diff --git a/flake.lock b/flake.lock index 6f6d124..bf64851 100644 --- a/flake.lock +++ b/flake.lock @@ -151,61 +151,6 @@ "type": "github" } }, - "complement": { - "flake": false, - "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", - "owner": "girlbossceo", - "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "main", - "repo": "complement", - "type": "github" - } - }, - "conduwuit": { - "inputs": { - "attic": [ - "blank" - ], - "cachix": [ - "blank" - ], - "complement": "complement", - "crane": "crane", - "fenix": "fenix", - "flake-compat": [ - "blank" - ], - "flake-utils": [ - "flake-utils" - ], - "liburing": "liburing", - "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ], - "rocksdb": "rocksdb" - }, - "locked": { - "lastModified": 1744169934, - "narHash": "sha256-5YyHmPUUrXXrczWayji9327knihVTKnmjX+vX6+p6d0=", - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "d8311a5ff672fdc4729d956af5e3af8646b0670d", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "repo": "conduwuit", - "type": "github" - } - }, "copyparty": { "inputs": { "flake-utils": [ @@ -230,22 +175,6 @@ } }, "crane": { - "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "inputs": { "nixpkgs": [ "universe-cli", @@ -328,29 +257,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1740724364, - "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", - "owner": "nix-community", - "repo": "fenix", - "rev": "edf7d9e431cda8782e729253835f178a356d3aab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "main", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "locked": { "lastModified": 1746162366, @@ -570,23 +476,6 @@ "type": "github" } }, - "liburing": { - "flake": false, - "locked": { - "lastModified": 1740613216, - "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", - "owner": "axboe", - "repo": "liburing", - "rev": "e1003e496e66f9b0ae06674869795edf772d5500", - "type": "github" - }, - "original": { - "owner": "axboe", - "ref": "master", - "repo": "liburing", - "type": "github" - } - }, "lix": { "inputs": { "flake-compat": [ @@ -684,22 +573,6 @@ "type": "github" } }, - "nix-filter": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "main", - "repo": "nix-filter", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -960,30 +833,12 @@ "type": "github" } }, - "rocksdb": { - "flake": false, - "locked": { - "lastModified": 1741308171, - "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", - "owner": "girlbossceo", - "repo": "rocksdb", - "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "v9.11.1", - "repo": "rocksdb", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "agenix-rekey": "agenix-rekey", "authentik-nix": "authentik-nix", "blank": "blank", - "conduwuit": "conduwuit", "copyparty": "copyparty", "devshell": "devshell", "disko": "disko", @@ -1017,23 +872,6 @@ "vencord": "vencord" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1740691488, - "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -1122,7 +960,7 @@ }, "universe-cli": { "inputs": { - "crane": "crane_2", + "crane": "crane", "devshell": [ "devshell" ], diff --git a/flake.nix b/flake.nix index 66fb14d..a1bb07f 100644 --- a/flake.nix +++ b/flake.nix @@ -57,9 +57,6 @@ ## Neovim nixvim.url = "github:nix-community/nixvim"; - ## Conduwuit - conduwuit.url = "github:girlbossceo/conduwuit"; - ## Vencord vencord = { url = "github:Vendicated/Vencord"; @@ -98,11 +95,6 @@ authentik-nix.inputs.nixpkgs.follows = "nixpkgs"; authentik-nix.inputs.poetry2nix.inputs.treefmt-nix.follows = "treefmt-nix"; authentik-nix.inputs.systems.follows = "systems"; - conduwuit.inputs.attic.follows = "blank"; - conduwuit.inputs.cachix.follows = "blank"; - conduwuit.inputs.flake-compat.follows = "blank"; - conduwuit.inputs.flake-utils.follows = "flake-utils"; - conduwuit.inputs.nixpkgs.follows = "nixpkgs"; copyparty.inputs.flake-utils.follows = "flake-utils"; copyparty.inputs.nixpkgs.follows = "nixpkgs"; devshell.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/global/caches/conduwuit.nix b/modules/global/caches/conduwuit.nix deleted file mode 100644 index 523b51e..0000000 --- a/modules/global/caches/conduwuit.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - nix.settings = { - substituters = [ - #"https://attic.kennel.juneis.dog/conduwuit" - ]; - trusted-public-keys = [ - #"conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=" - ]; - }; -} diff --git a/modules/vendored/conduwuit.nix b/modules/vendored/conduwuit.nix deleted file mode 100644 index 3357f43..0000000 --- a/modules/vendored/conduwuit.nix +++ /dev/null @@ -1,264 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.services.conduwuit-vendor; - defaultUser = "conduwuit"; - defaultGroup = "conduwuit"; - - format = pkgs.formats.toml { }; - configFile = format.generate "conduwuit.toml" cfg.settings; -in -{ - options.services.conduwuit-vendor = { - enable = lib.mkEnableOption "conduwuit"; - - user = lib.mkOption { - type = lib.types.nonEmptyStr; - description = '' - The user {command}`conduwuit` is run as. - ''; - default = defaultUser; - }; - - group = lib.mkOption { - type = lib.types.nonEmptyStr; - description = '' - The group {command}`conduwuit` is run as. - ''; - default = defaultGroup; - }; - - extraEnvironment = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - description = "Extra Environment variables to pass to the conduwuit server."; - default = { }; - example = { - RUST_BACKTRACE = "yes"; - }; - }; - - package = lib.mkPackageOption pkgs "conduwuit" { }; - - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = format.type; - options = { - global.server_name = lib.mkOption { - type = lib.types.nonEmptyStr; - example = "example.com"; - description = "The server_name is the name of this server. It is used as a suffix for user and room ids."; - }; - global.address = lib.mkOption { - type = lib.types.nullOr (lib.types.listOf lib.types.nonEmptyStr); - default = null; - example = [ - "127.0.0.1" - "::1" - ]; - description = '' - Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator. - If set to `null`, conduwuit will listen on IPv4 and IPv6 localhost. - Must be `null` if `unix_socket_path` is set. - ''; - }; - global.port = lib.mkOption { - type = lib.types.listOf lib.types.port; - default = [ 6167 ]; - description = '' - The port(s) conduwuit will be running on. - You need to set up a reverse proxy in your web server (e.g. apache or nginx), - so all requests to /_matrix on port 443 and 8448 will be forwarded to the conduwuit - instance running on this port. - ''; - }; - global.unix_socket_path = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - Listen on a UNIX socket at the specified path. If listening on a UNIX socket, - listening on an address will be disabled. The `address` option must be set to - `null` (the default value). The option {option}`services.conduwuit.group` must - be set to a group your reverse proxy is part of. - - This will automatically add a system user "conduwuit" to your system if - {option}`services.conduwuit.user` is left at the default, and a "conduwuit" - group if {option}`services.conduwuit.group` is left at the default. - ''; - }; - global.unix_socket_perms = lib.mkOption { - type = lib.types.ints.positive; - default = 660; - description = "The default permissions (in octal) to create the UNIX socket with."; - }; - global.max_request_size = lib.mkOption { - type = lib.types.ints.positive; - default = 20000000; - description = "Max request size in bytes. Don't forget to also change it in the proxy."; - }; - global.allow_registration = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether new users can register on this server. - - Registration with token requires `registration_token` or `registration_token_file` to be set. - - If set to true without a token configured, and - `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` - is set to true, users can freely register. - ''; - }; - global.allow_encryption = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work."; - }; - global.allow_federation = lib.mkOption { - type = lib.types.bool; - default = true; - description = '' - Whether this server federates with other servers. - ''; - }; - global.trusted_servers = lib.mkOption { - type = lib.types.listOf lib.types.nonEmptyStr; - default = [ "matrix.org" ]; - description = '' - Servers listed here will be used to gather public keys of other servers - (notary trusted key servers). - - Currently, conduwuit doesn't support inbound batched key requests, so - this list should only contain other Synapse servers. - - Example: `[ "matrix.org" "constellatory.net" "tchncs.de" ]` - ''; - }; - global.database_path = lib.mkOption { - readOnly = true; - type = lib.types.path; - default = "/var/lib/conduwuit/"; - description = '' - Path to the conduwuit database, the directory where conduwuit will save its data. - Note that database_path cannot be edited because of the service's reliance on systemd StateDir. - ''; - }; - global.allow_check_for_updates = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - If enabled, conduwuit will send a simple GET request periodically to - for any new announcements made. - Despite the name, this is not an update check endpoint, it is simply an announcement check endpoint. - - Disabled by default. - ''; - }; - }; - }; - default = { }; - # TOML does not allow null values, so we use null to omit those fields - apply = lib.filterAttrsRecursive (_: v: v != null); - description = '' - Generates the conduwuit.toml configuration file. Refer to - - for details on supported values. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = !(cfg.settings ? global.unix_socket_path) || !(cfg.settings ? global.address); - message = '' - In `services.conduwuit.settings.global`, `unix_socket_path` and `address` cannot be set at the - same time. - Leave one of the two options unset or explicitly set them to `null`. - ''; - } - { - assertion = cfg.user != defaultUser -> config ? users.users.${cfg.user}; - message = "If `services.conduwuit.user` is changed, the configured user must already exist."; - } - { - assertion = cfg.group != defaultGroup -> config ? users.groups.${cfg.group}; - message = "If `services.conduwuit.group` is changed, the configured group must already exist."; - } - ]; - - users.users = lib.mkIf (cfg.user == defaultUser) { - ${defaultUser} = { - group = cfg.group; - home = cfg.settings.global.database_path; - isSystemUser = true; - }; - }; - - users.groups = lib.mkIf (cfg.group == defaultGroup) { - ${defaultGroup} = { }; - }; - - systemd.services.conduwuit = { - description = "Conduwuit Matrix Server"; - documentation = [ "https://conduwuit.puppyirl.gay/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = lib.mkMerge ([ - { CONDUWUIT_CONFIG = configFile; } - cfg.extraEnvironment - ]); - startLimitBurst = 5; - startLimitIntervalSec = 60; - serviceConfig = { - DynamicUser = true; - User = cfg.user; - Group = cfg.group; - - DevicePolicy = "closed"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - PrivateUsers = true; - PrivateIPC = true; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service @resources" - "~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc" - ]; - SystemCallErrorNumber = "EPERM"; - - StateDirectory = "conduwuit"; - StateDirectoryMode = "0700"; - RuntimeDirectory = "conduwuit"; - RuntimeDirectoryMode = "0750"; - - ExecStart = lib.getExe cfg.package; - Restart = "on-failure"; - RestartSec = 10; - }; - }; - }; -}