continuwuity: init

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768068402,
+        "lastModified": 1770818644,
-        "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=",
+        "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c",
+        "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7",
         "type": "github"
       },
       "original": {
@@ -34,11 +34,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1768153577,
+        "lastModified": 1770844822,
-        "narHash": "sha256-iR54iiyM4UtQCfAZVsI/BRwIrDUO1oNeiA1h/Jp+nro=",
+        "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "c65d3c7adfe488122c2c9b7ececb1d7fc893dc5b",
+        "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367",
         "type": "github"
       },
       "original": {
@@ -67,11 +67,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1768150783,
+        "lastModified": 1770735554,
-        "narHash": "sha256-1gtx2la5f8RphvN+BUZuZjiGh25WdO0Hf9+kJKIu3rA=",
+        "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "e9d888cd52f8a783b07e0d6c0ec9a341a81031ca",
+        "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763322257,
+        "lastModified": 1769132082,
-        "narHash": "sha256-eiKNbZXvkB2p/YhM5ltK1CO1znm5Nn2aHLW3Awcqq9g=",
+        "narHash": "sha256-cJVUBVP3qmRO2HGHqj18ChjOSztyo7eqElQJMRpWXw8=",
         "owner": "nix-community",
         "repo": "nixos-avf",
-        "rev": "3fae0a3692b993bc0c40c61138a76fc1455d0b6e",
+        "rev": "d0a62c3f64b45a39570fde31a3a490b214bf19ee",
         "type": "github"
       },
       "original": {
@@ -102,11 +102,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1767185284,
+        "lastModified": 1770631810,
-        "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
+        "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
+        "rev": "2889685785848de940375bf7fea5e7c5a3c8d502",
         "type": "github"
       },
       "original": {
@@ -118,11 +118,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1767892417,
+        "lastModified": 1770562336,
-        "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=",
+        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
+        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
         "type": "github"
       },
       "original": {
@@ -166,11 +166,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768104471,
+        "lastModified": 1770683991,
-        "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=",
+        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004",
+        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
         "type": "github"
       },
       "original": {
@@ -199,11 +199,11 @@
     "xwayland-satellite-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1768106915,
+        "lastModified": 1770583271,
-        "narHash": "sha256-HlLo9zH4ULRXlmlIK948cHmdVhxyHgTHxGaoCRlW4k8=",
+        "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "72245e108f3b03c3c4474d2de9de2d1830849603",
+        "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd",
         "type": "github"
       },
       "original": {

modules/nixos/services/homeserver/caddy.nix

@@ -95,6 +95,10 @@
         import default-settings
         import cloudflare-tls
 
+        handle /.well-known/matrix/* {
+            reverse_proxy unix/${config.services.matrix-continuwuity.settings.global.unix_socket_path}
+        }
+
         respond "{client_ip}"
       '';
     };

modules/nixos/services/homeserver/continuwuity.nix

@@ -0,0 +1,36 @@
+{ config, ... }:
+
+{
+  users.groups.continuwuity.members = [ "caddy" ];
+
+  services.caddy.virtualHosts."matrix.wo2wz.fyi".extraConfig = ''
+    import default-settings
+    import cloudflare-tls
+
+    reverse_proxy unix/${config.services.matrix-continuwuity.settings.global.unix_socket_path}
+  '';
+
+  services.matrix-continuwuity = {
+    enable = true;
+    settings = {
+      global = {
+        address = null;
+        unix_socket_path = "/run/continuwuity/continuwuity.sock";
+        unix_socket_perms = 660;
+
+        server_name = "wo2wz.fyi";
+        well_known = {
+          client = "https://matrix.wo2wz.fyi";
+          server = "matrix.wo2wz.fyi:443";
+        };
+
+        allow_registration = false;
+        allow_encryption = true;
+        allow_federation = true;
+        trusted_servers = [ "matrix.org" ];
+
+        new_user_displayname_suffix = "";
+      };
+    };
+  };
+}

modules/nixos/services/homeserver/default.nix

@@ -6,6 +6,7 @@
     ./restic
     ./caddy.nix
     ./cloudflared.nix
+    ./continuwuity.nix
     ./forgejo.nix
     ./gameserver-caddy.nix
     ./jellyfin.nix

modules/nixos/services/homeserver/kanidm.nix

@@ -47,18 +47,20 @@
   '';
 
   services.kanidm = {
-    enableServer = true;
     package = pkgs.kanidmWithSecretProvisioning_1_8;
 
-    serverSettings = {
+    server = {
-      version = "2";
+      enable = true;
+      settings = {
+        version = "2";
 
-      bindaddress = "127.0.0.1:8004";
+        bindaddress = "127.0.0.1:8004";
-      domain = "kanidm.wo2wz.fyi";
+        domain = "kanidm.wo2wz.fyi";
-      origin = "https://kanidm.wo2wz.fyi";
+        origin = "https://kanidm.wo2wz.fyi";
-      tls_chain = "${config.security.acme.certs."kanidm.wo2wz.fyi".directory}/fullchain.pem";
+        tls_chain = "${config.security.acme.certs."kanidm.wo2wz.fyi".directory}/fullchain.pem";
-      tls_key = "${config.security.acme.certs."kanidm.wo2wz.fyi".directory}/key.pem";
+        tls_key = "${config.security.acme.certs."kanidm.wo2wz.fyi".directory}/key.pem";
-      http_client_address_info.x-forward-for = [ "127.0.0.1" "::1" ];
+        http_client_address_info.x-forward-for = [ "127.0.0.1" "::1" ];
+      };
     };
 
     provision = {
@@ -151,7 +153,9 @@
       };
     };
 
-    enableClient = true;
+    client = {
-    clientSettings.uri = "https://kanidm.wo2wz.fyi";
+      enable = true;
+      settings.uri = "https://kanidm.wo2wz.fyi";
+    };
   };
 }