diff options
Diffstat (limited to 'systems')
-rw-r--r-- | systems/backup-2/flake.lock | 28 | ||||
-rw-r--r-- | systems/dilion/flake.lock | 12 | ||||
-rw-r--r-- | systems/eldiron/base.nix | 2 | ||||
-rw-r--r-- | systems/eldiron/borg_backup.nix | 3 | ||||
-rw-r--r-- | systems/eldiron/flake.lock | 42 | ||||
-rw-r--r-- | systems/eldiron/websites/cloud/default.nix | 2 | ||||
-rw-r--r-- | systems/eldiron/websites/git/mantisbt.nix | 53 | ||||
-rw-r--r-- | systems/eldiron/websites/mail/default.nix | 4 | ||||
-rw-r--r-- | systems/eldiron/websites/mail/roundcubemail.nix | 13 | ||||
-rw-r--r-- | systems/eldiron/websites/tools/default.nix | 1 | ||||
-rw-r--r-- | systems/eldiron/websites/tools/landing.nix | 4 | ||||
-rw-r--r-- | systems/eldiron/websites/tools/landing/ldap_password.php | 2 | ||||
-rw-r--r-- | systems/monitoring-1/flake.lock | 20 | ||||
-rw-r--r-- | systems/quatresaisons/flake.lock | 12 | ||||
-rw-r--r-- | systems/zoldene/base.nix | 2 | ||||
-rw-r--r-- | systems/zoldene/flake.lock | 14 | ||||
-rw-r--r-- | systems/zoldene/logging.nix | 10 | ||||
-rw-r--r-- | systems/zoldene/synapse.nix | 211 |
18 files changed, 352 insertions, 83 deletions
diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock index 0863696..2eee849 100644 --- a/systems/backup-2/flake.lock +++ b/systems/backup-2/flake.lock | |||
@@ -22,7 +22,7 @@ | |||
22 | }, | 22 | }, |
23 | "locked": { | 23 | "locked": { |
24 | "lastModified": 1, | 24 | "lastModified": 1, |
25 | "narHash": "sha256-Deh1qsi1UFskPSAwq2sUGyPeh7hVVHct8hhy4o6fEzE=", | 25 | "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", |
26 | "path": "../../flakes/private/chatons", | 26 | "path": "../../flakes/private/chatons", |
27 | "type": "path" | 27 | "type": "path" |
28 | }, | 28 | }, |
@@ -74,7 +74,7 @@ | |||
74 | "environment": { | 74 | "environment": { |
75 | "locked": { | 75 | "locked": { |
76 | "lastModified": 1, | 76 | "lastModified": 1, |
77 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 77 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
78 | "path": "../environment", | 78 | "path": "../environment", |
79 | "type": "path" | 79 | "type": "path" |
80 | }, | 80 | }, |
@@ -86,7 +86,7 @@ | |||
86 | "environment_2": { | 86 | "environment_2": { |
87 | "locked": { | 87 | "locked": { |
88 | "lastModified": 1, | 88 | "lastModified": 1, |
89 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 89 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
90 | "path": "../../flakes/private/environment", | 90 | "path": "../../flakes/private/environment", |
91 | "type": "path" | 91 | "type": "path" |
92 | }, | 92 | }, |
@@ -98,7 +98,7 @@ | |||
98 | "environment_3": { | 98 | "environment_3": { |
99 | "locked": { | 99 | "locked": { |
100 | "lastModified": 1, | 100 | "lastModified": 1, |
101 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 101 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
102 | "path": "../environment", | 102 | "path": "../environment", |
103 | "type": "path" | 103 | "type": "path" |
104 | }, | 104 | }, |
@@ -110,7 +110,7 @@ | |||
110 | "environment_4": { | 110 | "environment_4": { |
111 | "locked": { | 111 | "locked": { |
112 | "lastModified": 1, | 112 | "lastModified": 1, |
113 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 113 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
114 | "path": "../environment", | 114 | "path": "../environment", |
115 | "type": "path" | 115 | "type": "path" |
116 | }, | 116 | }, |
@@ -122,7 +122,7 @@ | |||
122 | "environment_5": { | 122 | "environment_5": { |
123 | "locked": { | 123 | "locked": { |
124 | "lastModified": 1, | 124 | "lastModified": 1, |
125 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 125 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
126 | "path": "../environment", | 126 | "path": "../environment", |
127 | "type": "path" | 127 | "type": "path" |
128 | }, | 128 | }, |
@@ -134,7 +134,7 @@ | |||
134 | "environment_6": { | 134 | "environment_6": { |
135 | "locked": { | 135 | "locked": { |
136 | "lastModified": 1, | 136 | "lastModified": 1, |
137 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 137 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
138 | "path": "../environment", | 138 | "path": "../environment", |
139 | "type": "path" | 139 | "type": "path" |
140 | }, | 140 | }, |
@@ -146,7 +146,7 @@ | |||
146 | "environment_7": { | 146 | "environment_7": { |
147 | "locked": { | 147 | "locked": { |
148 | "lastModified": 1, | 148 | "lastModified": 1, |
149 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 149 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
150 | "path": "../environment", | 150 | "path": "../environment", |
151 | "type": "path" | 151 | "type": "path" |
152 | }, | 152 | }, |
@@ -352,7 +352,7 @@ | |||
352 | }, | 352 | }, |
353 | "locked": { | 353 | "locked": { |
354 | "lastModified": 1, | 354 | "lastModified": 1, |
355 | "narHash": "sha256-XdgjCex3Izb2hID+EBVj0YsEE5xvc+I416I2fHpi1LE=", | 355 | "narHash": "sha256-tY5qk98NpdM4osbPYFeo6/pHiQQU4a4iKw2jCJP99q8=", |
356 | "path": "../../flakes/private/mail-relay", | 356 | "path": "../../flakes/private/mail-relay", |
357 | "type": "path" | 357 | "type": "path" |
358 | }, | 358 | }, |
@@ -371,7 +371,7 @@ | |||
371 | }, | 371 | }, |
372 | "locked": { | 372 | "locked": { |
373 | "lastModified": 1, | 373 | "lastModified": 1, |
374 | "narHash": "sha256-bWNhkERypwoog3lphO0xURJ4xt58CZEWKn7So7A5mtM=", | 374 | "narHash": "sha256-Aqubcd5AOuP6XUdvjeCXIP6Yksn8uBXbS62kWXBop1w=", |
375 | "path": "../../flakes/private/milters", | 375 | "path": "../../flakes/private/milters", |
376 | "type": "path" | 376 | "type": "path" |
377 | }, | 377 | }, |
@@ -389,7 +389,7 @@ | |||
389 | }, | 389 | }, |
390 | "locked": { | 390 | "locked": { |
391 | "lastModified": 1, | 391 | "lastModified": 1, |
392 | "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", | 392 | "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", |
393 | "path": "../../flakes/private/monitoring", | 393 | "path": "../../flakes/private/monitoring", |
394 | "type": "path" | 394 | "type": "path" |
395 | }, | 395 | }, |
@@ -425,7 +425,7 @@ | |||
425 | }, | 425 | }, |
426 | "locked": { | 426 | "locked": { |
427 | "lastModified": 1, | 427 | "lastModified": 1, |
428 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 428 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
429 | "path": "../../mypackages", | 429 | "path": "../../mypackages", |
430 | "type": "path" | 430 | "type": "path" |
431 | }, | 431 | }, |
@@ -925,7 +925,7 @@ | |||
925 | }, | 925 | }, |
926 | "locked": { | 926 | "locked": { |
927 | "lastModified": 1, | 927 | "lastModified": 1, |
928 | "narHash": "sha256-fntajNe0urhuR0NbTOQZLTMhtHnd7p6PVuuEf0oAoFg=", | 928 | "narHash": "sha256-LDicilQIpNXKg/UD6uyf66h/iL/rhDOkkVjTMdKRzX4=", |
929 | "path": "../../flakes/private/opendmarc", | 929 | "path": "../../flakes/private/opendmarc", |
930 | "type": "path" | 930 | "type": "path" |
931 | }, | 931 | }, |
@@ -1104,7 +1104,7 @@ | |||
1104 | }, | 1104 | }, |
1105 | "locked": { | 1105 | "locked": { |
1106 | "lastModified": 1, | 1106 | "lastModified": 1, |
1107 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 1107 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
1108 | "path": "../../flakes/private/system", | 1108 | "path": "../../flakes/private/system", |
1109 | "type": "path" | 1109 | "type": "path" |
1110 | }, | 1110 | }, |
diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock index f2db2b7..be2ce96 100644 --- a/systems/dilion/flake.lock +++ b/systems/dilion/flake.lock | |||
@@ -59,7 +59,7 @@ | |||
59 | "environment": { | 59 | "environment": { |
60 | "locked": { | 60 | "locked": { |
61 | "lastModified": 1, | 61 | "lastModified": 1, |
62 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 62 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
63 | "path": "../../flakes/private/environment", | 63 | "path": "../../flakes/private/environment", |
64 | "type": "path" | 64 | "type": "path" |
65 | }, | 65 | }, |
@@ -71,7 +71,7 @@ | |||
71 | "environment_2": { | 71 | "environment_2": { |
72 | "locked": { | 72 | "locked": { |
73 | "lastModified": 1, | 73 | "lastModified": 1, |
74 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 74 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
75 | "path": "../environment", | 75 | "path": "../environment", |
76 | "type": "path" | 76 | "type": "path" |
77 | }, | 77 | }, |
@@ -83,7 +83,7 @@ | |||
83 | "environment_3": { | 83 | "environment_3": { |
84 | "locked": { | 84 | "locked": { |
85 | "lastModified": 1, | 85 | "lastModified": 1, |
86 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 86 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
87 | "path": "../environment", | 87 | "path": "../environment", |
88 | "type": "path" | 88 | "type": "path" |
89 | }, | 89 | }, |
@@ -207,7 +207,7 @@ | |||
207 | }, | 207 | }, |
208 | "locked": { | 208 | "locked": { |
209 | "lastModified": 1, | 209 | "lastModified": 1, |
210 | "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", | 210 | "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", |
211 | "path": "../../flakes/private/monitoring", | 211 | "path": "../../flakes/private/monitoring", |
212 | "type": "path" | 212 | "type": "path" |
213 | }, | 213 | }, |
@@ -243,7 +243,7 @@ | |||
243 | }, | 243 | }, |
244 | "locked": { | 244 | "locked": { |
245 | "lastModified": 1, | 245 | "lastModified": 1, |
246 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 246 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
247 | "path": "../../mypackages", | 247 | "path": "../../mypackages", |
248 | "type": "path" | 248 | "type": "path" |
249 | }, | 249 | }, |
@@ -599,7 +599,7 @@ | |||
599 | }, | 599 | }, |
600 | "locked": { | 600 | "locked": { |
601 | "lastModified": 1, | 601 | "lastModified": 1, |
602 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 602 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
603 | "path": "../../flakes/private/system", | 603 | "path": "../../flakes/private/system", |
604 | "type": "path" | 604 | "type": "path" |
605 | }, | 605 | }, |
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix index fa5e504..4535dcf 100644 --- a/systems/eldiron/base.nix +++ b/systems/eldiron/base.nix | |||
@@ -189,7 +189,7 @@ | |||
189 | table = ldap_users | 189 | table = ldap_users |
190 | user_column = login | 190 | user_column = login |
191 | pw_type = function | 191 | pw_type = function |
192 | auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u | 192 | auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( convert_to(%p, 'UTF8') || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u |
193 | #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u | 193 | #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u |
194 | ''; | 194 | ''; |
195 | }; | 195 | }; |
diff --git a/systems/eldiron/borg_backup.nix b/systems/eldiron/borg_backup.nix index 9956a46..f83594a 100644 --- a/systems/eldiron/borg_backup.nix +++ b/systems/eldiron/borg_backup.nix | |||
@@ -76,7 +76,7 @@ let | |||
76 | location = { | 76 | location = { |
77 | source_directories = map (p: "${profile.rootDir}/${p}") profile.includedPaths; | 77 | source_directories = map (p: "${profile.rootDir}/${p}") profile.includedPaths; |
78 | repositories = [ | 78 | repositories = [ |
79 | { path = cfg.remotes.${remote}.remote bucket; label = "backupserver"; } | 79 | { path = cfg.remotes.${remote}.remote name bucket; label = "backupserver"; } |
80 | ]; | 80 | ]; |
81 | one_file_system = false; | 81 | one_file_system = false; |
82 | exclude_if_present = [".duplicity-ignore"]; | 82 | exclude_if_present = [".duplicity-ignore"]; |
@@ -88,6 +88,7 @@ let | |||
88 | ssh_command = "ssh -i ${config.secrets.fullPaths."borg_backup/identity"}"; | 88 | ssh_command = "ssh -i ${config.secrets.fullPaths."borg_backup/identity"}"; |
89 | compression = "zlib"; | 89 | compression = "zlib"; |
90 | borg_base_directory = "${varDir}/${profile.bucket}"; | 90 | borg_base_directory = "${varDir}/${profile.bucket}"; |
91 | relocated_repo_access_is_ok = true; | ||
91 | }; | 92 | }; |
92 | retention = { | 93 | retention = { |
93 | keep_within = "10d"; | 94 | keep_within = "10d"; |
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock index 0f97917..ac6307e 100644 --- a/systems/eldiron/flake.lock +++ b/systems/eldiron/flake.lock | |||
@@ -129,7 +129,7 @@ | |||
129 | "environment": { | 129 | "environment": { |
130 | "locked": { | 130 | "locked": { |
131 | "lastModified": 1, | 131 | "lastModified": 1, |
132 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 132 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
133 | "path": "../environment", | 133 | "path": "../environment", |
134 | "type": "path" | 134 | "type": "path" |
135 | }, | 135 | }, |
@@ -141,7 +141,7 @@ | |||
141 | "environment_2": { | 141 | "environment_2": { |
142 | "locked": { | 142 | "locked": { |
143 | "lastModified": 1, | 143 | "lastModified": 1, |
144 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 144 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
145 | "path": "../environment", | 145 | "path": "../environment", |
146 | "type": "path" | 146 | "type": "path" |
147 | }, | 147 | }, |
@@ -153,7 +153,7 @@ | |||
153 | "environment_3": { | 153 | "environment_3": { |
154 | "locked": { | 154 | "locked": { |
155 | "lastModified": 1, | 155 | "lastModified": 1, |
156 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 156 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
157 | "path": "../environment", | 157 | "path": "../environment", |
158 | "type": "path" | 158 | "type": "path" |
159 | }, | 159 | }, |
@@ -165,7 +165,7 @@ | |||
165 | "environment_4": { | 165 | "environment_4": { |
166 | "locked": { | 166 | "locked": { |
167 | "lastModified": 1, | 167 | "lastModified": 1, |
168 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 168 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
169 | "path": "../environment", | 169 | "path": "../environment", |
170 | "type": "path" | 170 | "type": "path" |
171 | }, | 171 | }, |
@@ -177,7 +177,7 @@ | |||
177 | "environment_5": { | 177 | "environment_5": { |
178 | "locked": { | 178 | "locked": { |
179 | "lastModified": 1, | 179 | "lastModified": 1, |
180 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 180 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
181 | "path": "../environment", | 181 | "path": "../environment", |
182 | "type": "path" | 182 | "type": "path" |
183 | }, | 183 | }, |
@@ -189,7 +189,7 @@ | |||
189 | "environment_6": { | 189 | "environment_6": { |
190 | "locked": { | 190 | "locked": { |
191 | "lastModified": 1, | 191 | "lastModified": 1, |
192 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 192 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
193 | "path": "../environment", | 193 | "path": "../environment", |
194 | "type": "path" | 194 | "type": "path" |
195 | }, | 195 | }, |
@@ -813,7 +813,7 @@ | |||
813 | }, | 813 | }, |
814 | "locked": { | 814 | "locked": { |
815 | "lastModified": 1, | 815 | "lastModified": 1, |
816 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 816 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
817 | "path": "../../mypackages", | 817 | "path": "../../mypackages", |
818 | "type": "path" | 818 | "type": "path" |
819 | }, | 819 | }, |
@@ -830,7 +830,7 @@ | |||
830 | }, | 830 | }, |
831 | "locked": { | 831 | "locked": { |
832 | "lastModified": 1, | 832 | "lastModified": 1, |
833 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 833 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
834 | "path": "../mypackages", | 834 | "path": "../mypackages", |
835 | "type": "path" | 835 | "type": "path" |
836 | }, | 836 | }, |
@@ -847,7 +847,7 @@ | |||
847 | }, | 847 | }, |
848 | "locked": { | 848 | "locked": { |
849 | "lastModified": 1, | 849 | "lastModified": 1, |
850 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 850 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
851 | "path": "../mypackages", | 851 | "path": "../mypackages", |
852 | "type": "path" | 852 | "type": "path" |
853 | }, | 853 | }, |
@@ -864,7 +864,7 @@ | |||
864 | }, | 864 | }, |
865 | "locked": { | 865 | "locked": { |
866 | "lastModified": 1, | 866 | "lastModified": 1, |
867 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 867 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
868 | "path": "../mypackages", | 868 | "path": "../mypackages", |
869 | "type": "path" | 869 | "type": "path" |
870 | }, | 870 | }, |
@@ -1989,7 +1989,7 @@ | |||
1989 | }, | 1989 | }, |
1990 | "locked": { | 1990 | "locked": { |
1991 | "lastModified": 1, | 1991 | "lastModified": 1, |
1992 | "narHash": "sha256-Deh1qsi1UFskPSAwq2sUGyPeh7hVVHct8hhy4o6fEzE=", | 1992 | "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", |
1993 | "path": "../../flakes/private/chatons", | 1993 | "path": "../../flakes/private/chatons", |
1994 | "type": "path" | 1994 | "type": "path" |
1995 | }, | 1995 | }, |
@@ -2001,7 +2001,7 @@ | |||
2001 | "private-environment": { | 2001 | "private-environment": { |
2002 | "locked": { | 2002 | "locked": { |
2003 | "lastModified": 1, | 2003 | "lastModified": 1, |
2004 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 2004 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
2005 | "path": "../../flakes/private/environment", | 2005 | "path": "../../flakes/private/environment", |
2006 | "type": "path" | 2006 | "type": "path" |
2007 | }, | 2007 | }, |
@@ -2020,7 +2020,7 @@ | |||
2020 | }, | 2020 | }, |
2021 | "locked": { | 2021 | "locked": { |
2022 | "lastModified": 1, | 2022 | "lastModified": 1, |
2023 | "narHash": "sha256-bWNhkERypwoog3lphO0xURJ4xt58CZEWKn7So7A5mtM=", | 2023 | "narHash": "sha256-Aqubcd5AOuP6XUdvjeCXIP6Yksn8uBXbS62kWXBop1w=", |
2024 | "path": "../../flakes/private/milters", | 2024 | "path": "../../flakes/private/milters", |
2025 | "type": "path" | 2025 | "type": "path" |
2026 | }, | 2026 | }, |
@@ -2038,7 +2038,7 @@ | |||
2038 | }, | 2038 | }, |
2039 | "locked": { | 2039 | "locked": { |
2040 | "lastModified": 1, | 2040 | "lastModified": 1, |
2041 | "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", | 2041 | "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", |
2042 | "path": "../../flakes/private/monitoring", | 2042 | "path": "../../flakes/private/monitoring", |
2043 | "type": "path" | 2043 | "type": "path" |
2044 | }, | 2044 | }, |
@@ -2073,7 +2073,7 @@ | |||
2073 | }, | 2073 | }, |
2074 | "locked": { | 2074 | "locked": { |
2075 | "lastModified": 1, | 2075 | "lastModified": 1, |
2076 | "narHash": "sha256-fntajNe0urhuR0NbTOQZLTMhtHnd7p6PVuuEf0oAoFg=", | 2076 | "narHash": "sha256-LDicilQIpNXKg/UD6uyf66h/iL/rhDOkkVjTMdKRzX4=", |
2077 | "path": "../../flakes/private/opendmarc", | 2077 | "path": "../../flakes/private/opendmarc", |
2078 | "type": "path" | 2078 | "type": "path" |
2079 | }, | 2079 | }, |
@@ -2134,7 +2134,7 @@ | |||
2134 | }, | 2134 | }, |
2135 | "locked": { | 2135 | "locked": { |
2136 | "lastModified": 1, | 2136 | "lastModified": 1, |
2137 | "narHash": "sha256-uqftr7R3cVYwWuu8Xl6VbPVL2pqapv1bfmMJpq3LnZ4=", | 2137 | "narHash": "sha256-mhoBv1NxQoAMlfFGkgGC28cjMTgUxgb2oqNS+k6kWH4=", |
2138 | "path": "../../flakes/private/ssh", | 2138 | "path": "../../flakes/private/ssh", |
2139 | "type": "path" | 2139 | "type": "path" |
2140 | }, | 2140 | }, |
@@ -2153,7 +2153,7 @@ | |||
2153 | }, | 2153 | }, |
2154 | "locked": { | 2154 | "locked": { |
2155 | "lastModified": 1, | 2155 | "lastModified": 1, |
2156 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 2156 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
2157 | "path": "../../flakes/private/system", | 2157 | "path": "../../flakes/private/system", |
2158 | "type": "path" | 2158 | "type": "path" |
2159 | }, | 2159 | }, |
@@ -2206,7 +2206,7 @@ | |||
2206 | }, | 2206 | }, |
2207 | "locked": { | 2207 | "locked": { |
2208 | "lastModified": 1, | 2208 | "lastModified": 1, |
2209 | "narHash": "sha256-TeZKpuqFi0PEnhays+oL+hrNlO/O+IV/4B+Vtim4DKY=", | 2209 | "narHash": "sha256-1uymFn5bZul+Rrnek5YdC2EtgllQlL48VAvQTBh7ao4=", |
2210 | "path": "../../flakes/etherpad-lite", | 2210 | "path": "../../flakes/etherpad-lite", |
2211 | "type": "path" | 2211 | "type": "path" |
2212 | }, | 2212 | }, |
@@ -2248,7 +2248,7 @@ | |||
2248 | }, | 2248 | }, |
2249 | "locked": { | 2249 | "locked": { |
2250 | "lastModified": 1, | 2250 | "lastModified": 1, |
2251 | "narHash": "sha256-kbhkTVO086HibTB2ke3Qc458FwLUp2CqU8XUjuaAIug=", | 2251 | "narHash": "sha256-0jKcrg+vVVhfPgfu0kPo4JtgdFXuP29usmgRoSmsX5U=", |
2252 | "path": "../../flakes/grocy", | 2252 | "path": "../../flakes/grocy", |
2253 | "type": "path" | 2253 | "type": "path" |
2254 | }, | 2254 | }, |
@@ -2329,7 +2329,7 @@ | |||
2329 | }, | 2329 | }, |
2330 | "locked": { | 2330 | "locked": { |
2331 | "lastModified": 1, | 2331 | "lastModified": 1, |
2332 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 2332 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
2333 | "path": "../../flakes/mypackages", | 2333 | "path": "../../flakes/mypackages", |
2334 | "type": "path" | 2334 | "type": "path" |
2335 | }, | 2335 | }, |
@@ -2440,7 +2440,7 @@ | |||
2440 | }, | 2440 | }, |
2441 | "locked": { | 2441 | "locked": { |
2442 | "lastModified": 1, | 2442 | "lastModified": 1, |
2443 | "narHash": "sha256-+z5CIx4Gin8Ygu3qQbd5QMPuChzPkhtSv+kUm6dUW/s=", | 2443 | "narHash": "sha256-B37mhSriF+N+vwuXTL60SvgxMqIsdiAUsL48g1A6VRY=", |
2444 | "path": "../../flakes/surfer", | 2444 | "path": "../../flakes/surfer", |
2445 | "type": "path" | 2445 | "type": "path" |
2446 | }, | 2446 | }, |
diff --git a/systems/eldiron/websites/cloud/default.nix b/systems/eldiron/websites/cloud/default.nix index c859f32..3f41efe 100644 --- a/systems/eldiron/websites/cloud/default.nix +++ b/systems/eldiron/websites/cloud/default.nix | |||
@@ -61,7 +61,7 @@ in { | |||
61 | }; | 61 | }; |
62 | 62 | ||
63 | myServices.tools.cloud.farm.instances.immae = { | 63 | myServices.tools.cloud.farm.instances.immae = { |
64 | nextcloud = pkgs.webapps-nextcloud_27.override ({ | 64 | nextcloud = pkgs.webapps-nextcloud_27_2.override ({ |
65 | # Allow /index.php redirects | 65 | # Allow /index.php redirects |
66 | postInstall = '' | 66 | postInstall = '' |
67 | cd $out | 67 | cd $out |
diff --git a/systems/eldiron/websites/git/mantisbt.nix b/systems/eldiron/websites/git/mantisbt.nix index b0ee553..824e2e1 100644 --- a/systems/eldiron/websites/git/mantisbt.nix +++ b/systems/eldiron/websites/git/mantisbt.nix | |||
@@ -1,4 +1,38 @@ | |||
1 | { env, mantisbt_2, mantisbt_2-plugins, config }: | 1 | { env, mantisbt_2, mantisbt_2-plugins, config, writeText }: |
2 | let | ||
3 | mantis_config = { | ||
4 | config_inc = config.secrets.fullPaths."webapps/tools-mantisbt"; | ||
5 | custom_constants_inc = writeText "custom_constants_inc.php" '' | ||
6 | <?php | ||
7 | define('TESTING', 60); | ||
8 | ?> | ||
9 | ''; | ||
10 | custom_strings_inc = writeText "custom_strings_inc.php" '' | ||
11 | <?php | ||
12 | switch( $g_active_language ) { | ||
13 | case 'french': | ||
14 | $s_status_enum_string = '10:nouveau,20:retour d’informations,30:reçu,40:confirmé,50:affecté,60:à tester,80:traité,90:fermé'; | ||
15 | $s_acknowledged_bug_title = 'Recevoir l’anomalie'; | ||
16 | $s_acknowledged_bug_button = 'Recevoir l’anomalie'; | ||
17 | $s_email_notification_title_for_status_bug_acknowledged = 'L’anomalie suivante a été REÇUE.'; | ||
18 | |||
19 | $s_testing_bug_title = "Mettre l’anomalie en test"; | ||
20 | $s_testing_bug_button = 'À tester'; | ||
21 | $s_email_notification_title_for_status_bug_testing = "L’anomalie suivante est prête à être TESTÉE."; | ||
22 | break; | ||
23 | default: # english | ||
24 | $s_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed'; | ||
25 | |||
26 | $s_testing_bug_title = 'Mark issue Ready for Testing'; | ||
27 | $s_testing_bug_button = 'Ready for Testing'; | ||
28 | |||
29 | $s_email_notification_title_for_status_bug_testing = 'The following issue is ready for TESTING.'; | ||
30 | break; | ||
31 | } | ||
32 | ?> | ||
33 | ''; | ||
34 | }; | ||
35 | in | ||
2 | rec { | 36 | rec { |
3 | keys."webapps/tools-mantisbt" = { | 37 | keys."webapps/tools-mantisbt" = { |
4 | user = apache.user; | 38 | user = apache.user; |
@@ -20,7 +54,8 @@ rec { | |||
20 | $g_allow_anonymous_login = ON; | 54 | $g_allow_anonymous_login = ON; |
21 | $g_anonymous_account = 'anonymous'; | 55 | $g_anonymous_account = 'anonymous'; |
22 | 56 | ||
23 | $g_phpMailer_method = PHPMAILER_METHOD_SENDMAIL; | 57 | $g_log_level = LOG_EMAIL_VERBOSE; |
58 | $g_phpMailer_method = PHPMAILER_METHOD_MAIL; | ||
24 | $g_smtp_host = 'localhost'; | 59 | $g_smtp_host = 'localhost'; |
25 | $g_smtp_username = '''; | 60 | $g_smtp_username = '''; |
26 | $g_smtp_password = '''; | 61 | $g_smtp_password = '''; |
@@ -42,10 +77,12 @@ rec { | |||
42 | $g_ldap_uid_field = 'uid'; | 77 | $g_ldap_uid_field = 'uid'; |
43 | $g_ldap_realname_field = 'cn'; | 78 | $g_ldap_realname_field = 'cn'; |
44 | $g_ldap_organization = '${env.ldap.filter}'; | 79 | $g_ldap_organization = '${env.ldap.filter}'; |
80 | |||
81 | $g_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed'; | ||
82 | $g_status_colors['testing'] = '#ace7ae'; | ||
45 | ''; | 83 | ''; |
46 | }; | 84 | }; |
47 | webRoot = (mantisbt_2.override { mantis_config = | 85 | webRoot = (mantisbt_2.override { inherit mantis_config; }).withPlugins (p: [p.slack p.source-integration ]); |
48 | config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration ]); | ||
49 | apache = rec { | 86 | apache = rec { |
50 | user = "wwwrun"; | 87 | user = "wwwrun"; |
51 | group = "wwwrun"; | 88 | group = "wwwrun"; |
@@ -72,9 +109,8 @@ rec { | |||
72 | }; | 109 | }; |
73 | phpFpm = rec { | 110 | phpFpm = rec { |
74 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 111 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
75 | basedir = builtins.concatStringsSep ":" ( | 112 | basedir = builtins.concatStringsSep ":" ([ webRoot ] ++ |
76 | [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ] | 113 | webRoot.plugins ++ builtins.attrValues mantis_config); |
77 | ++ webRoot.plugins); | ||
78 | pool = { | 114 | pool = { |
79 | "listen.owner" = apache.user; | 115 | "listen.owner" = apache.user; |
80 | "listen.group" = apache.group; | 116 | "listen.group" = apache.group; |
@@ -84,7 +120,8 @@ rec { | |||
84 | 120 | ||
85 | "php_admin_value[upload_max_filesize]" = "5000000"; | 121 | "php_admin_value[upload_max_filesize]" = "5000000"; |
86 | 122 | ||
87 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | 123 | "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; |
124 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/run/wrappers/bin/sendmail"; | ||
88 | "php_admin_value[session.save_handler]" = "redis"; | 125 | "php_admin_value[session.save_handler]" = "redis"; |
89 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'"; | 126 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'"; |
90 | }; | 127 | }; |
diff --git a/systems/eldiron/websites/mail/default.nix b/systems/eldiron/websites/mail/default.nix index 0a0342b..e212cd2 100644 --- a/systems/eldiron/websites/mail/default.nix +++ b/systems/eldiron/websites/mail/default.nix | |||
@@ -111,13 +111,13 @@ in | |||
111 | phpOptions = config.services.phpfpm.phpOptions + '' | 111 | phpOptions = config.services.phpfpm.phpOptions + '' |
112 | date.timezone = 'CET' | 112 | date.timezone = 'CET' |
113 | ''; | 113 | ''; |
114 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); | 114 | phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); |
115 | }; | 115 | }; |
116 | services.phpfpm.pools.rainloop = { | 116 | services.phpfpm.pools.rainloop = { |
117 | user = "wwwrun"; | 117 | user = "wwwrun"; |
118 | group = "wwwrun"; | 118 | group = "wwwrun"; |
119 | settings = rainloop.phpFpm.pool; | 119 | settings = rainloop.phpFpm.pool; |
120 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); | 120 | phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); |
121 | }; | 121 | }; |
122 | system.activationScripts = { | 122 | system.activationScripts = { |
123 | roundcubemail = roundcubemail.activationScript; | 123 | roundcubemail = roundcubemail.activationScript; |
diff --git a/systems/eldiron/websites/mail/roundcubemail.nix b/systems/eldiron/websites/mail/roundcubemail.nix index 21a10fe..1db6c81 100644 --- a/systems/eldiron/websites/mail/roundcubemail.nix +++ b/systems/eldiron/websites/mail/roundcubemail.nix | |||
@@ -15,15 +15,16 @@ rec { | |||
15 | text = | 15 | text = |
16 | let | 16 | let |
17 | psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}"; | 17 | psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}"; |
18 | mysql_postfix_url = with config.myEnv.mail.dovecot.mysql; "mysql://${user}:${password}@unix(${socket})/${database}"; | ||
18 | in '' | 19 | in '' |
19 | <?php | 20 | <?php |
20 | $config['db_dsnw'] = '${psql_url}'; | 21 | $config['db_dsnw'] = '${psql_url}'; |
21 | $config['default_host'] = 'ssl://imap.immae.eu'; | 22 | $config['imap_host'] = 'ssl://imap.immae.eu'; |
22 | $config['username_domain'] = array( | 23 | $config['username_domain'] = array( |
23 | "imap.immae.eu" => "mail.immae.eu" | 24 | "imap.immae.eu" => "mail.immae.eu" |
24 | ); | 25 | ); |
25 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); | 26 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); |
26 | $config['smtp_server'] = 'tls://smtp.immae.eu'; | 27 | $config['smtp_host'] = 'tls://smtp.immae.eu'; |
27 | $config['smtp_port'] = '587'; | 28 | $config['smtp_port'] = '587'; |
28 | $config['managesieve_host'] = 'imap.immae.eu'; | 29 | $config['managesieve_host'] = 'imap.immae.eu'; |
29 | $config['managesieve_port'] = '4190'; | 30 | $config['managesieve_port'] = '4190'; |
@@ -49,16 +50,22 @@ rec { | |||
49 | 'markasjunk', | 50 | 'markasjunk', |
50 | 'managesieve', | 51 | 'managesieve', |
51 | 'newmail_notifier', | 52 | 'newmail_notifier', |
53 | 'reconnect', | ||
52 | 'vcard_attachments', | 54 | 'vcard_attachments', |
53 | 'zipdownload', | 55 | 'zipdownload', |
56 | 'virtuser_query', | ||
54 | 57 | ||
55 | 'automatic_addressbook', | ||
56 | 'message_highlight', | 58 | 'message_highlight', |
57 | 'carddav', | 59 | 'carddav', |
60 | // Intégré à roundcube 'automatic_addressbook', | ||
58 | // Ne marche pas ?: 'ident_switch', | 61 | // Ne marche pas ?: 'ident_switch', |
59 | // Ne marche pas ?: 'thunderbird_labels', | 62 | // Ne marche pas ?: 'thunderbird_labels', |
60 | ); | 63 | ); |
61 | 64 | ||
65 | $config['virtuser_query_dsn'] = '${mysql_postfix_url}'; | ||
66 | $config['virtuser_query'] = array( | ||
67 | "user" => "SELECT destination FROM forwardings WHERE ((regex = 1 AND '%m' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%m')) AND active = 1" | ||
68 | ); | ||
62 | $config['language'] = 'fr_FR'; | 69 | $config['language'] = 'fr_FR'; |
63 | 70 | ||
64 | $config['drafts_mbox'] = 'Drafts'; | 71 | $config['drafts_mbox'] = 'Drafts'; |
diff --git a/systems/eldiron/websites/tools/default.nix b/systems/eldiron/websites/tools/default.nix index 46e6a9f..7d8bf5e 100644 --- a/systems/eldiron/websites/tools/default.nix +++ b/systems/eldiron/websites/tools/default.nix | |||
@@ -108,6 +108,7 @@ in { | |||
108 | mailSend | 108 | mailSend |
109 | (ips servers.eldiron.ips.main) | 109 | (ips servers.eldiron.ips.main) |
110 | ]; | 110 | ]; |
111 | synapse = ips servers.zoldene.ips.main; | ||
111 | }; | 112 | }; |
112 | 113 | ||
113 | services.borgBackup.profiles.global.ignoredPaths = [ | 114 | services.borgBackup.profiles.global.ignoredPaths = [ |
diff --git a/systems/eldiron/websites/tools/landing.nix b/systems/eldiron/websites/tools/landing.nix index 692eaae..da7335a 100644 --- a/systems/eldiron/websites/tools/landing.nix +++ b/systems/eldiron/websites/tools/landing.nix | |||
@@ -3,8 +3,8 @@ let | |||
3 | source = builtins.fetchGit { | 3 | source = builtins.fetchGit { |
4 | url = "https://git.immae.eu/github/bastienwirtz/homer.git"; | 4 | url = "https://git.immae.eu/github/bastienwirtz/homer.git"; |
5 | ref = "gitolite_local/local_changes"; | 5 | ref = "gitolite_local/local_changes"; |
6 | rev = "af6db21ee92824ddd9c4b9574018789619326ffc"; | 6 | rev = "f2f414a2e9b02d645acb49f62fdfcceb8eca7d19"; |
7 | narHash = "sha256-TAf2oIPu5ZfRbxahAjOxwQ/z/g82pXmLPU8LhwxRgXs"; | 7 | narHash = "sha256-WrAx4gLKOVpwHtLh57ZLoWaUnfohwYlIX/LrwORIbFU="; |
8 | }; | 8 | }; |
9 | yarnModules = yarn2nix-moretea.mkYarnModules rec { | 9 | yarnModules = yarn2nix-moretea.mkYarnModules rec { |
10 | nodejs = nodejs_16; | 10 | nodejs = nodejs_16; |
diff --git a/systems/eldiron/websites/tools/landing/ldap_password.php b/systems/eldiron/websites/tools/landing/ldap_password.php index efb4f57..b3b2f15 100644 --- a/systems/eldiron/websites/tools/landing/ldap_password.php +++ b/systems/eldiron/websites/tools/landing/ldap_password.php | |||
@@ -45,7 +45,7 @@ function changePasswordSQL($user_realm, $newPassword) { | |||
45 | } | 45 | } |
46 | } | 46 | } |
47 | $con = pg_connect(""); | 47 | $con = pg_connect(""); |
48 | $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); | 48 | $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( convert_to($1, 'UTF8') || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); |
49 | if (!$result) { | 49 | if (!$result) { |
50 | $message[] = "Error when accessing database"; | 50 | $message[] = "Error when accessing database"; |
51 | return false; | 51 | return false; |
diff --git a/systems/monitoring-1/flake.lock b/systems/monitoring-1/flake.lock index b0e16eb..372338d 100644 --- a/systems/monitoring-1/flake.lock +++ b/systems/monitoring-1/flake.lock | |||
@@ -22,7 +22,7 @@ | |||
22 | }, | 22 | }, |
23 | "locked": { | 23 | "locked": { |
24 | "lastModified": 1, | 24 | "lastModified": 1, |
25 | "narHash": "sha256-Deh1qsi1UFskPSAwq2sUGyPeh7hVVHct8hhy4o6fEzE=", | 25 | "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=", |
26 | "path": "../../flakes/private/chatons", | 26 | "path": "../../flakes/private/chatons", |
27 | "type": "path" | 27 | "type": "path" |
28 | }, | 28 | }, |
@@ -74,7 +74,7 @@ | |||
74 | "environment": { | 74 | "environment": { |
75 | "locked": { | 75 | "locked": { |
76 | "lastModified": 1, | 76 | "lastModified": 1, |
77 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 77 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
78 | "path": "../environment", | 78 | "path": "../environment", |
79 | "type": "path" | 79 | "type": "path" |
80 | }, | 80 | }, |
@@ -86,7 +86,7 @@ | |||
86 | "environment_2": { | 86 | "environment_2": { |
87 | "locked": { | 87 | "locked": { |
88 | "lastModified": 1, | 88 | "lastModified": 1, |
89 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 89 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
90 | "path": "../../flakes/private/environment", | 90 | "path": "../../flakes/private/environment", |
91 | "type": "path" | 91 | "type": "path" |
92 | }, | 92 | }, |
@@ -98,7 +98,7 @@ | |||
98 | "environment_3": { | 98 | "environment_3": { |
99 | "locked": { | 99 | "locked": { |
100 | "lastModified": 1, | 100 | "lastModified": 1, |
101 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 101 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
102 | "path": "../environment", | 102 | "path": "../environment", |
103 | "type": "path" | 103 | "type": "path" |
104 | }, | 104 | }, |
@@ -110,7 +110,7 @@ | |||
110 | "environment_4": { | 110 | "environment_4": { |
111 | "locked": { | 111 | "locked": { |
112 | "lastModified": 1, | 112 | "lastModified": 1, |
113 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 113 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
114 | "path": "../environment", | 114 | "path": "../environment", |
115 | "type": "path" | 115 | "type": "path" |
116 | }, | 116 | }, |
@@ -122,7 +122,7 @@ | |||
122 | "environment_5": { | 122 | "environment_5": { |
123 | "locked": { | 123 | "locked": { |
124 | "lastModified": 1, | 124 | "lastModified": 1, |
125 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 125 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
126 | "path": "../environment", | 126 | "path": "../environment", |
127 | "type": "path" | 127 | "type": "path" |
128 | }, | 128 | }, |
@@ -259,7 +259,7 @@ | |||
259 | }, | 259 | }, |
260 | "locked": { | 260 | "locked": { |
261 | "lastModified": 1, | 261 | "lastModified": 1, |
262 | "narHash": "sha256-XdgjCex3Izb2hID+EBVj0YsEE5xvc+I416I2fHpi1LE=", | 262 | "narHash": "sha256-tY5qk98NpdM4osbPYFeo6/pHiQQU4a4iKw2jCJP99q8=", |
263 | "path": "../../flakes/private/mail-relay", | 263 | "path": "../../flakes/private/mail-relay", |
264 | "type": "path" | 264 | "type": "path" |
265 | }, | 265 | }, |
@@ -277,7 +277,7 @@ | |||
277 | }, | 277 | }, |
278 | "locked": { | 278 | "locked": { |
279 | "lastModified": 1, | 279 | "lastModified": 1, |
280 | "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", | 280 | "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", |
281 | "path": "../../flakes/private/monitoring", | 281 | "path": "../../flakes/private/monitoring", |
282 | "type": "path" | 282 | "type": "path" |
283 | }, | 283 | }, |
@@ -313,7 +313,7 @@ | |||
313 | }, | 313 | }, |
314 | "locked": { | 314 | "locked": { |
315 | "lastModified": 1, | 315 | "lastModified": 1, |
316 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 316 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
317 | "path": "../../mypackages", | 317 | "path": "../../mypackages", |
318 | "type": "path" | 318 | "type": "path" |
319 | }, | 319 | }, |
@@ -735,7 +735,7 @@ | |||
735 | }, | 735 | }, |
736 | "locked": { | 736 | "locked": { |
737 | "lastModified": 1, | 737 | "lastModified": 1, |
738 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 738 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
739 | "path": "../../flakes/private/system", | 739 | "path": "../../flakes/private/system", |
740 | "type": "path" | 740 | "type": "path" |
741 | }, | 741 | }, |
diff --git a/systems/quatresaisons/flake.lock b/systems/quatresaisons/flake.lock index c427111..5b56444 100644 --- a/systems/quatresaisons/flake.lock +++ b/systems/quatresaisons/flake.lock | |||
@@ -59,7 +59,7 @@ | |||
59 | "environment": { | 59 | "environment": { |
60 | "locked": { | 60 | "locked": { |
61 | "lastModified": 1, | 61 | "lastModified": 1, |
62 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 62 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
63 | "path": "../../flakes/private/environment", | 63 | "path": "../../flakes/private/environment", |
64 | "type": "path" | 64 | "type": "path" |
65 | }, | 65 | }, |
@@ -71,7 +71,7 @@ | |||
71 | "environment_2": { | 71 | "environment_2": { |
72 | "locked": { | 72 | "locked": { |
73 | "lastModified": 1, | 73 | "lastModified": 1, |
74 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 74 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
75 | "path": "../environment", | 75 | "path": "../environment", |
76 | "type": "path" | 76 | "type": "path" |
77 | }, | 77 | }, |
@@ -83,7 +83,7 @@ | |||
83 | "environment_3": { | 83 | "environment_3": { |
84 | "locked": { | 84 | "locked": { |
85 | "lastModified": 1, | 85 | "lastModified": 1, |
86 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 86 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
87 | "path": "../environment", | 87 | "path": "../environment", |
88 | "type": "path" | 88 | "type": "path" |
89 | }, | 89 | }, |
@@ -239,7 +239,7 @@ | |||
239 | }, | 239 | }, |
240 | "locked": { | 240 | "locked": { |
241 | "lastModified": 1, | 241 | "lastModified": 1, |
242 | "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", | 242 | "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=", |
243 | "path": "../../flakes/private/monitoring", | 243 | "path": "../../flakes/private/monitoring", |
244 | "type": "path" | 244 | "type": "path" |
245 | }, | 245 | }, |
@@ -291,7 +291,7 @@ | |||
291 | }, | 291 | }, |
292 | "locked": { | 292 | "locked": { |
293 | "lastModified": 1, | 293 | "lastModified": 1, |
294 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 294 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
295 | "path": "../../mypackages", | 295 | "path": "../../mypackages", |
296 | "type": "path" | 296 | "type": "path" |
297 | }, | 297 | }, |
@@ -712,7 +712,7 @@ | |||
712 | }, | 712 | }, |
713 | "locked": { | 713 | "locked": { |
714 | "lastModified": 1, | 714 | "lastModified": 1, |
715 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 715 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
716 | "path": "../../flakes/private/system", | 716 | "path": "../../flakes/private/system", |
717 | "type": "path" | 717 | "type": "path" |
718 | }, | 718 | }, |
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix index 617cd82..947859a 100644 --- a/systems/zoldene/base.nix +++ b/systems/zoldene/base.nix | |||
@@ -13,8 +13,10 @@ in | |||
13 | secrets.nixosModules.users-config-zoldene | 13 | secrets.nixosModules.users-config-zoldene |
14 | ./virtualisation.nix | 14 | ./virtualisation.nix |
15 | ./certificates.nix | 15 | ./certificates.nix |
16 | ./synapse.nix | ||
16 | ]; | 17 | ]; |
17 | 18 | ||
19 | programs.ssh.package = pkgs.openssh; | ||
18 | services.openssh = { | 20 | services.openssh = { |
19 | settings.KbdInteractiveAuthentication = false; | 21 | settings.KbdInteractiveAuthentication = false; |
20 | hostKeys = [ | 22 | hostKeys = [ |
diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock index 28db0fe..3407528 100644 --- a/systems/zoldene/flake.lock +++ b/systems/zoldene/flake.lock | |||
@@ -59,7 +59,7 @@ | |||
59 | "environment": { | 59 | "environment": { |
60 | "locked": { | 60 | "locked": { |
61 | "lastModified": 1, | 61 | "lastModified": 1, |
62 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 62 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
63 | "path": "../environment", | 63 | "path": "../environment", |
64 | "type": "path" | 64 | "type": "path" |
65 | }, | 65 | }, |
@@ -193,7 +193,7 @@ | |||
193 | }, | 193 | }, |
194 | "locked": { | 194 | "locked": { |
195 | "lastModified": 1, | 195 | "lastModified": 1, |
196 | "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", | 196 | "narHash": "sha256-r3UkR0dalaU+FjmDcrMkXeT3BOJryAVzX7Sp8pihjno=", |
197 | "path": "../../mypackages", | 197 | "path": "../../mypackages", |
198 | "type": "path" | 198 | "type": "path" |
199 | }, | 199 | }, |
@@ -387,11 +387,11 @@ | |||
387 | }, | 387 | }, |
388 | "nixpkgs_5": { | 388 | "nixpkgs_5": { |
389 | "locked": { | 389 | "locked": { |
390 | "lastModified": 1708475490, | 390 | "lastModified": 1720031269, |
391 | "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", | 391 | "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", |
392 | "owner": "NixOS", | 392 | "owner": "NixOS", |
393 | "repo": "nixpkgs", | 393 | "repo": "nixpkgs", |
394 | "rev": "0e74ca98a74bc7270d28838369593635a5db3260", | 394 | "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", |
395 | "type": "github" | 395 | "type": "github" |
396 | }, | 396 | }, |
397 | "original": { | 397 | "original": { |
@@ -436,7 +436,7 @@ | |||
436 | "private-environment": { | 436 | "private-environment": { |
437 | "locked": { | 437 | "locked": { |
438 | "lastModified": 1, | 438 | "lastModified": 1, |
439 | "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", | 439 | "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=", |
440 | "path": "../../flakes/private/environment", | 440 | "path": "../../flakes/private/environment", |
441 | "type": "path" | 441 | "type": "path" |
442 | }, | 442 | }, |
@@ -455,7 +455,7 @@ | |||
455 | }, | 455 | }, |
456 | "locked": { | 456 | "locked": { |
457 | "lastModified": 1, | 457 | "lastModified": 1, |
458 | "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", | 458 | "narHash": "sha256-uW8mX4yKNyf1lysk3yNW54RILG+JfJ9KQ10dAAge4Hk=", |
459 | "path": "../../flakes/private/system", | 459 | "path": "../../flakes/private/system", |
460 | "type": "path" | 460 | "type": "path" |
461 | }, | 461 | }, |
diff --git a/systems/zoldene/logging.nix b/systems/zoldene/logging.nix index 2b6e331..943d5f1 100644 --- a/systems/zoldene/logging.nix +++ b/systems/zoldene/logging.nix | |||
@@ -102,6 +102,8 @@ in | |||
102 | ingestion_burst_size_mb = 200; | 102 | ingestion_burst_size_mb = 200; |
103 | per_stream_rate_limit = "100MB"; | 103 | per_stream_rate_limit = "100MB"; |
104 | per_stream_rate_limit_burst = "200MB"; | 104 | per_stream_rate_limit_burst = "200MB"; |
105 | # Remove after 2024-07-08 see below | ||
106 | allow_structured_metadata = false; | ||
105 | }; | 107 | }; |
106 | 108 | ||
107 | schema_config.configs = [ | 109 | schema_config.configs = [ |
@@ -113,6 +115,14 @@ in | |||
113 | index.prefix = "index_"; | 115 | index.prefix = "index_"; |
114 | index.period = "24h"; | 116 | index.period = "24h"; |
115 | } | 117 | } |
118 | { | ||
119 | from = "2024-07-08"; | ||
120 | store = "tsdb"; | ||
121 | object_store = "filesystem"; | ||
122 | schema = "v13"; | ||
123 | index.prefix = "index_"; | ||
124 | index.period = "24h"; | ||
125 | } | ||
116 | ]; | 126 | ]; |
117 | }; | 127 | }; |
118 | }; | 128 | }; |
diff --git a/systems/zoldene/synapse.nix b/systems/zoldene/synapse.nix new file mode 100644 index 0000000..06a1645 --- /dev/null +++ b/systems/zoldene/synapse.nix | |||
@@ -0,0 +1,211 @@ | |||
1 | { lib, config, pkgs, name, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | security.acme.certs."${name}".extraDomainNames = ["synapse.immae.eu"]; | ||
5 | services.nginx = { | ||
6 | virtualHosts = { | ||
7 | "synapse.immae.eu" = { | ||
8 | acmeRoot = config.security.acme.defaults.webroot; | ||
9 | useACMEHost = name; | ||
10 | forceSSL = true; | ||
11 | |||
12 | locations."~ ^/admin(?:/(.*))?$" = { | ||
13 | alias = let | ||
14 | synapse-admin = pkgs.fetchzip { | ||
15 | url = "https://github.com/Awesome-Technologies/synapse-admin/releases/download/0.10.1/synapse-admin-0.10.1.tar.gz"; | ||
16 | sha256 = "sha256-M2AYNrnpNoDm20ZTH1OZBHVcjOrHAlqyq5iTQ/At/Xk="; | ||
17 | postFetch = '' | ||
18 | sed -i -e 's@"/assets@"./assets@g' $out/index.html | ||
19 | ''; | ||
20 | }; | ||
21 | in | ||
22 | "${synapse-admin}/$1"; | ||
23 | }; | ||
24 | locations."/sliding-sync-client/" = { | ||
25 | # some svg urls are hardcoded to /client :shrug: | ||
26 | alias = "${pkgs.matrix-sliding-sync.src}/client/"; | ||
27 | tryFiles = "$uri $uri/ /sliding-sync-client/index.html"; | ||
28 | }; | ||
29 | locations."~ ^/_matrix/client/unstable/org.matrix.msc3575/sync" = { | ||
30 | proxyPass = "http://unix:/run/matrix-synapse/sliding_sync.sock:"; | ||
31 | }; | ||
32 | locations."~ ^(/_matrix|/_synapse/client|/_synapse/admin)" = { | ||
33 | proxyPass = "http://unix:/run/matrix-synapse/main_client_federation.sock:"; | ||
34 | extraConfig = '' | ||
35 | client_max_body_size 50M; | ||
36 | ''; | ||
37 | }; | ||
38 | }; | ||
39 | }; | ||
40 | }; | ||
41 | |||
42 | systemd.services.postgresql.postStart = lib.mkAfter '' | ||
43 | $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'matrix-synapse'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE \"matrix-synapse\" LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0" | ||
44 | $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'matrix-sliding-sync'" | grep -q 1 || $PSQL -tAc "CREATE DATABASE \"matrix-sliding-sync\" LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0" | ||
45 | $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='matrix-synapse'" | grep -q 1 || $PSQL -tAc 'CREATE USER "matrix-synapse"' | ||
46 | $PSQL -tAc 'ALTER DATABASE "matrix-synapse" OWNER TO "matrix-synapse";' | ||
47 | $PSQL -tAc 'ALTER DATABASE "matrix-sliding-sync" OWNER TO "matrix-synapse";' | ||
48 | ''; | ||
49 | |||
50 | disko.devices.zpool.zfast.datasets."root/persist/var/lib/matrix-sliding-sync" = | ||
51 | { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/matrix-sliding-sync"; options.mountpoint = "legacy"; }; | ||
52 | disko.devices.zpool.zfast.datasets."root/persist/var/lib/matrix-synapse" = | ||
53 | { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/matrix-synapse"; options.mountpoint = "legacy"; }; | ||
54 | |||
55 | environment.persistence."/persist/zfast".directories = [ | ||
56 | { | ||
57 | directory = "/var/lib/matrix-synapse"; | ||
58 | user = "matrix-synapse"; | ||
59 | group = "matrix-synapse"; | ||
60 | mode = "0700"; | ||
61 | } | ||
62 | { | ||
63 | directory = "/var/lib/matrix-sliding-sync"; | ||
64 | user = "matrix-synapse"; | ||
65 | group = "matrix-synapse"; | ||
66 | mode = "0700"; | ||
67 | } | ||
68 | ]; | ||
69 | |||
70 | users.users.matrix-synapse.extraGroups = [ "keys" ]; | ||
71 | users.users.nginx.extraGroups = [ "matrix-synapse" ]; | ||
72 | |||
73 | services.matrix-synapse = { | ||
74 | enable = true; | ||
75 | log.root.level = "WARNING"; | ||
76 | plugins = [ | ||
77 | config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3 | ||
78 | ]; | ||
79 | extraConfigFiles = [ | ||
80 | config.secrets.fullPaths."matrix/homeserver_secrets.yaml" | ||
81 | ]; | ||
82 | settings.modules = [ | ||
83 | { | ||
84 | module = "ldap_auth_provider.LdapAuthProviderModule"; | ||
85 | config = { | ||
86 | enabled = true; | ||
87 | uri = "ldaps://${config.myEnv.tools.matrix.ldap.host}:636"; | ||
88 | start_tls = false; | ||
89 | base = config.myEnv.tools.matrix.ldap.base; | ||
90 | attributes = { | ||
91 | uid = "uid"; | ||
92 | mail = "mail"; | ||
93 | name = "cn"; | ||
94 | }; | ||
95 | bind_dn = config.myEnv.tools.matrix.ldap.dn; | ||
96 | bind_password_file = config.secrets.fullPaths."matrix/ldap_password"; | ||
97 | filter = config.myEnv.tools.matrix.ldap.filter; | ||
98 | }; | ||
99 | } | ||
100 | ]; | ||
101 | settings.server_name = "immae.eu"; | ||
102 | settings.signing_key_path = config.secrets.fullPaths."matrix/signing.key"; | ||
103 | settings.listeners = [ | ||
104 | { | ||
105 | port = 8008; | ||
106 | bind_addresses = [ "127.0.0.1" ]; | ||
107 | type = "http"; | ||
108 | tls = false; | ||
109 | x_forwarded = true; | ||
110 | resources = [ | ||
111 | { | ||
112 | names = [ "client" ]; | ||
113 | compress = true; | ||
114 | } | ||
115 | ]; | ||
116 | } | ||
117 | { | ||
118 | path = "/run/matrix-synapse/main_client_federation.sock"; | ||
119 | resources = [ | ||
120 | { | ||
121 | compress = true; | ||
122 | names = [ "client" ]; | ||
123 | } | ||
124 | { | ||
125 | compress = false; | ||
126 | names = [ "federation" ]; | ||
127 | } | ||
128 | ]; | ||
129 | type = "http"; | ||
130 | x_forwarded = true; | ||
131 | } | ||
132 | ]; | ||
133 | }; | ||
134 | services.matrix-sliding-sync = { | ||
135 | enable = true; | ||
136 | createDatabase = false; | ||
137 | settings.SYNCV3_SERVER = "/run/matrix-synapse/main_client_federation.sock"; | ||
138 | settings.SYNCV3_BINDADDR = "/run/matrix-synapse/sliding_sync.sock"; | ||
139 | environmentFile = config.secrets.fullPaths."matrix/sliding-sync"; | ||
140 | }; | ||
141 | |||
142 | systemd.services.matrix-synapse = { | ||
143 | after = [ | ||
144 | "postgresql.service" | ||
145 | "persist-zfast-var-lib-matrix\\x2dsynapse.mount" | ||
146 | "var-lib-matrix\\x2dsynapse.mount" | ||
147 | ]; | ||
148 | unitConfig = { | ||
149 | BindsTo = [ | ||
150 | "var-lib-matrix\\x2dsynapse.mount" | ||
151 | "persist-zfast-var-lib-matrix\\x2dsynapse.mount" | ||
152 | ]; | ||
153 | }; | ||
154 | serviceConfig.SupplementaryGroups = [ "keys" ]; | ||
155 | }; | ||
156 | |||
157 | systemd.services.matrix-sliding-sync = { | ||
158 | serviceConfig = { | ||
159 | DynamicUser = lib.mkForce false; | ||
160 | User = "matrix-synapse"; | ||
161 | Group = "matrix-synapse"; | ||
162 | RuntimeDirectory = lib.mkForce "matrix-synapse"; | ||
163 | SupplementaryGroups = [ "keys" ]; | ||
164 | }; | ||
165 | unitConfig = { | ||
166 | BindsTo = [ | ||
167 | "persist-zfast-var-lib-matrix\\x2dsliding\\x2dsync.mount" | ||
168 | "var-lib-matrix\\x2dsliding\\x2dsync.mount" | ||
169 | ]; | ||
170 | After = lib.mkForce [ | ||
171 | "matrix-synapse.service" | ||
172 | "postgresql.service" | ||
173 | "var-lib-matrix\\x2dsliding\\x2dsync.mount" | ||
174 | "persist-zfast-var-lib-matrix\\x2dsliding\\x2dsync.mount" | ||
175 | ]; | ||
176 | }; | ||
177 | }; | ||
178 | secrets.keys."matrix/ldap_password" = { | ||
179 | permissions = "0400"; | ||
180 | user = "matrix-synapse"; | ||
181 | group = "matrix-synapse"; | ||
182 | text = config.myEnv.tools.matrix.ldap.password; | ||
183 | }; | ||
184 | secrets.keys."matrix/signing.key" = { | ||
185 | permissions = "0400"; | ||
186 | user = "matrix-synapse"; | ||
187 | group = "matrix-synapse"; | ||
188 | text = "{{ .matrix.signing_key }}"; | ||
189 | }; | ||
190 | secrets.keys."matrix/homeserver_secrets.yaml" = { | ||
191 | permissions = "0400"; | ||
192 | user = "matrix-synapse"; | ||
193 | group = "matrix-synapse"; | ||
194 | # Beware, yaml keys are merged at top level, not deep | ||
195 | text = '' | ||
196 | password_config: | ||
197 | enabled: true | ||
198 | pepper: "{{ .matrix.password_pepper }}" | ||
199 | macaroon_secret_key: "{{ .matrix.macaroon_secret_key }}" | ||
200 | ''; | ||
201 | }; | ||
202 | secrets.keys."matrix/sliding-sync" = { | ||
203 | permissions = "0400"; | ||
204 | user = "matrix-synapse"; | ||
205 | group = "matrix-synapse"; | ||
206 | text = '' | ||
207 | SYNCV3_SECRET={{ .matrix.sliding_sync_secret }} | ||
208 | ''; | ||
209 | }; | ||
210 | }; | ||
211 | } | ||