Add Grapevine Matrix server and matrix-hookshot

It doesn't want to work.
This commit is contained in:
Ilya K 2024-08-09 16:58:46 +03:00
parent bebc7f2586
commit ae4bc2550e
6 changed files with 415 additions and 10 deletions

View file

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1720546205, "lastModified": 1722339003,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,6 +23,29 @@
"type": "github" "type": "github"
} }
}, },
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1711742460,
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "main",
"repo": "attic",
"type": "github"
}
},
"bats-assert": { "bats-assert": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -101,6 +124,50 @@
"type": "github" "type": "github"
} }
}, },
"crane": {
"inputs": {
"nixpkgs": [
"grapevine",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702918879,
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
"owner": "ipetkov",
"repo": "crane",
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"nixpkgs": [
"grapevine",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716569590,
"narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "109987da061a1bf452f435f1653c47511587d919",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "master",
"repo": "crane",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -123,6 +190,29 @@
"type": "github" "type": "github"
} }
}, },
"fenix": {
"inputs": {
"nixpkgs": [
"grapevine",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1716359173,
"narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=",
"owner": "nix-community",
"repo": "fenix",
"rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -140,6 +230,39 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"ref": "master",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -214,6 +337,40 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": { "locked": {
"lastModified": 1634851050, "lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -228,6 +385,34 @@
"type": "github" "type": "github"
} }
}, },
"grapevine": {
"inputs": {
"attic": "attic",
"crane": "crane_2",
"fenix": "fenix",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nix-filter": "nix-filter",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"host": "gitlab.computer.surgery",
"lastModified": 1721671623,
"narHash": "sha256-ELE+AD83jG3zIbYITbSfo6Ykn+R1gVjMHoS5rhDccuY=",
"owner": "matrix",
"repo": "grapevine-fork",
"rev": "dd24a441121b94d389fb46f08c7ec51886d5aa32",
"type": "gitlab"
},
"original": {
"host": "gitlab.computer.surgery",
"owner": "matrix",
"repo": "grapevine-fork",
"type": "gitlab"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -273,7 +458,7 @@
}, },
"lix": { "lix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_4",
"nix2container": "nix2container", "nix2container": "nix2container",
"nixpkgs": [ "nixpkgs": [
"hydra", "hydra",
@ -324,6 +509,22 @@
"url": "https://git.lix.systems/lix-project/nix-eval-jobs" "url": "https://git.lix.systems/lix-project/nix-eval-jobs"
} }
}, },
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "nix-filter",
"type": "github"
}
},
"nix-gerrit": { "nix-gerrit": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -384,11 +585,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1721116560, "lastModified": 1711401922,
"narHash": "sha256-++TYlGMAJM1Q+0nMVaWBSEvEUjRs7ZGiNQOpqbQApCU=", "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9355fa86e6f27422963132c2c9aeedb0fb963d93", "rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,7 +615,39 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1723151389,
"narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13fe00cb6c75461901f072ae62b5805baef9f8b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1636823747, "lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -450,16 +683,34 @@
"agenix": "agenix", "agenix": "agenix",
"buildbot-nix": "buildbot-nix", "buildbot-nix": "buildbot-nix",
"colmena": "colmena", "colmena": "colmena",
"grapevine": "grapevine",
"hydra": "hydra", "hydra": "hydra",
"lix": [ "lix": [
"hydra", "hydra",
"lix" "lix"
], ],
"nix-gerrit": "nix-gerrit", "nix-gerrit": "nix-gerrit",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"terranix": "terranix" "terranix": "terranix"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1716107283,
"narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1696039360, "lastModified": 1696039360,
@ -491,12 +742,27 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"terranix-examples": "terranix-examples" "terranix-examples": "terranix-examples"
}, },
"locked": { "locked": {

View file

@ -21,6 +21,14 @@
buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs";
lix.follows = "hydra/lix"; lix.follows = "hydra/lix";
grapevine = {
type = "gitlab";
host = "gitlab.computer.surgery";
owner = "matrix";
repo = "grapevine-fork";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, terranix, colmena, ... } @ inputs: outputs = { self, nixpkgs, terranix, colmena, ... } @ inputs:

View file

@ -24,6 +24,8 @@
bagel.services.prometheus.enable = true; bagel.services.prometheus.enable = true;
bagel.services.loki.enable = true; bagel.services.loki.enable = true;
bagel.services.grafana.enable = true; bagel.services.grafana.enable = true;
bagel.services.grapevine.enable = true;
bagel.services.hookshot.enable = true;
i18n.defaultLocale = "fr_FR.UTF-8"; i18n.defaultLocale = "fr_FR.UTF-8";

View file

@ -2,6 +2,7 @@
imports = [ imports = [
./gerrit ./gerrit
./hydra ./hydra
./matrix
./monitoring ./monitoring
./netbox ./netbox
./ofborg ./ofborg

View file

@ -0,0 +1,68 @@
{
config,
lib,
inputs,
...
}:
let
cfg = config.bagel.services.grapevine;
inherit (lib) mkEnableOption mkIf;
in
{
imports = [
inputs.grapevine.nixosModules.default
./hookshot.nix
];
options.bagel.services.grapevine.enable = mkEnableOption "Grapevine";
config = mkIf cfg.enable {
services = {
grapevine = {
enable = true;
settings = {
listen = [
{
type = "tcp";
address = "127.0.0.1";
port = 6167;
}
];
server_name = "forkos.org";
database.backend = "rocksdb";
};
};
nginx = {
upstreams.grapevine.servers."127.0.0.1:6167" = { };
virtualHosts = {
"matrix.forkos.org" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://grapevine";
};
"forkos.org" = {
forceSSL = true;
enableACME = true;
locations = {
"= /.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server": "matrix.forkos.org:443"}';
'';
"= /.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://matrix.forkos.org/"}, "m.identity_server": {"base_url": "https://matrix.org/"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.forkos.org"}}';
'';
};
};
};
};
};
};
}

View file

@ -0,0 +1,60 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.bagel.services.hookshot;
inherit (lib) mkEnableOption mkIf mkOption;
keyPath = "/var/lib/matrix-hookshot/key.pem";
in
{
options.bagel.services.hookshot = {
enable = mkEnableOption "matrix-hookshot";
settings = mkOption {
description = "Settings";
type = (pkgs.formats.yaml { }).type;
};
};
config = mkIf cfg.enable {
systemd.services.matrix-hookshot = {
wantedBy = ["multi-user.target"];
wants = ["network-online.target"];
after = ["network-online.target"];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.matrix-hookshot} ${pkgs.writers.writeYAML "config.yaml" cfg.settings}";
ExecStartPre = pkgs.writeShellScript "hookshot-generate-key" ''
if [ ! -f ${keyPath} ]; then
mkdir -p $(dirname ${keyPath})
${lib.getExe pkgs.openssl} genpkey -out ${keyPath} -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096
fi
'';
DynamicUser = true;
StateDirectory = "matrix-hookshot";
WorkingDirectory = "/var/lib/matrix-hookshot";
};
};
bagel.services.hookshot.settings = {
bridge = {
domain = "forkos.org";
url = "https://matrix.forkos.org";
mediaUrl = "https://forkos.org";
port = 9993;
bindAddress = "127.0.0.1";
};
passFile = keyPath;
listeners = [{
port = 9994;
bindAddress = "127.0.0.1";
resources = [ "webhooks" ];
}];
generic = {
enabled = true;
urlPrefix = "https://alerts.forkos.org/webhook";
};
};
};
}