foo

.editorconfig

@@ -0,0 +1,13 @@
+# EditorConfig is awesome: https://editorconfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+
+[*.nix]
+indent_style = space
+indent_size = 2
+

configuration.nix

@@ -17,14 +17,15 @@
     settings = {
       auto-optimise-store = true;
       sandbox = false;
+      # Allow remote updates
       trusted-users = [
         "root"
         "@wheel"
-      ]; # Allow remote updates
+      ];
       experimental-features = [
         "nix-command"
         "flakes"
-      ]; # Enable flakes
+      ];
     };
     gc = {
       automatic = true;

flake.nix

@@ -34,6 +34,7 @@
       nixosConfigurations."matrix" = nixpkgs.lib.nixosSystem {
         #system = "x86_64-linux";
         #pkgs = import nixpkgs { inherit system; };
+        inherit system;
         modules = [
           agenix.nixosModules.default
           { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }

secrets/secrets.nix

@@ -17,7 +17,7 @@ let
   _matrix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7AZkepRXoY+DJeSLOU+GR60S62p6+0X/PDeEUZ0yHx root@matrix";
 in
 {
-  "matrix-registration-shared-secret.age".publicKeys = users ++ [ _matrix ];
+  "matrix_registration_shared_secret.age".publicKeys = users ++ [ _matrix ];
   "pushover_app_token.age".publicKeys = users ++ [ _matrix ];
   "pushover_user_key.age".publicKeys = users ++ [ _matrix ];
 }

services/draupnir.nix

@@ -5,7 +5,7 @@
     enable = false;
     settings = {
       homeserverUrl = "https://matrix.berlin.ccc.de";
-      managementRoom = "#moderators:berlin.ccc.de";
+      managementRoom = "!ZYWNuaQBkkenNklCSm:matrix.org"; # #cccb-moderators:berlin.ccc.de
       autojoinOnlyIfManager = true;
       recordIgnoredInvites = true;
       roomStateBackingStore.enabled = true;
@@ -14,4 +14,3 @@
     secrets.accessToken = config.age.secrets.draupnir_access_token.path;
   };
 }
-

services/grafana.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 
 # Dashboards:
 # - Synapse: https://github.com/element-hq/synapse/tree/master/contrib/grafana
@@ -56,4 +56,3 @@
     };
   };
 }
-

services/nginx.nix

@@ -7,7 +7,12 @@ in
   services.nginx = {
     enable = true;
     package = pkgs.nginxQuic;
-    resolver.addresses = ["[2606:4700:4700::1111]" "[2620:fe::fe]" "1.1.1.1" "9.9.9.9"];
+    resolver.addresses = [
+      "[2606:4700:4700::1111]"
+      "[2620:fe::fe]"
+      "1.1.1.1"
+      "9.9.9.9"
+    ];
     statusPage = true; # http://127.0.0.1/nginx_status
     sslProtocols = "TLSv1.3";
     recommendedTlsSettings = true;
@@ -20,6 +25,28 @@ in
       kTLS = true;
       forceSSL = true;
       useACMEHost = fqdn;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "::";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8448;
+          ssl = true;
+        }
+        {
+          addr = "::";
+          port = 8448;
+          ssl = true;
+        }
+      ];
       locations = {
         "/".return = "418 \"I'm a Teapot!\"";
         "= /.well-known/matrix/client" = {
@@ -29,7 +56,7 @@ in
             add_header Access-Control-Allow-Origin "*";
           '';
         };
-        "~ ^(/_matrix|/_synapse/client)" {
+        "~ ^(/_matrix|/_synapse/client)" = {
           recommendedProxySettings = true;
           proxyPass = "http://[::1]:8008";
           extraConfig = ''
@@ -42,5 +69,5 @@ in
     };
   };
 
-  security.acme.certs."${fqdn}".reloadServices = ["nginx"];
+  security.acme.certs."${fqdn}".reloadServices = [ "nginx" ];
 }

services/prometheus.nix

@@ -12,11 +12,11 @@
     };
     scrapeConfigs = [
       {
-         job_name = "synapse";
+        job_name = "synapse";
         scrape_interval = "15s";
         static_configs = [
           {
-            targets = ["[::1]:9009"];
+            targets = [ "[::1]:9009" ];
           }
         ];
       }
@@ -63,4 +63,3 @@
     ];
   };
 }
-

services/synapse.nix

@@ -25,6 +25,7 @@ in
             tls = false;
             port = 8008;
             bind_addresses = [ "::1" ];
+            #request_id_header = "X-Request-ID";
             resources = [
               {
                 compress = false;
@@ -39,10 +40,12 @@ in
             type = "metrics";
             port = 9009;
             bind_addresses = [ "::1" ];
-            resources = [{
+            resources = [
-              compress = false;
+              {
-              names = [ "metrics" ];
+                compress = false;
-            }];
+                names = [ "metrics" ];
+              }
+            ];
           }
         ];
         enable_metrics = true;
@@ -61,7 +64,7 @@ in
         };
       };
       extraConfigFiles = [
-        config.age.secrets.matrix-registration-shared-secret.path
+        config.age.secrets.matrix_registration_shared_secret.path
       ];
       enableRegistrationScript = true;
     };