Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix config indentations for signal and remove old secrets

Browse Source
This commit is contained in:
Kabbone
2025-05-27 12:38:46 +02:00
parent 7a85f55a52
commit 6529d08626
5 changed files with 13 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/services/printer/klipper.nix
View File

@@ -14,7 +14,7 @@
group = "moonraker"; group = "moonraker";
configFile = ./printer.cfg; configFile = ./printer.cfg;
mutableConfig = true; mutableConfig = true;
ConfigDir = "/var/lib/moonraker/config"; configDir = "/var/lib/moonraker/config";
firmwares."sovol06" = { firmwares."sovol06" = {
serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0"; serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
enableKlipperFlash = true; enableKlipperFlash = true;

63
modules/services/server/matrix.nix
View File

@@ -19,7 +19,6 @@ let
in { in {
environment.systemPackages = [ environment.systemPackages = [
pkgs.mautrix-whatsapp pkgs.mautrix-whatsapp
pkgs.mautrix-signal
]; ];
services.nginx = { services.nginx = {
@@ -78,7 +77,6 @@ in {
]; ];
app_service_config_files = [ app_service_config_files = [
config.age.secrets."services/matrix/whatsapp-registration.yml".path config.age.secrets."services/matrix/whatsapp-registration.yml".path
config.age.secrets."services/matrix/signal-registration.yml".path
]; ];
}; };
extraConfigFiles = [ extraConfigFiles = [
@@ -122,43 +120,9 @@ in {
SystemCallFilter="@system-service"; SystemCallFilter="@system-service";
}; };
}; };
mautrix-signal = {
description = "Matrix <-> Signal bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" "matrix-synapse.service" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.mautrix-signal}/bin/mautrix-signal -n --config ${config.age.secrets."services/matrix/mautrix-signal.yml".path}";
serviceConfig = {
User = "mautrix-signal";
Group = "mautrix-signal";
Environment = "HOME=/var/lib/mautrix-signal";
ReadWritePaths= [
"/var/log/mautrix-signal"
];
NoNewPrivileges=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;
ProtectSystem="strict";
ProtectControlGroups=true;
RestrictSUIDSGID=true;
RestrictRealtime=true;
LockPersonality=true;
ProtectKernelLogs=true;
ProtectKernelTunables=true;
ProtectHostname=true;
ProtectKernelModules=true;
PrivateUsers=true;
ProtectClock=true;
SystemCallArchitectures="native";
SystemCallErrorNumber="EPERM";
SystemCallFilter="@system-service";
};
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp" "d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp"
"d /var/log/mautrix-signal - mautrix-signal mautrix-signal"
]; ];
users = { users = {
@@ -270,7 +234,17 @@ in {
}; };
database = { database = {
type = "postgres"; type = "postgres";
uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE" uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
bridge = { bridge = {
sync_channel_members = true; sync_channel_members = true;
startup_sync = true; startup_sync = true;
@@ -278,15 +252,6 @@ in {
double_puppet_server_map = { double_puppet_server_map = {
"kabtop.de" = "https://kabtop.de"; "kabtop.de" = "https://kabtop.de";
}; };
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
private_chat_portal_meta = "default"; private_chat_portal_meta = "default";
backfill = { backfill = {
disable_notifications = true; disable_notifications = true;
@@ -327,7 +292,7 @@ in {
file = ../../../secrets/services/matrix/mautrix-whatsapp.age; file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp"; owner = "mautrix-whatsapp";
}; };
age.secrets."services/matrix/mautrix-signal.yml" = { age.secrets."services/matrix/mautrix-signal.env" = {
file = ../../../secrets/services/matrix/mautrix-signal.age; file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal"; owner = "mautrix-signal";
}; };
@@ -335,9 +300,5 @@ in {
file = ../../../secrets/services/matrix/whatsapp-registration.age; file = ../../../secrets/services/matrix/whatsapp-registration.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
age.secrets."services/matrix/signal-registration.yml" = {
file = ../../../secrets/services/matrix/signal-registration.age;
owner = "matrix-synapse";
};
} }

3
secrets/secrets.nix
View File

@@ -68,12 +68,9 @@ in
"services/coturn/static-auth.age".publicKeys = servers ++ users; "services/coturn/static-auth.age".publicKeys = servers ++ users;
"services/matrix/synapse.age".publicKeys = servers ++ users; "services/matrix/synapse.age".publicKeys = servers ++ users;
"services/matrix/mautrix-telegram.age".publicKeys = servers ++ users; "services/matrix/mautrix-telegram.age".publicKeys = servers ++ users;
#"services/matrix/telegram-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users; "services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users;
"services/matrix/whatsapp-registration.age".publicKeys = servers ++ users; "services/matrix/whatsapp-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.age".publicKeys = servers ++ users; "services/matrix/mautrix-signal.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.old.age".publicKeys = servers ++ users;
"services/matrix/signal-registration.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users; "services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;

22
secrets/services/matrix/signal-registration.age
View File

@@ -1,22 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 WiIaQQ KKhltKIL6ynmREXpryiP/5127kDFtc7fR62NijNm5x4
wlNXfH4g8apc4uY9fTT1CNJuSsn7ADY232E/labgjBk
-> ssh-rsa VtjGpQ
eKjvT//JgEiAulEZ29W9BhkvMvEErNfM2E3pcO5v3iVDCMac1B/kSmFYPkRlOjQZ
QJV4jE0Y9hmc/3wRAOVkmU5UwiHEf2OwjwLCAUvnP6gASPlE25ERvwdT4mltMmG1
aVCMqBVMKW6Y2qPRV/bkGHwMSroX8NndoW+vyA3+2EaKTOC7JxF9hRmUljU9IU8Z
+D4QrzFZ+6BSAbseyNqQjHN0M6VWq0Um/cbdBp2cRF9Ydpc2C2hjtb+oSoJgEajM
EyjDmYIrr5vVn45OyZpazinowIbJI6e/mZ87WRbz+ZTW5uWTE8qtmyaTCzk6dQfp
QQ3lhtN1I6pk83FjWjpNSDFFR6bYAQu4SovpdgY1YYdRI4lNpB9vw6WTaKeV7OMm
gOD624CRsHsSxRCG9h2fT/8xWsuwkNh/4QErnpVa097DsLqyatjpLOUgQB5PJZcu
mC07yNEn9FxZfplQMNqczuzR+B1zoSAMB/fKXsayh1fp4MjYRVNvlcSTPfUvm7dF
HSfTx22KMHT1mzqabV6hn0mP/yson4fXVwpgQAdCDFlQOTp+ivi+HKUHgQAP47AW
AOSEZ2LzVT8Wdl6841pRuYwpg/JqY1yuM80FkPbZI6vxNoTlvtl+q2QgQkzNbf/w
CJGOhoZ+iIIj7WFLmc+01vzzK6674sAI093rjZXqa5s
-> piv-p256 grR75w Aw+PZ89I08f/PX1eBkxO8hJjbEG9nCbld39T1n3LEUQY
LKUIrJI1XoFAQzVxZ5QBVcbhcRnH+bn3h+XOIATHxt0
-> piv-p256 RQguQQ AzVzUUmxNQM0e59cqP91Y/jfZ+NfIUpD3nIELKZ3PTI4
JSJwoyNfH5bwjzyktPcaNyMwBAaaAaIIZAzA2zkX7wA
--- vth3zydE02PX56kmQVFk8LRnAkne6GUcYWHEb865bXQ
WA;Ӟ<>/<2F>Q9<51>R<EFBFBD><52><EFBFBD>)<29> #q-<2D> <20>4<1F>6<EFBFBD><36><EFBFBD><EFBFBD><10><><78>c4<>н ,<2C>q<>q<EFBFBD>j<EFBFBD>@s<><73> <01><><EFBFBD>_DG3߄4<>0<><30><EFBFBD><EFBFBD>7<EFBFBD>|<7C>Xx<><78>Z<EFBFBD>LX<4C><17><08>ZH A<><41><EFBFBD>_p<5F>[|m<><6D><EFBFBD>K<EFBFBD>G<EFBFBD><03><><EFBFBD><EFBFBD>%<25><><EFBFBD><EFBFBD>?u<>&\<5C>򆝂(I<16>x_<78><5F>v}/HuT<75><54>n{<7B><><EFBFBD>~<7E><>o<><6F>j<15><><EFBFBD><EFBFBD>-c<><63><EFBFBD><EFBFBD>%<25>tz9<7A><39><EFBFBD>Ȃ+<2B><0E><19>~
<EFBFBD>E<EFBFBD>R<EFBFBD><17><>7O<37><4F>{V<>}"f(<28><><EFBFBD>0<EFBFBD>S<EFBFBD><53>U<EFBFBD><03>9bxCn<43><09>.P*%1<>#q<><71><1E>oLC<4C>,<2C><><EFBFBD>r<EFBFBD><72><19><><16><EFBFBD>

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.