diff --git a/hosts/sakura/services/authelia.nix b/hosts/sakura/services/authelia.nix
deleted file mode 100644
index 1e9f901..0000000
--- a/hosts/sakura/services/authelia.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{config, ...}: {
- networking.firewall.allowedTCPPorts = [9091];
- sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
- sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
- services.authelia.instances.default = {
- enable = true;
- secrets = {
- jwtSecretFile = config.sops.secrets.authelia-jwt.path;
- storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
- };
- settings = let
- pqdn = "notohh.dev";
- in {
- log.level = "debug";
- theme = "dark";
- default_2fa_method = "totp";
- default_redirection_url = "https://passport.${pqdn}/";
- authentication_backend = {
- file.path = "/var/lib/authelia-default/user.yml";
- };
- session = {
- domain = pqdn;
- expiration = 3600;
- inactivity = 300;
- };
- totp = {
- issuer = "authelia.com";
- disable = false;
- algorithm = "sha1";
- digits = 6;
- period = 30;
- skew = 1;
- secret_size = 32;
- };
- server = {
- host = "0.0.0.0";
- port = 9091;
- };
- access_control = {
- default_policy = "deny";
- rules = [
- {
- domain = pqdn;
- policy = "bypass";
- }
- ];
- };
- regulation = {
- max_retries = 3;
- find_time = 120;
- ban_time = 300;
- };
- notifier.filesystem = {
- filename = "/var/lib/authelia-default/notif.txt";
- };
- storage.postgres = let
- dbInfo = "authelia";
- in {
- host = "192.168.1.211";
- port = 5432;
- database = dbInfo;
- schema = "public";
- username = dbInfo;
- password = dbInfo;
- };
- };
- };
-}
diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix
index 8405898..8fff035 100644
--- a/hosts/sakura/services/default.nix
+++ b/hosts/sakura/services/default.nix
@@ -1,15 +1,15 @@
{...}: {
imports = [
./restic.nix
- # ./authelia.nix
./forgejo.nix
./rustypaste.nix
- # ./hedgedoc.nix
./grafana.nix
./vaultwarden.nix
./tailscale.nix
./rustlog.nix
./wastebin.nix
./ganymede.nix
+ ./immich-proxy.nix
+ ./matrix.nix
];
}
diff --git a/hosts/sakura/services/grafana.nix b/hosts/sakura/services/grafana.nix
index 251f8a7..53b1cec 100644
--- a/hosts/sakura/services/grafana.nix
+++ b/hosts/sakura/services/grafana.nix
@@ -25,7 +25,7 @@ in {
ssl_mode = "disable";
};
panels = {
- disable_sanitize_html = false;
+ disable_sanitize_html = true;
enable_alpha = true;
};
};
diff --git a/hosts/sakura/services/hedgedoc.nix b/hosts/sakura/services/hedgedoc.nix
deleted file mode 100644
index 66f03ba..0000000
--- a/hosts/sakura/services/hedgedoc.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-_: {
- services.hedgedoc = {
- enable = true;
- settings = {
- port = 3300;
- domain = "scratch.flake.sh";
- host = "100.121.201.47";
- allowOrigin = ["scratch.flake.sh"];
- allowAnonymous = true;
- allowFreeURL = true;
- allowEmailRegister = false;
- dbURL = "postgres://hedgedoc:hedgedoc@192.168.1.211:5432/hedgedoc";
- };
- };
-}
diff --git a/hosts/sakura/services/matrix.nix b/hosts/sakura/services/matrix.nix
new file mode 100644
index 0000000..f687727
--- /dev/null
+++ b/hosts/sakura/services/matrix.nix
@@ -0,0 +1,29 @@
+{pkgs, ...}: {
+ networking.firewall.allowedTCPPorts = [6167 8448];
+ services.matrix-conduit = {
+ enable = true;
+ package = pkgs.conduwuit;
+ settings = {
+ global = {
+ address = "0.0.0.0";
+ server_name = "matrix.flake.sh";
+ allow_registration = false;
+ allow_federation = true;
+ allow_encryption = true;
+ max_concurrent_requests = 100;
+ max_request_size = 20000000;
+ database_backend = "rocksdb";
+ enable_lightning_bolt = false;
+ trusted_servers = ["matrix.org"];
+ url_preview_domain_contains_allowlist = ["*"];
+ new_user_displayname_suffix = "";
+ # yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
+ log = "info";
+ well_known = {
+ client = "https://matrix.flake.sh";
+ server = "matrix.flake.sh:443";
+ };
+ };
+ };
+ };
+}