From 7ef2ad3c70598953da86af85ca4061c379dc0eea Mon Sep 17 00:00:00 2001
From: Mike Cugini <mike@betamike.com>
Date: Fri, 15 Oct 2021 22:16:03 -0400
Subject: [PATCH] add floating ip for git hosting and upgrade matrix services

---
 nixos_configs/git.nix    |  2 +-
 nixos_configs/matrix.nix | 18 +++++++++++++-----
 terraform/git.tf         |  5 +++++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/nixos_configs/git.nix b/nixos_configs/git.nix
index ba0dbc3..0990fb5 100644
--- a/nixos_configs/git.nix
+++ b/nixos_configs/git.nix
@@ -42,7 +42,7 @@ in
     # only send cookies over tls
     cookieSecure = true;
 
-    disableRegistration = false;
+    disableRegistration = true;
 
     settings.server.LANDING_PAGE = "explore";
   };
diff --git a/nixos_configs/matrix.nix b/nixos_configs/matrix.nix
index 85ee822..5bd343d 100644
--- a/nixos_configs/matrix.nix
+++ b/nixos_configs/matrix.nix
@@ -169,22 +169,26 @@ in {
   users.users.matrix-registration = {
     home = matrix-reg-dir;
     createHome = true;
+    isNormalUser = true;
   };
 
   systemd.services.matrix-registration = let
   configFile = pkgs.writeText "matrix-reg-config.yaml" ''
 server_location: 'https://matrix.waffle.farm:443'
-base_url: 'waffle.farm'
+base_url: ""
 server_name: 'waffle.farm'
-shared_secret: '${secrets.matrix.registration_secret}'
-riot_instance: 'chat.waffle.farm'
+registration_shared_secret: '${secrets.matrix.registration_secret}'
+admin_api_shared_secret: '${secrets.matrix.admin_api_secret}'
+client_redirect: 'chat.waffle.farm'
+client_logo: 'static/images/element-logo.png'
 db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
 host: 'localhost'
 port: 5000
-rate_limit: ["100 per day", "10 per minute"]
+rate_limit: ["1000 per day", "100 per minute"]
 allow_cors: false
+ip_logging: false
 logging:
-  disable_existing_loggers: False
+  disable_existing_loggers: false
   version: 1
   root:
     level: DEBUG
@@ -202,6 +206,9 @@ logging:
       stream: ext://sys.stdout
 password:
   min_length: 8
+username:
+  validation_regex: [] #list of regexes that the selected username must match.        Example: '[a-zA-Z]\.[a-zA-Z]'
+  invalidation_regex: [] #list of regexes that the selected username must NOT match.  Example: '(admin|support)'
   '';
   in {
     enable = true;
@@ -221,6 +228,7 @@ password:
   users.users.slackbridge = {
     home = slackbridge-dir;
     createHome = true;
+    isNormalUser = true;
   };
 
   systemd.services.matrix-appservice-slack = let
diff --git a/terraform/git.tf b/terraform/git.tf
index 85a33f9..2b9e10b 100644
--- a/terraform/git.tf
+++ b/terraform/git.tf
@@ -15,6 +15,11 @@ resource "digitalocean_droplet" "git-1" {
   ssh_keys = [data.digitalocean_ssh_key.mops.id]
 }
 
+resource "digitalocean_floating_ip" "code_betamike_com" {
+  droplet_id = digitalocean_droplet.git-1.id
+  region     = digitalocean_droplet.git-1.region
+}
+
 resource "digitalocean_volume_attachment" "git" {
   droplet_id = digitalocean_droplet.git-1.id
   volume_id = digitalocean_volume.git.id