overlay: add matrix-synapse -> 1.76.0

configs/ci.nix

@@ -0,0 +1,67 @@
+{ config, lib, pkgs, inputs, ... }:
+with lib; {
+  options = {
+    xinCI = {
+      enable = mkEnableOption "Configure host as a xin CI host.";
+      user = mkOption {
+        type = types.str;
+        default = "root";
+        description = ''
+          User who will own the private key.
+        '';
+      };
+    };
+  };
+
+  config = mkIf config.xinCI.enable {
+    imports = [ ../../modules/ts-rev-prox.nix ];
+    sops.defaultSopsFile = config.xin-secrets.ci;
+    sops.secrets = {
+      ci_ed25519_key = {
+        mode = "400";
+        owner = config.xinCI.user;
+      };
+      ci_ed25519_pub = {
+        mode = "444";
+        owner = config.xinCI.user;
+      };
+      bin_cache_priv_key = {
+        mode = "400";
+        owner = "root";
+        group = "wheel";
+      };
+      bin_cache_pub_key = {
+        mode = "444";
+        owner = "root";
+        group = "wheel";
+      };
+      ts_proxy_env = {
+        mode = "400";
+        owner = config.services.tsrevprox.user;
+      };
+    };
+    environment.systemPackages = [ inputs.po.packages.${pkgs.system}.po ];
+
+    nix = {
+      settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
+    };
+    services = {
+      tsrevprox = {
+        enable = true;
+        reverseName = "nix-binary-cache";
+        envFile = config.sops.secrets.ts_proxy_env.path;
+      };
+      nix-serve = {
+        package = pkgs.nix-serve.override {
+          nix =
+            inputs.unstable.legacyPackages.x86_64-linux.nixVersions.nix_2_13;
+        };
+        enable = true;
+        secretKeyFile = config.sops.secrets.bin_cache_priv_key.path;
+        bindAddress = "127.0.0.1";
+      };
+    };
+
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  };
+}

modules/ts-rev-prox.nix

@@ -0,0 +1,99 @@
+{ lib, config, pkgs, inputs, ... }:
+let cfg = config.services.tsrevprox;
+in {
+  options = with lib; {
+    services.tsrevprox = {
+      enable = lib.mkEnableOption "Enable tsrevprox";
+
+      reversePort = mkOption {
+        type = types.int;
+        default = 5000;
+        description = ''
+          Port to forward connections to.
+        '';
+      };
+
+      reverseIP = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = ''
+          IP to forward connections to.
+        '';
+      };
+
+      reverseName = mkOption {
+        type = types.str;
+        default = "tsrevprox";
+        description = ''
+          Name used in for the front facing http server (will be a tailscale name).
+          '';
+      };
+
+      user = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "tsrevprox";
+        description = ''
+          The user the service will use.
+        '';
+      };
+
+      group = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "tsrevprox";
+        description = ''
+          The group the service will use.
+        '';
+      };
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/tsrevprox";
+        description = "Path tsrevprox home directory";
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.ts-reverse-proxy;
+        defaultText = literalExpression "pkgs.ts-reverse-proxy";
+        description = "The package to use for ts-reverse-proxy";
+      };
+
+      envFile = mkOption {
+        type = types.path;
+        default = "/run/secrets/ts_proxy_env";
+        description = ''
+          Path to a file containing the ts-reverse-proxy token information
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf (cfg.enable) {
+    users.groups.${cfg.group} = { };
+    users.users.${cfg.user} = {
+      description = "tsrevprox service user";
+      isSystemUser = true;
+      home = "${cfg.dataDir}";
+      createHome = true;
+      group = "${cfg.group}";
+    };
+
+    systemd.services.tsrevprox = {
+      enable = true;
+      description = "tsrevprox server";
+      wantedBy = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+
+      environment = { HOME = "${cfg.dataDir}"; };
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        ExecStart =
+          "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${toString cfg.reversePort} -ip ${cfg.reverseIP}";
+        EnvironmentFile = cfg.envFile;
+      };
+    };
+  };
+}

overlays/default.nix

@@ -19,6 +19,25 @@ let
         });
     };
   };
+  matrix-synapse = self: super: {
+    matrix-synapse = super.matrix-synapse.overrideAttrs (old: rec {
+      version = "1.76.0";
+      pname = "matrix-synapse";
+
+      src = super.fetchFromGitHub {
+        owner = "matrix-org";
+        repo = "synapse";
+        rev = "v${version}";
+        hash = "sha256-kPc6T8yLe1TDxPKLnK/TcU+RUxAVIq8qsr5JQXCXyjM=";
+      };
+
+      cargoDeps = super.rustPlatform.fetchCargoTarball {
+        inherit src;
+        name = "${pname}-${version}";
+        hash = "sha256-tXtnVYH9uWu0nHHx53PgML92NWl3qcAcnFKhiijvQBc=";
+      };
+    });
+  };
 in {
   nixpkgs.overlays = if isUnstable then [
     tailscale
@@ -82,19 +101,10 @@ in {
 
       });
     })
-    (self: super: {
+  ] else [
-      aerc = super.aerc.overrideAttrs (old: {
+    tailscale
-        patches = [
+    matrix-synapse
-          (pkgs.fetchurl {
+  ];
-            url =
-              "https://lists.sr.ht/~rjarry/aerc-devel/%3C20221218160541.680374-1-moritz%40poldrack.dev%3E/raw";
-            sha256 = "sha256-qPRMOuPs5Pxiu2p08vGxsoO057Y1rVltPyBMbJXsH1s=";
-          })
-        ];
-      });
-    })
-  ] else
-    [ tailscale ];
 }
 
 # Example Python dep overlay