From d2f3ca56242fd2a91b46104488d90cc94023721e Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 9 Aug 2024 16:58:46 +0300 Subject: [PATCH] Add Grapevine Matrix server and matrix-hookshot It doesn't want to work. --- flake.lock | 286 +++++++++++++++++++++++++++++++++-- flake.nix | 8 + hosts/meta01/default.nix | 2 + services/default.nix | 1 + services/matrix/default.nix | 68 +++++++++ services/matrix/hookshot.nix | 60 ++++++++ 6 files changed, 415 insertions(+), 10 deletions(-) create mode 100644 services/matrix/default.nix create mode 100644 services/matrix/hookshot.nix diff --git a/flake.lock b/flake.lock index 17863a0..63d346e 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1720546205, - "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", + "lastModified": 1722339003, + "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", "owner": "ryantm", "repo": "agenix", - "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", + "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "type": "github" }, "original": { @@ -23,6 +23,29 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1711742460, + "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "main", + "repo": "attic", + "type": "github" + } + }, "bats-assert": { "flake": false, "locked": { @@ -101,6 +124,50 @@ "type": "github" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "grapevine", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "inputs": { + "nixpkgs": [ + "grapevine", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716569590, + "narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "109987da061a1bf452f435f1653c47511587d919", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -123,6 +190,29 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "grapevine", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1716359173, + "narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -140,6 +230,39 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -214,6 +337,40 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { "locked": { "lastModified": 1634851050, "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", @@ -228,6 +385,34 @@ "type": "github" } }, + "grapevine": { + "inputs": { + "attic": "attic", + "crane": "crane_2", + "fenix": "fenix", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_3", + "nix-filter": "nix-filter", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "host": "gitlab.computer.surgery", + "lastModified": 1721671623, + "narHash": "sha256-ELE+AD83jG3zIbYITbSfo6Ykn+R1gVjMHoS5rhDccuY=", + "owner": "matrix", + "repo": "grapevine-fork", + "rev": "dd24a441121b94d389fb46f08c7ec51886d5aa32", + "type": "gitlab" + }, + "original": { + "host": "gitlab.computer.surgery", + "owner": "matrix", + "repo": "grapevine-fork", + "type": "gitlab" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -273,7 +458,7 @@ }, "lix": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_4", "nix2container": "nix2container", "nixpkgs": [ "hydra", @@ -324,6 +509,22 @@ "url": "https://git.lix.systems/lix-project/nix-eval-jobs" } }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, "nix-gerrit": { "inputs": { "nixpkgs": [ @@ -384,11 +585,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721116560, - "narHash": "sha256-++TYlGMAJM1Q+0nMVaWBSEvEUjRs7ZGiNQOpqbQApCU=", + "lastModified": 1711401922, + "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9355fa86e6f27422963132c2c9aeedb0fb963d93", + "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", "type": "github" }, "original": { @@ -414,7 +615,39 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1723151389, + "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13fe00cb6c75461901f072ae62b5805baef9f8b2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1636823747, "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", @@ -450,16 +683,34 @@ "agenix": "agenix", "buildbot-nix": "buildbot-nix", "colmena": "colmena", + "grapevine": "grapevine", "hydra": "hydra", "lix": [ "hydra", "lix" ], "nix-gerrit": "nix-gerrit", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "terranix": "terranix" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1716107283, + "narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "stable": { "locked": { "lastModified": 1696039360, @@ -491,12 +742,27 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "bats-assert": "bats-assert", "bats-support": "bats-support", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2", + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_3", "terranix-examples": "terranix-examples" }, "locked": { diff --git a/flake.nix b/flake.nix index bd32ea4..7de8260 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,14 @@ buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; lix.follows = "hydra/lix"; + + grapevine = { + type = "gitlab"; + host = "gitlab.computer.surgery"; + owner = "matrix"; + repo = "grapevine-fork"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, terranix, colmena, ... } @ inputs: diff --git a/hosts/meta01/default.nix b/hosts/meta01/default.nix index 1654ebb..00cc652 100755 --- a/hosts/meta01/default.nix +++ b/hosts/meta01/default.nix @@ -24,6 +24,8 @@ bagel.services.prometheus.enable = true; bagel.services.loki.enable = true; bagel.services.grafana.enable = true; + bagel.services.grapevine.enable = true; + bagel.services.hookshot.enable = true; i18n.defaultLocale = "fr_FR.UTF-8"; diff --git a/services/default.nix b/services/default.nix index 27dacfd..4fb2e42 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./gerrit ./hydra + ./matrix ./monitoring ./netbox ./ofborg diff --git a/services/matrix/default.nix b/services/matrix/default.nix new file mode 100644 index 0000000..4818ebe --- /dev/null +++ b/services/matrix/default.nix @@ -0,0 +1,68 @@ +{ + config, + lib, + inputs, + ... +}: + +let + cfg = config.bagel.services.grapevine; + inherit (lib) mkEnableOption mkIf; +in + +{ + imports = [ + inputs.grapevine.nixosModules.default + ./hookshot.nix + ]; + + options.bagel.services.grapevine.enable = mkEnableOption "Grapevine"; + + config = mkIf cfg.enable { + services = { + grapevine = { + enable = true; + settings = { + listen = [ + { + type = "tcp"; + address = "127.0.0.1"; + port = 6167; + } + ]; + server_name = "forkos.org"; + database.backend = "rocksdb"; + }; + }; + + nginx = { + upstreams.grapevine.servers."127.0.0.1:6167" = { }; + + virtualHosts = { + "matrix.forkos.org" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://grapevine"; + }; + + "forkos.org" = { + forceSSL = true; + enableACME = true; + locations = { + "= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{"m.server": "matrix.forkos.org:443"}'; + ''; + "= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{"m.homeserver": {"base_url": "https://matrix.forkos.org/"}, "m.identity_server": {"base_url": "https://matrix.org/"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.forkos.org"}}'; + ''; + }; + }; + }; + }; + }; + }; +} diff --git a/services/matrix/hookshot.nix b/services/matrix/hookshot.nix new file mode 100644 index 0000000..cca239a --- /dev/null +++ b/services/matrix/hookshot.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.bagel.services.hookshot; + inherit (lib) mkEnableOption mkIf mkOption; + keyPath = "/var/lib/matrix-hookshot/key.pem"; +in +{ + options.bagel.services.hookshot = { + enable = mkEnableOption "matrix-hookshot"; + settings = mkOption { + description = "Settings"; + type = (pkgs.formats.yaml { }).type; + }; + }; + + config = mkIf cfg.enable { + systemd.services.matrix-hookshot = { + wantedBy = ["multi-user.target"]; + wants = ["network-online.target"]; + after = ["network-online.target"]; + serviceConfig = { + ExecStart = "${lib.getExe pkgs.matrix-hookshot} ${pkgs.writers.writeYAML "config.yaml" cfg.settings}"; + ExecStartPre = pkgs.writeShellScript "hookshot-generate-key" '' + if [ ! -f ${keyPath} ]; then + mkdir -p $(dirname ${keyPath}) + ${lib.getExe pkgs.openssl} genpkey -out ${keyPath} -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 + fi + ''; + DynamicUser = true; + StateDirectory = "matrix-hookshot"; + WorkingDirectory = "/var/lib/matrix-hookshot"; + }; + }; + + bagel.services.hookshot.settings = { + bridge = { + domain = "forkos.org"; + url = "https://matrix.forkos.org"; + mediaUrl = "https://forkos.org"; + port = 9993; + bindAddress = "127.0.0.1"; + }; + passFile = keyPath; + listeners = [{ + port = 9994; + bindAddress = "127.0.0.1"; + resources = [ "webhooks" ]; + }]; + generic = { + enabled = true; + urlPrefix = "https://alerts.forkos.org/webhook"; + }; + }; + }; +}