From f3bb93c7830958d5d8481cd879cc1a34669967db Mon Sep 17 00:00:00 2001 From: Jan Kremer Date: Thu, 26 Mar 2026 11:56:00 +0100 Subject: [PATCH] Add matrix (tuwunel) to nimbus --- hosts/nimbus/configuration.nix | 1 + modules/home-manager/shell/default.nix | 3 +- modules/nixos/matrix.nix | 52 +++++++++++++++++++ modules/secrets/matrix-registration-token.age | 9 ++++ modules/secrets/secrets.nix | 3 ++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 modules/nixos/matrix.nix create mode 100644 modules/secrets/matrix-registration-token.age diff --git a/hosts/nimbus/configuration.nix b/hosts/nimbus/configuration.nix index d032692..e7b3537 100644 --- a/hosts/nimbus/configuration.nix +++ b/hosts/nimbus/configuration.nix @@ -10,6 +10,7 @@ inputs.agenix.nixosModules.default ./hardware-configuration.nix ../../modules/nixos/tailscale.nix + ../../modules/nixos/matrix.nix ]; # Workaround for https://github.com/NixOS/nix/issues/8502 diff --git a/modules/home-manager/shell/default.nix b/modules/home-manager/shell/default.nix index ba399a4..15fef22 100644 --- a/modules/home-manager/shell/default.nix +++ b/modules/home-manager/shell/default.nix @@ -7,7 +7,8 @@ home = { shellAliases = { - "deploy" = "ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; nh os switch'"; + "deploy-galanthus" = "ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; nh os switch'"; + "deploy-nimbus" = "ssh -t nimbus 'cd ~/.config/nix; git pull --rebase; nh os switch'"; "mv" = "mv -i"; "rm" = "trash"; "zz" = "z -"; diff --git a/modules/nixos/matrix.nix b/modules/nixos/matrix.nix new file mode 100644 index 0000000..3966ac6 --- /dev/null +++ b/modules/nixos/matrix.nix @@ -0,0 +1,52 @@ +{ config, ... }: +{ + age.secrets."matrix-registration-token" = { + file = ../secrets/matrix-registration-token.age; + mode = "400"; + owner = "tuwunel"; + }; + + services.matrix-tuwunel = { + enable = true; + settings = { + global = { + server_name = "jankremer.de"; + allow_registration = true; + registration_token_file = config.age.secrets.matrix-registration-token.path; + # trusted_servers = [ "matrix.org" ]; + }; + }; + }; + + services.caddy = { + enable = true; + ## Matrix federation + virtualHosts = { + "jankremer.de:8448" = { + extraConfig = '' + reverse_proxy localhost:6167 + ''; + }; + "jankremer.de" = { + extraConfig = '' + handle /_matrix/* { + reverse_proxy localhost:6167 + } + + handle /.well-known/matrix/server { + respond `{"m.server": "jankremer.de:443"}` 200 { + header Content-Type application/json + } + } + + handle /.well-known/matrix/client { + respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 { + header Content-Type application/json + header Access-Control-Allow-Origin * + } + } + ''; + }; + }; + }; +} diff --git a/modules/secrets/matrix-registration-token.age b/modules/secrets/matrix-registration-token.age new file mode 100644 index 0000000..bdcb426 --- /dev/null +++ b/modules/secrets/matrix-registration-token.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 2otpcg EZB4DtzCNS9CjhdskX5T3RpQ5VXcDtBiVPpaPEnRWiE +dtjqqiPhYTmaFXc+hvHPtXSaltZThE7kwUyBnnTsJr0 +-> ssh-ed25519 40YjXQ tRUAvVqdiNcjzynjfKoQtKsMFcHecd7VKbviG8A+1xI +5mfrrAei2T5s80oJ/Bu8Tv2G2mrp9CkvWEzlZCeEW58 +-> ssh-ed25519 wbs2Dw h1EZVsV7E0P1UmXfI9dDP5TOdBuxIzSUzOi4EhQw+Qw +DcjKABIqchtmu93tCmqtpngOmVgkknduayG7KXIurtU +--- XlEECZrSdZxm+B0uMH9WgR/QXnRi+ZWXJzS1n0G/vhM +Â}™&w^¬ öÀ-ÿ18Æ}6 †²rw?ÎÔW‚©¸HcM±¥,D‡P:ùfà' Ëw \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index c68fd3c..6a3e41e 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -1,13 +1,16 @@ let malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE"; galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u"; + nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj"; all = [ malus galanthus + nimbus ]; in { "copyparty-jan.age".publicKeys = all; "paperless-admin.age".publicKeys = all; "tailscale.age".publicKeys = all; + "matrix-registration-token.age".publicKeys = all; }