Compare commits

..

No commits in common. "3ddc4e3eb5861ec961c23d6e0d0b299f3dc6d0e5" and "beb834e04cae11f5177c59900b73b2ea935883ed" have entirely different histories.

9 changed files with 37 additions and 111 deletions

View file

@ -298,11 +298,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717670519, "lastModified": 1712769857,
"narHash": "sha256-4p8B6Iv55BUG+d4ZJRUBhx70yWnqYlJ2EGSxx3dk4nc=", "narHash": "sha256-YUyh+yfB15+2gvvvTvWBQbAUrD1x391QF1PRZUSt87k=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "411826c44e54583b30f767d76489e37dabf1707c", "rev": "058c6a3724a1cc5ef010ce6f2163d959666e8a86",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -26,28 +26,6 @@ in
stable = nixForNixPlugins; stable = nixForNixPlugins;
unstable = nixForNixPlugins; unstable = nixForNixPlugins;
}; };
matrix-appservice-discord = pkgs.matrix-appservice-discord.overrideAttrs (old: {
doCheck = false;
patches = (old.patches or []) ++ [
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/eb989fa710e8db4ebc8f2ce36c6679ee6cbc1a44.patch";
hash = "sha256-GPeFDw3XujqXHJveHSsBHwHuG51vad50p55FX1Esq58=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/a4cd5e3a6a2d544adac2a263e164671c8a9009d9.patch";
hash = "sha256-qQJ4V6/Ns2Msu8+X8JoEycuQ2Jc90TXulsuLLmPecGU=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/fc850ba2473973e28858449ec4020380470d78b2.patch";
hash = "sha256-Lq0FWmR08wLsoq4APRTokZzb7U2po98pgyxH4UR/9/M=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/7f3d41d86ebce057cfdc82ce3aaab64b533e8f0b.patch";
hash = "sha256-HmQ1KASZS+a78fe5yOCVXAnXLRmJUglzc6OxNJazOSk=";
})
./matrix-appservice-discord/disable-attachment-forwarding-to-matrix.patch
];
});
# Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf # Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
/*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: { /*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
version = "13.0.0"; version = "13.0.0";

View file

@ -1,25 +0,0 @@
diff --git a/src/bot.ts b/src/bot.ts
index fc575cd..b0b2624 100644
--- a/src/bot.ts
+++ b/src/bot.ts
@@ -1042,7 +1042,7 @@ export class DiscordBot {
try {
const intent = this.GetIntentFromDiscordMember(msg.author, msg.webhookID);
// Check Attachements
- if (!editEventId) {
+ if (false && !editEventId) {
// on discord you can't edit in images, you can only edit text
// so it is safe to only check image upload stuff if we don't have
// an edit
@@ -1093,6 +1093,11 @@ export class DiscordBot {
});
});
}
+ for (let attachment of msg.attachments.array()) {
+ // this will be a temporary URL, which I don't care about, it's fine
+ if (!msg.content) msg.content = "";
+ msg.content += "\n" + attachment.url;
+ }
if (!msg.content && msg.embeds.length === 0) {
return;
}

View file

@ -206,7 +206,7 @@ IF_UNSPEC = -1
PROTO_UNSPEC = -1 PROTO_UNSPEC = -1
Domains = dict[str, "Domains | bool"] Domains = dict[str, dict]
class NftQuery(TypedDict): class NftQuery(TypedDict):
@ -591,22 +591,15 @@ def add_ips(set: str, ipv6: bool, ips: list[str], flush: bool = False):
traceback.print_exc(file=f) traceback.print_exc(file=f)
def add_split_domain(domains: Domains, split_domain: list[str]): def add_split_domain(domains: Domains, split_domain):
if not split_domain: domains1: dict = domains
return while split_domain:
split_domain = split_domain[:]
while len(split_domain) > 1:
key = split_domain[-1] key = split_domain[-1]
if key in domains.keys(): if key not in domains1.keys():
domains1 = domains[key] domains1[key] = {}
if isinstance(domains1, bool): domains = domains1[key]
return split_domain = split_domain[:-1]
else: domains1["__IsTrue__"] = True
domains1 = {}
domains[key] = domains1
domains = domains1
split_domain.pop()
domains[split_domain[-1]] = True
def build_domains(domains: list[str]) -> Domains: def build_domains(domains: list[str]) -> Domains:
@ -618,14 +611,20 @@ def build_domains(domains: list[str]) -> Domains:
def lookup_domain(domains: Domains, domain: str) -> bool: def lookup_domain(domains: Domains, domain: str) -> bool:
split_domain: list[str] = domain.split(".") split_domain: list[str] = domain.split(".")
domains1: dict = domains
while len(split_domain): while len(split_domain):
key: str = split_domain[-1] key: str = split_domain[-1]
split_domain = split_domain[:-1] split_domain = split_domain[:-1]
domains1 = domains.get(key, False) star: Optional[dict] = domains1.get("*", None)
if isinstance(domains1, bool): if star is not None and star.get("__IsTrue__", False):
return domains1 return True
domains = domains1 domains1 = domains1.get(key, None)
return False if domains1 is None:
return False
star = domains.get("*", None)
if star is not None and star.get("__IsTrue__", False):
return True
return bool(domains.get("__IsTrue__", False))
class DpiInfo(TypedDict): class DpiInfo(TypedDict):
@ -683,7 +682,7 @@ def init(*args: Any, **kwargs: Any):
with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f: with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f:
dpi: list[DpiInfo] = json.load(f) dpi: list[DpiInfo] = json.load(f)
for dpi_info in dpi: for dpi_info in dpi:
all_domains.extend(dpi_info["domains"]) all_domains.extend(dpi_info.get("domains", []))
except FileNotFoundError: except FileNotFoundError:
pass pass
except: except:
@ -828,7 +827,7 @@ def operate(id, event, qstate, qdata) -> bool:
n4 = n3.removesuffix(f".{k}") n4 = n3.removesuffix(f".{k}")
qdomains = v["domains"] qdomains = v["domains"]
if not lookup_domain(qdomains, n4): if not lookup_domain(qdomains, n4):
add_split_domain(qdomains, n4.split(".")) add_split_domain(qdomains, ["*"] + n4.split("."))
old = [] old = []
if os.path.exists(f"/var/lib/unbound/{k}_domains.json"): if os.path.exists(f"/var/lib/unbound/{k}_domains.json"):
with open(f"/var/lib/unbound/{k}_domains.json", "rt") as f: with open(f"/var/lib/unbound/{k}_domains.json", "rt") as f:
@ -837,7 +836,7 @@ def operate(id, event, qstate, qdata) -> bool:
f"/var/lib/unbound/{k}_domains.json", f"/var/lib/unbound/{k}_domains.json",
f"/var/lib/unbound/{k}_domains.json.bak", f"/var/lib/unbound/{k}_domains.json.bak",
) )
old.append(n4) old.append("*." + n4)
with open(f"/var/lib/unbound/{k}_domains.json", "wt") as f: with open(f"/var/lib/unbound/{k}_domains.json", "wt") as f:
json.dump(old, f) json.dump(old, f)
elif n2.endswith(f".tmp{NFT_TOKEN}"): elif n2.endswith(f".tmp{NFT_TOKEN}"):
@ -847,7 +846,7 @@ def operate(id, event, qstate, qdata) -> bool:
n4 = n3.removesuffix(f".{k}") n4 = n3.removesuffix(f".{k}")
qdomains = v["domains"] qdomains = v["domains"]
if not lookup_domain(qdomains, n4): if not lookup_domain(qdomains, n4):
add_split_domain(qdomains, n4.split(".")) add_split_domain(qdomains, ["*"] + n4.split("."))
return True return True
qnames: list[str] = [] qnames: list[str] = []
for k, v in NFT_QUERIES.items(): for k, v in NFT_QUERIES.items():

View file

@ -483,7 +483,7 @@ in {
{ ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; } { ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; }
# below is dnat config # below is dnat config
] ++ builtins.concatLists (map (rule: let ] ++ builtins.concatLists (map (rule: let
table = if rule.inVpn then vpn_table else wan_table; table = if rule.inVpn then 0 else wan_table;
forEachPort = func: port: forEachPort = func: port:
if builtins.isInt port then [ (func port) ] if builtins.isInt port then [ (func port) ]
else if port?set then builtins.concatLists (map (forEachPort func) port.set) else if port?set then builtins.concatLists (map (forEachPort func) port.set)

View file

@ -107,11 +107,14 @@ in {
# make sure only hydra has access to this file # make sure only hydra has access to this file
# so normal nix evals don't have access to builtins # so normal nix evals don't have access to builtins
nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix"; nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix";
# required for hydra which uses restricted mode
nix.settings.allowed-uris = [ nix.settings.allowed-uris = [
"https://git.sr.ht/" # required for home-manager (no idea if it's required at this point)
"https://api.github.com/repos/" "https://git.sr.ht/~rycee/nmd/"
"https://github.com/" # ...for the rest of the home config
"https://api.github.com/repos/FAForever/"
"https://github.com/nix-community/nix-index-database/releases/download/"
# required for server (I suppose since nvfetcher uses fetchTarball here...)
"https://github.com/searxng/searxng/"
# for nginx CF-Connecting-IP config generation # for nginx CF-Connecting-IP config generation
"https://www.cloudflare.com/ips-v4" "https://www.cloudflare.com/ips-v4"
"https://www.cloudflare.com/ips-v6" "https://www.cloudflare.com/ips-v6"
@ -280,7 +283,7 @@ in {
job_name = "local_medium_freq"; job_name = "local_medium_freq";
scrape_interval = "15m"; scrape_interval = "15m";
static_configs = [ { static_configs = [ {
targets = [ "127.0.0.1:9548" "127.0.0.1:9198" "127.0.0.1:9173" ]; targets = [ "127.0.0.1:9548" "127.0.0.1:9198" ];
labels.machine = "server"; labels.machine = "server";
} ]; } ];
} }
@ -356,12 +359,6 @@ in {
} }
]; ];
}; };
# TODO: enable
services.matrix-appservice-discord.settings.metrics = {
enable = true;
host = "127.0.0.1";
port = 9173;
};
services.matrix-synapse.settings = { services.matrix-synapse.settings = {
enable_metrics = true; enable_metrics = true;
federation_metrics_domains = [ "matrix.org" ]; federation_metrics_domains = [ "matrix.org" ];

View file

@ -36,8 +36,7 @@ in {
# a crude way to make some python packages available for synapse # a crude way to make some python packages available for synapse
services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ]; services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ];
# i'm managing this manually in a stateful way services.matrix-synapse.settings.password_config.enabled = false;
# services.matrix-synapse.settings.password_config.enabled = false;
systemd.services.matrix-synapse.after = [ "keycloak.service" ]; systemd.services.matrix-synapse.after = [ "keycloak.service" ];
# See also https://meta.akkoma.dev/t/390 # See also https://meta.akkoma.dev/t/390

View file

@ -1,6 +1,5 @@
{ config { config
, lib , lib
, pkgs
, ... }: , ... }:
let let
@ -52,32 +51,12 @@ in {
homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/"; homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
}; };
services.matrix-appservice-discord = {
enable = true;
environmentFile = "/secrets/discord-bridge-token";
settings = {
auth.usePrivilegedIntents = true;
database.filename = "";
bridge = {
domain = "matrix.${cfg.domainName}";
homeserverUrl = "https://matrix.${cfg.domainName}";
enableSelfServiceBridging = true;
disablePresence = true;
disablePortalBridging = true;
disableInviteNotifications = true;
disableJoinLeaveNotifications = true;
disableRoomTopicNotifications = true;
};
};
};
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ]; extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ];
settings = { settings = {
app_service_config_files = [ app_service_config_files = [
"/var/lib/heisenbridge/registration.yml" "/var/lib/heisenbridge/registration.yml"
"/var/lib/matrix-synapse/discord-registration.yaml"
]; ];
allow_guest_access = true; allow_guest_access = true;
url_preview_enabled = true; url_preview_enabled = true;

View file

@ -30,6 +30,5 @@ in {
]; ];
services.maubot.pythonPackages = with pkgs.python3.pkgs; [ services.maubot.pythonPackages = with pkgs.python3.pkgs; [
levenshtein levenshtein
pillow
]; ];
} }