From f9ecf557e3af0e21d6aebda3e97b304576ef13a7 Mon Sep 17 00:00:00 2001 From: noe Date: Fri, 29 Dec 2023 14:31:16 -0500 Subject: [PATCH] ingress: reduce to matrix --- flake.lock | 374 +++++++++----------------- flake.nix | 35 ++- nixos/features/nginx.nix | 2 + nixos/hosts/ingress-proxy/default.nix | 115 ++++---- nixos/hosts/mango/default.nix | 22 ++ 5 files changed, 241 insertions(+), 307 deletions(-) create mode 100644 nixos/hosts/mango/default.nix diff --git a/flake.lock b/flake.lock index cb2e32b..b4342bb 100644 --- a/flake.lock +++ b/flake.lock @@ -20,19 +20,53 @@ "type": "github" } }, - "base16-schemes": { - "flake": false, + "conduit": { + "inputs": { + "crane": "crane", + "fenix": "fenix", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1689473676, - "narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=", - "owner": "tinted-theming", - "repo": "base16-schemes", - "rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789", + "lastModified": 1703432212, + "narHash": "sha256-v/wpbH/xuh9SJjLeCQIDiCeEbyui2WuWvIjOIH+lx80=", + "owner": "famedly", + "repo": "conduit", + "rev": "ca6219723b0d562d86a69824720215f8a1851836", + "type": "gitlab" + }, + "original": { + "owner": "famedly", + "repo": "conduit", + "type": "gitlab" + } + }, + "crane": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": [ + "conduit", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1688772518, + "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", "type": "github" }, "original": { - "owner": "tinted-theming", - "repo": "base16-schemes", + "owner": "ipetkov", + "repo": "crane", "type": "github" } }, @@ -56,25 +90,26 @@ "type": "github" } }, - "firefox-addons": { + "fenix": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "dir": "pkgs/firefox-addons", - "lastModified": 1703661208, - "narHash": "sha256-YCtNeOEx8cH6RUjCk6k/G4h9aC+SCk1lm1MnSbipzxA=", - "owner": "rycee", - "repo": "nur-expressions", - "rev": "e640ba0f3337926052a7bc99f968e3d9ff31a66d", - "type": "gitlab" + "lastModified": 1689488573, + "narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "39096fe3f379036ff4a5fa198950b8e79defe939", + "type": "github" }, "original": { - "dir": "pkgs/firefox-addons", - "owner": "rycee", - "repo": "nur-expressions", - "type": "gitlab" + "owner": "nix-community", + "repo": "fenix", + "type": "github" } }, "flake-compat": { @@ -125,12 +160,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -140,24 +178,6 @@ } }, "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -175,7 +195,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "inputs": { "systems": "systems_3" }, @@ -194,28 +214,6 @@ } }, "gitignore": { - "inputs": { - "nixpkgs": [ - "kde2nix", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -244,11 +242,11 @@ ] }, "locked": { - "lastModified": 1703657526, - "narHash": "sha256-C3fQG/tasnhtfJb0cvXthMDUJ/OLgCKNLqfMuR/M+0k=", + "lastModified": 1703838268, + "narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=", "owner": "nix-community", "repo": "home-manager", - "rev": "d1d950841d230490f308f5fcf8c0d4f2bd3f24a7", + "rev": "2aff324cf65f5f98f89d878c056b779466b17db8", "type": "github" }, "original": { @@ -257,45 +255,6 @@ "type": "github" } }, - "kde2nix": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3", - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1703361984, - "narHash": "sha256-3pZJY6h2OsmLi9iA6vHLYrlOcv3OK4ZCX9ljw66Q5xc=", - "owner": "nix-community", - "repo": "kde2nix", - "rev": "cc627fe32d9283205592574208ae4fcdf93d3414", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "kde2nix", - "type": "github" - } - }, - "nix-colors": { - "inputs": { - "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1695388192, - "narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=", - "owner": "misterio77", - "repo": "nix-colors", - "rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c", - "type": "github" - }, - "original": { - "owner": "misterio77", - "repo": "nix-colors", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1693701915, @@ -314,7 +273,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1701689616, @@ -346,38 +305,7 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1694911725, - "narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "819180647f428a3826bfc917a54449da1e532ce0", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { - "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1703467016, "narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=", @@ -393,7 +321,7 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_2": { "locked": { "lastModified": 1685801374, "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", @@ -409,7 +337,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1703351344, "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=", @@ -425,7 +353,7 @@ "type": "github" } }, - "nixpkgs-stable_5": { + "nixpkgs-stable_4": { "locked": { "lastModified": 1692492726, "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=", @@ -458,38 +386,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1627814220, - "narHash": "sha256-P+MDgdZw2CBk9X1ZZaUgHgN+32pTfLFf3XVIBOXirI4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ab5b6828af26215bf2646c31961da5d3749591ef", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1702319469, - "narHash": "sha256-vxXgbGOmGLr5JUbFZUM/TVYYn/quMTqfFJrx5EXyhbk=", - "owner": "K900", - "repo": "nixpkgs", - "rev": "80878a189a3a7dd9c7253370e2771596936b8a74", - "type": "github" - }, - "original": { - "owner": "K900", - "ref": "qt6ening", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1693714546, "narHash": "sha256-3EMJZeGSZT6pD1eNwI/6Yc0R4rxklNvJ2SDFcsCnjpM=", @@ -505,7 +401,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_3": { "locked": { "lastModified": 1703438236, "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", @@ -521,7 +417,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1703134684, "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", @@ -537,7 +433,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1692463654, "narHash": "sha256-F8hZmsQINI+S6UROM4jyxAMbQLtzE44pI8Nk6NtMdao=", @@ -555,18 +451,18 @@ }, "nixvim": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs-unstable" ], - "pre-commit-hooks": "pre-commit-hooks_2" + "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1703435563, - "narHash": "sha256-BDnoVc9Kvc9wo9lt8GC0kkqwLedP7lnBBdh1UHl4cPw=", + "lastModified": 1703859882, + "narHash": "sha256-wRXgap0eEuswF9xXUKDiWBh0tKuJ9vtmlJZ4iAX3K/E=", "owner": "nix-community", "repo": "nixvim", - "rev": "c11158c73e9a488d803356127a54af8101fc0051", + "rev": "1d8e7906c9606c956c6b40d8d088c8d2110dc0c0", "type": "github" }, "original": { @@ -575,59 +471,16 @@ "type": "github" } }, - "nur": { - "locked": { - "lastModified": 1703663514, - "narHash": "sha256-dNiD2eIzzUavZjOAtUc0oyoXQak2/lH6jKjbdphqbzE=", - "owner": "nix-community", - "repo": "nur", - "rev": "057540a62d095ef5c3728d2d4e57d627570342fb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nur", - "type": "github" - } - }, "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": [ - "kde2nix", - "flake-utils" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "kde2nix", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1702290759, - "narHash": "sha256-DUPtcei6GJlrC05Y3cqwLLSst+sp07334aAZw4Uk118=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "f99ed8523fc3aef67a7c838ca31f4b94ef902837", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_2": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", - "gitignore": "gitignore_2", + "flake-utils": "flake-utils_3", + "gitignore": "gitignore", "nixpkgs": [ "nixvim", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1702456155, @@ -646,21 +499,35 @@ "root": { "inputs": { "apple-silicon": "apple-silicon", + "conduit": "conduit", "darwin": "darwin", - "firefox-addons": "firefox-addons", "home-manager": "home-manager", - "kde2nix": "kde2nix", - "nix-colors": "nix-colors", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", - "nur": "nur", "sops-nix": "sops-nix", "sops-nix-darwin": "sops-nix-darwin" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1689441253, + "narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "flake": false, "locked": { @@ -677,10 +544,37 @@ "type": "github" } }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "conduit", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688351637, + "narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f9b92316727af9e6c7fee4a761242f7f46880329", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1703387502, @@ -698,8 +592,8 @@ }, "sops-nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_7", - "nixpkgs-stable": "nixpkgs-stable_5" + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { "lastModified": 1692658736, diff --git a/flake.nix b/flake.nix index bb4beb2..e533325 100644 --- a/flake.nix +++ b/flake.nix @@ -21,35 +21,41 @@ apple-silicon.url = "github:tpwrules/nixos-apple-silicon"; # KDE Plasma 6+ - kde2nix.url = "github:nix-community/kde2nix"; + #kde2nix.url = "github:nix-community/kde2nix"; # Secrets sops-nix.url = "github:Mic92/sops-nix"; sops-nix-darwin.url = "github:Kloenk/sops-nix?ref=darwin"; # Fancy stuff - nix-colors.url = "github:misterio77/nix-colors"; + #nix-colors.url = "github:misterio77/nix-colors"; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - nur.url = "github:nix-community/nur"; - firefox-addons.url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + #nur.url = "github:nix-community/nur"; + #firefox-addons.url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; # Pro gamer move nixos-generators.url = "github:nix-community/nixos-generators"; + + # Server tools + conduit = { + url = "gitlab:famedly/conduit"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; nixConfig = { - extra-substituters = [ - "https://nix-community.cachix.org" - "https://0uptime.cachix.org" - ]; + #extra-substituters = [ + # "https://nix-community.cachix.org" + # "https://0uptime.cachix.org" + #]; - extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE=" - ]; + #extra-trusted-public-keys = [ + # "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + # "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE=" + #]; }; outputs = { self, nixpkgs, home-manager, ... }@inputs: @@ -138,8 +144,9 @@ drone = mkNixos [ ./nixos/hosts/drone ]; # Lab - ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; - lab-alpha = mkNixos [ ./nixos/hosts/lab-alpha ]; + ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy + lab-alpha = mkNixos [ ./nixos/hosts/lab-alpha ]; # what the mia doin + mango = mkNixos [ ./nixos/hosts/mango ]; # Matrix (mx.sapphic.engineer) }; darwinConfigurations = { diff --git a/nixos/features/nginx.nix b/nixos/features/nginx.nix index 40f684a..e98a13a 100644 --- a/nixos/features/nginx.nix +++ b/nixos/features/nginx.nix @@ -14,6 +14,8 @@ defaults.email = "acme@kat.cafe"; }; + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; diff --git a/nixos/hosts/ingress-proxy/default.nix b/nixos/hosts/ingress-proxy/default.nix index 0f6416d..3e2f031 100644 --- a/nixos/hosts/ingress-proxy/default.nix +++ b/nixos/hosts/ingress-proxy/default.nix @@ -1,54 +1,5 @@ -{ lib, ... }: let - tsHost = x: "http://${x}.hoki-porgy.ts.net"; - - aliases = x: { serverAliases = x; }; - - routes = [ - { - host = "warme.st"; - target = tsHost "honeydew"; - extra = aliases [ "colde.st" ]; - } - { - host = "saerro.ps2.live"; - target = tsHost "durian"; - extra = aliases [ "agg.ps2.live" "metagame.ps2.live" ]; - } - { - host = "mx.sapphic.engineer"; - target = tsHost "mango"; - extra = aliases [ "i.mx.sapphic.engineer" ]; - } - { - host = "static-sites.foxxolay.net"; - target = tsHost "juniper"; - extra = aliases [ - "mekanoe.com" - "foxxolay.com" - "foxxolay.net" - "inaayoka.com" - "kat.cafe" - ]; - } - { - host = "ml.colde.st"; - target = tsHost "lab-alpha"; - extra = {}; - } - ]; - - proxyConfig = { - forceSSL = true; - #useHTTP3 = true; - #useHTTP2 = true; - enableACME = true; - }; - - virtualHosts = { - "m.la.mekanoe.com" = { - locations."/".proxyPass = tsHost "lab-alpha"; - } // proxyConfig; - }; +{ lib, pkgs, ... }: let + tsHost = x: "http://${x}.hoki-porgy.ts.net"; in { imports = [ ../../templates/proxmox-lxc.nix @@ -60,9 +11,67 @@ in { networking.hostName = "ingress-proxy"; system.stateVersion = "24.05"; nixpkgs.hostPlatform = "x86_64-linux"; + + networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; + networking.firewall.allowedUDPPorts = [ 80 443 8448 ]; services.nginx = { - inherit virtualHosts; - recommendedTlsSettings = true; + recommendedTlsSettings = true; + virtualHosts = { + # Matrix (main) + "mx.sapphic.engineer" = { + forceSSL = true; + enableACME = true; + + listen = [ + { addr = "0.0.0.0"; port = 443; ssl = true; } + { addr = "[::]"; port = 443; ssl = true; } + { addr = "0.0.0.0"; port = 8448; ssl = true; } + { addr = "[::]"; port = 8448; ssl = true; } + ]; + + locations."/_matrix/" = { + proxyPass = "${tsHost "mango"}:6167"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffering off; + ''; + }; + + extraConfig = '' + merge_slashes off; + ''; + }; + + # Generic store for /.well-known/ paths. + "well-known.sapphic.engineer" = { + forceSSL = true; + enableACME = true; + + locations."=/.well-known/matrix/server" = { + alias = pkgs.writeText "well-known-matrix-server" builtins.toJSON { + "m.server" = "mx.sapphic.engineer"; + }; + extraConfig = '' + default_type application/json; + ''; + }; + + locations."=/.well-known/matrix/client" = { + alias = pkgs.writeText "well-known-matrix-client" builtins.toJSON { + "m.homeserver" = { + base_url = "https://mx.sapphic.engineer"; + }; + }; + + extraConfig = '' + default_type application/json; + add_header Access-Control-Allow-Origin "*"; + ''; + }; + }; + }; }; + } diff --git a/nixos/hosts/mango/default.nix b/nixos/hosts/mango/default.nix new file mode 100644 index 0000000..ed74d25 --- /dev/null +++ b/nixos/hosts/mango/default.nix @@ -0,0 +1,22 @@ +{ inputs, pkgs, config, ... }: { + imports = [ + ../../templates/proxmox-lxc.nix + ../../server.nix + ../../features/dns-cache.nix + ]; + + networking.hostName = "mango"; + system.stateVersion = "24.05"; + nixpkgs.hostPlatform = "x86_64-linux"; + + networking.firewall.allowedTCPPorts = [ config.services.matrix-conduit.settings.global.port ]; + networking.firewall.allowedUDPPorts = [ config.services.matrix-conduit.settings.global.port ]; + + services.matrix-conduit = { + enable = true; + package = inputs.conduit.packages.${pkgs.system}.default; + settings.global = { + server_name = "sapphic.engineer"; + }; + }; +}