diff options
| -rw-r--r-- | ejabberd_kai.nix | 607 | ||||
| -rw-r--r-- | flake.lock | 127 | ||||
| -rw-r--r-- | flake.nix | 8 | ||||
| -rw-r--r-- | services/murmur.nix | 4 |
4 files changed, 702 insertions, 44 deletions
diff --git a/ejabberd_kai.nix b/ejabberd_kai.nix new file mode 100644 index 0000000..aed1acc --- /dev/null +++ b/ejabberd_kai.nix @@ -0,0 +1,607 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.ejabberd; + inherit (config.security.acme) certs; + + runtimeDir = "/run/ejabberd"; + + # wouldn’t it be cool if we could attach extra data? + biboumiCfg = rec { + user = "biboumi"; + group = "biboumi"; + database = { + user = user; + name = "biboumi"; + }; + } // config.services.biboumi; + + fqdn = "toastal.in.th"; + + database = { + name = "ejabberd"; + user = cfg.user; + }; + + ports = { + mqtt = 1883; + c2s = 5222; + c2ss = 5223; + s2s = 5269; + s2ss = 5270; + http = 5280; + https = 5443; + irc = 6667; + ircs = 6697; + proxy65 = 7777; + matrix = 8448; + }; + + pow = lib.fix ( + self: base: power: + if power != 0 + then base * (self base (power - 1)) + else 1 + ); + + ejabberd_config = { + # Use systemd EnvironmentFile + EJABBERD_MACRO_* to define + define_macro = { + BIBOUMI_SECRET = null; + MATRIX_SECRET = null; + TURN_SECRET = null; + }; + loglevel = "notice"; + log_rotate_size = 1 * (pow 2 30); + log_rotate_count = 1; + hide_sensitive_log_data = true; + hosts = [ fqdn ]; + language = "en"; + default_db = "mnesia"; + acme.auto = false; + ca_file = "${config.environment.etc."ssl/certs/ca-certificates.crt".source}"; + certfiles = [ + "${certs.${fqdn}.directory}/*.pem" + ]; + c2s_tls_compression = true; + s2s_access = "s2s"; + s2s_tls_compression = true; + s2s_use_starttls = true; + new_sql_schema = true; + captcha_cmd = "${cfg.package.out}/lib/ejabberd-${cfg.package.version}/priv/bin/captcha.sh"; + captcha_url = "https://xmpp.@HOST@/captcha"; + acl = { + admin = [ + { user = "admin@${fqdn}"; } + { user = "toastal@${fqdn}"; } + ]; + local.user_regexp = ""; + loopback.ip = [ + "127.0.0.1/8" + "::1/128" + ]; + }; + access_rules = { + c2s = { + deny = "blocked"; + allow = "all"; + }; + s2s = { + allow = "all"; + }; + local.allow = "local"; + announce.allow = "admin"; + configure.allow = "admin"; + muc_create.allow = "local"; + pubsub_createnode.allow = "local"; + trusted_network.allow = "loopback"; + }; + api_permissions = { + "console commands" = { + from = [ "ejabberd_ctl" ]; + who = "all"; + what = "*"; + }; + "admin access" = { + who = { + access.allow = [ + { acl = "local"; } + { acl = "admin"; } + ]; + oauth = { + scope = "ejabberd:admin"; + access.allow = [ + { acl = "local"; } + { acl = "admin"; } + ]; + }; + }; + what = [ "*" "!stop" "!start" ]; + }; + "public commands" = { + who.ip = "127.0.0.1/8"; + what = [ "status" "connected_users_number" ]; + }; + }; + shaper = { + normal = { + rate = 3000; + burst_size = 20000; + }; + fast = 100000; + }; + modules = { + mod_adhoc = { }; + mod_admin_extra = { }; + mod_announce = { + access = "announce"; + }; + mod_avatar = { }; + mod_blocking = { }; + mod_bosh = { }; + mod_caps = { }; + mod_carboncopy = { }; + mod_client_state = { }; + mod_configure = { }; + mod_disco = { + server_info = [ + { + modules = "all"; + name = "abuse-addresses"; + urls = [ "mailto:toastal+abuse@posteo.net" ]; + } + ]; + }; + mod_host_meta = { + bosh_service_url = "https://xmpp.@HOST@/bosh"; + websocket_url = "wss://xmpp.@HOST@/ws"; + }; + mod_http_api = { }; + #mod_http_fileserver.docroot = "${cfg.spoolDir}/http"; + mod_http_upload = { + docroot = "${cfg.spoolDir}/uploads"; + dir_mode = "0755"; + file_mode = "0644"; + get_url = "https://xmpp.@HOST@/upload"; + put_url = "https://xmpp.@HOST@/upload"; + max_size = 4 * (pow 2 30); + custom_headers = { + Access-Control-Allow-Origin = "https://@HOST@,https://xmpp.@HOST@,https://social.@HOST@"; + Access-Control-Allow-Methods = "GET,HEAD,PUT,OPTIONS"; + Access-Control-Allow-Headers = "Content-Type"; + }; + }; + mod_http_upload_quota = { + max_days = 2 * 365; + }; + mod_last = { }; + mod_matrix_gw = { + host = "matrix.@HOST@"; + key_name = "use_xmpp"; + key = "MATRIX_SECRET"; + }; + mod_mam = { + assume_mam_usage = true; + default = "always"; + db_type = "sql"; + compress_xml = true; + }; + mod_mqtt = { }; + mod_muc = { + hosts = [ "chat.@HOST@" ]; + access = [ "allow" ]; + access_admin = [ + { allow = "admin"; } + ]; + access_create = "muc_create"; + access_persistent = "muc_create"; + access_mam = [ "allow" ]; + default_room_options = { + allow_change_subj = true; + allow_private_messages_from_visitors = "moderators"; + allow_subscription = true; + allow_user_invites = true; + allowpm = "participants"; + lang = "en"; + mam = true; + max_users = 512; + moderated = true; + }; + }; + mod_muc_admin = { }; + mod_offline = { + access_max_user_messages = "max_user_offline_messages"; + use_mam_for_storage = true; + }; + mod_ping = { }; + mod_private = { + db_type = "sql"; + }; + mod_privacy = { + db_type = "sql"; + }; + mod_proxy65 = { + hosts = [ + "proxy.@HOST@" + ]; + port = ports.proxy65; + access = "local"; + max_connections = 8; + }; + mod_pubsub = { + hosts = [ + "tidings.@HOST@" + ]; + access_createnode = "pubsub_createnode"; + ignore_pep_from_offline = false; + last_item_cache = false; + max_items_node = 2048; + default_node_config = { + max_items = 2048; + }; + plugins = [ "flat" "pep" ]; + force_node_config = { + "storage:bookmarks".access_model = "whitelist"; + "eu.siacs.conversations.axolotl.*".access_model = "open"; + "urn:xmpp:bookmarks:0" = { + access_model = "whitelist"; + send_last_published_item = "never"; + max_items = "infinity"; + persist_items = true; + }; + "urn:xmpp:bookmarks:1" = { + access_model = "whitelist"; + send_last_published_item = "never"; + max_items = "infinity"; + persist_items = true; + }; + "urn:xmpp:pubsub:movim-public-subscription" = { + access_model = "whitelist"; + max_items = "infinity"; + persist_items = true; + }; + "urn:xmpp:microblog:0" = { + notify_retract = true; + max_items = "infinity"; + persist_items = true; + }; + "urn:xmpp:microblog:0:comments*" = { + access_model = "open"; + notify_retract = true; + max_items = "infinity"; + persist_items = true; + }; + }; + }; + mod_push = { }; + mod_push_keepalive = { }; + mod_register = { + ip_access = "trusted_network"; + }; + mod_roster = { + versioning = true; + }; + mod_s2s_dialback = { }; + mod_shared_roster = { }; + mod_stream_mgmt = { }; + mod_stun_disco = { + services = map (type: { inherit type; host = "turn.${fqdn}"; port = 3478; }) [ "turn" "turns" ]; + secret = "TURN_SECRET"; + }; + mod_time = { }; + mod_vcard = { + db_type = "sql"; + }; + mod_vcard_xupdate = { }; + }; + listen = [ + { + module = "ejabberd_c2s"; + port = ports.c2s; + max_stanza_size = 262144; + #shaper = "c2s_shaper"; + access = "c2s"; + starttls_required = true; + } + { + module = "ejabberd_c2s"; + port = ports.c2ss; + max_stanza_size = 262144; + #shaper = "c2s_shaper"; + access = "c2s"; + tls = true; + starttls_required = true; + } + { + module = "ejabberd_s2s_in"; + port = ports.s2s; + max_stanza_size = 524288; + shaper = "fast"; + } + { + module = "ejabberd_s2s_in"; + port = ports.s2ss; + tls = true; + max_stanza_size = 524288; + shaper = "fast"; + } + { + module = "ejabberd_http"; + port = ports.http; + tls = false; + request_handlers = { }; + } + { + module = "ejabberd_http"; + port = ports.https; + tls = true; + request_handlers = { + "/admin" = "ejabberd_web_admin"; + "/api" = "mod_http_api"; + "/bosh" = "mod_bosh"; + "/captcha" = "ejabberd_captcha"; + "/upload" = "mod_http_upload"; + "/ws" = "ejabberd_http_ws"; + "/.well-known/host-meta" = "mod_host_meta"; + "/.well-known/host-meta.json" = "mod_host_meta"; + }; + } + { + module = "mod_mqtt"; + port = ports.mqtt; + backlog = 1024; + } + { + module = "ejabberd_service"; + port = biboumiCfg.settings.port; + hosts = { + "${biboumiCfg.settings.hostname}" = { + password = "BIBOUMI_SECRET"; + }; + }; + } + { + module = "ejabberd_http"; + port = ports.matrix; + tls = true; + request_handlers = { + "/_matrix" = "mod_matrix_gw"; + }; + } + ]; + host_config = { + "${fqdn}" = { + auth_method = "sql"; + auth_password_format = "scram"; + sql_type = "pgsql"; + sql_server = "localhost"; + sql_port = config.services.postgresql.settings.port; + sql_database = database.name; + sql_username = database.user; + }; + }; + }; + + ejabberd_config_file = + let + settingsFormat = pkgs.formats.yaml { }; + in + settingsFormat.generate "ejabberd.yml" ejabberd_config; +in +{ + users = { + groups = { + ${biboumiCfg.group} = { }; + xmpp = { }; + }; + users = { + ${cfg.user} = { + extraGroups = [ + "xmpp" + certs.${fqdn}.group + ]; + }; + ${biboumiCfg.user} = { + isSystemUser = true; + group = biboumiCfg.group; + extraGroups = [ "xmpp" ]; + }; + }; + }; + + security.acme.certs.${fqdn} = { + postRun = lib.mkAfter "systemctl restart ejabberd.service"; + }; + + services.ejabberd = { + enable = true; + package = pkgs.ejabberd.override (old: { + withImagemagick = true; + withPgsql = true; + withTools = true; + withZlib = true; + }); + configFile = ejabberd_config_file; + ctlConfig = '' + CONFIG_DIR=${runtimeDir} + ERL_CRASH_DUMP=${cfg.logsDir}/erl_crash.dump + ''; + imagemagick = true; + }; + + systemd.services.ejabberd-data-setup = { + description = "Ejabberd Setup: creates EnvironmentFile & so on"; + wantedBy = [ "multi-user.target" ]; + before = [ "ejabberd.service" ]; + requiredBy = [ "ejabberd.service" ]; + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + UMask = "077"; + RuntimeDirectory = lib.removePrefix "/run/" runtimeDir; + RuntimeDirectoryMode = "700"; + RemainAfterExit = true; + ProtectHome = true; + PrivateTmp = true; + }; + script = /* sh */ '' + mkdir -p "${runtimeDir}" + touch "${runtimeDir}/.env" "${runtimeDir}/inetrc" + chmod 600 "${runtimeDir}/.env" + old_umask=$(umask) + umask 0177 + cat << EOF > "${runtimeDir}/.env" + EJABBERD_MACRO_BIBOUMI_SECRET="$(${lib.getExe pkgs.gawk} -F '=' '{a[$1]=$2} END {print(a["password"])}' "${biboumiCfg.credentialsFile}")" + EJABBERD_MACRO_MATRIX_SECRET="$(cat "/var/secrets/ejabberd/matrix.key")" + EJABBERD_MACRO_TURN_SECRET="$(cat "/var/secrets/turn-server/static-auth-secret.txt")" + EOF + ''; + }; + + systemd.services.ejabberd = { + requires = [ "ejabberd-data-setup.service" "postgresql.service" ]; + wantedBy = [ "biboumi.service" ]; + after = [ "ejabberd-data-setup.service" "postgresql.service" ]; + serviceConfig = { + StartupMemoryMax = "12G"; + MemoryMax = "8G"; + RuntimeDirectory = lib.removePrefix "/run/" runtimeDir; + RuntimeDirectoryMode = "700"; + RuntimeDirectoryPreserve = "yes"; + EnvironmentFile = "${runtimeDir}/.env"; + ProtectHome = true; + PrivateTmp = true; + }; + }; + + services.biboumi = { + enable = true; + package = pkgs.biboumi.override { + withPostgreSQL = true; + withSQLite = false; + }; + settings = { + admin = map (u: u.user) ejabberd_config.acl.admin; + hostname = "irc.${fqdn}"; + db_name = "postgresql://${biboumiCfg.database.user}@localhost:${builtins.toString config.services.postgresql.settings.port}/"; + password = null; + ca_file = "${config.environment.etc."ssl/certs/ca-certificates.crt".source}"; + }; + credentialsFile = "/var/secrets/biboumi/biboumi.cfg"; + openFirewall = true; + }; + + systemd.services.biboumi = { + partOf = [ "ip-change@enp2s0.target" ]; + before = [ "ip-change@enp2s0.target" ]; + requires = [ + "ejabberd.service" + "postgresql.service" + ]; + after = [ "ejabberd.service" ]; + serviceConfig = { + MemoryMax = "256M"; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ + database.name + biboumiCfg.database.name + ]; + ensureUsers = [ + { + name = database.user; + ensureDBOwnership = true; + } + { + name = biboumiCfg.database.user; + ensureDBOwnership = true; + } + ]; + authentication = '' + host ${database.name} ${database.user} localhost trust + host ${biboumiCfg.database.name} ${biboumiCfg.database.user} localhost trust + ''; + }; + + services.h2o = { + enable = true; + hosts = { + "matrix.${fqdn}" = { + tls.policy = "only"; + acme.useHost = fqdn; + settings = { + paths."/" = { + "proxy.reverse.url" = "http://matrix.${fqdn}:${builtins.toString ports.matrix}"; + "proxy.ssl.verify-peer" = "OFF"; + "proxy.tunnel" = "ON"; + }; + }; + }; + "proxy.${fqdn}" = { + tls.policy = "only"; + acme.useHost = fqdn; + settings = { + paths."/" = { + "proxy.reverse.url" = "http://proxy.${fqdn}:${builtins.toString ports.proxy65}"; + "proxy.ssl.verify-peer" = "OFF"; + "proxy.tunnel" = "ON"; + }; + }; + }; + "http.xmpp.${fqdn}" = { + serverName = "xmpp.${fqdn}"; + settings = { + paths."/" = { + "proxy.reverse.url" = "https://xmpp.${fqdn}:${builtins.toString ports.http}"; + "proxy.tunnel" = "ON"; + }; + }; + }; + "tls.xmpp.${fqdn}" = { + serverName = "xmpp.${fqdn}"; + tls.policy = "only"; + acme.useHost = fqdn; + settings = { + paths."/" = { + "proxy.reverse.url" = "https://xmpp.${fqdn}:${builtins.toString ports.https}"; + "proxy.ssl.verify-peer" = "OFF"; + "proxy.tunnel" = "ON"; + }; + }; + }; + }; + }; + + systemd.services.h2o.wants = [ "ejabberd.service" ]; + + systemd.tmpfiles.settings."10-ejabberd" = { + "${runtimeDir}".d = { inherit (cfg) user group; mode = "0700"; }; + "${runtimeDir}/.env".f = { inherit (cfg) user group; mode = "0600"; }; + "${runtimeDir}/inetrc".f = { inherit (cfg) user group; mode = "0600"; }; + "${runtimeDir}/vm.args".f = { inherit (cfg) user group; mode = "0600"; }; + "/run/biboumi".d = { inherit (biboumiCfg) user group; mode = "0740"; }; + }; + + networking = { + firewall.allowedTCPPorts = with ports; [ + c2s + c2ss + s2s + c2ss + http + https + irc + ircs + matrix + mqtt + proxy65 + ]; + nftables.ruleset = '' + add rule inet filter output meta skuid biboumi tcp accept + ''; + }; +} @@ -19,11 +19,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -32,20 +32,68 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "simple-nixos-mailserver", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "simple-nixos-mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "simple-nixos-mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "nixinate": { "inputs": { "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1708891350, - "narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=", - "owner": "matthewcroughan", + "lastModified": 1733802073, + "narHash": "sha256-6yW93R6xXw8izoPWn6Mu46jgJkKK8v79OTpnPBtI7ng=", + "owner": "DarthPJB", "repo": "nixinate", - "rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746", + "rev": "67d3d72077ba9638295e7857c1b8cbf3a160560d", "type": "github" }, "original": { - "owner": "matthewcroughan", + "owner": "DarthPJB", "repo": "nixinate", "type": "github" } @@ -66,33 +114,34 @@ "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1747610100, + "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.05", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1732749044, - "narHash": "sha256-T38FQOg0BV5M8FN1712fovzNakSOENEYs+CSkg31C9Y=", - "owner": "nixos", + "lastModified": 1747862697, + "narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "0c5b4ecbed5b155b705336aa96d878e55acd8685", + "rev": "2baa12ff69913392faf0ace833bc54bba297ea95", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.05", + "owner": "NixOS", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -115,30 +164,31 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_unstable": { "locked": { - "lastModified": 1732758367, - "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=", - "owner": "nixos", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -158,11 +208,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1727012350, - "narHash": "sha256-sP4LXXvp9b6hYf/tQMxI+gURf1uXhqb6oytXCFRkw3A=", + "lastModified": 1746643487, + "narHash": "sha256-dcB/DArJObCvqE/ZEdQSDW2BZMeDyF83Se5KPfJvz60=", "owner": "platonic-systems", "repo": "secrix", - "rev": "0726d0382d679f983f97ede9da8aaf426e2b5003", + "rev": "4c64203fa5b377953b1fb6d5388187df8b60c6d5", "type": "github" }, "original": { @@ -175,15 +225,16 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", + "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_4", - "nixpkgs-24_05": "nixpkgs-24_05" + "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1722877200, - "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", + "lastModified": 1747965231, + "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", + "rev": "53007af63fade28853408370c4c600a63dd97f41", "type": "gitlab" }, "original": { @@ -1,11 +1,11 @@ { - description = "Cybertrike.com"; + description = "CrashOverBurn.com"; # TODO: cgit, ejabber signup inputs = { - nixinate.url = "github:matthewcroughan/nixinate"; + nixinate.url = "github:DarthPJB/nixinate"; secrix.url = "github:platonic-systems/secrix"; - nixpkgs_unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs_unstable.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-24.11"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; }; diff --git a/services/murmur.nix b/services/murmur.nix index 89daf7b..e3d5d60 100644 --- a/services/murmur.nix +++ b/services/murmur.nix @@ -33,11 +33,11 @@ in users = 50; textMsgLength = 10000; imgMsgLength = 12000000; - bandwidth = 6400000; + bandwidth = 64000000; clientCertRequired = true; hostName = "10.0.1.30"; # registerHostname = "${fqdn}"; - registerName = "crashoverburn.com"; + #registerName = "crashoverburn.com"; sslCert = "${certDirectory}/fullchain.pem"; sslKey = "${certDirectory}/key.pem"; sslCa = "${certDirectory}/full.pem"; |