lituus up to date

profiles/desktop/default.nix

@@ -28,6 +28,8 @@ in
     };
   };
 
+  security.pam.services.Default.enableGnomeKeyring = true;
+  security.pam.services.Login.enableGnomeKeyring = true;
   security.pam.services.sddm.enableGnomeKeyring = true;
 
   environment.sessionVariables = rec {
@@ -58,6 +60,7 @@ in
     zathura
     calibre
     nheko
+    fractal
     mpv
     newsflash
     zeal

profiles/matrix/default.nix

@@ -30,7 +30,7 @@
         #   The registration file is automatically generated after starting the appservice for the first time.
         #   cp /var/lib/matrix-appservice-discord/discord-registration.yaml /var/lib/matrix-synapse/
         #   chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/discord-registration.yaml
-        # "/var/lib/matrix-synapse/telegram-registration.yaml"
+        "/var/lib/matrix-synapse/telegram-registration.yaml"
         # "/var/lib/matrix-synapse/slack-registration.yaml"
         # "/var/lib/matrix-synapse/discord-registration.yaml"
         # "/var/lib/matrix-synapse/whatsapp-registration.yaml"
@@ -107,6 +107,7 @@
 
   services.postgresql = {
     enable = true;
+    package = pkgs.postgresql_14;
     ## postgresql user and db name remains in the
     ## service.matrix-synapse.database_args setting which
     ## by default is matrix-synapse
@@ -223,7 +224,7 @@
   };
 
   services.mautrix-telegram = {
-    enable = false;
+    enable = true;
     environmentFile = /etc/secrets/telegram.env; # file containing the appservice and telegram tokens
     # The appservice is pre-configured to use SQLite by default. It's also possible to use PostgreSQL.
     settings = {

profiles/postgres_upgrade_script/default.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+{
+  environment.systemPackages = [
+    (pkgs.writeScriptBin "upgrade-pg-cluster" ''
+      set -eux
+      # TODO it's perhaps advisable to stop all services that depend on postgresql
+      systemctl stop postgresql
+
+      # TODO replace `<new version>` with the psqlSchema here
+      # The schema can be found by running:
+      # nix-instantiate '<nixpkgs>' --eval -A postgresql_14.psqlSchema
+      export NEWDATA="/var/lib/postgresql/<new version>"
+
+      # TODO specify the postgresql package you'd like to upgrade to
+      export NEWBIN="${pkgs.postgresql_14}/bin"
+
+      export OLDDATA="${config.services.postgresql.dataDir}"
+      export OLDBIN="${config.services.postgresql.package}/bin"
+
+      install -d -m 0700 -o postgres -g postgres "$NEWDATA"
+      cd "$NEWDATA"
+      sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
+
+      sudo -u postgres $NEWBIN/pg_upgrade \
+        --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
+        --old-bindir $OLDBIN --new-bindir $NEWBIN \
+        "$@"
+    '')
+  ];
+}
+

profiles/server/default.nix

@@ -10,4 +10,13 @@
 
   security.acme.defaults.email = "anish+acme@lakhwara.com";
   security.acme.acceptTerms = true;
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    ignoreIP = [
+      "127.0.0.0/8"
+      "10.0.0.0/8"
+    ];
+  };
 }

profiles/wireguard-server/default.nix

@@ -13,7 +13,7 @@
   networking.wireguard.interfaces.wg0 = {
     ips = [ "10.0.69.1/24" ];
     listenPort = 60990;
-    privateKeyFile = "/var/lib/wireguard/private";
+    privateKeyFile = "/var/lib/wireguard/priv";
     generatePrivateKeyFile = true; # TODO agenix secret
     peers = [
       {