start borg backups

- fix matrix clients
- fix zen - uuuugh, stupid home-manager...
2025-09-14 22:03:45 +02:00 · 2025-09-14 22:03:21 +02:00 · 2025-09-14 22:01:09 +02:00 · 2025-09-14 22:00:53 +02:00 · 2025-09-11 22:09:47 +02:00
9 changed files with 77 additions and 53 deletions
--- a/flake.lock
+++ b/flake.lock
@ -686,22 +686,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_10": {
-      "locked": {
-        "lastModified": 1727348695,
-        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1756578978,
@ -1186,7 +1170,9 @@
    "zen-browser": {
      "inputs": {
        "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1756876659,
--- a/flake.nix
+++ b/flake.nix
@ -41,7 +41,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    zen-browser.url = "github:0xc000022070/zen-browser-flake";
+    zen-browser = {
+      url = "github:0xc000022070/zen-browser-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

    nix-minecraft.url = "github:Infinidoge/nix-minecraft";

--- a/modules/home/application/matrix/default.nix
+++ b/modules/home/application/matrix/default.nix
@ -10,6 +10,10 @@ in
  };

  config = mkIf cfg.enable {
-    home.packages = with pkgs; [ fractal ];
+    home.packages = with pkgs; [ fractal element-desktop ];
+
+    programs.element-desktop = {
+      enable = true;
+    };
  };
 }
--- a/modules/home/application/zen/default.nix
+++ b/modules/home/application/zen/default.nix
@ -19,6 +19,8 @@ in
    };

    programs.zen-browser = {
+      enable = true;
+
      policies = {
        AutofillAddressEnabled = true;
        AutofillCreditCardEnabled = false;
--- a/modules/home/desktop/plasma/default.nix
+++ b/modules/home/desktop/plasma/default.nix
@ -64,7 +64,7 @@ in
        };

        kwalletrc = {
-          Wallet.Enabled = false;
+          Wallet.Enabled = true;
        };

        plasmarc = {
--- a/modules/nixos/home-manager/default.nix
+++ b/modules/nixos/home-manager/default.nix
@ -1,6 +1,6 @@
 { ... }:
 {
  config = {
-    home-manager.backupFileExtension = "back";
+    home-manager.backupFileExtension = "homeManagerBackup";
  };
 }
--- a/modules/nixos/services/backup/borg/default.nix
+++ b/modules/nixos/services/backup/borg/default.nix
@ -0,0 +1,26 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.backup.borg;
+in
+{
+  options.${namespace}.services.backup.borg = {
+    enable = mkEnableOption "Borg Backup";
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      borgbackup.jobs = {
+        media = {
+          paths = "/var/media/test";
+          encryption.mode = "none";
+          environment.BORG_SSH = "ssh -i /home/chris/.ssh/id_ed25519 -4";
+          repo = "ssh://chris@beheer.hazelhof.nl:222/home/chris/backups/media";
+          compression = "auto,zstd";
+          startAt = "daily";
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/communication/conduit/default.nix
+++ b/modules/nixos/services/communication/conduit/default.nix
@ -3,7 +3,7 @@ let
  inherit (builtins) toString toJSON;
  inherit (lib) mkIf mkEnableOption;

-  cfg = config.${namespace}.services.communication.conduit;
+  cfg = config.${namespace}.services.communication.matrix;

  domain = "kruining.eu";
  fqn = "matrix.${domain}";
@ -12,43 +12,24 @@ let
  database = "synapse";
 in
 {
-  options.${namespace}.services.communication.conduit = {
-    enable = mkEnableOption "conduit (Matrix server)";
+  options.${namespace}.services.communication.matrix = {
+    enable = mkEnableOption "Matrix server (Synapse)";
  };

  config = mkIf cfg.enable {
-    # ${namespace}.services = {
-    #   persistance.postgresql.enable = true;
-    #   virtualisation.podman.enable = true;
-    # };
+    ${namespace}.services = {
+      persistance.postgresql.enable = true;
+      # virtualisation.podman.enable = true;
+    };

-    networking.firewall.allowedTCPPorts = [ 4001 8448 ];
+    networking.firewall.allowedTCPPorts = [ 4001 ];

    services = {
-      matrix-conduit = {
-        enable = false;
-
-        settings.global = {
-          address = "::";
-          port = port;
-
-          server_name = domain;
-
-          database_backend = "rocksdb";
-          # database_path = "/var/lib/matrix-conduit/";
-
-          allow_check_for_updates = false;
-          allow_registration = false;
-
-          enable_lightning_bolt = false;
-        };
-      };
-
      matrix-synapse = {
        enable = true;

        extras = [ "oidc" ];
-        plugins = with config.services.matrix-synapse.package.plugins; [];
+        # plugins = with config.services.matrix-synapse.package.plugins; [];

        settings = {
          server_name = domain;
@ -56,10 +37,32 @@ in

          enable_registration = false;
          registration_shared_secret = "tZtBnlhEmLbMwF0lQ112VH1Rl5MkZzYH9suI4pEoPXzk6nWUB8FJF4eEnwLkbstz";
-          
+
          url_preview_enabled = true;
          precence.enabled = true;

+          sso = {
+            client_whitelist = [ "http://[::1]:9092" ];
+            update_profile_information = true;
+          };
+
+          oidc_providers = [
+            {
+              discover = true;
+
+              idp_id = "zitadel";
+              idp_name = "Zitadel";
+              issuer = "https://auth.amarth.cloud";
+              client_id = "337858153251143939";
+              client_secret = "ePkf5n8BxGD5DF7t1eNThTL0g6PVBO5A1RC0EqPp61S7VsiyXvDs8aJeczrpCpsH";
+              scopes = [ "openid" "profile" ];
+              # user_mapping_provider.config = {
+              #   localpart_template = "{{ user.prefered_username }}";
+              #   display_name_template = "{{ user.name }}";
+              # };
+            }
+          ];
+
          database = {
            # this is postgresql (also the default, but I prefer to be explicit)
            name = "psycopg2";
@ -95,7 +98,7 @@ in
        settings = {
          appservice = {
            provisioning.enabled = false;
-            port = 40011;
+            # port = 40011;
          };

          homeserver = {
@ -118,7 +121,7 @@ in
        settings = {
          appservice = {
            provisioning.enabled = false;
-            port = 40012;
+            # port = 40012;
          };

          homeserver = {
--- a/systems/x86_64-linux/ulmo/default.nix
+++ b/systems/x86_64-linux/ulmo/default.nix
@ -10,7 +10,7 @@
      authentication.authelia.enable = true;
      authentication.zitadel.enable = true;

-      communication.conduit.enable = true;
+      communication.matrix.enable = true;

      development.forgejo.enable = true;
Author	SHA1	Message	Date
Chris Kruining	6ed8bd861b	start borg backups Some checks failed Test action / kaas (push) Failing after 1s Details	2025-09-14 22:03:45 +02:00
Chris Kruining	1a4746819b	- fix matrix clients - fix zen - uuuugh, stupid home-manager...	2025-09-14 22:03:21 +02:00
Chris Kruining	d35165ebc0	add sso support for matrix server	2025-09-14 22:01:09 +02:00
Chris Kruining	3816942600	finally have the matrix bridges working!	2025-09-14 22:00:53 +02:00
Chris Kruining	992ddba373	rename matrix module	2025-09-11 22:09:47 +02:00