Compare commits
5 commits
9a0f86baa4
...
98ccbb142d
Author | SHA1 | Date | |
---|---|---|---|
Bruno BELANYI | 98ccbb142d | ||
Bruno BELANYI | c9be5f8fea | ||
Bruno BELANYI | ebebb5bb3b | ||
Bruno BELANYI | 98eb4098d2 | ||
Bruno BELANYI | 6d2ac0c473 |
18
flake.lock
18
flake.lock
|
@ -136,11 +136,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729551526,
|
"lastModified": 1729864948,
|
||||||
"narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=",
|
"narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "5ec753a1fc4454df9285d8b3ec0809234defb975",
|
"rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -152,11 +152,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729413321,
|
"lastModified": 1729665710,
|
||||||
"narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
|
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
|
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -168,11 +168,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729688743,
|
"lastModified": 1729868220,
|
||||||
"narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=",
|
"narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea",
|
"rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
|
|
||||||
OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
|
|
||||||
-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
|
|
||||||
cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
|
|
||||||
--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
|
|
||||||
"W9<57>Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
|
|
||||||
Û}ð
§ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆBÃUpJClï²OÈ™³œnOÁ\
|
|
|
@ -48,9 +48,6 @@ in
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
publicKeys = all;
|
publicKeys = all;
|
||||||
};
|
};
|
||||||
"matrix/sliding-sync-secret.age" = {
|
|
||||||
publicKeys = all;
|
|
||||||
};
|
|
||||||
|
|
||||||
"mealie/mail.age" = {
|
"mealie/mail.age" = {
|
||||||
publicKeys = all;
|
publicKeys = all;
|
||||||
|
|
|
@ -69,9 +69,6 @@ in
|
||||||
mailConfigFile = secrets."matrix/mail".path;
|
mailConfigFile = secrets."matrix/mail".path;
|
||||||
# Only necessary when doing the initial registration
|
# Only necessary when doing the initial registration
|
||||||
secretFile = secrets."matrix/secret".path;
|
secretFile = secrets."matrix/secret".path;
|
||||||
slidingSync = {
|
|
||||||
secretFile = secrets."matrix/sliding-sync-secret".path;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
mealie = {
|
mealie = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -22,6 +22,10 @@ in
|
||||||
options.my.home.nix = with lib; {
|
options.my.home.nix = with lib; {
|
||||||
enable = my.mkDisableOption "nix configuration";
|
enable = my.mkDisableOption "nix configuration";
|
||||||
|
|
||||||
|
gc = {
|
||||||
|
enable = my.mkDisableOption "nix GC configuration";
|
||||||
|
};
|
||||||
|
|
||||||
cache = {
|
cache = {
|
||||||
selfHosted = my.mkDisableOption "self-hosted cache";
|
selfHosted = my.mkDisableOption "self-hosted cache";
|
||||||
};
|
};
|
||||||
|
@ -60,6 +64,22 @@ in
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
(lib.mkIf cfg.gc.enable {
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
|
||||||
|
# Every week, with some wiggle room
|
||||||
|
frequency = "weekly";
|
||||||
|
randomizedDelaySec = "10min";
|
||||||
|
|
||||||
|
# Use a persistent timer for e.g: laptops
|
||||||
|
persistent = true;
|
||||||
|
|
||||||
|
# Delete old profiles automatically after 15 days
|
||||||
|
options = "--delete-older-than 15d";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
(lib.mkIf cfg.cache.selfHosted {
|
(lib.mkIf cfg.cache.selfHosted {
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
|
|
|
@ -26,21 +26,6 @@ in
|
||||||
description = "Shared secret to register users";
|
description = "Shared secret to register users";
|
||||||
};
|
};
|
||||||
|
|
||||||
slidingSync = {
|
|
||||||
port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 8009;
|
|
||||||
example = 8084;
|
|
||||||
description = "Port used by sliding sync server";
|
|
||||||
};
|
|
||||||
|
|
||||||
secretFile = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "/var/lib/matrix/sliding-sync-secret-file.env";
|
|
||||||
description = "Secret file which contains SYNCV3_SECRET definition";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
mailConfigFile = mkOption {
|
mailConfigFile = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "/var/lib/matrix/email-config.yaml";
|
example = "/var/lib/matrix/email-config.yaml";
|
||||||
|
@ -106,17 +91,6 @@ in
|
||||||
] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
|
] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-sliding-sync = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
SYNCV3_SERVER = "https://${matrixDomain}";
|
|
||||||
SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
|
|
||||||
};
|
|
||||||
|
|
||||||
environmentFile = cfg.slidingSync.secretFile;
|
|
||||||
};
|
|
||||||
|
|
||||||
my.services.nginx.virtualHosts = {
|
my.services.nginx.virtualHosts = {
|
||||||
# Element Web app deployment
|
# Element Web app deployment
|
||||||
chat = {
|
chat = {
|
||||||
|
@ -130,9 +104,6 @@ in
|
||||||
"m.identity_server" = {
|
"m.identity_server" = {
|
||||||
"base_url" = "https://vector.im";
|
"base_url" = "https://vector.im";
|
||||||
};
|
};
|
||||||
"org.matrix.msc3575.proxy" = {
|
|
||||||
"url" = "https://matrix-sync.${domain}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
showLabsSettings = true;
|
showLabsSettings = true;
|
||||||
defaultCountryCode = "FR"; # cocorico
|
defaultCountryCode = "FR"; # cocorico
|
||||||
|
@ -152,10 +123,6 @@ in
|
||||||
matrix-client = {
|
matrix-client = {
|
||||||
port = clientPort.private;
|
port = clientPort.private;
|
||||||
};
|
};
|
||||||
# Sliding sync
|
|
||||||
matrix-sync = {
|
|
||||||
inherit (cfg.slidingSync) port;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Those are too complicated to use my wrapper...
|
# Those are too complicated to use my wrapper...
|
||||||
|
@ -178,11 +145,6 @@ in
|
||||||
|
|
||||||
"/_matrix" = proxyToClientPort;
|
"/_matrix" = proxyToClientPort;
|
||||||
"/_synapse/client" = proxyToClientPort;
|
"/_synapse/client" = proxyToClientPort;
|
||||||
|
|
||||||
# Sliding sync
|
|
||||||
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
|
|
||||||
proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
|
@ -228,7 +190,6 @@ in
|
||||||
client = {
|
client = {
|
||||||
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
|
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
|
||||||
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
||||||
"org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; };
|
|
||||||
};
|
};
|
||||||
# ACAO required to allow element-web on any URL to request this json file
|
# ACAO required to allow element-web on any URL to request this json file
|
||||||
in
|
in
|
||||||
|
|
|
@ -22,6 +22,10 @@ in
|
||||||
options.my.system.nix = with lib; {
|
options.my.system.nix = with lib; {
|
||||||
enable = my.mkDisableOption "nix configuration";
|
enable = my.mkDisableOption "nix configuration";
|
||||||
|
|
||||||
|
gc = {
|
||||||
|
enable = my.mkDisableOption "nix GC configuration";
|
||||||
|
};
|
||||||
|
|
||||||
cache = {
|
cache = {
|
||||||
selfHosted = my.mkDisableOption "self-hosted cache";
|
selfHosted = my.mkDisableOption "self-hosted cache";
|
||||||
};
|
};
|
||||||
|
@ -62,6 +66,22 @@ in
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
(lib.mkIf cfg.gc.enable {
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
|
||||||
|
# Every week, with some wiggle room
|
||||||
|
dates = "weekly";
|
||||||
|
randomizedDelaySec = "10min";
|
||||||
|
|
||||||
|
# Use a persistent timer for e.g: laptops
|
||||||
|
persistent = true;
|
||||||
|
|
||||||
|
# Delete old profiles automatically after 15 days
|
||||||
|
options = "--delete-older-than 15d";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
(lib.mkIf cfg.cache.selfHosted {
|
(lib.mkIf cfg.cache.selfHosted {
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
|
|
Loading…
Reference in a new issue