jan/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add matrix (tuwunel) to nimbus

Browse source
This commit is contained in:
Jan Kremer 2026-03-26 11:56:00 +01:00
parent 6413bbefba
commit f3bb93c783
No known key found for this signature in database
5 changed files with 67 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/nimbus/configuration.nix
View file

@ -10,6 +10,7 @@
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/nixos/tailscale.nix ../../modules/nixos/tailscale.nix
../../modules/nixos/matrix.nix
]; ];
# Workaround for https://github.com/NixOS/nix/issues/8502 # Workaround for https://github.com/NixOS/nix/issues/8502

3
modules/home-manager/shell/default.nix
View file

@ -7,7 +7,8 @@
home = { home = {
shellAliases = { shellAliases = {
"deploy" = "ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; nh os switch'"; "deploy-galanthus" = "ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; nh os switch'";
"deploy-nimbus" = "ssh -t nimbus 'cd ~/.config/nix; git pull --rebase; nh os switch'";
"mv" = "mv -i"; "mv" = "mv -i";
"rm" = "trash"; "rm" = "trash";
"zz" = "z -"; "zz" = "z -";

52
modules/nixos/matrix.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, ... }:
{
age.secrets."matrix-registration-token" = {
file = ../secrets/matrix-registration-token.age;
mode = "400";
owner = "tuwunel";
};
services.matrix-tuwunel = {
enable = true;
settings = {
global = {
server_name = "jankremer.de";
allow_registration = true;
registration_token_file = config.age.secrets.matrix-registration-token.path;
# trusted_servers = [ "matrix.org" ];
};
};
};
services.caddy = {
enable = true;
## Matrix federation
virtualHosts = {
"jankremer.de:8448" = {
extraConfig = ''
reverse_proxy localhost:6167
'';
};
"jankremer.de" = {
extraConfig = ''
handle /_matrix/* {
reverse_proxy localhost:6167
}
handle /.well-known/matrix/server {
respond `{"m.server": "jankremer.de:443"}` 200 {
header Content-Type application/json
}
}
handle /.well-known/matrix/client {
respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 {
header Content-Type application/json
header Access-Control-Allow-Origin *
}
}
'';
};
};
};
}

9
modules/secrets/matrix-registration-token.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 2otpcg EZB4DtzCNS9CjhdskX5T3RpQ5VXcDtBiVPpaPEnRWiE
dtjqqiPhYTmaFXc+hvHPtXSaltZThE7kwUyBnnTsJr0
-> ssh-ed25519 40YjXQ tRUAvVqdiNcjzynjfKoQtKsMFcHecd7VKbviG8A+1xI
5mfrrAei2T5s80oJ/Bu8Tv2G2mrp9CkvWEzlZCeEW58
-> ssh-ed25519 wbs2Dw h1EZVsV7E0P1UmXfI9dDP5TOdBuxIzSUzOi4EhQw+Qw
DcjKABIqchtmu93tCmqtpngOmVgkknduayG7KXIurtU
--- XlEECZrSdZxm+B0uMH9WgR/QXnRi+ZWXJzS1n0G/vhM
Â}™&w^¬ öÀ-ÿ18Æ}6 †²rw?ÎÔW©¸HcM±¥,D‡P:ùfà' Ëw

3
modules/secrets/secrets.nix
View file

@ -1,13 +1,16 @@
let let
malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE"; malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE";
galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u"; galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u";
nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj";
all = [ all = [
malus malus
galanthus galanthus
nimbus
]; ];
in in
{ {
"copyparty-jan.age".publicKeys = all; "copyparty-jan.age".publicKeys = all;
"paperless-admin.age".publicKeys = all; "paperless-admin.age".publicKeys = all;
"tailscale.age".publicKeys = all; "tailscale.age".publicKeys = all;
"matrix-registration-token.age".publicKeys = all;
} }