339 lines
8.2 KiB
Nix
339 lines
8.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
clan.core.postgresql = {
|
|
enable = true;
|
|
|
|
users = {
|
|
matrix-synapse = { };
|
|
mautrix-signal = { };
|
|
mautrix-whatsapp = { };
|
|
mautrix-telegram = { };
|
|
};
|
|
|
|
databases = {
|
|
matrix-synapse = {
|
|
create.options = {
|
|
ENCODING = "UTF8";
|
|
TEMPLATE = "template0";
|
|
OWNER = "matrix-synapse";
|
|
LC_COLLATE = "C";
|
|
LC_CTYPE = "C";
|
|
};
|
|
restore.stopOnRestore = [ "matrix-synapse" ];
|
|
};
|
|
mautrix-signal = {
|
|
restore.stopOnRestore = [ "mautrix-signal" ];
|
|
};
|
|
mautrix-whatsapp = {
|
|
restore.stopOnRestore = [ "mautrix-whatsapp" ];
|
|
};
|
|
mautrix-telegram = {
|
|
restore.stopOnRestore = [ "mautrix-telegram" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
clan.core.state.matrix = {
|
|
folders = [ "/var/backup/matrix-synapse" ];
|
|
|
|
preBackupScript = ''
|
|
export PATH=${
|
|
lib.makeBinPath [
|
|
pkgs.coreutils
|
|
pkgs.rsync
|
|
]
|
|
}
|
|
mkdir -p /var/backup/matrix-synapse
|
|
|
|
rsync -avH --delete --numeric-ids --include='homeserver.signing.key' --include='media_store' --exclude='media_store/remote_*' --exclude='media_store/url_cache*' /var/lib/matrix-synapse /var/backup/matrix-synapse/
|
|
'';
|
|
|
|
postRestoreScript = ''
|
|
export PATH=${
|
|
lib.makeBinPath [
|
|
config.systemd.package
|
|
pkgs.coreutils
|
|
pkgs.rsync
|
|
]
|
|
}
|
|
|
|
service_status="$(systemctl is-active matrix-synapse)"
|
|
|
|
systemctl stop matrix-synapse
|
|
|
|
rsync -avH --delete --numeric-ids /var/backup/matrix-synapse/ /var/lib/matrix-synapse/
|
|
|
|
if [ "$service_status" = "active" ]; then
|
|
systemctl start matrix-synapse
|
|
fi
|
|
'';
|
|
};
|
|
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
settings = {
|
|
server_name = "peprolinbot.com";
|
|
public_baseurl = "https://synapse.peprolinbot.com/";
|
|
listeners = [
|
|
{
|
|
bind_addresses = [ "::1" ];
|
|
port = 8008;
|
|
resources = [
|
|
{
|
|
compress = false;
|
|
names = [
|
|
"client"
|
|
"federation"
|
|
];
|
|
}
|
|
];
|
|
tls = false;
|
|
type = "http";
|
|
x_forwarded = true;
|
|
}
|
|
];
|
|
database = {
|
|
name = "psycopg2";
|
|
args = {
|
|
user = "matrix-synapse";
|
|
database = "matrix-synapse";
|
|
};
|
|
};
|
|
report_stats = false;
|
|
|
|
experimental_features = {
|
|
# Enable history backfilling support
|
|
msc2716_enabled = true;
|
|
};
|
|
max_upload_size = "1024M";
|
|
|
|
oidc_providers = [
|
|
{
|
|
idp_id = "kanidm";
|
|
idp_name = "FruesAuth";
|
|
idp_icon = "mxc://peprolinbot.com/oKncNzBglyvNwvwsPMkxoPsK";
|
|
issuer = "https://idm.peprolinbot.com/oauth2/openid/matrix/";
|
|
client_id = "matrix";
|
|
client_secret_path =
|
|
config.clan.core.vars.generators.matrix-synapse.files.kanidm_oidc_client_secret.path;
|
|
scopes = [
|
|
"openid"
|
|
"profile"
|
|
"email"
|
|
];
|
|
user_mapping_provider.config = {
|
|
localpart_template = "{{ user.preferred_username }}";
|
|
display_name_template = "{{ user.name }}";
|
|
email_template = "{{ user.email }}";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
clan.core.vars.generators.matrix-synapse = {
|
|
prompts = {
|
|
kanidm_oidc_client_secret = {
|
|
description = "Client secret to use Kanidm as OIDC provider in Matrix Synapse";
|
|
type = "hidden";
|
|
persist = true;
|
|
};
|
|
};
|
|
|
|
files.kanidm_oidc_client_secret = {
|
|
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
|
group = config.systemd.services.matrix-synapse.serviceConfig.Group;
|
|
};
|
|
};
|
|
|
|
services.mautrix-whatsapp = {
|
|
enable = true;
|
|
registerToSynapse = true;
|
|
|
|
environmentFile = config.clan.core.vars.generators.mautrix-whatsapp.files.environment-file.path;
|
|
|
|
settings = {
|
|
homeserver = {
|
|
address = "http://[::1]:8008";
|
|
domain = "peprolinbot.com";
|
|
};
|
|
|
|
appservice = {
|
|
address = "http://localhost:29318"; # The address that the homeserver can use to connect to this appservice.
|
|
hostname = "[::1]";
|
|
port = 29318;
|
|
};
|
|
|
|
database = {
|
|
type = "postgres";
|
|
uri = "postgresql:///mautrix-whatsapp?host=/var/run/postgresql";
|
|
};
|
|
|
|
network = {
|
|
os_name = "Mautrix-WhatsApp bridge";
|
|
displayname_template = "{{if .FullName}}{{.FullName}}{{else if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)";
|
|
};
|
|
|
|
bridge = {
|
|
permissions = {
|
|
"@peprolinbot:peprolinbot.com" = "admin";
|
|
"peprolinbot.com" = "user";
|
|
"*" = "relay";
|
|
};
|
|
};
|
|
|
|
encryption = {
|
|
allow = true;
|
|
|
|
};
|
|
|
|
# Secrets set using environment file
|
|
encryption.pickle_key = "$ENCRYPTION_PICKLE_KEY";
|
|
};
|
|
};
|
|
|
|
clan.core.vars.generators.mautrix-whatsapp = {
|
|
prompts.encryption_pickle_key = {
|
|
type = "hidden";
|
|
};
|
|
|
|
files.environment-file.secret = true;
|
|
script = ''
|
|
cat <<EOL > $out/environment-file
|
|
ENCRYPTION_PICKLE_KEY = $(<$prompts/encryption_pickle_key)
|
|
EOL
|
|
'';
|
|
};
|
|
|
|
services.mautrix-signal = {
|
|
enable = true;
|
|
registerToSynapse = true;
|
|
|
|
environmentFile = config.clan.core.vars.generators.mautrix-signal.files.environment-file.path;
|
|
|
|
settings = {
|
|
homeserver = {
|
|
address = "http://[::1]:8008";
|
|
domain = "peprolinbot.com";
|
|
};
|
|
|
|
appservice = {
|
|
address = "http://localhost:29328"; # The address that the homeserver can use to connect to this appservice.
|
|
hostname = "[::1]";
|
|
port = 29328;
|
|
};
|
|
|
|
database = {
|
|
type = "postgres";
|
|
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
|
|
};
|
|
|
|
bridge = {
|
|
displayname_template = "{displayname} (TG)";
|
|
|
|
permissions = {
|
|
"@peprolinbot:peprolinbot.com" = "admin";
|
|
"peprolinbot.com" = "user";
|
|
"*" = "relay";
|
|
};
|
|
};
|
|
|
|
encryption = {
|
|
allow = true;
|
|
};
|
|
|
|
# Secrets set using environment file
|
|
encryption.pickle_key = "$ENCRYPTION_PICKLE_KEY";
|
|
};
|
|
};
|
|
|
|
clan.core.vars.generators.mautrix-signal = {
|
|
prompts.encryption_pickle_key = {
|
|
type = "hidden";
|
|
};
|
|
|
|
files.environment-file.secret = true;
|
|
script = ''
|
|
cat <<EOL > $out/environment-file
|
|
ENCRYPTION_PICKLE_KEY = $(<$prompts/encryption_pickle_key)
|
|
EOL
|
|
'';
|
|
};
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"olm-3.2.16"
|
|
];
|
|
|
|
services.mautrix-telegram = {
|
|
enable = true;
|
|
registerToSynapse = true;
|
|
|
|
environmentFile = config.clan.core.vars.generators.mautrix-telegram.files.environment-file.path;
|
|
|
|
settings = {
|
|
homeserver = {
|
|
address = "http://[::1]:8008";
|
|
domain = "peprolinbot.com";
|
|
};
|
|
|
|
appservice = {
|
|
address = "http://localhost:29317"; # The address that the homeserver can use to connect to this appservice.
|
|
hostname = "localhost";
|
|
port = 29317;
|
|
|
|
database = "postgresql:///mautrix-telegram?host=/var/run/postgresql";
|
|
};
|
|
|
|
bridge = {
|
|
permissions = {
|
|
"@peprolinbot:peprolinbot.com" = "admin";
|
|
"peprolinbot.com" = "full";
|
|
"*" = "relaybot";
|
|
};
|
|
|
|
encryption = {
|
|
allow = true;
|
|
};
|
|
|
|
logging.writers = [
|
|
{
|
|
type = "journald";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.mautrix-telegram.path = [ pkgs.lottieconverter ]; # for animated stickers conversion, unfree package
|
|
|
|
clan.core.vars.generators.mautrix-telegram = {
|
|
prompts.appservice_as_token = {
|
|
type = "hidden";
|
|
};
|
|
|
|
prompts.appservice_hs_token = {
|
|
type = "hidden";
|
|
};
|
|
|
|
prompts.telegram_api_id = {
|
|
type = "hidden";
|
|
};
|
|
|
|
prompts.telegram_api_hash = {
|
|
type = "hidden";
|
|
};
|
|
|
|
files.environment-file.secret = true;
|
|
script = ''
|
|
cat <<EOL > $out/environment-file
|
|
MAUTRIX_TELEGRAM_TELEGRAM_API_ID = $(<$prompts/telegram_api_id)
|
|
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH = $(<$prompts/telegram_api_hash)
|
|
EOL
|
|
'';
|
|
};
|
|
}
|