From 992ddba373757578ccc8c06350ebf285a8accad3 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Sep 2025 22:09:47 +0200 Subject: [PATCH 1/5] rename matrix module --- .../{conduit => matrix}/default.nix | 37 +++++-------------- systems/x86_64-linux/ulmo/default.nix | 2 +- 2 files changed, 10 insertions(+), 29 deletions(-) rename modules/nixos/services/communication/{conduit => matrix}/default.nix (81%) diff --git a/modules/nixos/services/communication/conduit/default.nix b/modules/nixos/services/communication/matrix/default.nix similarity index 81% rename from modules/nixos/services/communication/conduit/default.nix rename to modules/nixos/services/communication/matrix/default.nix index 3e909ff..b339b82 100644 --- a/modules/nixos/services/communication/conduit/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -3,7 +3,7 @@ let inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.communication.conduit; + cfg = config.${namespace}.services.communication.matrix; domain = "kruining.eu"; fqn = "matrix.${domain}"; @@ -12,38 +12,19 @@ let database = "synapse"; in { - options.${namespace}.services.communication.conduit = { - enable = mkEnableOption "conduit (Matrix server)"; + options.${namespace}.services.communication.matrix = { + enable = mkEnableOption "Matrix server (Synapse)"; }; config = mkIf cfg.enable { - # ${namespace}.services = { - # persistance.postgresql.enable = true; - # virtualisation.podman.enable = true; - # }; + ${namespace}.services = { + persistance.postgresql.enable = true; + # virtualisation.podman.enable = true; + }; - networking.firewall.allowedTCPPorts = [ 4001 8448 ]; + networking.firewall.allowedTCPPorts = [ 4001 ]; services = { - matrix-conduit = { - enable = false; - - settings.global = { - address = "::"; - port = port; - - server_name = domain; - - database_backend = "rocksdb"; - # database_path = "/var/lib/matrix-conduit/"; - - allow_check_for_updates = false; - allow_registration = false; - - enable_lightning_bolt = false; - }; - }; - matrix-synapse = { enable = true; @@ -56,7 +37,7 @@ in enable_registration = false; registration_shared_secret = "tZtBnlhEmLbMwF0lQ112VH1Rl5MkZzYH9suI4pEoPXzk6nWUB8FJF4eEnwLkbstz"; - + url_preview_enabled = true; precence.enabled = true; diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 3b35750..4d1c4ab 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -10,7 +10,7 @@ authentication.authelia.enable = true; authentication.zitadel.enable = true; - communication.conduit.enable = true; + communication.matrix.enable = true; development.forgejo.enable = true; From 3816942600ebc21d01fb790f2d18bec17559c656 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 14 Sep 2025 22:00:53 +0200 Subject: [PATCH 2/5] finally have the matrix bridges working! --- modules/nixos/services/communication/matrix/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index b339b82..6a75f43 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -29,7 +29,7 @@ in enable = true; extras = [ "oidc" ]; - plugins = with config.services.matrix-synapse.package.plugins; []; + # plugins = with config.services.matrix-synapse.package.plugins; []; settings = { server_name = domain; @@ -76,7 +76,7 @@ in settings = { appservice = { provisioning.enabled = false; - port = 40011; + # port = 40011; }; homeserver = { @@ -99,7 +99,7 @@ in settings = { appservice = { provisioning.enabled = false; - port = 40012; + # port = 40012; }; homeserver = { From d35165ebc0ab1927aca8675e88ef4ee28ce3149c Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 14 Sep 2025 22:01:09 +0200 Subject: [PATCH 3/5] add sso support for matrix server --- .../services/communication/matrix/default.nix | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 6a75f43..a93d7c8 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -41,6 +41,28 @@ in url_preview_enabled = true; precence.enabled = true; + sso = { + client_whitelist = [ "http://[::1]:9092" ]; + update_profile_information = true; + }; + + oidc_providers = [ + { + discover = true; + + idp_id = "zitadel"; + idp_name = "Zitadel"; + issuer = "https://auth.amarth.cloud"; + client_id = "337858153251143939"; + client_secret = "ePkf5n8BxGD5DF7t1eNThTL0g6PVBO5A1RC0EqPp61S7VsiyXvDs8aJeczrpCpsH"; + scopes = [ "openid" "profile" ]; + # user_mapping_provider.config = { + # localpart_template = "{{ user.prefered_username }}"; + # display_name_template = "{{ user.name }}"; + # }; + } + ]; + database = { # this is postgresql (also the default, but I prefer to be explicit) name = "psycopg2"; From 1a4746819b166eb57ad0a24a03f1260abba4cf1a Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 14 Sep 2025 22:03:21 +0200 Subject: [PATCH 4/5] - fix matrix clients - fix zen - uuuugh, stupid home-manager... --- flake.lock | 20 +++----------------- flake.nix | 5 ++++- modules/home/application/matrix/default.nix | 6 +++++- modules/home/application/zen/default.nix | 2 ++ modules/home/desktop/plasma/default.nix | 2 +- modules/nixos/home-manager/default.nix | 2 +- 6 files changed, 16 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 51907f8..e10acab 100644 --- a/flake.lock +++ b/flake.lock @@ -686,22 +686,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1727348695, - "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1756578978, @@ -1186,7 +1170,9 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_10" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1756876659, diff --git a/flake.nix b/flake.nix index 60e9853..c659d4f 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - zen-browser.url = "github:0xc000022070/zen-browser-flake"; + zen-browser = { + url = "github:0xc000022070/zen-browser-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matrix/default.nix index 1a33a0c..867a94f 100644 --- a/modules/home/application/matrix/default.nix +++ b/modules/home/application/matrix/default.nix @@ -10,6 +10,10 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ fractal ]; + home.packages = with pkgs; [ fractal element-desktop ]; + + programs.element-desktop = { + enable = true; + }; }; } diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index 4995216..b7cec03 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -19,6 +19,8 @@ in }; programs.zen-browser = { + enable = true; + policies = { AutofillAddressEnabled = true; AutofillCreditCardEnabled = false; diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index 13476fb..0b679a0 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -64,7 +64,7 @@ in }; kwalletrc = { - Wallet.Enabled = false; + Wallet.Enabled = true; }; plasmarc = { diff --git a/modules/nixos/home-manager/default.nix b/modules/nixos/home-manager/default.nix index 1a5a964..d147d46 100644 --- a/modules/nixos/home-manager/default.nix +++ b/modules/nixos/home-manager/default.nix @@ -1,6 +1,6 @@ { ... }: { config = { - home-manager.backupFileExtension = "back"; + home-manager.backupFileExtension = "homeManagerBackup"; }; } From 6ed8bd861b5074084a67d3bf150cdf732476bf31 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 14 Sep 2025 22:03:45 +0200 Subject: [PATCH 5/5] start borg backups --- .../nixos/services/backup/borg/default.nix | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 modules/nixos/services/backup/borg/default.nix diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg/default.nix new file mode 100644 index 0000000..fbe5235 --- /dev/null +++ b/modules/nixos/services/backup/borg/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.backup.borg; +in +{ + options.${namespace}.services.backup.borg = { + enable = mkEnableOption "Borg Backup"; + }; + + config = mkIf cfg.enable { + services = { + borgbackup.jobs = { + media = { + paths = "/var/media/test"; + encryption.mode = "none"; + environment.BORG_SSH = "ssh -i /home/chris/.ssh/id_ed25519 -4"; + repo = "ssh://chris@beheer.hazelhof.nl:222/home/chris/backups/media"; + compression = "auto,zstd"; + startAt = "daily"; + }; + }; + }; + }; +}