From 2649599a5a0d053c701d8a5be02c0f0b1d57b2f2 Mon Sep 17 00:00:00 2001
From: tzlil <tzlils@protonmail.com>
Date: Fri, 21 Apr 2023 16:49:37 +0300
Subject: trying now

---
 hosts/vps/hydrus.nix | 11 ++++-----
 hosts/vps/matrix.nix | 69 ++++++++++++++++++++++++++++------------------------
 profiles/network.nix |  2 +-
 profiles/user.nix    |  8 ++----
 4 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix
index 6727ed7..efd5383 100644
--- a/hosts/vps/hydrus.nix
+++ b/hosts/vps/hydrus.nix
@@ -15,7 +15,7 @@
 
     systemd.services.Xvnc = {
       description = "Xvnc";
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];
 
       serviceConfig = {
         ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none";
@@ -25,14 +25,14 @@
         RestartSec = "5s";
       };
     };
- 
+
     systemd.services.hydrus = {
       description = "Hydrus";
-      wantedBy = [ "multi-user.target" "Xvnc.service" ];
-      wants = [ "podman-hydrus-web.service" ];
+      wantedBy = ["multi-user.target" "Xvnc.service"];
+      wants = ["podman-hydrus-web.service"];
 
       serviceConfig = {
-        Environment = "DISPLAY=:30"; 
+        Environment = "DISPLAY=:30";
         ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus";
         User = "hydrus";
         Group = "hydrus";
@@ -41,7 +41,6 @@
       };
     };
 
-
     security.lockKernelModules = lib.mkForce false;
     virtualisation.oci-containers.containers.hydrus-web = {
       ports = ["8080:80"];
diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix
index 26095e1..c2f4c5b 100644
--- a/hosts/vps/matrix.nix
+++ b/hosts/vps/matrix.nix
@@ -25,21 +25,20 @@
     # };
     # networking.firewall.allowedTCPPorts = [80 443];
 
-    age.secrets = {
-      matrix = {
+    age.secrets.matrix = {
         file = ../secrets/matrix.age;
         mode = "600";
         owner = "root";
         group = "root";
       };
-    };
 
     services.dendrite = let
-  database_config = {
-    connection_string = "postgresql:///dendrite?host=/run/postgresql";
-    max_open_conns = 10;
-    max_idle_conns = 5;
-  }; in {
+      database_config = {
+        connection_string = "postgresql:///dendrite?host=/run/postgresql";
+        max_open_conns = 10;
+        max_idle_conns = 5;
+      };
+    in {
       enable = true;
 
       tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt";
@@ -74,8 +73,14 @@
           {
             server_name = "matrix.org";
             keys = [
-              { key_id = "ed25519:auto"; public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; }
-              { key_id = "ed25519:a_RXGa"; public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; }
+              {
+                key_id = "ed25519:auto";
+                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
+              }
+              {
+                key_id = "ed25519:a_RXGa";
+                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
+              }
             ];
           }
         ];
@@ -92,7 +97,8 @@
       };
     };
 
-    postgresql = {
+    services.postgresql = {
+      package = pkgs.postgresql_11;
       ensureUsers = [
         {
           name = "dendrite";
@@ -102,29 +108,28 @@
         }
       ];
 
-      ensureDatabases = [ "dendrite" ];
+      ensureDatabases = ["dendrite"];
     };
-  };
-
-  # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-  # systemd.services.dendrite.serviceConfig.User = "dendrite";
-  # systemd.services.dendrite.serviceConfig.Group = "dendrite";
-  environment.persistence."/nix/persist".directories = [
-    {
-      directory = /var/lib/postgresql/${config.services.postgresql.package.psqlSchema};
-      user = "postgres";
-      group = "postgres";
-    }
 
-    {
-      directory = /var/lib/private/dendrite;
-      user = "root";
-      group = "root";
-    }
-  ];
-
-  systemd.services.dendrite.after = [ "postgresql.service" ];
+    # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
+    # systemd.services.dendrite.serviceConfig.User = "dendrite";
+    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        user = "postgres";
+        group = "postgres";
+      }
+
+      {
+        directory = "/var/lib/private/dendrite";
+        user = "root";
+        group = "root";
+      }
+    ];
 
-  networking.firewall.allowedTCPPorts = [8448];
+    systemd.services.dendrite.after = ["postgresql.service"];
 
+    networking.firewall.allowedTCPPorts = [8448];
+  };
 }
diff --git a/profiles/network.nix b/profiles/network.nix
index a83f25c..ba6e9a2 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -49,7 +49,7 @@
         };
 
         # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
-        server_names = [ ]; # tailscale magicdns
+        server_names = []; # tailscale magicdns
       };
     };
 
diff --git a/profiles/user.nix b/profiles/user.nix
index d343e9c..6f1d573 100644
--- a/profiles/user.nix
+++ b/profiles/user.nix
@@ -9,18 +9,14 @@
     inputs.home-manager.nixosModules."home-manager"
   ];
   config = {
-    age.secrets = {
-      id_ed25519 = {
+    age.secrets.id_ed25519 = {
         file = ../secrets/id_ed25519.age;
         mode = "600";
         owner = "tzlil";
         group = "users";
       };
-      # password.file = ../secrets/password.age;
-    };
-
 
-  programs.fish.enable = true; # needed now
+    programs.fish.enable = true; # needed now
     users.users.tzlil = {
       isNormalUser = true;
       description = "Me";
-- 
cgit 1.4.1