From 7fe499ee1ff7ecd88b4ecfc96b200ed2704468a7 Mon Sep 17 00:00:00 2001 From: Soispha Date: Thu, 27 Jul 2023 09:45:30 +0200 Subject: Feat(system/services/matrix/bridges): Add mautrix-whatsapp bridge --- system/impermanence/mods/matrix.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/impermanence/mods') diff --git a/system/impermanence/mods/matrix.nix b/system/impermanence/mods/matrix.nix index 7f02609..3af6530 100644 --- a/system/impermanence/mods/matrix.nix +++ b/system/impermanence/mods/matrix.nix @@ -6,6 +6,12 @@ group = "matrix-synapse"; mode = "0700"; } + { + directory = "/var/lib/mautrix-whatsapp"; + user = "mautrix-whatsapp"; + group = "matrix-synapse"; + mode = "0750"; + } ]; systemd.tmpfiles.rules = [ "d /etc/matrix 0755 matrix-synapse matrix-synapse" -- cgit 1.4.1 From 595ab5cfd8bf28c41dfe1bc3ae043c1e407e6d4e Mon Sep 17 00:00:00 2001 From: Soispha Date: Thu, 27 Jul 2023 10:05:04 +0200 Subject: Fix(system/impermanence): Keycloak was actually postgresql --- system/impermanence/default.nix | 2 +- system/impermanence/mods/keycloak.nix | 5 ----- system/impermanence/mods/postgresql.nix | 5 +++++ 3 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 system/impermanence/mods/keycloak.nix create mode 100644 system/impermanence/mods/postgresql.nix (limited to 'system/impermanence/mods') diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index 0595078..b60eb4c 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -2,12 +2,12 @@ # TODO: Only activate them if their module is also active imports = [ ./mods/acme.nix - ./mods/keycloak.nix ./mods/mail.nix ./mods/matrix.nix ./mods/minecraft.nix ./mods/nix-sync.nix ./mods/openssh.nix + ./mods/postgresql.nix ./mods/users.nix ]; diff --git a/system/impermanence/mods/keycloak.nix b/system/impermanence/mods/keycloak.nix deleted file mode 100644 index 63b02f5..0000000 --- a/system/impermanence/mods/keycloak.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - environment.persistence."/srv".directories = [ - "/var/lib/postgresql" - ]; -} diff --git a/system/impermanence/mods/postgresql.nix b/system/impermanence/mods/postgresql.nix new file mode 100644 index 0000000..63b02f5 --- /dev/null +++ b/system/impermanence/mods/postgresql.nix @@ -0,0 +1,5 @@ +{...}: { + environment.persistence."/srv".directories = [ + "/var/lib/postgresql" + ]; +} -- cgit 1.4.1 From cd75ff6797386c5924a2f0bbc62eadf1c6e2725d Mon Sep 17 00:00:00 2001 From: Soispha Date: Sun, 1 Oct 2023 22:07:22 +0200 Subject: feat(system/services/taskserver): Init This is the server part used in combination with Taskwarrior to regain control over the unwieldy amount of task, that accumulate over the day. --- notes/taskserver.md | 7 +++++++ system/impermanence/default.nix | 1 + system/impermanence/mods/taskserver.nix | 5 +++++ system/services/default.nix | 1 + system/services/taskserver/default.nix | 28 ++++++++++++++++++++++++++++ 5 files changed, 42 insertions(+) create mode 100644 notes/taskserver.md create mode 100644 system/impermanence/mods/taskserver.nix create mode 100644 system/services/taskserver/default.nix (limited to 'system/impermanence/mods') diff --git a/notes/taskserver.md b/notes/taskserver.md new file mode 100644 index 0000000..36aeff0 --- /dev/null +++ b/notes/taskserver.md @@ -0,0 +1,7 @@ +# User export +Use +```bash +nixos-taskserver user export my-company alice +# or via ssh +ssh $server nixos-taskserver user export my-company alice #| sh +``` diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index b60eb4c..6e977b5 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -8,6 +8,7 @@ ./mods/nix-sync.nix ./mods/openssh.nix ./mods/postgresql.nix + ./mods/taskserver.nix ./mods/users.nix ]; diff --git a/system/impermanence/mods/taskserver.nix b/system/impermanence/mods/taskserver.nix new file mode 100644 index 0000000..9208aa4 --- /dev/null +++ b/system/impermanence/mods/taskserver.nix @@ -0,0 +1,5 @@ +{...}: { + environment.persistence."/srv".directories = [ + "/var/lib/taskserver" + ]; +} diff --git a/system/services/default.nix b/system/services/default.nix index 9163588..3349b38 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -13,5 +13,6 @@ ./openssh ./rust-motd ./snapper + ./taskserver ]; } diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix new file mode 100644 index 0000000..56255cd --- /dev/null +++ b/system/services/taskserver/default.nix @@ -0,0 +1,28 @@ +{...}: { + services.taskserver = { + enable = true; + pki.auto = { + expiration = { + server = 365; + crl = 365; + client = 365; + ca = 365; + }; + bits = 4096; + }; + organisations = { + vhack = { + users = [ + "soispha" + ]; + }; + soispha = { + users = [ + "soispha" + ]; + }; + }; + openFirewall = true; + fqdn = "taskserver.vhack.eu"; + }; +} -- cgit 1.4.1 From c154fa39a7f68a17713eff260c45c4d23835feb1 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 17:29:00 +0200 Subject: fix(system/services/murmur): Allow murmur's user to read certs --- system/impermanence/default.nix | 1 + system/impermanence/mods/murmur.nix | 10 ++++++++++ system/services/murmur/default.nix | 26 ++++++++++++++++++++++---- 3 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 system/impermanence/mods/murmur.nix (limited to 'system/impermanence/mods') diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index 6e977b5..f3d792d 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -5,6 +5,7 @@ ./mods/mail.nix ./mods/matrix.nix ./mods/minecraft.nix + ./mods/murmur.nix ./mods/nix-sync.nix ./mods/openssh.nix ./mods/postgresql.nix diff --git a/system/impermanence/mods/murmur.nix b/system/impermanence/mods/murmur.nix new file mode 100644 index 0000000..48912e1 --- /dev/null +++ b/system/impermanence/mods/murmur.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/murmur"; + user = "murmur"; + group = "murmur"; + mode = "0700"; + } + ]; +} diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix index 9c04db0..1dcd781 100644 --- a/system/services/murmur/default.nix +++ b/system/services/murmur/default.nix @@ -1,23 +1,41 @@ -{config, ...}: { +{...}: let + murmurStore = "/var/lib/murmur"; +in { services.murmur = { enable = true; openFirewall = true; welcometext = '' - You never get a second chance to make a first impression + You never get a second chance to make a first impression
The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! ''; - sslKey = "${config.security.acme.certs.murmur.directory}/key.pem"; - sslCert = "${config.security.acme.certs.murmur.directory}/fullchain.pem"; + sslKey = "${murmurStore}/key.pem"; + sslCert = "${murmurStore}/fullchain.pem"; registerUrl = "vhack.eu"; registerName = "vhack"; registerHostname = "mumble.vhack.eu"; hostName = "mumble.vhack.eu"; clientCertRequired = true; + bandwidth = 7200000; }; security.acme.certs.murmur = { domain = "mumble.vhack.eu"; + postRun = + /* + bash + */ + '' + set -x + rm "${murmurStore}/key.pem" + rm "${murmurStore}/fullchain.pem" + + cp key.pem "${murmurStore}"; + cp fullchain.pem "${murmurStore}"; + + chown murmur:murmur "${murmurStore}/key.pem" + chown murmur:murmur "${murmurStore}/fullchain.pem" + ''; }; } -- cgit 1.4.1 From 631e9c0fc66e7c0493ea447dfcfcfca93ce0d72c Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 20:49:27 +0200 Subject: feat(treewide): add mastodon --- system/impermanence/default.nix | 1 + system/impermanence/mods/mastodon.nix | 10 ++++++++++ system/secrets/default.nix | 6 ++++++ system/secrets/mastodon/mail.tix | 15 +++++++++++++++ system/secrets/secrets.nix | 1 + system/services/mail/users.nix | Bin 1138 -> 1303 bytes system/services/mastodon/default.nix | 17 +++++++++++++++++ 7 files changed, 50 insertions(+) create mode 100644 system/impermanence/mods/mastodon.nix create mode 100644 system/secrets/mastodon/mail.tix create mode 100644 system/services/mastodon/default.nix (limited to 'system/impermanence/mods') diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index f3d792d..f42c084 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -3,6 +3,7 @@ imports = [ ./mods/acme.nix ./mods/mail.nix + ./mods/mastodon.nix ./mods/matrix.nix ./mods/minecraft.nix ./mods/murmur.nix diff --git a/system/impermanence/mods/mastodon.nix b/system/impermanence/mods/mastodon.nix new file mode 100644 index 0000000..a5bdbfd --- /dev/null +++ b/system/impermanence/mods/mastodon.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/mastodon"; + user = "mastodon"; + group = "mastodon"; + mode = "0700"; + } + ]; +} diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 6cd7524..658679b 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -25,6 +25,12 @@ owner = "root"; group = "root"; }; + mastodonMail = { + file = ./mastodon/mail.tix; + mode = "700"; + owner = "mastodon"; + group = "mastodon"; + }; }; }; } diff --git a/system/secrets/mastodon/mail.tix b/system/secrets/mastodon/mail.tix new file mode 100644 index 0000000..c64a2e7 --- /dev/null +++ b/system/secrets/mastodon/mail.tix @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT05Uc2hrcFAwd1c5S1o0 +L3hhQURmdUVBbmxSYVFGczdGWThTck9VdkhRCktOZ1JSamN0Ly9pVXJDMDZ4Y0VZ +bmRyMTlaOU9HOEZ5SitzOVovUkhCNFUKLT4gWDI1NTE5IHlqUTFtODd6QXpNMFBY +WTY2cTJ2TFI5S0ZGc1doeEVEUi9veGRDKzN5UWsKUC9WZUtXVUs5cnkxL3Y5RlJs +RTRkNE5zQ0NtbG0vdStuZXZVUzFoeTBwNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +Um1qczl3YTM0S3dIb3AzQmpSNVNNUXFzMFNLNEEwQllOSUkrMHNzVy9uMApTdjhz +U250NGNpdk5SbWhPNjhjWWM0aWovRCt0MjR3M29JSTZjLy9IbTAwCi0+IEwtZ3Jl +YXNlIEp6KCk4by1jIF0Kd2xoKytCU3d3MGFxZmRmS2gxSDJiVFp1L3hOS2hJVEtz +NlFHWHhnRW5SNTZRMFFFRUJrVXo2blZvNlZTSXNqeQpVbWFLUmVHN1ptWGdLMkJT +RVJuUWxTVE4vcDhsCi0tLSA5ckxpdFhrQWErb2NkcXlWaHR6WmVndVppbjRIQ3cw +VjAxdTlnTEdmTkVrCou6/oezocFtYn7QDWLFzknFPlD5d1xBFutng6dvazWasZXD +qecouKvAmFFA4mQHUjbmD2QxWdorU7SyYpEPeTJ4rbOuayySkYPxUoo8gqvd7JkS +0VCavUuSb8nmfk24E3M= +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index cd27612..411f92e 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -15,4 +15,5 @@ in { "invidious/hmac.tix".publicKeys = allSecrets; "invidious/settings.tix".publicKeys = allSecrets; "miniflux/admin.tix".publicKeys = allSecrets; + "mastodon/mail.tix".publicKeys = allSecrets; } diff --git a/system/services/mail/users.nix b/system/services/mail/users.nix index a30d547..2104a8a 100644 Binary files a/system/services/mail/users.nix and b/system/services/mail/users.nix differ diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix new file mode 100644 index 0000000..6fb821e --- /dev/null +++ b/system/services/mastodon/default.nix @@ -0,0 +1,17 @@ +{config, ...}: let + emailAddress = "mastodon@vhack.eu"; +in { + services.mastodon = { + enable = true; + localDomain = "mstdn.vhack.eu"; + configureNginx = true; + smtp = { + authenticate = true; + createLocally = false; + fromAddress = emailAddress; + user = emailAddress; + host = "server1.vhack.eu"; + passwordFile = "${config.age.secrets.mastdonMail.path}"; + }; + }; +} -- cgit 1.4.1