commit 811bae54aa084823433437398f523e7bfb80c8d6 · wiro.world/dotfiles

+11 -11

nixos/profiles/server.nix

···

       6
       6
        
       }:

     

       7
       7
        
       

     

       8
       8
        
       let

     

       9
       9
       -
         inherit (self.inputs) srvos agenix tangled;

     

       9
       9
       +
         inherit (self.inputs) unixpkgs srvos agenix tangled;

     

       10
       10
        
       

     

       11
       11
        
         ext-if = "eth0";

     

       12
       12
        
         external-ip = "91.99.55.74";

     
···

       87
       87
        
       

     

       88
       88
        
           tangled.nixosModules.knot

     

       89
       89
        
           tangled.nixosModules.spindle

     

       90
       90
       +
       

     

       91
       91
       +
           "${unixpkgs}/nixos/modules/services/matrix/tuwunel.nix"

     

       90
       92
        
         ];

     

       91
       93
        
       

     

       92
       94
        
         config = {

     
···

       468
       470
        
             };

     

       469
       471
        
           };

     

       470
       472
        
       

     

       471
       471
       -
           age.secrets.matrix-env.file = ../../secrets/matrix-env.age;

     

       472
       472
       -
           services.matrix-conduit = {

     

       473
       473
       +
           age.secrets.tuwunel-registration-tokens = { file = ../../secrets/tuwunel-registration-tokens.age; owner = config.services.matrix-tuwunel.user; };

     

       474
       474
       +
           services.matrix-tuwunel = {

     

       473
       475
        
             enable = true;

     

       474
       474
       -
             package = upkgs.matrix-conduit;

     

       476
       476
       +
             package = upkgs.matrix-tuwunel;

     

       475
       477
        
       

     

       476
       478
        
             settings.global = {

     

       477
       477
       -
               address = "127.0.0.1";

     

       478
       478
       -
               port = matrix-port;

     

       479
       479
       +
               address = [ "127.0.0.1" ];

     

       480
       480
       +
               port = [ matrix-port ];

     

       479
       481
        
       

     

       480
       482
        
               server_name = "wiro.world";

     

       481
       483
        
               well_known = {

     
···

       483
       485
        
                 server = "matrix.wiro.world:443";

     

       484
       486
        
               };

     

       485
       487
        
       

     

       486
       486
       -
               database_backend = "sqlite";

     

       487
       487
       -
               enable_lightning_bolt = false;

     

       488
       488
       +
               grant_admin_to_first_user = true;

     

       489
       489
       +
               new_user_displayname_suffix = "";

     

       488
       490
        
       

     

       489
       489
       -
               # Set in `CONDUIT_REGISTRATION_TOKEN`

     

       490
       490
       -
               # registration_token = ...;

     

       491
       491
        
               allow_registration = true;

     

       492
       492
       +
               registration_token_file = config.age.secrets.tuwunel-registration-tokens.path;

     

       492
       493
        
             };

     

       493
       494
        
           };

     

       494
       494
       -
           systemd.services.conduit.serviceConfig.EnvironmentFile = config.age.secrets.matrix-env.path;

     

       495
       495
        
         };

     

       496
       496
        
       }

-9

secrets/matrix-env.age

···

       1
       1
       -
       age-encryption.org/v1

     

       2
       2
       -
       -> ssh-ed25519 sMF1bg ynWhH67Y3AynyxoD9WmVKgNTAyb7ktUYUkRniXvfslw

     

       3
       3
       -
       hlN/NsBEhTwkeaSdCd6uj/U2X9wi/cFwwjIhDUYWtYQ

     

       4
       4
       -
       -> ssh-ed25519 SmMcWg SXQ91ashcl6UJMPAV/7mI950cczhMAJrjcnkdck8DWw

     

       5
       5
       -
       mndS8XyN+e1A4WRCU9dJ6bF50wrFnK6GPaJy/HJyMMA

     

       6
       6
       -
       -> ssh-ed25519 Q8rMFA g3PNPWKFO8Rf473kBaTuZUnalCI7b8Wl6W9qA7ldv2M

     

       7
       7
       -
       9UfrXGhwc5Fn42UFr1sHIvtFp0QeqAvu4bhkjEolTZs

     

       8
       8
       -
       --- vzV9NNriSPI4sc2eiJZ0HlxGG9f+BRwsALPWdmEoG84

     

       9
       9
       -
       �m�eqW{kU����/���mb[\���F*<,02MM���x�0��)��+��Zy�Ws-0e��o6Uv�o��0o W>"S���
8�(#

+1 -2

secrets/secrets.nix

···

       28
       28
        
         "authelia-storage-key.age".publicKeys = deploy;

     

       29
       29
        
         "authelia-ldap-password.age".publicKeys = deploy;

     

       30
       30
        
         "authelia-smtp-password.age".publicKeys = deploy;

     

       31
       31
       -
         # Defines `CONDUIT_REGISTRATION_TOKEN`

     

       32
       32
       -
         "matrix-env.age".publicKeys = deploy;

     

       31
       31
       +
         "tuwunel-registration-tokens.age".publicKeys = deploy;

     

       33
       32
        
       

     

       34
       33
        
         # Not used in config but useful

     

       35
       34
        
         "pgp-ca5e.age".publicKeys = users;

+9

secrets/tuwunel-registration-tokens.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg TVYRDtTe5khTJo0q8ShrR5o1WBrbK2htHjYCvi5QYAA

     

       3
       3
       +
       kx6Hke5RAZFfugR4aU28SRh4U8e4ymzeIY/+kYlAWhw

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg AyJOM5lQHETeGiI/V5vUtu2vD6PqCZNnuTPvfnU90zE

     

       5
       5
       +
       9vM7/8JUbScHaeDWig16MgqtULryofSrRqhw2OMWfBs

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA TeUNtmHquyhhDrXf+zXY56oTGvzkhkaReIoBx5Yb+TE

     

       7
       7
       +
       DLfVy9cO1JrVln9CHV1ag66z2kIMrVzhcaIugLytojE

     

       8
       8
       +
       --- nr/3KZTVXNdemLdmp2bO2bjxKDHvcy3gezZKYN5Z1qI

     

       9
       9
       +
       �"��Z8��ԛ�GvJ�{��(�V9��1�N"��o���o����Х�oJ�~�1�!�}Egd�!�