SSH access for Gitea

home/ssh.nix

@@ -17,6 +17,13 @@
           if isDarwin then "/Users/${primaryUser}/.ssh/github" else "/home/${primaryUser}/.ssh/github";
         user = "git";
       };
+      "git.cyperpunk.de" = {
+        hostname = "git.cyperpunk.de";
+        port = 12222;
+        user = "gitea";
+        identityFile =
+          if isDarwin then "/Users/${primaryUser}/.ssh/ssh" else "/home/${primaryUser}/.ssh/ssh";
+      };
     };
   };
 }

nixos/roles/gitea.nix

@@ -13,7 +13,7 @@ let
     stripRoot = false;
   };
 
-  domain = "git.cyperpunk.de"; # swap to git.cyperpunk.de for prod
+  domain = "git.cyperpunk.de";
   httpPort = 9000;
   sshPort = 12222;
 in

nixos/roles/matrix/clients.nix

@@ -133,15 +133,31 @@ let
     '';
   });
 
+  cinnyConfigured = pkgs.cinny-unwrapped.overrideAttrs (_: {
+    postInstall = ''
+      cp ${
+        builtins.toFile "cinny-config.json" (
+          builtins.toJSON {
+            defaultHomeserver = 0;
+            homeserverList = [ "cyperpunk.de" ];
+            allowCustomHomeservers = false;
+          }
+        )
+      } $out/config.json
+    '';
+  });
+
 in
 {
   services.nginx.virtualHosts = {
     "cinny.cyperpunk.de" = {
       forceSSL = true;
       enableACME = true;
-      root = "${pkgs.cinny}";
+      root = "${cinnyConfigured}";
+      locations."/" = {
+        tryFiles = "$uri $uri/ /index.html";
+      };
     };
-
     "element.cyperpunk.de" = {
       forceSSL = true;
       enableACME = true;

nixos/roles/matrix/synapse.nix

@@ -128,7 +128,7 @@ in
             ];
             allow_existing_users = true;
             user_mapping_provider.config = {
-              localpart_template = "{{ user.preferred_username }}";
+              localpart_template = "{{ user.preferred_username.split('@')[0] }}";
               display_name_template = "{{ user.displayname }}";
             };
           }

nixos/roles/nginx.nix

@@ -56,19 +56,7 @@ in
       };
       "search.cyperpunk.de" = mkProxy 11080;
       "file.cyperpunk.de" = mkProxy 10000;
-      "ngx.cyperpunk.de" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://${upstream}:28101";
-          proxyWebsockets = true;
-          extraConfig = ''
-            sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://theme-park.dev/css/base/paperless-ngx/catppuccin-mocha.css"></head>';
-            sub_filter_once on;
-            proxy_set_header Accept-Encoding "";
-          '';
-        };
-      };
+      "ngx.cyperpunk.de" = mkWsProxy 28101;
       "vault.cyperpunk.de" = mkWsProxy 8222;
       "calvin.cyperpunk.de" = mkWsProxy 15006;
       "auth.cyperpunk.de" = mkHttpsProxy 8444;