support matrix slackbridge

This commit is contained in:
Mike Cugini 2021-03-11 10:01:01 -05:00
parent 50cf829d0e
commit 41de6bbd8a
2 changed files with 89 additions and 3 deletions

3
.gitignore vendored
View File

@ -1,3 +1,6 @@
.envrc .envrc
.terraform .terraform
matrix_reg_key matrix_reg_key
slack_client_secret
slack-registration.yaml
*_psql_password

View File

@ -5,7 +5,14 @@ let
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage"; storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
storage-dir = "/srv/matrix-data"; storage-dir = "/srv/matrix-data";
matrix-reg-dir = "${storage-dir}/matrix-registration"; matrix-reg-dir = "${storage-dir}/matrix-registration";
matrix-reg-key = (builtins.readFile ./matrix_reg_key); slackbridge-dir = "${storage-dir}/slackbridge";
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
fqdn = fqdn =
let let
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
@ -15,7 +22,7 @@ in {
"${toString modulesPath}/virtualisation/digital-ocean-image.nix" "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
]; ];
environment.systemPackages = [ pkgs.jq matrix-registration ]; environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack ];
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ];
@ -40,11 +47,14 @@ in {
dataDir = "${storage-dir}/db"; dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0 TEMPLATE template0
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
CREATE DATABASE slack_bridge;
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
''; '';
}; };
@ -87,6 +97,9 @@ in {
locations."~ ^/(static|register)" = { locations."~ ^/(static|register)" = {
proxyPass = "http://localhost:5000"; proxyPass = "http://localhost:5000";
}; };
locations."~ ^/slackbridge" = {
proxyPass = "http://localhost:9898";
};
}; };
# Reverse proxy for Matrix client-server and server-server communication # Reverse proxy for Matrix client-server and server-server communication
@ -131,6 +144,8 @@ in {
allow_public_rooms_over_federation: true allow_public_rooms_over_federation: true
auto_join_rooms: auto_join_rooms:
- "#cryptic-chat:waffle.farm" - "#cryptic-chat:waffle.farm"
app_service_config_files:
- "${slack-reg-dest-yaml}"
''; '';
listeners = [ listeners = [
@ -206,4 +221,72 @@ password:
Restart = "always"; Restart = "always";
}; };
}; };
users.users.slackbridge = {
home = slackbridge-dir;
createHome = true;
};
systemd.services.matrix-appservice-slack = let
slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" ''
homeserver:
server_name: waffle.farm
url: http://[::1]:8008
media_url: "http://matrix.waffle.farm"
appservice_port: 8090
username_prefix: "slack_"
db:
engine: "postgres"
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
rtm:
enable: true
logging: "silent"
slack_hook_port: 9898
inbound_uri_prefix: "https://waffle.farm/slackbridge/"
# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves.
#
oauth2:
client_id: "4494054004.1702274627236"
client_secret: "${slack-client-secret}"
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
enable_metrics: true
provisioning:
enabled: true
require_public_room: true
allow_private_channels: true
limits:
room_count: 20
team_count: 1
puppeting:
enabled: true
onboard_users: true
logging:
console: "debug"
bot_profile:
displayname: "Slack Bridger"
'';
in {
enable = true;
description = "matrix-appservice-slack daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090";
User = "slackbridge";
Restart = "always";
};
};
} }