From 071781e78bc1255f531ddc03fcadd4b66c7989d0 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 28 Feb 2024 19:42:37 +0100 Subject: [PATCH] Prepare for matrix tests on neo --- .sops.yaml | 7 +++++ README.md | 1 + hosts/vm/neo/default.nix | 4 +++ modules/services/matrix.nix | 44 +++++++++++++++++++++++++++++++ secrets/neo.yaml | 52 +++++++++++++++++++++++++++++++++++++ 5 files changed, 108 insertions(+) create mode 100644 README.md create mode 100644 modules/services/matrix.nix create mode 100644 secrets/neo.yaml diff --git a/.sops.yaml b/.sops.yaml index ff1bd51..505f980 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -18,3 +18,10 @@ creation_rules: - *neo - *redite - *two + + # Secrets for neo + - path_regex: secrets/neo.yaml + key_groups: + - pgp: + - *_aeltheos + - *_pigeonmoelleux diff --git a/README.md b/README.md new file mode 100644 index 0000000..0911160 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# Configuration NixOS au Crans \ No newline at end of file diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index b85a37c..506f523 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -12,5 +12,9 @@ networking.hostName = "neo"; + sops.secrets.matrix-sliding-sync-pass-file = { + sopsFile = ../../../secrets/neo.yaml; + }; + system.stateVersion = "23.11"; } diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix new file mode 100644 index 0000000..5323538 --- /dev/null +++ b/modules/services/matrix.nix @@ -0,0 +1,44 @@ +{ config, ... }: + +{ + services.postgresql = { + enable = true; + ensureUsers = [{ + name = "matrix-synapse"; + ensureDBOwnership = true; + }]; + ensureDatabases = [ "matrix-synapse" ]; + }; + + services.matrix-synapse = { + enable = false; + + settings = { + server_name = "crans.org"; + + listeners = [ + { + port = 8008; + bind_addresses = [ "127.0.0.1" "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + name = [ "client" "federation" ]; + compress = true; + }]; + } + ]; + }; + + sliding-sync = { + enable = true; + + environmentFile = sops.secrets.matrix-sliding-sync-pass-file.path; + + settings = { + SYNCV3_SERVER = "https://crans.org"; + }; + }; + }; +} diff --git a/secrets/neo.yaml b/secrets/neo.yaml new file mode 100644 index 0000000..4964890 --- /dev/null +++ b/secrets/neo.yaml @@ -0,0 +1,52 @@ +matrix-sliding-sync-pass-file: ENC[AES256_GCM,data:niG+eaZ/ZEUMu3b6zSrWKTkIQxkFcrzlTGynJsBgSXI/3LJamWHUyr6zaDdzWjXBBBfgE9oBGS8jPrYnMgpV5SELqseSbikq5jYVEWX2OUXdoa+FA6Wefy7ssM37/GQ=,iv:Ta8NRXSdDsILBKXQccJRdHrqoVh3nGSQP+YCgJzteH4=,tag:JYpjy1rdRsyW8VBWtyNaxg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-27T16:48:27Z" + mac: ENC[AES256_GCM,data:vgrZzj1LUh/tu4Mt9hxkP4HxSjOOXlLdp+Dh7X8DSxt8hyZRnCXDmJnd+r9xiT9ajbE4Y2L2Uej1GedrAesZgl2SB/x0+yKFMtW/AKAO8W70FGHOG54d58IHC5DBdj/jgI9tIhFqTRNE1l/vYiXebkZkWJofUZTI45CRPNIlVbg=,iv:gqGm0Pcj5fmr5SayJZgvMTbL8M2pH0nbKIcPKANdO20=,tag:FPsxCXbk1rr+Dz7JUtRLoQ==,type:str] + pgp: + - created_at: "2024-02-27T16:44:14Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwEdD9k5IbiyAQ/+P5ge3VyR//hemiWrKDr2OQEy7yAIxyiXHwfusa3NRFZt + UmjC3U8g/yjhI8MhpNaJCu1F6eXFtEQL0bevm0kacmDafzZIdGR6srN4fiGJoo6r + MQ6nzkRqH0t5COKubULFBzc7cDiKd08QmKNwU4q+3kGnp60BWPwq4JLb9advlyQp + ukEw0WUoKQGOi3pSuXj7rj43WOfIKU12s1DEi0z05FJcGNiAVwDDApU0r6UF1WkV + CwB0mq3XCQGZgHGopKLshzZSg1VDPIbEgO0V+QNyhAK+EeX3O7TJvH8kI1oav5xo + Pjibhc8P28YSf7cSWiNkQqW7ji9iRUhdgfLxOXUrqJ2Y0TT2fTJ8Jv5XjmVvibyC + bM2raMxYOCKZq0+L5tpmgzQCC8P5jHFN7YDkhHl9JbIxAKjxXs9YG4SBY7BbUHoc + W4pcC8rfFYuSrCf6UVq4ech2bDgKYlIBpMTVi+uyPQjOg5Ctlv2guFyZjiJ6b5yr + Txf5OFJQYvwWFZfuZFNi6Fb+JwuL6QE7K0TQx5NHlWmwdhFsGMqIQAyRLmui5iHt + 9gWeMpr8fTHQqroqHNH8N9SRQW5C1DcDoyFj3J9wVQh3i8kdl2C2glvuoA6VJUR+ + 8qLZ13NSvXTnUom/+sbIn3eQFPW66xdNSLrjgaJoyfMBxqErh7mt9QlJCAujn5bS + XAHRnlacUDFrWrhWX6i1u+iLWp/dTh+wJqi06Fz9aMgMsUfuhSatqEDg1m4Ur7C8 + 3M9GwwweghZi8nad3ouqow3RlNo4extjDUo5C4YyaYmyIqrXodzriAqhtDu3 + =I3Cx + -----END PGP MESSAGE----- + fp: "0xDF6D6CE9E95E26E8" + - created_at: "2024-02-27T16:44:14Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/HTIsSK0VBlARAAzw5f9ZtV0cFyVvhsONFmILJWfhNuG60wPx3erc3Dhux4 + mYh4F2iLlYVMW6aASdkJEvSu2oEo7Kcl5tDjxatDOIHmIX9umafOPA5KSiQA4isg + Bju3dg0xaSdQ0LhZQvq+qkhGQlT4C2BplRzaBQZHSecQwRlpwv+p0w/gaYl3n/UD + ebK4USmSZT7rInAmxtqzq4eJ4FYOrK8JDh7d+sPQG3S8XawHIT7EoWkFTGtXkste + ZGNlB76AncD5orFGyL13JBUJev750QJ1jSVzFGXXVOQgaYeqoM8iagWqyAXEBW4r + r9TG6knH0vxx7DS992WlTV69hXfwJuQI9XLfs8okm0Y7t2bPdqlMsyh6tf4ppyW+ + sdAw1n7SX7dJ22VJL2aVlBr+FkONblCEN7l0KamakQHFbV/UeQaKHplOrWseEm37 + QzOFqeq+hx0Z03tcAdoQs39pBEP1NcntZJ8s203JJ5OJUobqMlKdJiV+36/CGaYN + rAF7y+7RGKO5leUqKHE66o6V/1WNPBdvqIKVcN5EZDhTl6hBt2hH+HDypZd2/JTn + 16fVf50S4BYbQBaIcqYj9+wgaN9k5Z/UqUk/918JOhseVZx9fYaZNQ/J2xhmsEsg + CJqlKswDth78syYRpWIctZ+WXX/0XnkmFh1JS1gQEOVtgDfanVCV9H6Ga1Rs2KLS + XAG0Yc+LOPfhG2FLod6s72JUr+zIt3fKcF/jg3JO9juh/RgXWBjbogL32sbVe6rS + ebtpgP2nmc8NRxz4sCwQHgqfJezuKnghBXvSFetEKtv6pd9Qy7RYsvC+1vvO + =Fzbo + -----END PGP MESSAGE----- + fp: "0xFA47BDA260489ADA" + unencrypted_suffix: _unencrypted + version: 3.8.1