Change a lot, mostly adding 3 Minecraft servers and Velocity

2024-08-30 01:17:50 -04:00 · 2024-08-30 01:17:50 -04:00 · c6accc294d
commit c6accc294d
parent 1d3c95e680
37 changed files with 1732 additions and 200 deletions
--- a/nixos/server/synapse.nix
+++ b/nixos/server/synapse.nix
@ -1,13 +1,11 @@
-{pkgs, config, ...}: let
-  secrets = import ../modules/secrets.nix;
-in {
+{pkgs, outputs, config, ...}: {
  services = {
    # Synapse Matrix server
    matrix-synapse = with config.services.coturn; {
      enable = true;
      settings = {
-        server_name = "${secrets.jimDomain}";
-        public_baseurl = "https://matrix.${secrets.jimDomain}";
+        server_name = "${outputs.secrets.jimDomain}";
+        public_baseurl = "https://matrix.${outputs.secrets.jimDomain}";
        suppress_key_server_warning = true;

        # Set the network config
@ -23,10 +21,10 @@ in {

        # Enable smtp for password resets
        email = {
-          notif_from = "Jimbo's Matrix <noreply@${secrets.jimDomain}>";
-          smtp_host = "mx.${secrets.jimDomain}";
-          smtp_user = "noreply@${secrets.jimDomain}";
-          smtp_pass = secrets.noreplyPassword;
+          notif_from = "Jimbo's Matrix <noreply@${outputs.secrets.jimDomain}>";
+          smtp_host = "mx.${outputs.secrets.jimDomain}";
+          smtp_user = "noreply@${outputs.secrets.jimDomain}";
+          smtp_pass = outputs.secrets.noreplyPassword;
          enable_tls = true;
          smtp_port = 587;
          require_transport_security = true;
@ -61,8 +59,8 @@ in {

        # Turn settings
        turn_uris = [
-          "turn:turn.${secrets.jimDomain}:3478?transport=udp"
-          "turn:turn.${secrets.jimDomain}:3478?transport=tcp"
+          "turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp"
+          "turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp"
        ];
        turn_shared_secret = static-auth-secret;
        turn_user_lifetime = "1h";
@ -75,12 +73,12 @@ in {
    # Sliding sync proxy for Matrix
    matrix-sliding-sync = let
      matrixSecretFile = pkgs.writeText "matrixsecret" ''
-        SYNCV3_SECRET=${secrets.matrixSecret}
+        SYNCV3_SECRET=${outputs.secrets.matrixSecret}
      '';
    in {
      enable = true;
      settings = {
-        SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}";
+        SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}";
        SYNCV3_BINDADDR = "0.0.0.0:8009";
      };
      environmentFile = "${matrixSecretFile}";
@ -95,14 +93,14 @@ in {
      max-port = 50000;
      use-auth-secret = true;
      static-auth-secret = "will be world readable for local users :(";
-      realm = "turn.${secrets.jimDomain}";
-      cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
-      pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
+      realm = "turn.${outputs.secrets.jimDomain}";
+      cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
+      pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
    };

    # Nginx
    nginx.virtualHosts = {
-      "matrix.${secrets.jimDomain}" = {
+      "matrix.${outputs.secrets.jimDomain}" = {
        enableACME = true;
        forceSSL = true;
        locations = {
@ -113,7 +111,7 @@ in {
           "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
        };
      };
-      "turn.${secrets.jimDomain}" = {
+      "turn.${outputs.secrets.jimDomain}" = {
        enableACME = true;
        forceSSL = true;
        listen = [