fix: enable matrix on winters

2025-12-06 00:57:22 +01:00 · 2024-09-25 17:21:24 +02:00 · 2024-09-25 17:21:24 +02:00 · a4e4bcd094
commit a4e4bcd094
parent fc45873aad
13 changed files with 377 additions and 51 deletions
--- a/profiles/mysticant/configuration.nix
+++ b/profiles/mysticant/configuration.nix
@ -1,13 +1,37 @@
 { pkgs, ... }: {
-  environment.packages = with pkgs; [
-    vim
-    git
-    man
-    gnupg
-  ];
+  environment = {
+    packages = with pkgs; [
+      vim
+      git
+      openssh
+      toybox
+      dig
+      man
+      gnupg
+    ];
+
+    etcBackupExtension = ".bak";
+    extraOutputsToInstall = [
+      "doc"
+      "info"
+      "devdoc"
+    ];
+    motd = null;
+  };
+
+  home-manager.config = {
+    services.ssh-agent.enable = true;
+  };
+
+  android-integration = {
+    termux-open.enable = true;
+    termux-xdg-open.enable = true;
+    termux-open-url.enable = true;
+    termux-reload-settings.enable = true;
+    termux-setup-storage.enable = true;
+  };

  # Backup etc files instead of failing to activate generation if a file already exists in /etc
-  environment.etcBackupExtension = ".bak";

  # Read the changelog before changing this value
  system.stateVersion = "23.05";
--- a/profiles/mysticant/default.nix
+++ b/profiles/mysticant/default.nix
@ -0,0 +1,48 @@
+{ pkgs, ... }: {
+  environment = {
+    packages = with pkgs; [
+      vim
+      git
+      openssh
+      toybox
+      dig
+      man
+      gnupg
+    ];
+
+    etcBackupExtension = ".bak";
+    extraOutputsToInstall = [
+      "doc"
+      "info"
+      "devdoc"
+    ];
+    motd = null;
+  };
+
+  home-manager.config = {
+
+    imports = [
+      ../common/home/ssh.nix
+    ];
+    services.ssh-agent.enable = true;
+
+  };
+
+  android-integration = {
+    termux-open.enable = true;
+    termux-xdg-open.enable = true;
+    termux-open-url.enable = true;
+    termux-reload-settings.enable = true;
+    termux-setup-storage.enable = true;
+  };
+
+  # Backup etc files instead of failing to activate generation if a file already exists in /etc
+
+  # Read the changelog before changing this value
+  system.stateVersion = "23.05";
+
+  # Set up nix for flakes
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+}
--- a/profiles/nbl-imba-2/default.nix
+++ b/profiles/nbl-imba-2/default.nix
@ -3,6 +3,7 @@

  imports = [
    inputs.nixos-hardware.nixosModules.framework-16-7040-amd
+    inputs.fw-fanctrl.nixosModules.default

    ./hardware-configuration.nix
    ./disk-config.nix
@ -47,6 +48,7 @@
    resumeDevice = "/dev/disk/by-label/nixos";
  };

+  programs.fw-fanctrl.enable = true;

  networking = {
    hostName = "nbl-imba-2";
--- a/profiles/server/common/default.nix
+++ b/profiles/server/common/default.nix
@ -43,8 +43,8 @@

  environment.shellAliases = lib.recursiveUpdate
    {
-      npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
-      nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;";
+      npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
+      nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
    }
    config.swarselsystems.shellAliases;

--- a/profiles/server/common/matrix.nix
+++ b/profiles/server/common/matrix.nix
@ -1,6 +1,14 @@
 { config, lib, pkgs, modulesPath, sops, ... }:
 let
  matrixDomain = "swatrix.swarsel.win";
+  baseUrl = "https://${matrixDomain}";
+  clientConfig."m.homeserver".base_url = baseUrl;
+  serverConfig."m.server" = "${matrixDomain}:443";
+  mkWellKnown = data: ''
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
 in
 {

@ -151,7 +159,7 @@ in

    services.mautrix-whatsapp = {
      enable = true;
-      registerToSynapse = true;
+      registerToSynapse = false;
      settings = {
        homeserver = {
          address = "http://localhost:8008";
@ -198,7 +206,7 @@ in

    services.mautrix-signal = {
      enable = true;
-      registerToSynapse = true;
+      registerToSynapse = false;
      settings = {
        homeserver = {
          address = "http://localhost:8008";
@ -258,13 +266,30 @@ in
          enableACME = true;
          forceSSL = true;
          acmeRoot = null;
+          listen = [
+            {
+              addr = "0.0.0.0";
+              port = 8448;
+              ssl = true;
+              extraParameters = [
+                "default_server"
+              ];
+            }
+            {
+              addr = "0.0.0.0";
+              port = 443;
+              ssl = true;
+            }
+          ];
          locations = {
            "~ ^(/_matrix|/_synapse/client)" = {
-              proxyPass = "http://192.168.1.2:8008";
+              proxyPass = "http://localhost:8008";
              extraConfig = ''
                client_max_body_size 0;
              '';
            };
+            "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+            "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
          };
        };
      };
--- a/profiles/server/common/navidrome.nix
+++ b/profiles/server/common/navidrome.nix
@ -26,7 +26,7 @@


    hardware = {
-      opengl.enable = true;
+      # opengl.enable = true;
      enableAllFirmware = true;
    };

@ -36,7 +36,7 @@
      enable = true;
      openFirewall = true;
      settings = {
-        LogLevel = "trace";
+        LogLevel = "error";
        Address = "0.0.0.0";
        Port = 4040;
        MusicFolder = "/Vault/Eternor/Musik";
@ -45,11 +45,12 @@
        Scanner.GroupAlbumReleases = true;
        ScanSchedule = "@every 24h";
        MPVPath = "${pkgs.mpv}/bin/mpv";
+        MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
        Jukebox = {
          Enabled = true;
          Default = "pch";
          Devices = [
-            "pch"
+            [ "pch" "alsa/sysdefault:CARD=PCH" ]
          ];
        };
        # Insert these values locally as sops-nix does not work for them
--- a/profiles/server/common/ssh.nix
+++ b/profiles/server/common/ssh.nix
@ -6,9 +6,11 @@ _:
  };
  users.users.swarsel.openssh.authorizedKeys.keyFiles = [
    ../../../secrets/keys/authorized_keys
+    ../../../secrets/keys/mysticant.pub
  ];
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../../../secrets/keys/authorized_keys
+    ../../../secrets/keys/mysticant.pub
  ];

 }
--- a/profiles/server/mysticant/default.nix
+++ b/profiles/server/mysticant/default.nix
@ -0,0 +1,48 @@
+{ pkgs, ... }: {
+  environment = {
+    packages = with pkgs; [
+      vim
+      git
+      openssh
+      toybox
+      dig
+      man
+      gnupg
+    ];
+
+    etcBackupExtension = ".bak";
+    extraOutputsToInstall = [
+      "doc"
+      "info"
+      "devdoc"
+    ];
+    motd = null;
+  };
+
+  home-manager.config = {
+
+    imports = [
+      ../common/home/ssh.nix
+    ];
+    services.ssh-agent.enable = true;
+
+  };
+
+  android-integration = {
+    termux-open.enable = true;
+    termux-xdg-open.enable = true;
+    termux-open-url.enable = true;
+    termux-reload-settings.enable = true;
+    termux-setup-storage.enable = true;
+  };
+
+  # Backup etc files instead of failing to activate generation if a file already exists in /etc
+
+  # Read the changelog before changing this value
+  system.stateVersion = "23.05";
+
+  # Set up nix for flakes
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+}
--- a/profiles/server/winters/default.nix
+++ b/profiles/server/winters/default.nix
@ -28,7 +28,7 @@
  networking = {
    hostName = "winters";
    hostId = "b7778a4a";
-    firewall.enable = true;
+    firewall.enable = false;
    firewall.allowedTCPPorts = [ 80 443 ];
  };