update matrix setup and add git hosting setup

.gitignore

@@ -1,2 +1,3 @@
 .envrc
 .terraform
+matrix_reg_key

nixos_configs/git.nix

@@ -0,0 +1,43 @@
+{ modulesPath, config, lib, pkgs, ... }:
+let
+  storage-device = "/dev/disk/by-id/scsi-0DO_Volume_git-storage-1";
+  storage-dir = "/srv";
+in
+{
+  imports = [
+     "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
+  ];
+
+  fileSystems."${storage-dir}" = { 
+    device = storage-device;
+  };
+
+  environment.systemPackages = with pkgs;
+  [ jq git gitolite lighttpd cgit ];
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    (builtins.readFile "/home/mike/.ssh/id_mops.pub")
+  ];
+
+  services.gitolite = {
+    enable = true;
+    adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2PjlhL4sPfuV10BeHGZysX5M9i5mIHwZ4EKi9ArauJ7z1FhGJiqlRoDgRA8RwdENfv+CayoJf6Z3Nu/U/diozqvMaQ6mXQbb3HysZ/w2ntw0d9PFYSfFIIMVUPqcECspgbolAIZHoJDLPG7dlqkJvVfAcA/uQeeLeJr3z6zp3BYs9mGZ6RYmwxo7069QimCfMb5nicLaiUnC1lXNSbK3ioPUgC5ezcgLDylXZ+zsPpZaYcl405SbAVVPYxMmQ8Yn5B+v5NN/MQSiKe3JsElWjTUlzcSKPTNZXeSN2wEILUI6UPNBkZkcycgpuJFbWJkTkNo4oUN9OsdSn7hZMlA1Q0o+JmNQJB2MdwLXb6ELRi8jkvmKeje/QFrwg/p5wBZQATRq8R9NgW7SbdmMZ5/ImD0X8afb8M43P5+5BqOYF4jjBN1MrR5vAB2FGDibgMCXwYo1cvk+VeFzc/c5YVThHArDiNsoDClhEfLaWc70NdF1LkGKhc9fZEsf2mY/1Tw7n8jBbO15nzcG4PKqp7d7d+9IwtLrk7mZ2UP+y6tl40nXCUkd8XXx70TLQZiXlM8jhWQUqLT0yBQAPXB6VUlpN4yCCi2T7Co83fG1ZLjPRxWM9k1IqxjXWVdoy5XVhEyh+eSDpgd3XFeys9gSX2wQlzodTVkMvXw7VKxoPtl8HHw== mike@betamike.com";
+    # need an intermediate data directory with permissions for the gitolite user
+    # otherwise this won't work between instances of the droplet
+    dataDir = "${storage-dir}/data/gitolite";
+  };
+
+  users.users.lighttpd.extraGroups = [ "gitolite" ];
+
+  services.lighttpd.enable = true;
+  services.lighttpd.cgit = {
+    enable = true;
+    configText = ''
+      source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+      project-list=/srv/data/gitolite/projects.list
+      scan-path=/srv/data/gitolite/repositories
+    '';
+  };
+}

nixos_configs/matrix.nix

@@ -1,8 +1,10 @@
 # adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
 { modulesPath, config, lib, pkgs, ... }:
 let 
+  matrix-registration = import ../../matrix-registration/default.nix;
   storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
   storage-dir = "/opt/matrix-data";
+  matrix-reg-dir = "${storage-dir}/matrix-registration";
   matrix-reg-key = (builtins.readFile ./matrix_reg_key);
   fqdn = 
     let
@@ -13,7 +15,7 @@ in {
      "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
   ];
 
-  environment.systemPackages = [ pkgs.jq ];
+  environment.systemPackages = [ pkgs.jq matrix-registration ];
   services.openssh.enable = true;
   networking.firewall.allowedTCPPorts = [ 22 80 443 ];
 
@@ -80,8 +82,11 @@ in {
           return 200 '${builtins.toJSON client}';
         '';
         locations."/".extraConfig = ''
-          return 301 https://chat.waffle.farm;
+          return 301 https://waffle.farm/register;
         '';
+        locations."~ ^/(static|register)" = {
+          proxyPass = "http://localhost:5000";
+        };
 
       };
       # Reverse proxy for Matrix client-server and server-server communication
@@ -122,6 +127,10 @@ in {
     enable = true;
     server_name = config.networking.domain;
     registration_shared_secret = matrix-reg-key;
+    extraConfig = ''
+      auto_join_rooms:
+        - "#cryptic-chat:waffle.farm"
+    '';
 
     listeners = [
       {
@@ -145,4 +154,54 @@ in {
     "${config.networking.domain}".email = "mike@betamike.com";
     "chat.${config.networking.domain}".email = "mike@betamike.com";
   };
+  users.users.matrix-registration = {
+    home = matrix-reg-dir;
+    createHome = true;
+  };
+
+  systemd.services.matrix-registration = let
+  configFile = pkgs.writeText "matrix-reg-config.yaml" ''
+server_location: 'https://matrix.waffle.farm:443'
+server_name: 'waffle.farm'
+shared_secret: '${matrix-reg-key}'
+riot_instance: 'chat.waffle.farm'
+db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
+host: 'localhost'
+port: 5000
+rate_limit: ["100 per day", "10 per minute"]
+allow_cors: false
+logging:
+  disable_existing_loggers: False
+  version: 1
+  root:
+    level: DEBUG
+    handlers: [console]
+  formatters:
+    brief:
+      format: '%(name)s - %(levelname)s - %(message)s'
+    precise:
+      format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+  handlers:
+    console:
+      class: logging.StreamHandler
+      level: INFO
+      formatter: brief
+      stream: ext://sys.stdout
+password:
+  min_length: 8
+  '';
+  in {
+    enable = true;
+    after = [ "matrix-synapse.service" ];
+    bindsTo = [ "matrix-synapse.service" ];
+    description = "Matrix-registration daemon";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "simple";
+      WorkingDirectory = matrix-registration;
+      ExecStart = "${matrix-registration}/bin/matrix-registration --config-path ${configFile} serve";
+      User = "matrix-registration";
+      Restart = "always";
+    };
+  };
 }

terraform/git.tf

@@ -0,0 +1,35 @@
+resource "digitalocean_volume" "git" {
+  region = "nyc3"
+  name = "git-storage-1"
+  size = 1
+  initial_filesystem_type = "ext4"
+}
+
+resource "digitalocean_droplet" "git-1" {
+  name = "git-1"
+
+  image = data.digitalocean_image.nixos_base.id 
+  region = "nyc3"
+  size = "s-1vcpu-1gb"
+
+  ssh_keys = [data.digitalocean_ssh_key.mops.id]
+}
+
+resource "digitalocean_volume_attachment" "git" {
+  droplet_id = digitalocean_droplet.git-1.id
+  volume_id = digitalocean_volume.git.id
+}
+
+module "deploy_nixos_git" {
+  source = "github.com/tweag/terraform-nixos//deploy_nixos?ref=d055d2180da230e47ba9082fc53a8b7d1fadbc43"
+
+  nixos_config = "../nixos_configs/git.nix"
+
+  target_user = "root"
+  target_host = digitalocean_droplet.git-1.ipv4_address
+
+  triggers = {
+    // Also re-deploy whenever the VM is re-created
+    instance_id = digitalocean_droplet.git-1.id
+  }
+}

terraform/matrix.tf

@@ -14,7 +14,7 @@ resource "digitalocean_droplet" "matrix-0" {
 
   image = data.digitalocean_image.nixos_base.id 
   region = "nyc3"
-  size = "s-1vcpu-1gb"
+  size = "s-2vcpu-2gb"
 
   ssh_keys = [data.digitalocean_ssh_key.mops.id]
 }