diff --git a/README.md b/README.md index e608ad8..1169c52 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,12 @@ Configure `berlin.ccc.de` web server to send federation traffic to the matrix se ```nginx server { hostname berlin.ccc.de; - location "/.well-known/matrix/server" { + location = /.well-known/matrix/server { default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '{"m.server":"matrix.berlin.ccc.de:443"}'; } - location "/.well-known/matrix/client" { + location = /.well-known/matrix/client { default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '{"m.homeserver": {"base_url": "https://matrix.berlin.ccc.de"}}'; diff --git a/configuration.nix b/configuration.nix index 91418b3..0f7677a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -35,7 +35,7 @@ }; gc = { automatic = true; - options = "--delete-older-then 14d"; + options = "--delete-older-than 14d"; }; }; @@ -56,7 +56,6 @@ packages = with pkgs; [ kitty # for terminfo fastfetch # for shits and giggles - tmux ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09" @@ -147,6 +146,13 @@ htop = { enable = true; }; + tmux = { + enable = true; + terminal = "screen-256color"; + shortcut = "a"; + newSession = true; + clock24 = true; + }; ssh.startAgent = true; }; diff --git a/flake.nix b/flake.nix index 3c84b12..791a00f 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,12 @@ in { formatter.${system} = pkgs.nixfmt-tree; + apps.${system}.connect = { + type = "app"; + program = "${pkgs.writeShellScript "connect.sh" '' + ${pkgs.openssh}/bin/ssh root@matrix.berlin.ccc.de -L 3000:[::1]:3000 -L 9090:[::1]:9090 -N + ''}"; + }; devShells.${system}.default = pkgs.mkShell { packages = [ (agenix.packages.${system}.default) @@ -64,6 +70,12 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; + draupnir_access_token = { + file = ./secrets/draupnir_access_token.age; + mode = "440"; + owner = "draupnir"; + group = "draupnir"; + }; grafana_secret_key = { file = ./secrets/grafana_secret_key.age; mode = "440"; diff --git a/secrets/draupnir_access_token.age b/secrets/draupnir_access_token.age new file mode 100644 index 0000000..5bdf5c3 --- /dev/null +++ b/secrets/draupnir_access_token.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 uH+n1w 2hSmjOu7GxDfquW1HiyHi2Yyew1tnZqiFIxaeUhJymg +LqD/39jT1v7JjpgiiOwpHxrZvSIpmlEytBln+M6eL5I +-> ssh-ed25519 EvLbWw xaOrlq5mgR3i7XvE704FDt/0nhyb5GTOrps7S5LUIH8 +Va1xSbYhkwWJHSvL0QLIOrI0FHI+QxWYtU2VHlZbOCg +-> ssh-ed25519 dM+fLQ zqeBwPAbTMmDb3wgrlJQEtwV+1qQTLXpNc17zJt/BxU +i6FiCoPLYJ4bYPTLYO4WJwoOG9d/sJtr4vOuJ/xL9CY +-> ssh-ed25519 jxWM2Q R0GsQt6HBODYIV/hhNTqyFbQYEgiSTzjNdSA83EyVQg +Ud+hSYBNXGq0J0GkJJ+Z0aCtwv+nE8Z9BT+YcJ50e10 +-> ssh-ed25519 /yCUCg 46LBDK2i8Ra3FMYjPOXBKyyATWOjs5giuvs6xKZEvxo +3Ed22P9nimNYR81tiugg+TtNw/iHxIAGiTy7VNzCSqQ +-> ssh-ed25519 FGp51g 6xSucs4pAWiRpxJOE2hc+0poWbbqfkSoyPXnCFv73TM +xUx/7VuLnGjnqDK3V9vZRBFi6IUb2N70KtTRPahEg60 +-> ssh-ed25519 yoCmaA +DAPosKueugYv9XVTiOidCgPjauoIqlZVQeprxZjwFU +uhPNEu4nLw5v7E6ce6PWmlk+OZXt998eUQVY8A9kSp4 +--- bsh1fZUWEACxlxqk+VQQUzo7T4SunVJ67EC066G7Br4 + Hm&YӐG EJJg6k/0[gS!CiL;ֻ!I= \ No newline at end of file diff --git a/secrets/matrix_admin_password.age b/secrets/matrix_admin_password.age new file mode 100644 index 0000000..2047157 Binary files /dev/null and b/secrets/matrix_admin_password.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f106d09..c09b8c9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,6 +17,8 @@ let _matrix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApAkkhHLj918co/wUGuyW8WCPYHxsNM4uo32XDEu7VV root@matrix"; in { + "matrix_admin_password.age".publicKeys = users; + "draupnir_access_token.age".publicKeys = users ++ [ _matrix ]; "matrix_signing_key.age".publicKeys = users ++ [ _matrix ]; "matrix_registration_shared_secret.age".publicKeys = users ++ [ _matrix ]; "pushover_app_token.age".publicKeys = users ++ [ _matrix ]; diff --git a/services/draupnir.nix b/services/draupnir.nix index 8564d39..f184c97 100644 --- a/services/draupnir.nix +++ b/services/draupnir.nix @@ -2,7 +2,7 @@ { services.draupnir = { - enable = false; + enable = true; settings = { homeserverUrl = "https://matrix.berlin.ccc.de"; managementRoom = "!ZYWNuaQBkkenNklCSm:matrix.org"; # #cccb-moderators:berlin.ccc.de diff --git a/services/prometheus.nix b/services/prometheus.nix index d70657c..d8c18b8 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, lib, ... }: { services.prometheus = { @@ -6,8 +6,14 @@ retentionTime = "14d"; listenAddress = "[::1]"; exporters = { - #node = {}; - #nginx = {}; + node = { + enable = true; + listenAddress = config.services.prometheus.listenAddress; + }; + nginx = { + enable = true; + listenAddress = config.services.prometheus.listenAddress; + }; #postgres = {}; }; scrapeConfigs = [ @@ -16,10 +22,28 @@ scrape_interval = "15s"; static_configs = [ { - targets = [ "[::1]:9009" ]; + targets = lib.pipe config.services.matrix-synapse.settings.listeners [ + (lib.filter (l: l.type == "metrics")) + builtins.head + (l: [ "[${builtins.head l.bind_addresses}]:${toString l.port}" ]) + ]; } ]; } + { + job_name = "node"; + scrape_interval = "15s"; + static_configs = [ + { targets = [ "${config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}" ]; } + ]; + } + { + job_name = "nginx"; + scrape_interval = "15s"; + static_configs = [ + { targets = [ "${config.services.prometheus.exporters.nginx.listenAddress}:${toString config.services.prometheus.exporters.nginx.port}" ]; } + ]; + } ]; ruleFiles = [ # https://github.com/element-hq/synapse/tree/master/contrib/prometheus