not working garbage
This commit is contained in:
parent
ae7a48371e
commit
fe7ccb720f
2 changed files with 121 additions and 29 deletions
|
|
@ -5,7 +5,7 @@
|
|||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.conduwuit;
|
||||
cfg = config.kk.services.conduwuit;
|
||||
defaultUser = "conduwuit";
|
||||
defaultGroup = "conduwuit";
|
||||
|
||||
|
|
@ -14,7 +14,7 @@ let
|
|||
in
|
||||
{
|
||||
meta.maintainers = with lib.maintainers; [ niklaskorz ];
|
||||
options.services.conduwuit = {
|
||||
options.kk.services.conduwuit = {
|
||||
enable = lib.mkEnableOption "conduwuit";
|
||||
|
||||
user = lib.mkOption {
|
||||
|
|
@ -147,6 +147,18 @@ in
|
|||
Note that database_path cannot be edited because of the service's reliance on systemd StateDir.
|
||||
'';
|
||||
};
|
||||
global.database_backup_path = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to the conduwuit database, the directory where conduwuit will backup its data.
|
||||
'';
|
||||
};
|
||||
global.database_backups_to_keep = lib.mkOption {
|
||||
type = lib.types.ints.positive;
|
||||
default = 1;
|
||||
description = "";
|
||||
};
|
||||
global.allow_check_for_updates = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
|
|
@ -159,6 +171,18 @@ in
|
|||
'';
|
||||
};
|
||||
global.allow_local_presence = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_incoming_presence = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_outgoing_presence = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
|
|
@ -171,13 +195,79 @@ in
|
|||
'';
|
||||
};
|
||||
global.new_user_displayname_suffix = lib.mkOption {
|
||||
type = lib.types.string;
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
default = "🏳️⚧️";
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.registration_token = lib.mkOption {
|
||||
type = lib.types.string;
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.registration_token_file = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_public_room_directory_over_federation = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_public_room_directory_without_auth = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_device_name_federation = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.allow_inbound_profile_lookup_federation_requests = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.turn_secret = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.turn_uris = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.nonEmptyStr;
|
||||
default = [];
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.turn_secret_file = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.prevent_media_downloads_from = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.nonEmptyStr;
|
||||
default = [];
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.well_known.client = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
'';
|
||||
};
|
||||
global.well_known.server = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
inputs.disko.nixosModules.default
|
||||
../../modules/sops
|
||||
../../modules/services/autoupgrade
|
||||
"${inputs.nixpkgs-unstable}/nixos/modules/services/matrix/conduwuit.nix"
|
||||
./conduwuit.nix
|
||||
|
||||
../../users/kylekrein
|
||||
./hardware.nix
|
||||
|
|
@ -64,50 +64,52 @@ users = {
|
|||
};
|
||||
#Chat host
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 22 8448
|
||||
#3478 5349
|
||||
3478 5349
|
||||
];
|
||||
# networking.firewall.allowedUDPPortRanges = with config.services.coturn; [ {
|
||||
# from = min-port;
|
||||
# to = max-port;
|
||||
#} ];
|
||||
#networking.firewall.allowedUDPPorts = [ 3478 5349 ];
|
||||
networking.firewall.allowedUDPPortRanges = with config.services.coturn; [ {
|
||||
from = min-port;
|
||||
to = max-port;
|
||||
} ];
|
||||
networking.firewall.allowedUDPPorts = [ 3478 5349 ];
|
||||
sops.secrets."services/conduwuit" = {mode = "0755";};
|
||||
|
||||
services.conduwuit = {
|
||||
kk.services.conduwuit = {
|
||||
enable = true;
|
||||
#user = "turnserver";
|
||||
settings = {
|
||||
global = {
|
||||
server_name = "kylekrein.com";
|
||||
well_known = {
|
||||
server = "matrix.kylekrein.com:443";
|
||||
client = "https://matrix.kylekrein.com";
|
||||
};
|
||||
port = [ 6167 ];
|
||||
trusted_servers = [ "matrix.org" ];
|
||||
allow_registration = true;
|
||||
registration_token = "8ptB9GHlPwglvllBksplhA9sBHfVFXpJC6uQawIvNiyfkt0owZywhyIWRTx"; #nix shell nixpkgs#openssl -c openssl rand -base64 48 | tr -d '/+' | cut -c1-64
|
||||
allow_federation = true;
|
||||
allow_encryption = true;
|
||||
|
||||
allow_local_presence = true;
|
||||
require_auth_for_profile_requests = true;
|
||||
|
||||
turn_secret = "GvCOQnutdoEi3DXH5ueFBPVGftwQmCLRWgrmuvjRpqcbwmjffwXe8iu7XMQ23z6m";#_file = config.sops.secrets."services/conduwuit".path;
|
||||
turn_uris = [ "turn:91.99.0.169?transport=udp" "turn:91.99.0.169?transport=tcp" ];
|
||||
};
|
||||
};
|
||||
extraEnvironment = {
|
||||
CONDUWUIT_REGISTRATION_TOKEN = "TIebWOivZIx7oCxiX9FgMlxF8s6sTI1ppStDy3U3Ypm0fEmiJgOD8ppO1X6"; #nix shell nixpkgs#openssl -c openssl rand -base64 48 | tr -d '/+' | cut -c1-64
|
||||
#CONDUWUIT_REGISTRATION_TOKEN_FILE = ''"${config.sops.secrets."services/conduwuit".path}"'';
|
||||
CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🐝";
|
||||
CONDUWUIT_REQUIRE_AUTH_FOR_PROFILE_REQUESTS = "true";
|
||||
CONDUWUIT_ALLOW_LOCAL_PRESENCE = "true";
|
||||
CONDUWUIT_WELL_KNOWN__SERVER = "matrix.kylekrein.com:443";
|
||||
CONDUWUIT_WELL_KNOWN__CLIENT = "https://matrix.kylekrein.com";
|
||||
#CONDUWUIT_TURN_URIS = "turn:turn.kylekrein.com:3478?transport=udp";
|
||||
#CONDUWUIT_TURN_SECRET = "true";
|
||||
#CONDUWUIT_TURN_SECRET_FILE = "\"${config.sops.secrets."services/conduwuit".path}\"";
|
||||
};
|
||||
};
|
||||
services.coturn = rec {
|
||||
enable = false;
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = 49000;
|
||||
max-port = 50000;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret-file = config.sops.secrets."services/conduwuit".path;
|
||||
realm = "turn.kylekrein.com";
|
||||
static-auth-secret = "GvCOQnutdoEi3DXH5ueFBPVGftwQmCLRWgrmuvjRpqcbwmjffwXe8iu7XMQ23z6m";#-file = config.sops.secrets."services/conduwuit".path;
|
||||
realm = "91.99.0.169";
|
||||
listening-ips = [ "91.99.0.169" ];
|
||||
#cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
||||
#pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
||||
};
|
||||
|
|
@ -119,9 +121,9 @@ users = {
|
|||
virtualHosts."matrix.kylekrein.com, matrix.kylekrein.com:8448".extraConfig = ''
|
||||
reverse_proxy http://localhost:6167
|
||||
'';
|
||||
#virtualHosts."turn.kylekrein.com:3478".extraConfig = ''
|
||||
#reverse_proxy http://localhost:3478
|
||||
#'';
|
||||
virtualHosts."turn.kylekrein.com".extraConfig = ''
|
||||
reverse_proxy http://91.99.0.169:3478
|
||||
'';
|
||||
};
|
||||
system.stateVersion = "24.11";
|
||||
nix = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue