Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix config indentations for signal and remove old secrets

Browse Source
This commit is contained in:
Kabbone 2025-05-27 12:38:46 +02:00
parent 7a85f55a52
commit 6529d08626
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
5 changed files with 13 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/services/printer/klipper.nix
View File

@ -14,7 +14,7 @@
group = "moonraker"; group = "moonraker";
configFile = ./printer.cfg; configFile = ./printer.cfg;
mutableConfig = true; mutableConfig = true;
ConfigDir = "/var/lib/moonraker/config"; configDir = "/var/lib/moonraker/config";
firmwares."sovol06" = { firmwares."sovol06" = {
serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0"; serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
enableKlipperFlash = true; enableKlipperFlash = true;

57
modules/services/server/matrix.nix
View File

@ -19,7 +19,6 @@ let
in { in {
environment.systemPackages = [ environment.systemPackages = [
pkgs.mautrix-whatsapp pkgs.mautrix-whatsapp
pkgs.mautrix-signal
]; ];
services.nginx = { services.nginx = {
@ -78,7 +77,6 @@ in {
]; ];
app_service_config_files = [ app_service_config_files = [
config.age.secrets."services/matrix/whatsapp-registration.yml".path config.age.secrets."services/matrix/whatsapp-registration.yml".path
config.age.secrets."services/matrix/signal-registration.yml".path
]; ];
}; };
extraConfigFiles = [ extraConfigFiles = [
@ -122,43 +120,9 @@ in {
SystemCallFilter="@system-service"; SystemCallFilter="@system-service";
}; };
}; };
mautrix-signal = {
description = "Matrix <-> Signal bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" "matrix-synapse.service" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.mautrix-signal}/bin/mautrix-signal -n --config ${config.age.secrets."services/matrix/mautrix-signal.yml".path}";
serviceConfig = {
User = "mautrix-signal";
Group = "mautrix-signal";
Environment = "HOME=/var/lib/mautrix-signal";
ReadWritePaths= [
"/var/log/mautrix-signal"
];
NoNewPrivileges=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;
ProtectSystem="strict";
ProtectControlGroups=true;
RestrictSUIDSGID=true;
RestrictRealtime=true;
LockPersonality=true;
ProtectKernelLogs=true;
ProtectKernelTunables=true;
ProtectHostname=true;
ProtectKernelModules=true;
PrivateUsers=true;
ProtectClock=true;
SystemCallArchitectures="native";
SystemCallErrorNumber="EPERM";
SystemCallFilter="@system-service";
};
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp" "d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp"
"d /var/log/mautrix-signal - mautrix-signal mautrix-signal"
]; ];
users = { users = {
@ -270,13 +234,7 @@ in {
}; };
database = { database = {
type = "postgres"; type = "postgres";
uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE" uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE";
bridge = {
sync_channel_members = true;
startup_sync = true;
public_portals = true;
double_puppet_server_map = {
"kabtop.de" = "https://kabtop.de";
}; };
encryption = { encryption = {
allow = true; allow = true;
@ -287,6 +245,13 @@ in {
}; };
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY"; pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
}; };
bridge = {
sync_channel_members = true;
startup_sync = true;
public_portals = true;
double_puppet_server_map = {
"kabtop.de" = "https://kabtop.de";
};
private_chat_portal_meta = "default"; private_chat_portal_meta = "default";
backfill = { backfill = {
disable_notifications = true; disable_notifications = true;
@ -327,7 +292,7 @@ in {
file = ../../../secrets/services/matrix/mautrix-whatsapp.age; file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp"; owner = "mautrix-whatsapp";
}; };
age.secrets."services/matrix/mautrix-signal.yml" = { age.secrets."services/matrix/mautrix-signal.env" = {
file = ../../../secrets/services/matrix/mautrix-signal.age; file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal"; owner = "mautrix-signal";
}; };
@ -335,9 +300,5 @@ in {
file = ../../../secrets/services/matrix/whatsapp-registration.age; file = ../../../secrets/services/matrix/whatsapp-registration.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
age.secrets."services/matrix/signal-registration.yml" = {
file = ../../../secrets/services/matrix/signal-registration.age;
owner = "matrix-synapse";
};
} }

3
secrets/secrets.nix
View File

@ -68,12 +68,9 @@ in
"services/coturn/static-auth.age".publicKeys = servers ++ users; "services/coturn/static-auth.age".publicKeys = servers ++ users;
"services/matrix/synapse.age".publicKeys = servers ++ users; "services/matrix/synapse.age".publicKeys = servers ++ users;
"services/matrix/mautrix-telegram.age".publicKeys = servers ++ users; "services/matrix/mautrix-telegram.age".publicKeys = servers ++ users;
#"services/matrix/telegram-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users; "services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users;
"services/matrix/whatsapp-registration.age".publicKeys = servers ++ users; "services/matrix/whatsapp-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.age".publicKeys = servers ++ users; "services/matrix/mautrix-signal.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.old.age".publicKeys = servers ++ users;
"services/matrix/signal-registration.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users; "services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;

22
secrets/services/matrix/signal-registration.age
View File

@ -1,22 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 WiIaQQ KKhltKIL6ynmREXpryiP/5127kDFtc7fR62NijNm5x4
wlNXfH4g8apc4uY9fTT1CNJuSsn7ADY232E/labgjBk
-> ssh-rsa VtjGpQ
eKjvT//JgEiAulEZ29W9BhkvMvEErNfM2E3pcO5v3iVDCMac1B/kSmFYPkRlOjQZ
QJV4jE0Y9hmc/3wRAOVkmU5UwiHEf2OwjwLCAUvnP6gASPlE25ERvwdT4mltMmG1
aVCMqBVMKW6Y2qPRV/bkGHwMSroX8NndoW+vyA3+2EaKTOC7JxF9hRmUljU9IU8Z
+D4QrzFZ+6BSAbseyNqQjHN0M6VWq0Um/cbdBp2cRF9Ydpc2C2hjtb+oSoJgEajM
EyjDmYIrr5vVn45OyZpazinowIbJI6e/mZ87WRbz+ZTW5uWTE8qtmyaTCzk6dQfp
QQ3lhtN1I6pk83FjWjpNSDFFR6bYAQu4SovpdgY1YYdRI4lNpB9vw6WTaKeV7OMm
gOD624CRsHsSxRCG9h2fT/8xWsuwkNh/4QErnpVa097DsLqyatjpLOUgQB5PJZcu
mC07yNEn9FxZfplQMNqczuzR+B1zoSAMB/fKXsayh1fp4MjYRVNvlcSTPfUvm7dF
HSfTx22KMHT1mzqabV6hn0mP/yson4fXVwpgQAdCDFlQOTp+ivi+HKUHgQAP47AW
AOSEZ2LzVT8Wdl6841pRuYwpg/JqY1yuM80FkPbZI6vxNoTlvtl+q2QgQkzNbf/w
CJGOhoZ+iIIj7WFLmc+01vzzK6674sAI093rjZXqa5s
-> piv-p256 grR75w Aw+PZ89I08f/PX1eBkxO8hJjbEG9nCbld39T1n3LEUQY
LKUIrJI1XoFAQzVxZ5QBVcbhcRnH+bn3h+XOIATHxt0
-> piv-p256 RQguQQ AzVzUUmxNQM0e59cqP91Y/jfZ+NfIUpD3nIELKZ3PTI4
JSJwoyNfH5bwjzyktPcaNyMwBAaaAaIIZAzA2zkX7wA
--- vth3zydE02PX56kmQVFk8LRnAkne6GUcYWHEb865bXQ
WA;Óž´/ðQ9ÀRä¢ô #q-ž Ü4û6ŸéµÞ°ãxÌžƒc4ꨰ«Ð½ qÿqÎj¼@s” †¾¬_DG3ß„0¸´ÅÌ7¸|X˜Z²LXÖ<17>ÜZH A³åÊ_p§[|m˜£úKÝGøš†Öã%ëçÇâ?u¿&\¬ò†<C3B2>(I¼x_¢£v}/HuT…«n{ýâß~Ž™o˜<6F>j°š¼Ñ-c£ÏðÉ%Îtz9ÃôÈŸ¸~  E”R—©Ú7O³ð{VÉ}"f(µ·¸0«S„UÿË9bxCn±*Û„ ‰.P*%1#qËÐýoLC²,÷¼Ôr×ùºðÊà¡› 
<EFBFBD>¢@þ÷]î»ÿa¯æ%ÐCRÌE×C—ÍB/êðÙùZž†rC©b¢¢Ø<>õ— Iy@…”#ˆ¡çÄkà 7Í,Ò<>çL ëVmIÑáTŽ8X™±‰Yª±bŸË»•ÞL<Gt¤ JÙÖO¶oï®4´ÿ·Z;fŸ+ÍPÐQ<P8/ÓæRÒ% Q·G¬F ¼mñ6IˆÔ6 ôuûùç—‹ÉŽ”N>R«•ÿ™®d·ÂâÞö1ùÐ3äDí4 âŒíyÀÊiúæø˜!Fî!ƒ¾Óï÷YNRÕÝ°_?„¥"ƒúɵ¥L×y‰FÁQÜ÷

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.