m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: tuwunel matrix server + hermes update

Browse Source
This commit is contained in:
m3tm3re
2026-04-24 21:38:57 +02:00
parent d47680aef7
commit 383f4ef56f
12 changed files with 281 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/common/ports.nix
View File

@@ -38,7 +38,7 @@
kestra = 3018;
outline = 3019;
authentik = 3023;
conduit = 3024;
tuwunel = 3024;
# Home automation
homarr = 7575;

1
hosts/common/users/m3tam3re.nix
View File

@@ -25,6 +25,7 @@
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZcjCKl0DRuOUOMXbM0GKY5JjvmyFpVZ/tRlTKWu/zp razr"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZbg/Z9mnflXuLahGY8WOSBMqbgeqVIkIwRkquys1Ml sascha.koenig@azintec.com"
];
packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default];
};

5
hosts/m3-atlas/secrets.nix
View File

@@ -33,6 +33,10 @@
restreamer-env = {file = ../../secrets/restreamer-env.age;};
searx = {file = ../../secrets/searx.age;};
tailscale-key = {file = ../../secrets/tailscale-key.age;};
tuwunel-registration-token = {
file = ../../secrets/tuwunel-registration-token.age;
owner = "tuwunel";
};
traefik = {
file = ../../secrets/traefik.age;
owner = "traefik";
@@ -65,7 +69,6 @@
owner = "m3tam3re";
};
authentik-env = {file = ../../secrets/authentik-env.age;};
conduit-env = {file = ../../secrets/conduit-env.age;};
};
};
}

2
hosts/m3-atlas/services/default.nix
View File

@@ -1,6 +1,6 @@
{
imports = [
./conduit.nix
./tuwunel.nix
./containers
./gitea.nix
./gitea-actions-runner.nix

30
hosts/m3-atlas/services/conduit.nix → hosts/m3-atlas/services/tuwunel.nix
View File

@@ -1,44 +1,46 @@
{config, ...}: {
services.matrix-conduit = {
{config, ...}: let
# Tuwunel uses a list for ports
tuwunel-port = config.m3ta.ports.get "tuwunel";
in {
services.matrix-tuwunel = {
enable = true;
settings.global = {
server_name = "m3ta.dev";
address = "127.0.0.1";
port = config.m3ta.ports.get "conduit";
address = ["127.0.0.1"];
port = [tuwunel-port];
max_request_size = 20000000;
allow_registration = false;
allow_registration = true;
registration_token_file = config.age.secrets."tuwunel-registration-token".path;
allow_encryption = true;
allow_federation = true;
trusted_servers = ["matrix.org"];
database_backend = "rocksdb";
};
secretFile = config.age.secrets.conduit-env.path;
};
# Traefik configuration for Conduit
# Traefik configuration for Tuwunel
services.traefik.dynamicConfigOptions.http = {
services.conduit.loadBalancer.servers = [
services.tuwunel.loadBalancer.servers = [
{
url = "http://localhost:${toString (config.m3ta.ports.get "conduit")}/";
url = "http://localhost:${toString tuwunel-port}/";
}
];
routers.conduit = {
routers.tuwunel = {
rule = "Host(`matrix.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "conduit";
service = "tuwunel";
entrypoints = "websecure";
};
# Federation endpoint on base domain
routers.conduit-federation = {
routers.tuwunel-federation = {
rule = "Host(`m3ta.dev`) && PathPrefix(`/_matrix`)";
tls = {
certResolver = "godaddy";
};
service = "conduit";
service = "tuwunel";
entrypoints = "websecure";
};
};