Merge pull request #336 from NixOS/matrix-synapse

matrix-synapse: init on caliban
NixOS · May 20, 2024 · 382d0c9 · 382d0c9
2 parents a4b2352 + 4645d26
commit 382d0c9
Show file tree

Hide file tree

Showing 13 changed files with 438 additions and 25 deletions.
diff --git a/delft/pluto/prometheus/default.nix b/delft/pluto/prometheus/default.nix
@@ -12,6 +12,7 @@
     ./exporters/github.nix
     ./exporters/hydra.nix
     ./exporters/json.nix
+    ./exporters/matrix-synapse.nix
     ./exporters/nixos.nix
     ./exporters/node.nix
     ./exporters/packet-sd.nix

diff --git a/delft/pluto/prometheus/exporters/matrix-synapse.nix b/delft/pluto/prometheus/exporters/matrix-synapse.nix
@@ -0,0 +1,11 @@
+{
+  services.prometheus.scrapeConfigs = [ {
+    job_name = "matrix_synapse";
+    scheme = "https";
+    static_configs = [ {
+      targets = [
+        "matrix.nixos.org:443"
+      ];
+    } ];
+  } ];
+}
diff --git a/non-critical-infra/flake.lock b/non-critical-infra/flake.lock
diff --git a/non-critical-infra/hosts/caliban.nixos.org/default.nix b/non-critical-infra/hosts/caliban.nixos.org/default.nix
@@ -8,6 +8,8 @@
       inputs.srvos.nixosModules.hardware-hetzner-online-amd
       ../../modules/first-time-contribution-tagger.nix
       ../../modules/backup.nix
+      ../../modules/element-web.nix
+      ../../modules/matrix-synapse.nix
       ../../modules/vaultwarden.nix
     ];
 

diff --git a/non-critical-infra/modules/backup.nix b/non-critical-infra/modules/backup.nix
@@ -1,10 +1,24 @@
 { lib
 , config
+, pkgs
 , ...
 }:
 
 let
   cfg = config.services.backup;
+
+  mkZfsPreHook = mountpoint: ''
+    DATASET="$(findmnt -nr -o source "${mountpoint}")"
+    zfs snapshot -r "$DATASET@borg"
+
+    # https://github.com/borgbackup/borg/issues/6652
+    ls ${mountpoint}/.zfs/snapshot/borg/ > /dev/null
+  '';
+
+  mkZfsPostHook = mountpoint: ''
+    DATASET="$(findmnt -nr -o source "${mountpoint}")"
+    zfs destroy -r "$DATASET@borg"
+  '';
 in
 {
   options.services.backup = with lib; with types; {
@@ -71,6 +85,13 @@ in
         Paths to include in the backup.
       '';
     };
+    includesZfsDatasets = mkOption {
+      type = listOf str;
+      default = [];
+      description = ''
+        ZFS datasets referenced by mountpoint to snapshot and include
+      '';
+    };
 
     excludes = mkOption {
       type = listOf path;
@@ -105,14 +126,19 @@ in
     };
   };
 
-  config = lib.mkIf (cfg.includes != []) {
+  config = lib.mkIf (cfg.includes != [] || cfg.includesZfsDatasets != []) {
     programs.ssh.knownHosts."${if cfg.port != 22 then "[${cfg.host}]:${cfg.port}" else cfg.host}" = {
       publicKey = "${cfg.hostPublicKey}";
     };
 
     systemd.services.borgbackup-job-state = {
       wants = cfg.wantedUnits;
       after = cfg.wantedUnits;
+
+      path = lib.optionals (cfg.includesZfsDatasets != []) [
+        config.boot.zfs.package
+        pkgs.util-linux
+      ];
     };
 
     systemd.timers.borgbackup-job-state.timerConfig = {
@@ -122,7 +148,8 @@ in
     };
 
     services.borgbackup.jobs.state = {
-      inherit (cfg) preHook postHook;
+      preHook = lib.concatMapStringsSep "\n" mkZfsPreHook cfg.includesZfsDatasets;
+      postHook = lib.concatMapStringsSep "\n" mkZfsPostHook cfg.includesZfsDatasets;
 
       # Create the repo
       doInit = true;
@@ -136,11 +163,12 @@ in
       };
 
       # What to backup
-      paths = cfg.includes;
+      paths = cfg.includes ++
+        (map (mp: "${mp}/.zfs/snapshot/borg") cfg.includesZfsDatasets);
       exclude = cfg.excludes;
 
       # Where to backup it to
-      repo = "${cfg.user}@${cfg.host}:${config.networking.fqdn}/repo";
+      repo = "${cfg.user}@${cfg.host}:${config.networking.fqdn}";
       environment.BORG_RSH = "ssh -p ${cfg.port} -i ${cfg.sshKey}";
 
       # Ensure we don't fill up the destination disk

diff --git a/non-critical-infra/modules/element-web.nix b/non-critical-infra/modules/element-web.nix
@@ -0,0 +1,65 @@
+{ pkgs, ... }:
+let
+  domainName = "chat.nixos.org";
+
+  # https://github.com/element-hq/element-web/blob/develop/config.sample.json
+  elementWebConfig = {
+    default_server_config = {
+      "m.homeserver" = {
+        base_url = "https://matrix.nixos.org";
+        server_name = "nixos.org";
+      };
+      "m.identity_server" = {
+        base_url = "https://vector.im";
+      };
+    };
+    disable_custom_urls = false;
+    disable_guests = false;
+    disable_login_language_selector = false;
+    disable_3pid_login = false;
+    brand = "Element";
+    integrations_ui_url = "https://scalar.vector.im/";
+    integrations_rest_url = "https://scalar.vector.im/api";
+    integrations_widgets_urls = [
+      "https://scalar.vector.im/_matrix/integrations/v1"
+      "https://scalar.vector.im/api"
+      "https://scalar-staging.vector.im/_matrix/integrations/v1"
+      "https://scalar-staging.vector.im/api"
+      "https://scalar-staging.riot.im/scalar/api"
+    ];
+    integrations_jitsi_widget_url = "https://scalar.vector.im/api/widgets/jitsi.html";
+    bug_report_endpoint_url = "https://riot.im/bugreports/submit";
+    default_country_code = "GB";
+    show_labs_settings = true;
+    features = { };
+    default_federate = true;
+    default_theme = "light";
+    roomDirectory = {
+      servers = [ ];
+    };
+    settingDefaults = {
+      breadcrumbs = true;
+    };
+    jitsi = {
+      preferred_domain = "meet.element.io";
+    };
+    element_call = {
+      url = "https://call.element.io";
+      participant_limit = 8;
+      brand = "Element Call";
+    };
+    map_style_url = "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";
+  };
+in
+{
+  security.acme.certs."${domainName}".reloadServices = [ "nginx.service" ];
+
+  services.nginx.virtualHosts."${domainName}" = {
+    enableACME = true;
+    forceSSL = true;
+
+    root = pkgs.element-web.override (old: {
+      conf = elementWebConfig;
+    });
+  };
+}