Compare commits
No commits in common. "3ddc4e3eb5861ec961c23d6e0d0b299f3dc6d0e5" and "beb834e04cae11f5177c59900b73b2ea935883ed" have entirely different histories.
3ddc4e3eb5
...
beb834e04c
|
@ -298,11 +298,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717670519,
|
"lastModified": 1712769857,
|
||||||
"narHash": "sha256-4p8B6Iv55BUG+d4ZJRUBhx70yWnqYlJ2EGSxx3dk4nc=",
|
"narHash": "sha256-YUyh+yfB15+2gvvvTvWBQbAUrD1x391QF1PRZUSt87k=",
|
||||||
"owner": "chayleaf",
|
"owner": "chayleaf",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "411826c44e54583b30f767d76489e37dabf1707c",
|
"rev": "058c6a3724a1cc5ef010ce6f2163d959666e8a86",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -26,28 +26,6 @@ in
|
||||||
stable = nixForNixPlugins;
|
stable = nixForNixPlugins;
|
||||||
unstable = nixForNixPlugins;
|
unstable = nixForNixPlugins;
|
||||||
};
|
};
|
||||||
matrix-appservice-discord = pkgs.matrix-appservice-discord.overrideAttrs (old: {
|
|
||||||
doCheck = false;
|
|
||||||
patches = (old.patches or []) ++ [
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/eb989fa710e8db4ebc8f2ce36c6679ee6cbc1a44.patch";
|
|
||||||
hash = "sha256-GPeFDw3XujqXHJveHSsBHwHuG51vad50p55FX1Esq58=";
|
|
||||||
})
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/a4cd5e3a6a2d544adac2a263e164671c8a9009d9.patch";
|
|
||||||
hash = "sha256-qQJ4V6/Ns2Msu8+X8JoEycuQ2Jc90TXulsuLLmPecGU=";
|
|
||||||
})
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/fc850ba2473973e28858449ec4020380470d78b2.patch";
|
|
||||||
hash = "sha256-Lq0FWmR08wLsoq4APRTokZzb7U2po98pgyxH4UR/9/M=";
|
|
||||||
})
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/7f3d41d86ebce057cfdc82ce3aaab64b533e8f0b.patch";
|
|
||||||
hash = "sha256-HmQ1KASZS+a78fe5yOCVXAnXLRmJUglzc6OxNJazOSk=";
|
|
||||||
})
|
|
||||||
./matrix-appservice-discord/disable-attachment-forwarding-to-matrix.patch
|
|
||||||
];
|
|
||||||
});
|
|
||||||
# Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
|
# Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
|
||||||
/*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
|
/*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
|
||||||
version = "13.0.0";
|
version = "13.0.0";
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
diff --git a/src/bot.ts b/src/bot.ts
|
|
||||||
index fc575cd..b0b2624 100644
|
|
||||||
--- a/src/bot.ts
|
|
||||||
+++ b/src/bot.ts
|
|
||||||
@@ -1042,7 +1042,7 @@ export class DiscordBot {
|
|
||||||
try {
|
|
||||||
const intent = this.GetIntentFromDiscordMember(msg.author, msg.webhookID);
|
|
||||||
// Check Attachements
|
|
||||||
- if (!editEventId) {
|
|
||||||
+ if (false && !editEventId) {
|
|
||||||
// on discord you can't edit in images, you can only edit text
|
|
||||||
// so it is safe to only check image upload stuff if we don't have
|
|
||||||
// an edit
|
|
||||||
@@ -1093,6 +1093,11 @@ export class DiscordBot {
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
|
||||||
+ for (let attachment of msg.attachments.array()) {
|
|
||||||
+ // this will be a temporary URL, which I don't care about, it's fine
|
|
||||||
+ if (!msg.content) msg.content = "";
|
|
||||||
+ msg.content += "\n" + attachment.url;
|
|
||||||
+ }
|
|
||||||
if (!msg.content && msg.embeds.length === 0) {
|
|
||||||
return;
|
|
||||||
}
|
|
|
@ -206,7 +206,7 @@ IF_UNSPEC = -1
|
||||||
PROTO_UNSPEC = -1
|
PROTO_UNSPEC = -1
|
||||||
|
|
||||||
|
|
||||||
Domains = dict[str, "Domains | bool"]
|
Domains = dict[str, dict]
|
||||||
|
|
||||||
|
|
||||||
class NftQuery(TypedDict):
|
class NftQuery(TypedDict):
|
||||||
|
@ -591,22 +591,15 @@ def add_ips(set: str, ipv6: bool, ips: list[str], flush: bool = False):
|
||||||
traceback.print_exc(file=f)
|
traceback.print_exc(file=f)
|
||||||
|
|
||||||
|
|
||||||
def add_split_domain(domains: Domains, split_domain: list[str]):
|
def add_split_domain(domains: Domains, split_domain):
|
||||||
if not split_domain:
|
domains1: dict = domains
|
||||||
return
|
while split_domain:
|
||||||
split_domain = split_domain[:]
|
|
||||||
while len(split_domain) > 1:
|
|
||||||
key = split_domain[-1]
|
key = split_domain[-1]
|
||||||
if key in domains.keys():
|
if key not in domains1.keys():
|
||||||
domains1 = domains[key]
|
domains1[key] = {}
|
||||||
if isinstance(domains1, bool):
|
domains = domains1[key]
|
||||||
return
|
split_domain = split_domain[:-1]
|
||||||
else:
|
domains1["__IsTrue__"] = True
|
||||||
domains1 = {}
|
|
||||||
domains[key] = domains1
|
|
||||||
domains = domains1
|
|
||||||
split_domain.pop()
|
|
||||||
domains[split_domain[-1]] = True
|
|
||||||
|
|
||||||
|
|
||||||
def build_domains(domains: list[str]) -> Domains:
|
def build_domains(domains: list[str]) -> Domains:
|
||||||
|
@ -618,14 +611,20 @@ def build_domains(domains: list[str]) -> Domains:
|
||||||
|
|
||||||
def lookup_domain(domains: Domains, domain: str) -> bool:
|
def lookup_domain(domains: Domains, domain: str) -> bool:
|
||||||
split_domain: list[str] = domain.split(".")
|
split_domain: list[str] = domain.split(".")
|
||||||
|
domains1: dict = domains
|
||||||
while len(split_domain):
|
while len(split_domain):
|
||||||
key: str = split_domain[-1]
|
key: str = split_domain[-1]
|
||||||
split_domain = split_domain[:-1]
|
split_domain = split_domain[:-1]
|
||||||
domains1 = domains.get(key, False)
|
star: Optional[dict] = domains1.get("*", None)
|
||||||
if isinstance(domains1, bool):
|
if star is not None and star.get("__IsTrue__", False):
|
||||||
return domains1
|
return True
|
||||||
domains = domains1
|
domains1 = domains1.get(key, None)
|
||||||
|
if domains1 is None:
|
||||||
return False
|
return False
|
||||||
|
star = domains.get("*", None)
|
||||||
|
if star is not None and star.get("__IsTrue__", False):
|
||||||
|
return True
|
||||||
|
return bool(domains.get("__IsTrue__", False))
|
||||||
|
|
||||||
|
|
||||||
class DpiInfo(TypedDict):
|
class DpiInfo(TypedDict):
|
||||||
|
@ -683,7 +682,7 @@ def init(*args: Any, **kwargs: Any):
|
||||||
with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f:
|
with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f:
|
||||||
dpi: list[DpiInfo] = json.load(f)
|
dpi: list[DpiInfo] = json.load(f)
|
||||||
for dpi_info in dpi:
|
for dpi_info in dpi:
|
||||||
all_domains.extend(dpi_info["domains"])
|
all_domains.extend(dpi_info.get("domains", []))
|
||||||
except FileNotFoundError:
|
except FileNotFoundError:
|
||||||
pass
|
pass
|
||||||
except:
|
except:
|
||||||
|
@ -828,7 +827,7 @@ def operate(id, event, qstate, qdata) -> bool:
|
||||||
n4 = n3.removesuffix(f".{k}")
|
n4 = n3.removesuffix(f".{k}")
|
||||||
qdomains = v["domains"]
|
qdomains = v["domains"]
|
||||||
if not lookup_domain(qdomains, n4):
|
if not lookup_domain(qdomains, n4):
|
||||||
add_split_domain(qdomains, n4.split("."))
|
add_split_domain(qdomains, ["*"] + n4.split("."))
|
||||||
old = []
|
old = []
|
||||||
if os.path.exists(f"/var/lib/unbound/{k}_domains.json"):
|
if os.path.exists(f"/var/lib/unbound/{k}_domains.json"):
|
||||||
with open(f"/var/lib/unbound/{k}_domains.json", "rt") as f:
|
with open(f"/var/lib/unbound/{k}_domains.json", "rt") as f:
|
||||||
|
@ -837,7 +836,7 @@ def operate(id, event, qstate, qdata) -> bool:
|
||||||
f"/var/lib/unbound/{k}_domains.json",
|
f"/var/lib/unbound/{k}_domains.json",
|
||||||
f"/var/lib/unbound/{k}_domains.json.bak",
|
f"/var/lib/unbound/{k}_domains.json.bak",
|
||||||
)
|
)
|
||||||
old.append(n4)
|
old.append("*." + n4)
|
||||||
with open(f"/var/lib/unbound/{k}_domains.json", "wt") as f:
|
with open(f"/var/lib/unbound/{k}_domains.json", "wt") as f:
|
||||||
json.dump(old, f)
|
json.dump(old, f)
|
||||||
elif n2.endswith(f".tmp{NFT_TOKEN}"):
|
elif n2.endswith(f".tmp{NFT_TOKEN}"):
|
||||||
|
@ -847,7 +846,7 @@ def operate(id, event, qstate, qdata) -> bool:
|
||||||
n4 = n3.removesuffix(f".{k}")
|
n4 = n3.removesuffix(f".{k}")
|
||||||
qdomains = v["domains"]
|
qdomains = v["domains"]
|
||||||
if not lookup_domain(qdomains, n4):
|
if not lookup_domain(qdomains, n4):
|
||||||
add_split_domain(qdomains, n4.split("."))
|
add_split_domain(qdomains, ["*"] + n4.split("."))
|
||||||
return True
|
return True
|
||||||
qnames: list[str] = []
|
qnames: list[str] = []
|
||||||
for k, v in NFT_QUERIES.items():
|
for k, v in NFT_QUERIES.items():
|
||||||
|
|
|
@ -483,7 +483,7 @@ in {
|
||||||
{ ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; }
|
{ ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; }
|
||||||
# below is dnat config
|
# below is dnat config
|
||||||
] ++ builtins.concatLists (map (rule: let
|
] ++ builtins.concatLists (map (rule: let
|
||||||
table = if rule.inVpn then vpn_table else wan_table;
|
table = if rule.inVpn then 0 else wan_table;
|
||||||
forEachPort = func: port:
|
forEachPort = func: port:
|
||||||
if builtins.isInt port then [ (func port) ]
|
if builtins.isInt port then [ (func port) ]
|
||||||
else if port?set then builtins.concatLists (map (forEachPort func) port.set)
|
else if port?set then builtins.concatLists (map (forEachPort func) port.set)
|
||||||
|
|
|
@ -107,11 +107,14 @@ in {
|
||||||
# make sure only hydra has access to this file
|
# make sure only hydra has access to this file
|
||||||
# so normal nix evals don't have access to builtins
|
# so normal nix evals don't have access to builtins
|
||||||
nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix";
|
nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix";
|
||||||
# required for hydra which uses restricted mode
|
|
||||||
nix.settings.allowed-uris = [
|
nix.settings.allowed-uris = [
|
||||||
"https://git.sr.ht/"
|
# required for home-manager (no idea if it's required at this point)
|
||||||
"https://api.github.com/repos/"
|
"https://git.sr.ht/~rycee/nmd/"
|
||||||
"https://github.com/"
|
# ...for the rest of the home config
|
||||||
|
"https://api.github.com/repos/FAForever/"
|
||||||
|
"https://github.com/nix-community/nix-index-database/releases/download/"
|
||||||
|
# required for server (I suppose since nvfetcher uses fetchTarball here...)
|
||||||
|
"https://github.com/searxng/searxng/"
|
||||||
# for nginx CF-Connecting-IP config generation
|
# for nginx CF-Connecting-IP config generation
|
||||||
"https://www.cloudflare.com/ips-v4"
|
"https://www.cloudflare.com/ips-v4"
|
||||||
"https://www.cloudflare.com/ips-v6"
|
"https://www.cloudflare.com/ips-v6"
|
||||||
|
@ -280,7 +283,7 @@ in {
|
||||||
job_name = "local_medium_freq";
|
job_name = "local_medium_freq";
|
||||||
scrape_interval = "15m";
|
scrape_interval = "15m";
|
||||||
static_configs = [ {
|
static_configs = [ {
|
||||||
targets = [ "127.0.0.1:9548" "127.0.0.1:9198" "127.0.0.1:9173" ];
|
targets = [ "127.0.0.1:9548" "127.0.0.1:9198" ];
|
||||||
labels.machine = "server";
|
labels.machine = "server";
|
||||||
} ];
|
} ];
|
||||||
}
|
}
|
||||||
|
@ -356,12 +359,6 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
# TODO: enable
|
|
||||||
services.matrix-appservice-discord.settings.metrics = {
|
|
||||||
enable = true;
|
|
||||||
host = "127.0.0.1";
|
|
||||||
port = 9173;
|
|
||||||
};
|
|
||||||
services.matrix-synapse.settings = {
|
services.matrix-synapse.settings = {
|
||||||
enable_metrics = true;
|
enable_metrics = true;
|
||||||
federation_metrics_domains = [ "matrix.org" ];
|
federation_metrics_domains = [ "matrix.org" ];
|
||||||
|
|
|
@ -36,8 +36,7 @@ in {
|
||||||
|
|
||||||
# a crude way to make some python packages available for synapse
|
# a crude way to make some python packages available for synapse
|
||||||
services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ];
|
services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ];
|
||||||
# i'm managing this manually in a stateful way
|
services.matrix-synapse.settings.password_config.enabled = false;
|
||||||
# services.matrix-synapse.settings.password_config.enabled = false;
|
|
||||||
systemd.services.matrix-synapse.after = [ "keycloak.service" ];
|
systemd.services.matrix-synapse.after = [ "keycloak.service" ];
|
||||||
|
|
||||||
# See also https://meta.akkoma.dev/t/390
|
# See also https://meta.akkoma.dev/t/390
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config
|
{ config
|
||||||
, lib
|
, lib
|
||||||
, pkgs
|
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -52,32 +51,12 @@ in {
|
||||||
homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
|
homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-appservice-discord = {
|
|
||||||
enable = true;
|
|
||||||
environmentFile = "/secrets/discord-bridge-token";
|
|
||||||
settings = {
|
|
||||||
auth.usePrivilegedIntents = true;
|
|
||||||
database.filename = "";
|
|
||||||
bridge = {
|
|
||||||
domain = "matrix.${cfg.domainName}";
|
|
||||||
homeserverUrl = "https://matrix.${cfg.domainName}";
|
|
||||||
enableSelfServiceBridging = true;
|
|
||||||
disablePresence = true;
|
|
||||||
disablePortalBridging = true;
|
|
||||||
disableInviteNotifications = true;
|
|
||||||
disableJoinLeaveNotifications = true;
|
|
||||||
disableRoomTopicNotifications = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ];
|
extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ];
|
||||||
settings = {
|
settings = {
|
||||||
app_service_config_files = [
|
app_service_config_files = [
|
||||||
"/var/lib/heisenbridge/registration.yml"
|
"/var/lib/heisenbridge/registration.yml"
|
||||||
"/var/lib/matrix-synapse/discord-registration.yaml"
|
|
||||||
];
|
];
|
||||||
allow_guest_access = true;
|
allow_guest_access = true;
|
||||||
url_preview_enabled = true;
|
url_preview_enabled = true;
|
||||||
|
|
|
@ -30,6 +30,5 @@ in {
|
||||||
];
|
];
|
||||||
services.maubot.pythonPackages = with pkgs.python3.pkgs; [
|
services.maubot.pythonPackages = with pkgs.python3.pkgs; [
|
||||||
levenshtein
|
levenshtein
|
||||||
pillow
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue