hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: gitea: now works

Browse Source
This commit is contained in:
yukkop
2026-05-29 21:27:53 +00:00
parent 7d254cd8c4
commit e38c0c499f
3 changed files with 14 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/module/generic/matrix-cluster-users.nix
View File

@@ -14,6 +14,7 @@
"lvgkcfjl" "lvgkcfjl"
"MrAlex0O" "MrAlex0O"
"Антоша" "Антоша"
"snuff"
]; ];
adminNames = [ "yukkop" ]; adminNames = [ "yukkop" ];

9
nixos/system/bfs.poland.xray/bfs.poland.xray.nix
View File

@@ -57,6 +57,15 @@ in {
jitsi.preferredDomain = jitsiHost; jitsi.preferredDomain = jitsiHost;
}; };
hectic.services.media-browser = {
enable = true;
port = 3001;
s3Bucket = "matrix-hectic-lab";
s3Endpoint = "https://hel1.your-objectstorage.com";
s3Region = "hel1";
s3CredentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
};
hectic.services.jitsi = { hectic.services.jitsi = {
enable = true; enable = true;
hostName = jitsiHost; hostName = jitsiHost;

99
nixos/system/hectic-lab/hectic-lab.nix
View File

@@ -25,7 +25,6 @@ in {
self.nixosModules.hectic self.nixosModules.hectic
self.nixosModules.matrix-cluster self.nixosModules.matrix-cluster
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
self.nixosModules.matrix-cluster-users
self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl
self.nixosModules."shadowsocks" # NOTE(nrv): usage/instance self.nixosModules."shadowsocks" # NOTE(nrv): usage/instance
@@ -60,42 +59,6 @@ in {
services.matrix = { services.matrix = {
enable = false; enable = false;
}; };
generic.matrix-cluster = {
enable = true;
overrideEnableSynapse = false;
role = "standby";
inherit matrixDomain;
signingKeyFile = config.sops.secrets."matrix/signing-key".path;
secretsFile = config.sops.secrets."matrix/secrets".path;
turnSecretFile = config.sops.secrets."matrix/turn-secret".path;
publicIp = "128.140.75.58";
objectStorage.s3 = {
bucket = "matrix-hectic-lab";
regionName = "hel1";
endpointUrl = "https://hel1.your-objectstorage.com";
credentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
};
replication = {
peerHost = "91.198.166.181";
passwordFile = config.sops.secrets."matrix/postgres-replication-password".path;
allowedSourceIPs = [ "91.198.166.181/32" ];
};
acme = {
enable = false;
porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path;
porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path;
};
};
services.media-browser = {
enable = true;
port = 3001;
s3Bucket = "matrix-hectic-lab";
s3Endpoint = "https://hel1.your-objectstorage.com";
s3Region = "hel1";
s3CredentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
};
}; };
# NOTE(yukkop): disk was provisioned by Hetzner rescue image, disko was never # NOTE(yukkop): disk was provisioned by Hetzner rescue image, disko was never
@@ -167,48 +130,6 @@ in {
sops.secrets."init-postgresql" = { sops.secrets."init-postgresql" = {
key = "init-postgresql"; key = "init-postgresql";
}; };
sops.secrets."matrix/secrets" = {
key = "matrix/secrets";
owner = "matrix-synapse";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/turn-secret" = {
key = "matrix/turn-secret";
owner = "root";
group = "root";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/object-storage/credentials" = {
key = "matrix/object-storage/credentials";
owner = "matrix-synapse";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
# Shared cluster secrets (PL standby also reads from this file).
sops.secrets."matrix/signing-key" = {
key = "matrix/signing-key";
owner = "matrix-synapse";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/postgres-replication-password" = {
key = "matrix/postgres-replication-password";
owner = "postgres";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/porkbun-api-key" = {
key = "matrix/porkbun-api-key";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/porkbun-secret-api-key" = {
key = "matrix/porkbun-secret-api-key";
mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
services.mailserver = { services.mailserver = {
enable = true; enable = true;
@@ -319,7 +240,8 @@ in {
''; '';
}; };
}; };
virtualHosts."gitea.${domain}" = sslOpts // { virtualHosts."gitea.${domain}" = {
enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
@@ -333,32 +255,19 @@ in {
services = { services = {
gitea = { gitea = {
enable = true; enable = true;
settings.service.DISABLE_REGISTRATION = false;
settings.server = { settings.server = {
HTTP_PORT = 11011; HTTP_PORT = 11011;
SSH_PORT = 11012; SSH_PORT = 11012;
}; };
database = { database = {
createDatabase = false; createDatabase = true;
type = "postgres"; type = "postgres";
socket = "/run/postgresql"; socket = "/run/postgresql";
user = "gitea"; user = "gitea";
name = "gitea"; name = "gitea";
}; };
}; };
postgresql = {
enable = true;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "gitea";
ensureDBOwnership = true;
}
];
authentication = ''
local gitea gitea peer
'';
};
}; };
# === WireGuard (disabled) === # === WireGuard (disabled) ===