 --- a/nixos/roles/restore.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash -# Usage: sudo ./restore.sh gitea_dump_*.sql gitea_data_*.tar.gz -set -euo pipefail - -SQL_DUMP="${1:?provide the .sql dump as first argument}" -DATA_ARCHIVE="${2:?provide the data .tar.gz as second argument}" - -GITEA_HOME="/var/lib/gitea" -GITEA_USER="gitea" -DB_NAME="gitea" -DB_USER="gitea" - -echo "[1/5] Stopping gitea..." -systemctl stop gitea - -echo "[2/5] Waiting for postgres..." -until sudo -u postgres psql -c '\q' 2>/dev/null; do sleep 1; done - -echo "[3/5] Restoring database..." -sudo -u postgres psql -c "DROP DATABASE IF EXISTS ${DB_NAME};" -sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME} OWNER ${DB_USER};" -sudo -u postgres psql -d "$DB_NAME" < "$SQL_DUMP" -echo " done." - -echo "[4/5] Restoring gitea data..." -# data/gitea from the docker volume -> /var/lib/gitea -tar xzf "$DATA_ARCHIVE" --strip-components=2 -C "$GITEA_HOME" ./data/gitea - -# ssh host keys -> /var/lib/gitea/ssh -mkdir -p "$GITEA_HOME/ssh" -tar xzf "$DATA_ARCHIVE" --strip-components=1 -C "$GITEA_HOME/ssh" ./ssh - -chown -R "$GITEA_USER":"$GITEA_USER" "$GITEA_HOME" -echo " done." - -echo "[5/5] Starting gitea..." -systemctl start gitea -systemctl status gitea --no-pager diff --git a/nixos/roles/unifi.nix b/nixos/roles/unifi.nix index 779d74f..da78ebf 100644 --- a/nixos/roles/unifi.nix +++ b/nixos/roles/unifi.nix @@ -9,18 +9,4 @@ mongodbPackage = pkgs.mongodb-7_0; openFirewall = true; # opens 3478/udp, 10001/udp, 8080, 8443, 8843, 8880, 6789 }; - - networking.firewall = { - allowedTCPPorts = [ - 8443 - 8080 - 8880 - 8843 - 6789 - ]; - allowedUDPPorts = [ - 3478 - 10001 - ]; - }; }