diff --git a/flake.lock b/flake.lock index 7755a13..78a582a 100644 --- a/flake.lock +++ b/flake.lock @@ -77,11 +77,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1698243190, - "narHash": "sha256-n+SbyNQRhUcaZoU00d+7wi17HJpw/kAUrXOL4zRcqE8=", + "lastModified": 1699273601, + "narHash": "sha256-rBTtJ3Vln63RwzyVFzcAy6hW5mXTZOLXwJ/p5Sz0T5k=", "owner": "cachix", "repo": "devenv", - "rev": "86f476f7edb86159fd20764489ab4e4df6edb4b6", + "rev": "af34c270e708675c02831c5a4d6d1d3d6efb0854", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1698860414, - "narHash": "sha256-ejtFTDbo7tT8j8AIQfN9g+4dlQmrUDoC3dEaw77jVcY=", + "lastModified": 1699368917, + "narHash": "sha256-nUtGIWf86BOkUbtksWtfglvCZ/otP0FTZlQH8Rzc7PA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc2a8842ea5106640eb89ec522dde9120df82d8a", + "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3", "type": "github" }, "original": { @@ -304,11 +304,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1698864816, - "narHash": "sha256-GNfFzT5Ksr73mN1WD8qatQXJqEFGvG0gMXxEN3xTYiM=", + "lastModified": 1699391198, + "narHash": "sha256-HrnlCdZBqqE37gFORapfSGEGcqhCyhX2aSMRnDEmR0k=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "21e9313c100e005ec2a9a5100c29258a2885546b", + "rev": "751d2851cc270c3322ffe2eb83c156e4298a0c0e", "type": "github" }, "original": { @@ -475,11 +475,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1699099776, + "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", "type": "github" }, "original": { diff --git a/modules/caddy/Caddyfile b/modules/caddy/Caddyfile index 725d90f..f39de69 100644 --- a/modules/caddy/Caddyfile +++ b/modules/caddy/Caddyfile @@ -1,73 +1,88 @@ { - log { - level ERROR - } - admin off + log { + level ERROR + } + admin off + servers { + metrics + } +} + +http://localhost:2019 { + metrics /metrics } matrix.broccoli.town { - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 + reverse_proxy /_matrix/* http://localhost:8008 + reverse_proxy /_synapse/client/* http://localhost:8008 +} + +syncv3.broccoli.town { + reverse_proxy http://localhost:8009 } broccoli.town:8448 { - reverse_proxy http://localhost:8008 + reverse_proxy http://localhost:8008 } broccoli.town { - header /.well-known/* "Access-Control-Allow-Origin" "*" - respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}" + header /.well-known/* "Access-Control-Allow-Origin" "*" - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 + respond /.well-known/matrix/client `{ "m.homeserver": { "base_url": "https://broccoli.town" }, "org.matrix.msc3575.proxy": { "url": "https://syncv3.broccoli.town" } }` - redir / https://chat.broccoli.town + reverse_proxy /_matrix/* http://localhost:8008 + reverse_proxy /_synapse/client/* http://localhost:8008 + + redir / https://chat.broccoli.town } chat.broccoli.town { - header { - X-Frame-Options "SAMEORIGIN" - X-XSS-Protection "1; mode=block" - X-Content-Type-Options "nosniff" - X-Robots-Tag "noindex, noarchive, nofollow" - } - root * @element@ - file_server + header { + X-Frame-Options "SAMEORIGIN" + X-XSS-Protection "1; mode=block" + X-Content-Type-Options "nosniff" + X-Robots-Tag "noindex, noarchive, nofollow" + } + root * @element@ + file_server } danielpatterson.dev { - header { - proof proven.lol/de4a14 - } - root * /srv/site/danielpatterson.dev - encode zstd gzip - file_server + header { + proof proven.lol/de4a14 + } + root * /srv/site/danielpatterson.dev + encode zstd gzip + file_server } movies.danielpatterson.dev { - reverse_proxy localhost:8096 + reverse_proxy localhost:8096 } elixir.danielpatterson.dev { - reverse_proxy localhost:8080 + reverse_proxy localhost:8080 } git.broccoli.town { - reverse_proxy localhost:3030 + reverse_proxy localhost:3030 } http://bigding:8384 { - reverse_proxy localhost:8387 + reverse_proxy localhost:8387 } bigding.squirrel-clownfish.ts.net { - tls { - get_certificate tailscale - } - reverse_proxy localhost:9091 + tls { + get_certificate tailscale + } + reverse_proxy localhost:9091 } http://bigding { - reverse_proxy /transmission localhost:9091 - reverse_proxy /transmission/* localhost:9091 + reverse_proxy /transmission localhost:9091 + reverse_proxy /transmission/* localhost:9091 + handle_path /prometheus/* { + reverse_proxy localhost:9090 + } } diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 88fd148..86b7231 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -29,6 +29,15 @@ } ]; } + { + job_name = "caddy"; + scrape_interval = "15s"; + static_configs = [ + { + targets = ["localhost:2019"]; + } + ]; + } ]; }; } diff --git a/modules/synapse/default.nix b/modules/synapse/default.nix index c672fa1..3d75a07 100644 --- a/modules/synapse/default.nix +++ b/modules/synapse/default.nix @@ -6,6 +6,9 @@ }: let fqdn = "matrix.broccoli.town"; in { + age.secrets = { + sliding_sync_env_file.file = ../../secrets/sliding_sync_env_file.age; + }; services.postgresql = { enable = true; ensureUsers = [ @@ -26,6 +29,13 @@ in { services.matrix-synapse = { enable = true; + sliding-sync = { + enable = true; + environmentFile = config.age.secrets.sliding_sync_env_file.path; + settings = { + SYNCV3_SERVER = "http://localhost:8008"; + }; + }; settings = { enable_metrics = true; server_name = "broccoli.town"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d6cc1c6..4a4b4c7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -28,4 +28,5 @@ in { "bigding_backup_repo_password.age".publicKeys = users ++ [system4]; "sendmail_email_key_gitea.age".publicKeys = users ++ [system4]; "gitea_actions_runner_token.age".publicKeys = users ++ [system4]; + "sliding_sync_env_file.age".publicKeys = users ++ [system4]; } diff --git a/secrets/sliding_sync_env_file.age b/secrets/sliding_sync_env_file.age new file mode 100644 index 0000000..1442dce --- /dev/null +++ b/secrets/sliding_sync_env_file.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 eYYv1Q 7TKz5P08MWm671YjNZZBcfYifTxCLQRld/yEDUvg/mo +Ri7tvBi03wGjkUyfqOYDUV2uy1KUqzJh+G/gXfb7VZ4 +-> ssh-ed25519 Bp5IaA pUWO9BOFN6lvXMqCEuN8ac4a40eBKyZNif+IMy20MVs +OItLZfWVbBzaz6Kc24MvPZX9nenwZanTqfBLHwkG6x0 +-> ssh-ed25519 T/DpgA 8iff5RUhuZTQQ8R52lYOp1lFFCriG61mJJ04l3R2lSo +hOGYWfMkhmwqBGnF3NTH3/e49YWMLNwaWxI7liZjvlc +-> ssh-ed25519 qMgRFg b1JR35lDwcQllMmEZ4yJ4XmI6aBhESILLAe3LHG1Hgc +lBxwrrquC7Ncv4/IGGIabdCcjEw73J6UzjORP0TUdkY +-> ssh-ed25519 dMZXNw 0/n4Qw/C/wt0+7SqUJoAdNlt8E7xBCfoYmwHCEVJ4zM +t3MWE0aSIDdJNRPF5HQZ5DWXzO2AMjapEEBa2JHelrI +-> ssh-ed25519 70Nt2Q PyFn7VfxEgUtgN5yE4zq66eWTASq7TnH0ZJEY0P1Ei8 +kFwfeeSEG4XX//SkUd72KuMNpkbmq2zDXyDBz3rmy88 +-> >YOx)y>-grease vP? y$B-[ Zv&X TwB +VT4wxcaS1aosiUDafpLhzCpPFyozKE9Q/tZKnr7rPqnSTGB5sL99DX7iY91V7Q +--- ee2Sc/l314nyNlFgxOfi9VJzTnU8x5Kgy9/o6XgJc8Q +XN7,vd]왔imkx ӯ$OA6Eo߰Ԥ+˱ت𫮉Chۤit?!hoW[}䨪3uWGy \ No newline at end of file