From 34277bcafb5a3ec0c2f94217d3babda02dce8b2b Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Wed, 15 Jan 2025 23:45:18 -0500 Subject: [PATCH] Infini-DL360/conduwuit: unvendor and replace with nixpkgs module Does move the data directory back to /var/lib/conduwuit --- hosts/Infini-DL360/conduwuit.nix | 5 +- modules/vendored/conduit.nix | 175 ------------------------------- 2 files changed, 2 insertions(+), 178 deletions(-) delete mode 100644 modules/vendored/conduit.nix diff --git a/hosts/Infini-DL360/conduwuit.nix b/hosts/Infini-DL360/conduwuit.nix index d59d6ad..7f12735 100644 --- a/hosts/Infini-DL360/conduwuit.nix +++ b/hosts/Infini-DL360/conduwuit.nix @@ -1,13 +1,12 @@ { config, common, inputs, ... }: let domain = common.subdomain "matrix"; - cfg = config.services.matrix-conduit; + cfg = config.services.conduwuit; host = "http://localhost:${toString cfg.settings.global.port}"; in { - services.matrix-conduit = { + services.conduwuit = { enable = true; - dataDir = "/srv/conduit"; package = inputs.conduwuit.packages.x86_64-linux.default; settings = { global = { diff --git a/modules/vendored/conduit.nix b/modules/vendored/conduit.nix deleted file mode 100644 index 1d4ddd8..0000000 --- a/modules/vendored/conduit.nix +++ /dev/null @@ -1,175 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.matrix-conduit; - - format = pkgs.formats.toml { }; - configFile = format.generate "conduit.toml" cfg.settings; -in -{ - disabledModules = [ "services/matrix/conduit.nix" ]; - - options.services.matrix-conduit = { - enable = mkEnableOption "matrix-conduit"; - - dataDir = mkOption { - type = types.path; - description = "The directory to store conduit data in"; - default = "/var/lib/matrix-conduit/"; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - description = "Extra Environment variables to pass to the conduit server."; - default = { }; - example = { RUST_BACKTRACE = "yes"; }; - }; - - package = mkPackageOption pkgs "matrix-conduit" { }; - - settings = mkOption { - type = types.submodule { - freeformType = format.type; - options = { - global.server_name = mkOption { - type = types.str; - example = "example.com"; - description = "The server_name is the name of this server. It is used as a suffix for user # and room ids."; - }; - global.port = mkOption { - type = types.port; - default = 6167; - description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port"; - }; - global.max_request_size = mkOption { - type = types.ints.positive; - default = 20000000; - description = "Max request size in bytes. Don't forget to also change it in the proxy."; - }; - global.allow_registration = mkOption { - type = types.bool; - default = false; - description = "Whether new users can register on this server."; - }; - global.allow_encryption = mkOption { - type = types.bool; - default = true; - description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work."; - }; - global.allow_federation = mkOption { - type = types.bool; - default = true; - description = '' - Whether this server federates with other servers. - ''; - }; - global.trusted_servers = mkOption { - type = types.listOf types.str; - default = [ "matrix.org" ]; - description = "Servers trusted with signing server keys."; - }; - global.address = mkOption { - type = types.str; - default = "::1"; - description = "Address to listen on for connections by the reverse proxy/tls terminator."; - }; - global.database_path = mkOption { - type = types.str; - default = cfg.dataDir; - readOnly = true; - description = '' - Path to the conduit database, the directory where conduit will save its data. - Note that due to using the DynamicUser feature of systemd, this value should not be changed - and is set to be read only. - ''; - }; - global.database_backend = mkOption { - type = types.enum [ "sqlite" "rocksdb" ]; - default = "sqlite"; - example = "rocksdb"; - description = '' - The database backend for the service. Switching it on an existing - instance will require manual migration of data. - ''; - }; - global.allow_check_for_updates = mkOption { - type = types.bool; - default = false; - description = '' - Whether to allow Conduit to automatically contact - hourly to check for important Conduit news. - - Disabled by default because nixpkgs handles updates. - ''; - }; - }; - }; - default = { }; - description = '' - Generates the conduit.toml configuration file. Refer to - - for details on supported values. - Note that database_path can not be edited because the service's reliance on systemd StateDir. - ''; - }; - }; - - config = mkIf cfg.enable { - users.users.conduit = { - group = "conduit"; - isSystemUser = true; - }; - - users.groups.conduit = { }; - - systemd.tmpfiles.settings."10-conduit" = { - ${cfg.dataDir}.d = { - user = "conduit"; - group = "conduit"; - mode = "0700"; - }; - }; - - systemd.services.conduit = { - description = "Conduit Matrix Server"; - documentation = [ "https://gitlab.com/famedly/conduit/" ]; - wantedBy = [ "multi-user.target" ]; - environment = lib.mkMerge ([ - { CONDUIT_CONFIG = configFile; } - cfg.extraEnvironment - ]); - serviceConfig = { - User = "conduit"; - Group = "conduit"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateUsers = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - ]; - WorkingDirectory = cfg.dataDir; - ReadWritePaths = cfg.dataDir; - ExecStart = lib.getExe' cfg.package "conduit"; - Restart = "on-failure"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - }; - }; - }; -}