server: change matrix provider to tuwunel · wiro.world/dotfiles@811bae5

··· 6 6 }: 7 7 8 8 let 9 - inherit (self.inputs) srvos agenix tangled; 9 + inherit (self.inputs) unixpkgs srvos agenix tangled; 10 10 11 11 ext-if = "eth0"; 12 12 external-ip = "91.99.55.74"; ··· 87 87 88 88 tangled.nixosModules.knot 89 89 tangled.nixosModules.spindle 90 + 91 + "${unixpkgs}/nixos/modules/services/matrix/tuwunel.nix" 90 92 ]; 91 93 92 94 config = { ··· 468 470 }; 469 471 }; 470 472 471 - age.secrets.matrix-env.file = ../../secrets/matrix-env.age; 472 - services.matrix-conduit = { 473 + age.secrets.tuwunel-registration-tokens = { file = ../../secrets/tuwunel-registration-tokens.age; owner = config.services.matrix-tuwunel.user; }; 474 + services.matrix-tuwunel = { 473 475 enable = true; 474 - package = upkgs.matrix-conduit; 476 + package = upkgs.matrix-tuwunel; 475 477 476 478 settings.global = { 477 - address = "127.0.0.1"; 478 - port = matrix-port; 479 + address = [ "127.0.0.1" ]; 480 + port = [ matrix-port ]; 479 481 480 482 server_name = "wiro.world"; 481 483 well_known = { ··· 483 485 server = "matrix.wiro.world:443"; 484 486 }; 485 487 486 - database_backend = "sqlite"; 487 - enable_lightning_bolt = false; 488 + grant_admin_to_first_user = true; 489 + new_user_displayname_suffix = ""; 488 490 489 - # Set in `CONDUIT_REGISTRATION_TOKEN` 490 - # registration_token = ...; 491 491 allow_registration = true; 492 + registration_token_file = config.age.secrets.tuwunel-registration-tokens.path; 492 493 }; 493 494 }; 494 - systemd.services.conduit.serviceConfig.EnvironmentFile = config.age.secrets.matrix-env.path; 495 495 }; 496 496 }

-9

secrets/matrix-env.age

··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 sMF1bg ynWhH67Y3AynyxoD9WmVKgNTAyb7ktUYUkRniXvfslw 3 - hlN/NsBEhTwkeaSdCd6uj/U2X9wi/cFwwjIhDUYWtYQ 4 - -> ssh-ed25519 SmMcWg SXQ91ashcl6UJMPAV/7mI950cczhMAJrjcnkdck8DWw 5 - mndS8XyN+e1A4WRCU9dJ6bF50wrFnK6GPaJy/HJyMMA 6 - -> ssh-ed25519 Q8rMFA g3PNPWKFO8Rf473kBaTuZUnalCI7b8Wl6W9qA7ldv2M 7 - 9UfrXGhwc5Fn42UFr1sHIvtFp0QeqAvu4bhkjEolTZs 8 - --- vzV9NNriSPI4sc2eiJZ0HlxGG9f+BRwsALPWdmEoG84 9 - �m�eqW{kU��/��mb[\��F*<,02MM��x�0��)��+��Zy�Ws-0e��o6Uv�o��0o W>"S�� 8�(#

+1 -2

secrets/secrets.nix

··· 28 28 "authelia-storage-key.age".publicKeys = deploy; 29 29 "authelia-ldap-password.age".publicKeys = deploy; 30 30 "authelia-smtp-password.age".publicKeys = deploy; 31 - # Defines `CONDUIT_REGISTRATION_TOKEN` 32 - "matrix-env.age".publicKeys = deploy; 31 + "tuwunel-registration-tokens.age".publicKeys = deploy; 33 32 34 33 # Not used in config but useful 35 34 "pgp-ca5e.age".publicKeys = users;

secrets/tuwunel-registration-tokens.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 sMF1bg TVYRDtTe5khTJo0q8ShrR5o1WBrbK2htHjYCvi5QYAA 3 + kx6Hke5RAZFfugR4aU28SRh4U8e4ymzeIY/+kYlAWhw 4 + -> ssh-ed25519 SmMcWg AyJOM5lQHETeGiI/V5vUtu2vD6PqCZNnuTPvfnU90zE 5 + 9vM7/8JUbScHaeDWig16MgqtULryofSrRqhw2OMWfBs 6 + -> ssh-ed25519 Q8rMFA TeUNtmHquyhhDrXf+zXY56oTGvzkhkaReIoBx5Yb+TE 7 + DLfVy9cO1JrVln9CHV1ag66z2kIMrVzhcaIugLytojE 8 + --- nr/3KZTVXNdemLdmp2bO2bjxKDHvcy3gezZKYN5Z1qI 9 + �"��Z8��ԛ�GvJ�{��(�V9��1�N"��o��o��Х�oJ�~�1�!�}Egd�!�