|
|
|
@ -1,10 +1,8 @@ |
|
|
|
|
# adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix |
|
|
|
|
{ modulesPath, config, lib, pkgs, ... }: |
|
|
|
|
let |
|
|
|
|
matrix-registration = import ../../matrix-registration/default.nix; |
|
|
|
|
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage"; |
|
|
|
|
storage-dir = "/srv/matrix-data"; |
|
|
|
|
matrix-reg-dir = "${storage-dir}/matrix-registration"; |
|
|
|
|
slackbridge-dir = "${storage-dir}/slackbridge"; |
|
|
|
|
pantalaimon-dir = "${storage-dir}/pantalaimon"; |
|
|
|
|
secrets = builtins.fromJSON (builtins.readFile ./secrets.json); |
|
|
|
@ -14,16 +12,13 @@ let |
|
|
|
|
discord-reg-dest-yaml = pkgs.writeText "discord-registration.yaml" "${discord-reg-source-yaml}"; |
|
|
|
|
discord-envs-src = (builtins.readFile ./discord_envs); |
|
|
|
|
discord-envs-dst = pkgs.writeText "discord_envs" "${discord-envs-src}"; |
|
|
|
|
fqdn = |
|
|
|
|
let |
|
|
|
|
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; |
|
|
|
|
in join config.networking.hostName config.networking.domain; |
|
|
|
|
fqdn = "${config.networking.hostName}.${config.networking.domain}"; |
|
|
|
|
clientConfig = { |
|
|
|
|
"m.homeserver".base_url = "https://${fqdn}"; |
|
|
|
|
"server_name" = "${config.networking.domain}"; |
|
|
|
|
"m.identity_server" = {}; |
|
|
|
|
}; |
|
|
|
|
serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; |
|
|
|
|
serverConfig."m.server" = "${fqdn}:443"; |
|
|
|
|
mkWellKnown = data: '' |
|
|
|
|
add_header Content-Type application/json; |
|
|
|
|
add_header Access-Control-Allow-Origin *; |
|
|
|
@ -40,8 +35,7 @@ in { |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack pkgs.pantalaimon pkgs.olm ]; |
|
|
|
|
environment.systemPackages = [ pkgs.jq pkgs.matrix-appservice-slack pkgs.pantalaimon pkgs.olm ]; |
|
|
|
|
services.openssh.enable = true; |
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; |
|
|
|
|
|
|
|
|
@ -90,16 +84,9 @@ in { |
|
|
|
|
forceSSL = true; |
|
|
|
|
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; |
|
|
|
|
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; |
|
|
|
|
locations."/".extraConfig = '' |
|
|
|
|
return 301 https://waffle.farm/register; |
|
|
|
|
''; |
|
|
|
|
locations."~ ^/(static|register)" = { |
|
|
|
|
proxyPass = "http://localhost:5000"; |
|
|
|
|
}; |
|
|
|
|
locations."~ ^/slackbridge" = { |
|
|
|
|
proxyPass = "http://localhost:9898"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
}; |
|
|
|
|
# Reverse proxy for Matrix client-server and server-server communication |
|
|
|
|
${fqdn} = { |
|
|
|
@ -163,15 +150,6 @@ in { |
|
|
|
|
]; |
|
|
|
|
}; |
|
|
|
|
extraConfigFiles = [ "${storage-dir}/matrix_cfg" ]; |
|
|
|
|
# registration_shared_secret = secrets.matrix.registration_secret; |
|
|
|
|
# extraConfig = '' |
|
|
|
|
# allow_public_rooms_over_federation: true |
|
|
|
|
# auto_join_rooms: |
|
|
|
|
# - "#cryptic-chat:waffle.farm" |
|
|
|
|
# app_service_config_files: |
|
|
|
|
# - "${slack-reg-dest-yaml}" |
|
|
|
|
# - "${discord-reg-dest-yaml}" |
|
|
|
|
# ''; |
|
|
|
|
}; |
|
|
|
|
security.acme.acceptTerms = true; |
|
|
|
|
security.acme.certs = { |
|
|
|
@ -179,64 +157,6 @@ in { |
|
|
|
|
"${config.networking.domain}".email = "mike@betamike.com"; |
|
|
|
|
"chat.${config.networking.domain}".email = "mike@betamike.com"; |
|
|
|
|
}; |
|
|
|
|
users.users.matrix-registration = { |
|
|
|
|
home = matrix-reg-dir; |
|
|
|
|
createHome = true; |
|
|
|
|
isNormalUser = true; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
systemd.services.matrix-registration = let |
|
|
|
|
configFile = pkgs.writeText "matrix-reg-config.yaml" '' |
|
|
|
|
server_location: 'https://matrix.waffle.farm:443' |
|
|
|
|
base_url: "" |
|
|
|
|
server_name: 'waffle.farm' |
|
|
|
|
registration_shared_secret: '${secrets.matrix.registration_secret}' |
|
|
|
|
admin_api_shared_secret: '${secrets.matrix.admin_api_secret}' |
|
|
|
|
client_redirect: 'chat.waffle.farm' |
|
|
|
|
client_logo: 'static/images/element-logo.png' |
|
|
|
|
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3' |
|
|
|
|
host: 'localhost' |
|
|
|
|
port: 5000 |
|
|
|
|
rate_limit: ["1000 per day", "100 per minute"] |
|
|
|
|
allow_cors: false |
|
|
|
|
ip_logging: false |
|
|
|
|
logging: |
|
|
|
|
disable_existing_loggers: false |
|
|
|
|
version: 1 |
|
|
|
|
root: |
|
|
|
|
level: DEBUG |
|
|
|
|
handlers: [console] |
|
|
|
|
formatters: |
|
|
|
|
brief: |
|
|
|
|
format: '%(name)s - %(levelname)s - %(message)s' |
|
|
|
|
precise: |
|
|
|
|
format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s' |
|
|
|
|
handlers: |
|
|
|
|
console: |
|
|
|
|
class: logging.StreamHandler |
|
|
|
|
level: INFO |
|
|
|
|
formatter: brief |
|
|
|
|
stream: ext://sys.stdout |
|
|
|
|
password: |
|
|
|
|
min_length: 8 |
|
|
|
|
username: |
|
|
|
|
validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]' |
|
|
|
|
invalidation_regex: [] #list of regexes that the selected username must NOT match. Example: '(admin|support)' |
|
|
|
|
''; |
|
|
|
|
in { |
|
|
|
|
enable = true; |
|
|
|
|
after = [ "matrix-synapse.service" ]; |
|
|
|
|
bindsTo = [ "matrix-synapse.service" ]; |
|
|
|
|
description = "Matrix-registration daemon"; |
|
|
|
|
wantedBy = [ "multi-user.target" ]; |
|
|
|
|
serviceConfig = { |
|
|
|
|
Type = "simple"; |
|
|
|
|
WorkingDirectory = matrix-registration; |
|
|
|
|
ExecStart = "${matrix-registration}/bin/matrix-registration --config-path ${configFile} serve"; |
|
|
|
|
User = "matrix-registration"; |
|
|
|
|
Restart = "always"; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
users.users.slackbridge = { |
|
|
|
|
home = slackbridge-dir; |
|
|
|
@ -244,90 +164,90 @@ username: |
|
|
|
|
isNormalUser = true; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
systemd.services.matrix-appservice-slack = let |
|
|
|
|
slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" '' |
|
|
|
|
homeserver: |
|
|
|
|
server_name: waffle.farm |
|
|
|
|
url: http://[::1]:8008 |
|
|
|
|
media_url: "http://matrix.waffle.farm" |
|
|
|
|
appservice_host: localhost |
|
|
|
|
appservice_port: 8090 |
|
|
|
|
username_prefix: "slack_" |
|
|
|
|
|
|
|
|
|
db: |
|
|
|
|
engine: "postgres" |
|
|
|
|
connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge" |
|
|
|
|
|
|
|
|
|
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm" |
|
|
|
|
|
|
|
|
|
rtm: |
|
|
|
|
enable: true |
|
|
|
|
logging: "debug" |
|
|
|
|
|
|
|
|
|
slack_hook_port: 9898 |
|
|
|
|
inbound_uri_prefix: "https://waffle.farm/slackbridge/" |
|
|
|
|
|
|
|
|
|
# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves. |
|
|
|
|
# systemd.services.matrix-appservice-slack = let |
|
|
|
|
# slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" '' |
|
|
|
|
#homeserver: |
|
|
|
|
# server_name: waffle.farm |
|
|
|
|
# url: http://[::1]:8008 |
|
|
|
|
# media_url: "http://matrix.waffle.farm" |
|
|
|
|
# appservice_host: localhost |
|
|
|
|
# appservice_port: 8090 |
|
|
|
|
#username_prefix: "slack_" |
|
|
|
|
# |
|
|
|
|
oauth2: |
|
|
|
|
client_id: "4494054004.1702274627236" |
|
|
|
|
client_secret: "${secrets.matrix.slack_bridge.client_secret}" |
|
|
|
|
redirect_prefix: "https://waffle.farm/slackbridge/oauth" |
|
|
|
|
|
|
|
|
|
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus |
|
|
|
|
enable_metrics: true |
|
|
|
|
|
|
|
|
|
provisioning: |
|
|
|
|
enabled: true |
|
|
|
|
require_public_room: false |
|
|
|
|
allow_private_channels: true |
|
|
|
|
limits: |
|
|
|
|
room_count: 20 |
|
|
|
|
team_count: 1 |
|
|
|
|
|
|
|
|
|
puppeting: |
|
|
|
|
enabled: true |
|
|
|
|
onboard_users: true |
|
|
|
|
|
|
|
|
|
logging: |
|
|
|
|
console: "debug" |
|
|
|
|
|
|
|
|
|
bot_profile: |
|
|
|
|
displayname: "Slack Bridger" |
|
|
|
|
|
|
|
|
|
team_sync: |
|
|
|
|
T04EJ1L04: |
|
|
|
|
channels: |
|
|
|
|
enabled: true |
|
|
|
|
whitelist: |
|
|
|
|
# bot-test |
|
|
|
|
- C04FKFUHK |
|
|
|
|
# generic-gaming |
|
|
|
|
- C2EEUE9UY |
|
|
|
|
|
|
|
|
|
alias_prefix: "slack_" |
|
|
|
|
users: |
|
|
|
|
enabled: true |
|
|
|
|
# default for all other teams |
|
|
|
|
all: |
|
|
|
|
channels: |
|
|
|
|
enabled: false |
|
|
|
|
|
|
|
|
|
encryption: |
|
|
|
|
enabled: true |
|
|
|
|
pantalaimon_url: "http://localhost:8009" |
|
|
|
|
''; |
|
|
|
|
in { |
|
|
|
|
enable = false; |
|
|
|
|
description = "matrix-appservice-slack daemon"; |
|
|
|
|
wantedBy = [ "multi-user.target" ]; |
|
|
|
|
serviceConfig = { |
|
|
|
|
Type = "simple"; |
|
|
|
|
ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090"; |
|
|
|
|
User = "slackbridge"; |
|
|
|
|
Restart = "always"; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
#db: |
|
|
|
|
# engine: "postgres" |
|
|
|
|
# connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge" |
|
|
|
|
# |
|
|
|
|
#matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm" |
|
|
|
|
# |
|
|
|
|
#rtm: |
|
|
|
|
# enable: true |
|
|
|
|
# logging: "debug" |
|
|
|
|
# |
|
|
|
|
#slack_hook_port: 9898 |
|
|
|
|
#inbound_uri_prefix: "https://waffle.farm/slackbridge/" |
|
|
|
|
# |
|
|
|
|
## Optional. Allow users to add channels dynamically by using oauth, or puppet themselves. |
|
|
|
|
## |
|
|
|
|
#oauth2: |
|
|
|
|
# client_id: "4494054004.1702274627236" |
|
|
|
|
# client_secret: "${secrets.matrix.slack_bridge.client_secret}" |
|
|
|
|
# redirect_prefix: "https://waffle.farm/slackbridge/oauth" |
|
|
|
|
# |
|
|
|
|
## Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus |
|
|
|
|
#enable_metrics: true |
|
|
|
|
# |
|
|
|
|
#provisioning: |
|
|
|
|
# enabled: true |
|
|
|
|
# require_public_room: false |
|
|
|
|
# allow_private_channels: true |
|
|
|
|
# limits: |
|
|
|
|
# room_count: 20 |
|
|
|
|
# team_count: 1 |
|
|
|
|
# |
|
|
|
|
#puppeting: |
|
|
|
|
# enabled: true |
|
|
|
|
# onboard_users: true |
|
|
|
|
# |
|
|
|
|
#logging: |
|
|
|
|
# console: "debug" |
|
|
|
|
# |
|
|
|
|
#bot_profile: |
|
|
|
|
# displayname: "Slack Bridger" |
|
|
|
|
# |
|
|
|
|
#team_sync: |
|
|
|
|
# T04EJ1L04: |
|
|
|
|
# channels: |
|
|
|
|
# enabled: true |
|
|
|
|
# whitelist: |
|
|
|
|
# # bot-test |
|
|
|
|
# - C04FKFUHK |
|
|
|
|
# # generic-gaming |
|
|
|
|
# - C2EEUE9UY |
|
|
|
|
# |
|
|
|
|
# alias_prefix: "slack_" |
|
|
|
|
# users: |
|
|
|
|
# enabled: true |
|
|
|
|
# # default for all other teams |
|
|
|
|
# all: |
|
|
|
|
# channels: |
|
|
|
|
# enabled: false |
|
|
|
|
# |
|
|
|
|
#encryption: |
|
|
|
|
# enabled: true |
|
|
|
|
# pantalaimon_url: "http://localhost:8009" |
|
|
|
|
# ''; |
|
|
|
|
# in { |
|
|
|
|
# enable = false; |
|
|
|
|
# description = "matrix-appservice-slack daemon"; |
|
|
|
|
# wantedBy = [ "multi-user.target" ]; |
|
|
|
|
# serviceConfig = { |
|
|
|
|
# Type = "simple"; |
|
|
|
|
# ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090"; |
|
|
|
|
# User = "slackbridge"; |
|
|
|
|
# Restart = "always"; |
|
|
|
|
# }; |
|
|
|
|
# }; |
|
|
|
|
|
|
|
|
|
users.users.pantalaimon = { |
|
|
|
|
home = pantalaimon-dir; |
|
|
|
@ -357,18 +277,19 @@ IgnoreVerification = True |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
services.matrix-appservice-discord = { |
|
|
|
|
enable = true; |
|
|
|
|
settings = { |
|
|
|
|
bridge = { |
|
|
|
|
domain = "waffle.farm"; |
|
|
|
|
homeserverUrl = "https://matrix.waffle.farm"; |
|
|
|
|
enableSelfServiceBridging = true; |
|
|
|
|
disableJoinLeaveNotifications = true; |
|
|
|
|
disableInviteNotifications = true; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
url = "http://localhost:8008"; |
|
|
|
|
environmentFile = "${discord-envs-dst}"; |
|
|
|
|
}; |
|
|
|
|
# services.matrix-appservice-discord = { |
|
|
|
|
# enable = true; |
|
|
|
|
# settings = { |
|
|
|
|
# bridge = { |
|
|
|
|
# domain = "waffle.farm"; |
|
|
|
|
# homeserverUrl = "https://matrix.waffle.farm"; |
|
|
|
|
# enableSelfServiceBridging = true; |
|
|
|
|
# disableJoinLeaveNotifications = true; |
|
|
|
|
# disableInviteNotifications = true; |
|
|
|
|
# }; |
|
|
|
|
# }; |
|
|
|
|
# url = "http://localhost:8008"; |
|
|
|
|
# environmentFile = "${discord-envs-dst}"; |
|
|
|
|
# }; |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|