From c6ef109360046ea528204e77386a3626f83bb107 Mon Sep 17 00:00:00 2001 From: Konstantin Nazarov Date: Mon, 24 Jun 2024 21:28:45 +0100 Subject: [PATCH] Enable sliding-sync in matrix server and update to nixos 24.05 --- configuration.nix | 8 +++--- flake.lock | 40 ++++++++++++++--------------- flake.nix | 4 +-- nodes/knazarovcom/configuration.nix | 38 ++++++++++++++++++++++++--- nodes/knazarovcom/secrets.yaml | 7 ++--- secrets.yaml | 6 ++--- 6 files changed, 67 insertions(+), 36 deletions(-) diff --git a/configuration.nix b/configuration.nix index 219de0d..547d80e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -94,8 +94,8 @@ in { # Configure keymap in X11 services.xserver = { - layout = "us"; - xkbVariant = ""; + xkb.layout = "us"; + xkb.variant = ""; }; # Define a user account. Don't forget to set a password with ‘passwd’. @@ -154,7 +154,6 @@ in { somafm-cli yubikey-manager yubikey-manager-qt - gnome.gedit # temporary ripgrep file zoom-us @@ -182,6 +181,7 @@ in { go gopls lazygit + chromium #network-manager-applet (clang-tools.override { llvmPackages = llvmPackages_17; @@ -396,7 +396,7 @@ in { home-manager.users.knazarov = { # The home.stateVersion option does not have a default and must be set - home.stateVersion = "23.11"; + home.stateVersion = "24.05"; home.sessionVariables = { EDITOR = "emacs -nw --no-splash"; }; diff --git a/flake.lock b/flake.lock index 06e1edf..ca3f659 100755 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ ] }, "locked": { - "lastModified": 1715533419, - "narHash": "sha256-PDlWxvgHqWEJdfAxMYLmoof+ohJrOHx9IZIxvHKE24U=", + "lastModified": 1719193216, + "narHash": "sha256-4jggHHDsLt+i4/6lMNlZkHd3bzgV50feNpZGe4X3eMQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "dc94f94b49abb487f80e91978a1392e3e2b19fae", + "rev": "e3e9ef4c9904fddbd8c00f3288e6a3be26a6bf0b", "type": "github" }, "original": { @@ -69,16 +69,16 @@ ] }, "locked": { - "lastModified": 1715381426, - "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1712010798, - "narHash": "sha256-O9uEcFJiHAznkL6E2Bo5PuOGmdMVgi8IGIkksMn0zGo=", + "lastModified": 1718058306, + "narHash": "sha256-xEcT7D3brIiWCYlsN6CT093i0bZ6e0mhmvhzTFaYiDA=", "owner": "~knazarov", "repo": "knazarov.com", - "rev": "22e7a0e3cf10d2b3f08a94085ab2e98943dc7635", + "rev": "fa1d523bd1e0b65369ee9c6a0af28a162cdfbb16", "type": "sourcehut" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715539458, - "narHash": "sha256-lJm3R3EeBBBWnFmt7ZoDjuiGPCPzi7ruaN44R3V6Xqo=", + "lastModified": 1719243159, + "narHash": "sha256-NeiyX4zPT2pPQ5khhBkXjxhlVl/pwqkR2pRry7xWE/E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6cd6e4db4279039918efc1dd8e28f55abeb0acaa", + "rev": "11f187974fe5e97ad50c9d5e2cd1a760875ebf2b", "type": "github" }, "original": { @@ -120,16 +120,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1715395895, - "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", + "lastModified": 1719145550, + "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff", + "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -198,11 +198,11 @@ ] }, "locked": { - "lastModified": 1715482972, - "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=", + "lastModified": 1719111739, + "narHash": "sha256-kr2QzRrplzlCP87ddayCZQS+dhGW98kw2zy7+jUXtF4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e", + "rev": "5e2e9421e9ed2b918be0a441c4535cfa45e04811", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b458f9d..cdb8b98 100755 --- a/flake.nix +++ b/flake.nix @@ -4,8 +4,8 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; - home-manager.url = "github:nix-community/home-manager/release-23.11"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; emacs-overlay.url = "github:nix-community/emacs-overlay"; emacs-overlay.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nodes/knazarovcom/configuration.nix b/nodes/knazarovcom/configuration.nix index dc51fbc..f30c6fa 100644 --- a/nodes/knazarovcom/configuration.nix +++ b/nodes/knazarovcom/configuration.nix @@ -66,7 +66,7 @@ locations."/.well-known/matrix/client" = { extraConfig = '' default_type application/json; - return 200 '{ "m.homeserver": { "base_url": "https://matrix.knazarov.com" } }'; + return 200 '{ "m.homeserver": { "base_url": "https://matrix.knazarov.com" }, "org.matrix.msc3575.proxy": { "url": "https://syncv3.knazarov.com" } }'; add_header "Access-Control-Allow-Origin" *; ''; }; @@ -95,6 +95,27 @@ forceSSL = true; locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; }; }; + "syncv3.knazarov.com" = { + enableACME = true; + forceSSL = true; + locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = { + proxyPass = "http://127.0.0.1:8009"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + + locations."/client/" = { + proxyPass = "http://127.0.0.1:8009"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; "git.knazarov.com" = { enableACME = true; forceSSL = true; @@ -109,6 +130,7 @@ "knazarov.com".email = "mail@knazarov.com"; "vmatveeva.com".email = "mail@knazarov.com"; "matrix.knazarov.com".email = "mail@knazarov.com"; + "syncv3.knazarov.com".email = "mail@knazarov.com"; "git.knazarov.com".email = "mail@knazarov.com"; "turn.knazarov.com" = { email = "mail@knazarov.com"; @@ -120,9 +142,7 @@ services.forgejo = { enable = true; settings = { - service = { - DISABLE_REGISTRATION = true; - }; + service = { DISABLE_REGISTRATION = true; }; server = { ROOT_URL = "https://git.knazarov.com/"; LANDING_PAGE = "explore"; @@ -130,6 +150,12 @@ }; }; + services.matrix-sliding-sync = { + enable = true; + environmentFile = config.sops.secrets.matrix_sliding_sync.path; + settings = { SYNCV3_SERVER = "https://matrix.knazarov.com"; }; + }; + services.dendrite = { enable = true; environmentFile = config.sops.secrets.matrix_registration_secret.path; @@ -179,6 +205,10 @@ mode = "0440"; group = config.users.groups.keys.name; }; + matrix_sliding_sync = { + mode = "0440"; + group = config.users.groups.keys.name; + }; matrix_registration_secret = { mode = "0440"; group = config.users.groups.keys.name; diff --git a/nodes/knazarovcom/secrets.yaml b/nodes/knazarovcom/secrets.yaml index 2ac469e..94d1f37 100644 --- a/nodes/knazarovcom/secrets.yaml +++ b/nodes/knazarovcom/secrets.yaml @@ -1,6 +1,7 @@ hello: ENC[AES256_GCM,data:Bv1MBhqWVzeDc0Qx0n3QagUbEUDUjCARZNiQ4qYnX9PsiQvHN21vsBiu9blBaA==,iv:rhxag0W9EER7lNRY9WsrvOyxxvqC7DSjgI9KR71hjm4=,tag:qJoMp8G0jQGBeoakBR+Zlw==,type:str] example_key: ENC[AES256_GCM,data:J09ZRQJg34iARNVGlQ==,iv:tFtCB+FfSLJad4oQNJsyOE9lz6y3Pj8nNq4x5WswNNs=,tag:8+OWJHmXzUrDl6qrSvWlYA==,type:str] coturn_auth_secret: ENC[AES256_GCM,data:jk/3937oUY1aaLheY3CNkEE6wzmiwcSfiA==,iv:Y3dNrZR01hyrz+6Ztabkx2LLoPzdBH0x/7HSyhMfU+o=,tag:2DZTY4Q3z8QJE+J7Xt+D9A==,type:str] +matrix_sliding_sync: ENC[AES256_GCM,data:46LMULJxDASZ2tIVwOtWhIDnRw71O3A0yynPG3qtvax+XB4/sRlq4jLeWw/M5qTHuRAbAbLxYEJsvvDkwpC+9i2rudHMDaiEbz7qZ2Xqrg==,iv:Ku3ehNqO1qSOvWdyhl97AhmWuL7x8DLLl0ef595ZSoM=,tag:2j7oeaAG3NjB6JbKxWiurA==,type:str] matrix_registration_secret: ENC[AES256_GCM,data:FoCJvKTy5OXBXlBgMtBniPJ+Ip1uagOobkIlf/FHdexc5n8+ijTmExq7CaLeyCoE051LQfrIkK+m7tiR7fxQmC+lO+86sFYRF12vExtsPMEnN1r1IibSWN3arUngKBCbqwg=,iv:65Nd/DPiHBxz4DrikyovEEKIOCB3xaCNZk6YOP9Sbjo=,tag:lFHj8XjI2HmDy5j+RAlZBw==,type:str] matrix_key: ENC[AES256_GCM,data:+7Ru9Q57kECDCPp/SjvdIDFGveFJ8XI8/Dv+tTwpUdRt6yNeXOT1his8kP/F9Bod5LZLKD+3mZBJV39GCfl7Mha1pQowWj3UGLwUu1o/wJ2G83YSoa9leJc9Ug9vBSixAsP34g9lUTD/zrlvQtCNjZbtqx3D4B4DTUWUmN8jiE1ah+zXoO4U5YY=,iv:gUdM5cEh+LMP++1I7F/+148u7HBY3SKQvGVcVX6bL/U=,tag:evbi9tmmlbklrpaB1tvezA==,type:str] sops: @@ -18,8 +19,8 @@ sops: anBCR0NXVlhLSXVCc2swTzNqOUFOSkUKyIRL9aCv3m6Qz7OaE7dSYzFYNeeFEprW /9XLB4FzTCK3xoBeeFGevm8Z6z9k+2eku5dQUjAZ5FrVZLPM+fUgRw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-09T21:12:52Z" - mac: ENC[AES256_GCM,data:lrMo/zclIZQf44T+K/K6JOsZUexUPkt2mQEf8I0aAKQqQBNE/GJ/w+JUNMViuAhZxbIB160MrmGWfd/9dibP0GQxmXcEw+Q+Sa1j9IahflUqiDODwF9kvLqTSsZj1HLYdfMaPJoQQqaB4IjJxvOr3AxSf0Y0m+vs8rmZ4MfCkD4=,iv:MbRuS6oEHRngRuktYlN004KwcvIsZqw4u37TOlH9Y6M=,tag:JfZWLhDxDvSa+s4vZfstyA==,type:str] + lastmodified: "2024-06-24T15:50:11Z" + mac: ENC[AES256_GCM,data:5LGMFqbsOejbj3Rq8MmJwprJ0V7/jYuvVRhKA3V2W8ne0lcHkTD4QYqGacgxk5s6uZApeCCIXEFsDUGOX/D6+tfbl8nam0240h2UXiaj5gcqKIxIZxtpqMjK5GjABgqZgI7DSvJ/FAyGorOkMUqR/adKdw9SjJ2/O/tBuQm7JAg=,iv:yCjbYZLhSuitpoCaph3NDuLxJvwAzSGahUhXLHgLgWE=,tag:66wEWUb2x6gX36Op65QJ9w==,type:str] pgp: - created_at: "2023-06-11T20:10:06Z" enc: |- @@ -42,4 +43,4 @@ sops: -----END PGP MESSAGE----- fp: DDB4423999505236CF585F9B0560020C9C577C1B unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/secrets.yaml b/secrets.yaml index 94fa778..d813467 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,7 +2,7 @@ hello: ENC[AES256_GCM,data:+LPt8J+Ks1m10+zZ2Q96r3K2W6Yeng7M7+c2TYDQ+/4AJl6Xc6hVn fastmail_password: ENC[AES256_GCM,data:tHr8PqIg9DigRBu2bgjUeg==,iv:NI9bENFPuKcOt1cd2kg2DKU22J1dJ+3mK7UoceZagR4=,tag:oEgeQb1iLKisOqHi9Ds7xg==,type:str] github_token: ENC[AES256_GCM,data:ET4zFSe1dyFum/HMlzT/0bEP/Kzr3vdp16eKZb63hBYcz0+bKmJ/NZGk4KyojPKgRfgHR3XrrJbVdFdP2QTjfX3XtVq6N7RoU4wOwjrdOgm+4JCKRqO6pWa5ieX0m1DB5NuU7hN6X6Yqwcu38dpGzBUinpcyQDmMHSby6epL,iv:IoFHQ6sC9ZxvOIckkoF5Wnn4+VvCHapwNduCBlELzrU=,tag:gfF24P2JUWUhEIxt3Np3MQ==,type:str] mullvad_account: ENC[AES256_GCM,data:CO4wl2vNAMEC9oy37nIrpw==,iv:a3w64u8XQ/tihIDxIPPtdZ6F7dldLPvRzGUs1MpVe4M=,tag:HQxJVuGEvI0fVj8yGptbdA==,type:str] -git_plan_config: ENC[AES256_GCM,data:+mLBXtXEzqKrbLJkwZlW5veUaPEkgQ2TuT2gt237Nw/O6zqrAyl9ezKM5kFFHQ3yOkQyIiDRLpy0t9UiBFs+x43qkzVopjNniehwYcgYlAIcSTOrd3pcLWW3YVz1jYIrIdHMTF408rTrcSWHpO9DrKCs+/QJHLEmROelzaFUOmr9Q36CRzWCZ2xjNFbXKg3+00Hhc7UK7UbOnOPrIVNFLWcJ1ipmYPlqK2a5BCBWamGBddwhCypzh9TVjXDyARgBSQvnTpmwb3QAYmdpniDtRHiRHwyUDPGqoZXdPiguDb6QVjiPpRKrwtNGwEGlapCrqfltPi8yoIfJV88SBDKDfoYFgQODRWGMm0X1XL57voJB+G6SsoEbm8elrMbJx7LiIpQH1Tv1gXzbgl8tIB38vHsPhXHbGvavUJBcZ12q7vL/Whw0XWl8x1wrZQe92NeyjN8sjF9QUsfsg6NK6Dziiye6iIVzW4wXezjUSc/A3maeXcEZX2649FubCMV7rZ+Kqu3QVQH1agm5IgqY3UQ88Bc/i+gwISJvzP43/65JSOcxl0yp8tSrx7l/AYyRJjuoA5OwlcaTMECUNagUbFft9qb+7X0O6pz6L9h2z9hnNdWmTght7NDHaziMCsY0BzytdazgCWvRnWYDPEA9DCZTjjpVPQIxoB7wpUv/7nDCIT7faT0x3+hG8wTDyFAqV/N+/JgwSQSX,iv:o5Yc8Qa2eR5OaQYzVgjrBLUfQEMxKj11URuiS9fLNbY=,tag:bpfTTu03ip/NcYFe11PScA==,type:str] +git_plan_config: ENC[AES256_GCM,data:7K4R9OcFq+hWPKwkng6huppcInASpjUSgRpYX++voPHXJ6lMv2/JydPuQsxUPZMVBmn2o7DgTRzKzaXzwa5DV+92bvsS9LL/oL/qeoTqdci4lCRyushntgfwdZttMeVjbxybyutqO/daoEpT0Er2lTVgzyrGR7bU6RUyhVjl6VI2phgrMkzHfmIx5/FOma3q26WzGQtl1b7m2ptKYxrwWrYWqZqy80ITOYFbRQF2CQHUj/rfQrl5nv5AWUafDWglfFBlX4T+WiPsHPcAg0Fnt6gjbcirDLPMFTrqsI5T0BVqRJW1qDzAavFHJn2SZPgfZGgonzAil/RS+z/4xsSJ1G4EO7KCCeS24lU9VoWzHlBRL/+4jnQoL8S5qsOyILiFLSckRp0WCcJ54nSf88CuBKRGgabBzKX7PPut1Q/QvWN60KrhIiN0vFlK9M9gLKDwzXo366HN9rrjMNKWtKFqcwuP+oh5MgfpP3tru7ExGp83RPAx0Ol2pnaRs8TxWRMEcwgDkIQODrmPM/EBNr1vQNST7mMVuN1vl9I7fCzVhqp+0Hxlzf9lb1zkCscjlX0Kc4zVvjPxl2cw7e1/nOSrMBV9Ex4c2CAi31LHF39n8krIk2p9IR/hwZWNEErX68rAD8aSaU5ozgMChKgblXiaBb2zk7BPYr/vHYkM64VD8NGd5BbNseLz8SiEL8SBdD2ZsKf5eCYEghI2qMyYhuDdbrcpfBv9xUapwQxG58hZSw==,iv:XD03VsphTGx2f+bXTWQy1sgY1k5TFs4H2XFj/KyTBe4=,tag:1LlsaX/SLv3QdqJ6mt96mA==,type:str] git_plan_credentials: ENC[AES256_GCM,data:d4egK2w4TGIDNaI2Wc3ViOBnH7/WpdeS1EoYe4/oaM4iayBXOEQMvT9qIgu/Hml34gvbBN9lRmlNkESVh7YpwO5wACkkRcO/0ZTyP8XzFUUo0IfUh1iHPjEQOF7vygW/woqBiQgFPRws9F+g6BW8aSQrBgvBF5IeNLhFBvSJUvTft1xEsNwFnkWnfZ2JWmYqLjEggoUEqtXMRw9KKcqm4DNXIzxmA8wSzDriIzeCVuSEV8sJD21saFPPaLw/jupLTLdWp5F8rAxLGa6e9coCNu8vSuqUgfv0jFET71bNw28xPrN38A/PIlUcR9MXe1SGqKAFxEv134ZkJr78g1PIWNoVDrmIlMpV6dYRLKM1FOcpAhJorIXooIl6quCdg2/U5onP8cQ7lt2LsEG5APKj7pz7huatdwM/CgxrcqPVb0E2Lk5c+wi3Rf9/Jz3BqcWQm3bwkHwivWyCD1Nw+qRXLFSfXGTovSBsxX0j4LbdP0o4iPuj068DGawpYC/AfcKfOCmh8aInQhGCQtIq14QGffU9GbW37gHu,iv:ZzOUYu3s+kfwbKajA+6fdu2EysipjoKD49muLNFBZ58=,tag:e0RI7rA8eLQI8h5L4pvS1A==,type:str] sops: kms: [] @@ -28,8 +28,8 @@ sops: U3loV2xDMkM5SWNXRDJobDloL0FVUUkK3OP7KvcKkE8mJ880dm6LMFZUxELjl8/P 6+q8qAYiAvl0Cbd4GzkNpUuBbLlFFWfFmC0vbgg8gyZ6xI5AFhHAPw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-14T14:42:26Z" - mac: ENC[AES256_GCM,data:dDv0TvWEioUn3w9RYqd9tPC9hNy0EDsA2sRhoDDC5nnNp55ZbjfqgVF5Kh91E8j1rd+8xjsqY/93i4PdRwGFYIb3gOsAhUmqx8LiI1DwQT9mUgv9anT/KcST5TfRU9/C1Vnz0SBhksl1yK+4mF2orubI5HMirg/l7Zqvvv7OnMU=,iv:ZXdryqFcaNNXqPDWIzACG5v+QRxRtWhxUHc/hCVaDQY=,tag:CIEkhxiHHhdUu7Z0CsNsng==,type:str] + lastmodified: "2024-06-19T10:27:45Z" + mac: ENC[AES256_GCM,data:1JMqj5fTZ+SKbOzbdYYTVe9pqdqMLKdxkHjLha/DcgAaI7PMGweMtXZtTXfXkl3Rb/DvFkvyZmDYP0xtJ3ReplSQ+M48ZeEoo/zexFw1y7dZZcjoZjtVW33UlfO0uD1OuFbVJDTx7vln5xtSkauTEkKuRqiDTmLtcKFK19nLTmE=,iv:RrI97b5gndyp/8yxVYvRddsYMdIwgm97LxSvEQAKgo8=,tag:Ovyu8hT585kAl0QxvVXBtQ==,type:str] pgp: - created_at: "2023-06-10T01:03:11Z" enc: |-