From 2649599a5a0d053c701d8a5be02c0f0b1d57b2f2 Mon Sep 17 00:00:00 2001 From: tzlil Date: Fri, 21 Apr 2023 16:49:37 +0300 Subject: trying now --- hosts/vps/hydrus.nix | 11 ++++----- hosts/vps/matrix.nix | 69 ++++++++++++++++++++++++++++------------------------ 2 files changed, 42 insertions(+), 38 deletions(-) (limited to 'hosts/vps') diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix index 6727ed7..efd5383 100644 --- a/hosts/vps/hydrus.nix +++ b/hosts/vps/hydrus.nix @@ -15,7 +15,7 @@ systemd.services.Xvnc = { description = "Xvnc"; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none"; @@ -25,14 +25,14 @@ RestartSec = "5s"; }; }; - + systemd.services.hydrus = { description = "Hydrus"; - wantedBy = [ "multi-user.target" "Xvnc.service" ]; - wants = [ "podman-hydrus-web.service" ]; + wantedBy = ["multi-user.target" "Xvnc.service"]; + wants = ["podman-hydrus-web.service"]; serviceConfig = { - Environment = "DISPLAY=:30"; + Environment = "DISPLAY=:30"; ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus"; User = "hydrus"; Group = "hydrus"; @@ -41,7 +41,6 @@ }; }; - security.lockKernelModules = lib.mkForce false; virtualisation.oci-containers.containers.hydrus-web = { ports = ["8080:80"]; diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix index 26095e1..c2f4c5b 100644 --- a/hosts/vps/matrix.nix +++ b/hosts/vps/matrix.nix @@ -25,21 +25,20 @@ # }; # networking.firewall.allowedTCPPorts = [80 443]; - age.secrets = { - matrix = { + age.secrets.matrix = { file = ../secrets/matrix.age; mode = "600"; owner = "root"; group = "root"; }; - }; services.dendrite = let - database_config = { - connection_string = "postgresql:///dendrite?host=/run/postgresql"; - max_open_conns = 10; - max_idle_conns = 5; - }; in { + database_config = { + connection_string = "postgresql:///dendrite?host=/run/postgresql"; + max_open_conns = 10; + max_idle_conns = 5; + }; + in { enable = true; tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt"; @@ -74,8 +73,14 @@ { server_name = "matrix.org"; keys = [ - { key_id = "ed25519:auto"; public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; } - { key_id = "ed25519:a_RXGa"; public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; } + { + key_id = "ed25519:auto"; + public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; + } + { + key_id = "ed25519:a_RXGa"; + public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; + } ]; } ]; @@ -92,7 +97,8 @@ }; }; - postgresql = { + services.postgresql = { + package = pkgs.postgresql_11; ensureUsers = [ { name = "dendrite"; @@ -102,29 +108,28 @@ } ]; - ensureDatabases = [ "dendrite" ]; + ensureDatabases = ["dendrite"]; }; - }; - - # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service - # systemd.services.dendrite.serviceConfig.User = "dendrite"; - # systemd.services.dendrite.serviceConfig.Group = "dendrite"; - environment.persistence."/nix/persist".directories = [ - { - directory = /var/lib/postgresql/${config.services.postgresql.package.psqlSchema}; - user = "postgres"; - group = "postgres"; - } - { - directory = /var/lib/private/dendrite; - user = "root"; - group = "root"; - } - ]; - - systemd.services.dendrite.after = [ "postgresql.service" ]; + # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service + # systemd.services.dendrite.serviceConfig.User = "dendrite"; + # systemd.services.dendrite.serviceConfig.Group = "dendrite"; + environment.persistence."/nix/persist".directories = [ + { + directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + user = "postgres"; + group = "postgres"; + } + + { + directory = "/var/lib/private/dendrite"; + user = "root"; + group = "root"; + } + ]; - networking.firewall.allowedTCPPorts = [8448]; + systemd.services.dendrite.after = ["postgresql.service"]; + networking.firewall.allowedTCPPorts = [8448]; + }; } -- cgit 1.4.1