spice up matrix a lil · hyl.st/helm@920335a

+39 -186

profiles/matrix/default.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 3 3 { 4 + imports = [ 5 + ./mautrix-telegram 6 + # ./mjolnir.nix # need to create the mod user 7 + ./heisenbridge.nix 8 + ]; 9 + environment.systemPackages = [ pkgs.matrix-synapse-tools.rust-synapse-compress-state ]; 4 10 5 11 services.matrix-synapse = { 6 12 enable = true; ··· 43 49 extraConfig = '' 44 50 max_upload_size: "50M" 45 51 use_presence: false 46 - registration_shared_secret: "hD9HQGTTDxp0mQsQ5JDsfudWMDiubmZENOgPchIvfBvUlPxlvQSvjoO4wn2L1seU"; 52 + registration_shared_secret: "hD9HQGTTDxp0mQsQ5JDsfudWMDiubmZENOgPchIvfBvUlPxlvQSvjoO4wn2L1seU"; # TODO agenix 47 53 ''; 48 54 enable_metrics = true; 49 55 enable_registration = false; ··· 57 63 ## and reused here (power of Nix being a real programming language) 58 64 }; 59 65 60 - services.coturn = { 61 - enable = true; 62 - use-auth-secret = true; 63 - static-auth-secret = "jXW1ohIq6wM3NB00xeME3uBihY85xjpkhGoyzBIdwhOpj7gjyxXZu1fwp1lUiYwJ"; # TODO agenix 64 - realm = "turn.sealight.xyz"; 65 - min-port = 49111; 66 - max-port = 51111; 67 - no-cli = true; 68 - no-tcp-relay = true; 69 - no-tls = true; 70 - cert = "${config.security.acme.certs."turn.sealight.xyz".directory}/full.pem"; 71 - pkey = "${config.security.acme.certs."turn.sealight.xyz".directory}/key.pem"; 72 - extraConfig = '' 73 - verbose 74 - user-quota=12 75 - total-quota=1200 76 - denied-peer-ip=10.0.0.0-10.255.255.255 77 - denied-peer-ip=192.168.0.0-192.168.255.255 78 - denied-peer-ip=172.16.0.0-172.31.255.255 79 - denied-peer-ip=0.0.0.0-0.255.255.255 80 - denied-peer-ip=100.64.0.0-100.127.255.255 81 - denied-peer-ip=127.0.0.0-127.255.255.255 82 - denied-peer-ip=169.254.0.0-169.254.255.255 83 - denied-peer-ip=192.0.0.0-192.0.0.255 84 - denied-peer-ip=192.0.2.0-192.0.2.255 85 - denied-peer-ip=192.88.99.0-192.88.99.255 86 - denied-peer-ip=198.18.0.0-198.19.255.255 87 - denied-peer-ip=198.51.100.0-198.51.100.255 88 - denied-peer-ip=203.0.113.0-203.0.113.255 89 - denied-peer-ip=240.0.0.0-255.255.255.255 90 - ''; 91 - }; 66 + # services.coturn = { 67 + # enable = true; 68 + # use-auth-secret = true; 69 + # static-auth-secret = "jXW1ohIq6wM3NB00xeME3uBihY85xjpkhGoyzBIdwhOpj7gjyxXZu1fwp1lUiYwJ"; # TODO agenix 70 + # realm = "turn.sealight.xyz"; 71 + # min-port = 49111; 72 + # max-port = 51111; 73 + # no-cli = true; 74 + # no-tcp-relay = true; 75 + # no-tls = true; 76 + # cert = "${config.security.acme.certs."turn.sealight.xyz".directory}/full.pem"; 77 + # pkey = "${config.security.acme.certs."turn.sealight.xyz".directory}/key.pem"; 78 + # extraConfig = '' 79 + # verbose 80 + # user-quota=12 81 + # total-quota=1200 82 + # denied-peer-ip=10.0.0.0-10.255.255.255 83 + # denied-peer-ip=192.168.0.0-192.168.255.255 84 + # denied-peer-ip=172.16.0.0-172.31.255.255 85 + # denied-peer-ip=0.0.0.0-0.255.255.255 86 + # denied-peer-ip=100.64.0.0-100.127.255.255 87 + # denied-peer-ip=127.0.0.0-127.255.255.255 88 + # denied-peer-ip=169.254.0.0-169.254.255.255 89 + # denied-peer-ip=192.0.0.0-192.0.0.255 90 + # denied-peer-ip=192.0.2.0-192.0.2.255 91 + # denied-peer-ip=192.88.99.0-192.88.99.255 92 + # denied-peer-ip=198.18.0.0-198.19.255.255 93 + # denied-peer-ip=198.51.100.0-198.51.100.255 94 + # denied-peer-ip=203.0.113.0-203.0.113.255 95 + # denied-peer-ip=240.0.0.0-255.255.255.255 96 + # ''; 97 + # }; 92 98 93 99 security.acme.certs.${config.services.coturn.realm} = { 94 100 /* insert here the right configuration to obtain a certificate */ ··· 222 228 recommendedOptimisation = true; 223 229 recommendedTlsSettings = true; 224 230 }; 225 - 226 - services.mautrix-telegram = { 227 - enable = true; 228 - environmentFile = /etc/secrets/telegram.env; # file containing the appservice and telegram tokens 229 - # The appservice is pre-configured to use SQLite by default. It's also possible to use PostgreSQL. 230 - settings = { 231 - homeserver = { 232 - address = "https://sealight.xyz"; 233 - domain = "sealight.xyz"; 234 - }; 235 - appservice = { 236 - provisioning.enabled = false; 237 - id = "telegram"; 238 - bot_username = "telegrambridge"; 239 - public = { 240 - enabled = false; 241 - prefix = "/public"; 242 - external = "https://chat.sealight.xyz/public"; 243 - }; 244 - address = "http://localhost:18787"; 245 - port = 18787; 246 - # The service uses SQLite by default, but it's also possible to use PostgreSQL instead: 247 - #database = "postgresql:///mautrix-telegram?host=/run/postgresql"; 248 - }; 249 - bridge = { 250 - relaybot.authless_portals = false; 251 - permissions = { 252 - "@aynish:sealight.xyz" = "admin"; 253 - }; 254 - }; 255 - }; 256 - }; 257 - 258 - services.sealight.heisenbridge = { 259 - enable = true; 260 - homeserver = "https://sealight.xyz"; 261 - listenPort = 14456; 262 - appServiceToken = "wyujLh8kjpmk2bfKeEE3sZ2gWOEUBKK5"; 263 - homeserverToken = "yEHs7lthD2ZHUibJOAv1APaFhEjxN5PT"; 264 - }; 265 - 266 - 267 - # environment.systemPackages = with pkgs; [ matrix-appservice-slack ]; 268 - #services.mx-puppet-slack= { 269 - #enable = false; 270 - #settings = { 271 - # bridge = { 272 - # bindAddress = "localhost"; 273 - # port = 16786; 274 - # domain = "sealight.xyz"; 275 - # homeserverUrl = "https://sealight.xyz"; 276 - # }; 277 - # provisioning = { 278 - # whitelist = [ "@aynish:sealight.xyz" ]; 279 - # }; 280 - # relay = { 281 - # whitelist = [ "@aynish:sealight.xyz" ]; 282 - # }; 283 - # namePatterns = { 284 - # group = ":name"; 285 - # room = ":name[:team? - :team,]"; 286 - # user = ":name (Slack)"; 287 - # userOverride = ":displayname"; 288 - # }; 289 - # presence = { 290 - # enabled = false; 291 - # }; 292 - # oauth = { 293 - # enabled = false; 294 - # }; 295 - #}; 296 - #serviceDependencies = ["matrix-synapse.service"]; 297 - #}; 298 - 299 - # services.mautrix-whatsapp = { 300 - # enable = false; 301 - # The appservice is pre-configured to use SQLite by default. It's also possible to use PostgreSQL. 302 - #configOptions = { 303 - # homeserver = { 304 - # address = "https://chat.sealight.xyz"; 305 - # domain = "sealight.xyz"; 306 - # }; 307 - # appservice = { 308 - # id = "whatsapp"; 309 - # address = http://localhost:9897; 310 - # hostname = "0.0.0.0"; 311 - # port = 9897; 312 - # database = { 313 - # type = "sqlite3"; 314 - # uri = "/var/lib/mautrix-whatsapp/mautrix-whatsapp.db"; 315 - # }; 316 - # state_store_path = "/var/lib/mautrix-whatsapp/mx-state.json"; 317 - # bot = { 318 - # username = "whatsappbot"; 319 - # displayname = "WhatsApp bridge bot"; 320 - # avatar = "mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr"; 321 - # }; 322 - # as_token = ""; 323 - # hs_token = ""; 324 - # }; 325 - # bridge = { 326 - # username_template = "whatsapp_{{.}}"; 327 - # displayname_template = "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)"; 328 - # command_prefix = "!wa"; 329 - # permissions = { 330 - # "@aynish:sealight.xyz" = 100; 331 - # }; 332 - # }; 333 - # logging = { 334 - # directory = "/var/lib/mautrix-whatsapp/logs"; 335 - # file_name_format = "{{.Date}}-{{.Index}}.log"; 336 - # file_date_format = "\"2006-01-02\""; 337 - # file_mode = 384; 338 - # timestamp_format = "Jan _2, 2006 15:04:05"; 339 - # print_level = "debug"; 340 - # }; 341 - # metrics = { 342 - # enabled = true; 343 - # listen = "http://localhost:5070"; 344 - # }; 345 - #}; 346 - # }; 347 - 348 - #services.mx-puppet-discord = { 349 - # enable = true; 350 - # settings = { 351 - # bridge = { 352 - # bindAddress = "localhost"; 353 - # port = 16785; 354 - # domain = "sealight.xyz"; 355 - # homeserverUrl = "https://sealight.xyz"; 356 - # avatarUrl = "https://discord.com/assets/2d20a45d79110dc5bf947137e9d99b66.svg"; 357 - # }; 358 - # provisioning = { 359 - # whitelist = [ "@aynish:sealight.xyz" ]; 360 - # }; 361 - # relay = { 362 - # whitelist = [ "@aynish:sealight.xyz" ]; 363 - # }; 364 - # namePatterns = { 365 - # group = ":name"; 366 - # room = ":name"; 367 - # user = ":name (Discord)"; 368 - # userOverride = ":displayname"; 369 - # }; 370 - # presence = { 371 - # enabled = false; 372 - # }; 373 - # }; 374 - # serviceDependencies = [ "matrix-synapse.service" ]; 375 - #}; 376 - 377 - 378 231 379 232 }

+10

profiles/matrix/heisenbridge.nix

··· 1 + { pkgs, lib, config, ... }: 2 + { 3 + services.sealight.heisenbridge = { 4 + enable = true; 5 + homeserver = "https://sealight.xyz"; 6 + listenPort = 14456; 7 + appServiceToken = "wyujLh8kjpmk2bfKeEE3sZ2gWOEUBKK5"; 8 + homeserverToken = "yEHs7lthD2ZHUibJOAv1APaFhEjxN5PT"; 9 + }; 10 + }

+35

profiles/matrix/mautrix-telegram.nix

··· 1 + { config, lib, pkgs, ... }: 2 + { 3 + services.mautrix-telegram = { 4 + enable = true; 5 + environmentFile = /etc/secrets/telegram.env; # TODO agenix 6 + # TODO use pgsql 7 + # The appservice is pre-configured to use SQLite by default. It's also possible to use PostgreSQL. 8 + settings = { 9 + homeserver = { 10 + address = "https://sealight.xyz"; 11 + domain = "sealight.xyz"; 12 + }; 13 + appservice = { 14 + provisioning.enabled = false; 15 + id = "telegram"; 16 + bot_username = "telegrambridge"; 17 + public = { 18 + enabled = false; 19 + prefix = "/public"; 20 + external = "https://chat.sealight.xyz/public"; 21 + }; 22 + address = "http://localhost:18787"; 23 + port = 18787; 24 + # The service uses SQLite by default, but it's also possible to use PostgreSQL instead: 25 + #database = "postgresql:///mautrix-telegram?host=/run/postgresql"; 26 + }; 27 + bridge = { 28 + relaybot.authless_portals = false; 29 + permissions = { 30 + "@aynish:sealight.xyz" = "admin"; 31 + }; 32 + }; 33 + }; 34 + }; 35 + }

+20

profiles/matrix/mjolnir.nix

··· 1 + { pkgs, lib, config, ... }: 2 + { 3 + services.mjolnir = { 4 + enable = true; 5 + protectedRooms = [ 6 + "https://matrix.to/#/#public:sealight.xyz" 7 + "https://matrix.to/#/#theFeed:sealight.xyz" 8 + "https://matrix.to/#/#control:sealight.xyz" 9 + ]; 10 + managementRoom = "#control:sealight.xyz"; 11 + homeserverUrl = "https://sealight.xyz"; 12 + 13 + pantalaimon = { 14 + enable = true; 15 + username = "mod"; 16 + passwordFile = "/run/agenix/sealight-mod-password"; # TODO 17 + options.homeserver = config.services.mjolnir.homeserverUrl; 18 + }; 19 + }; 20 + }

Configure Feed

Configure Feed