betamike
/
betamike-infra
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

move back to matterbridge for errything

Browse Source
pull/1/head
Mike Cugini 1 year ago
parent f99cc5504c
commit dd16d1f443
2 changed files with 146 additions and 194 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 59
      nixos_configs/bridge.nix
  2. 281
      nixos_configs/matrix.nix

59
nixos_configs/bridge.nix
Unescape View File

@ -22,28 +22,59 @@ in {
isSystemUser = true;
};
nixpkgs.overlays = [
(final: prev: {
matterbridge = prev.matterbridge.overrideAttrs (oldAttrs: rec {
version = "1.26.0";
src = prev.fetchFromGitHub {
owner = "42wim";
repo = "matterbridge";
rev = "v${version}";
sha256 = "sha256-APlnJUu/ttK/S2AxO+SadU2ttmEnU+js/3GUf3x0aSQ=";
};
});
})
];
services.matterbridge = let
config-file = pkgs.writeText "matterbridge.toml" ''
[discord.cryptic]
Token="${secrets.matterbridge.discord.token}"
Server="${secrets.matterbridge.discord.server}"
RemoteNickFormat="{NICK} [{PROTOCOL}]"
Token="${secrets.matterbridge.discord2.token}"
Server="${secrets.matterbridge.discord2.server}"
RemoteNickFormat="{NICK} [{PROTOCOL}]: "
AutoWebhooks=true
PreserveThreading=true
[slack.cryptic]
Token="${secrets.matterbridge.slack.token}"
RemoteNickFormat="{NICK} [{PROTOCOL}]"
RemoteNickFormat="{NICK} [{PROTOCOL}]: "
PreserveThreading=true
[matrix.wafflefarm]
Server="https://matrix.waffle.farm"
Login="${secrets.matterbridge.matrix.username}"
Password="${secrets.matterbridge.matrix.password}"
RemoteNickFormat="{NICK} [{PROTOCOL}]: "
SpoofUsername=true
PreserveThreading=true
KeepQuotedReply=false
[[gateway]]
name="testgateway"
enable=true
[[gateway.inout]]
account="matrix.wafflefarm"
channel="#bridge-test:waffle.farm"
[[gateway.inout]]
account="slack.cryptic"
channel="bridge-test"
# [[gateway]]
# name="bot-test-gateway"
# enable=true
# [[gateway.inout]]
# account="discord.cryptic"
# channel="bot-test"
#
# [[gateway.inout]]
# account="slack.cryptic"
# channel="bot-test"
[[gateway.inout]]
account="discord.cryptic"
channel="bridge-test"
[[samechannelgateway]]
name="same-channel-gw"

281
nixos_configs/matrix.nix
Unescape View File

@ -1,10 +1,8 @@
# adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
{ modulesPath, config, lib, pkgs, ... }:
let
matrix-registration = import ../../matrix-registration/default.nix;
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
storage-dir = "/srv/matrix-data";
matrix-reg-dir = "${storage-dir}/matrix-registration";
slackbridge-dir = "${storage-dir}/slackbridge";
pantalaimon-dir = "${storage-dir}/pantalaimon";
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
@ -14,16 +12,13 @@ let
discord-reg-dest-yaml = pkgs.writeText "discord-registration.yaml" "${discord-reg-source-yaml}";
discord-envs-src = (builtins.readFile ./discord_envs);
discord-envs-dst = pkgs.writeText "discord_envs" "${discord-envs-src}";
fqdn =
let
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
fqdn = "${config.networking.hostName}.${config.networking.domain}";
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
"m.identity_server" = {};
};
serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
@ -40,8 +35,7 @@ in {
};
};
environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack pkgs.pantalaimon pkgs.olm ];
environment.systemPackages = [ pkgs.jq pkgs.matrix-appservice-slack pkgs.pantalaimon pkgs.olm ];
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
@ -90,16 +84,9 @@ in {
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/".extraConfig = ''
return 301 https://waffle.farm/register;
'';
locations."~ ^/(static|register)" = {
proxyPass = "http://localhost:5000";
};
locations."~ ^/slackbridge" = {
proxyPass = "http://localhost:9898";
};
};
# Reverse proxy for Matrix client-server and server-server communication
${fqdn} = {
@ -163,15 +150,6 @@ in {
];
};
extraConfigFiles = [ "${storage-dir}/matrix_cfg" ];
# registration_shared_secret = secrets.matrix.registration_secret;
# extraConfig = ''
# allow_public_rooms_over_federation: true
# auto_join_rooms:
# - "#cryptic-chat:waffle.farm"
# app_service_config_files:
# - "${slack-reg-dest-yaml}"
# - "${discord-reg-dest-yaml}"
# '';
};
security.acme.acceptTerms = true;
security.acme.certs = {
@ -179,64 +157,6 @@ in {
"${config.networking.domain}".email = "mike@betamike.com";
"chat.${config.networking.domain}".email = "mike@betamike.com";
};
users.users.matrix-registration = {
home = matrix-reg-dir;
createHome = true;
isNormalUser = true;
};
systemd.services.matrix-registration = let
configFile = pkgs.writeText "matrix-reg-config.yaml" ''
server_location: 'https://matrix.waffle.farm:443'
base_url: ""
server_name: 'waffle.farm'
registration_shared_secret: '${secrets.matrix.registration_secret}'
admin_api_shared_secret: '${secrets.matrix.admin_api_secret}'
client_redirect: 'chat.waffle.farm'
client_logo: 'static/images/element-logo.png'
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
host: 'localhost'
port: 5000
rate_limit: ["1000 per day", "100 per minute"]
allow_cors: false
ip_logging: false
logging:
disable_existing_loggers: false
version: 1
root:
level: DEBUG
handlers: [console]
formatters:
brief:
format: '%(name)s - %(levelname)s - %(message)s'
precise:
format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
level: INFO
formatter: brief
stream: ext://sys.stdout
password:
min_length: 8
username:
validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]'
invalidation_regex: [] #list of regexes that the selected username must NOT match. Example: '(admin|support)'
'';
in {
enable = true;
after = [ "matrix-synapse.service" ];
bindsTo = [ "matrix-synapse.service" ];
description = "Matrix-registration daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
WorkingDirectory = matrix-registration;
ExecStart = "${matrix-registration}/bin/matrix-registration --config-path ${configFile} serve";
User = "matrix-registration";
Restart = "always";
};
};
users.users.slackbridge = {
home = slackbridge-dir;
@ -244,90 +164,90 @@ username:
isNormalUser = true;
};
systemd.services.matrix-appservice-slack = let
slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" ''
homeserver:
server_name: waffle.farm
url: http://[::1]:8008
media_url: "http://matrix.waffle.farm"
appservice_host: localhost
appservice_port: 8090
username_prefix: "slack_"
db:
engine: "postgres"
connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge"
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
rtm:
enable: true
logging: "debug"
slack_hook_port: 9898
inbound_uri_prefix: "https://waffle.farm/slackbridge/"
# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves.
# systemd.services.matrix-appservice-slack = let
# slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" ''
#homeserver:
# server_name: waffle.farm
# url: http://[::1]:8008
# media_url: "http://matrix.waffle.farm"
# appservice_host: localhost
# appservice_port: 8090
#username_prefix: "slack_"
#
oauth2:
client_id: "4494054004.1702274627236"
client_secret: "${secrets.matrix.slack_bridge.client_secret}"
redirect_prefix: "https://waffle.farm/slackbridge/oauth"
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
enable_metrics: true
provisioning:
enabled: true
require_public_room: false
allow_private_channels: true
limits:
room_count: 20
team_count: 1
puppeting:
enabled: true
onboard_users: true
logging:
console: "debug"
bot_profile:
displayname: "Slack Bridger"
team_sync:
T04EJ1L04:
channels:
enabled: true
whitelist:
# bot-test
- C04FKFUHK
# generic-gaming
- C2EEUE9UY
alias_prefix: "slack_"
users:
enabled: true
# default for all other teams
all:
channels:
enabled: false
encryption:
enabled: true
pantalaimon_url: "http://localhost:8009"
'';
in {
enable = false;
description = "matrix-appservice-slack daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090";
User = "slackbridge";
Restart = "always";
};
};
#db:
# engine: "postgres"
# connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge"
#
#matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
#
#rtm:
# enable: true
# logging: "debug"
#
#slack_hook_port: 9898
#inbound_uri_prefix: "https://waffle.farm/slackbridge/"
#
## Optional. Allow users to add channels dynamically by using oauth, or puppet themselves.
##
#oauth2:
# client_id: "4494054004.1702274627236"
# client_secret: "${secrets.matrix.slack_bridge.client_secret}"
# redirect_prefix: "https://waffle.farm/slackbridge/oauth"
#
## Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
#enable_metrics: true
#
#provisioning:
# enabled: true
# require_public_room: false
# allow_private_channels: true
# limits:
# room_count: 20
# team_count: 1
#
#puppeting:
# enabled: true
# onboard_users: true
#
#logging:
# console: "debug"
#
#bot_profile:
# displayname: "Slack Bridger"
#
#team_sync:
# T04EJ1L04:
# channels:
# enabled: true
# whitelist:
# # bot-test
# - C04FKFUHK
# # generic-gaming
# - C2EEUE9UY
#
# alias_prefix: "slack_"
# users:
# enabled: true
# # default for all other teams
# all:
# channels:
# enabled: false
#
#encryption:
# enabled: true
# pantalaimon_url: "http://localhost:8009"
# '';
# in {
# enable = false;
# description = "matrix-appservice-slack daemon";
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "simple";
# ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090";
# User = "slackbridge";
# Restart = "always";
# };
# };
users.users.pantalaimon = {
home = pantalaimon-dir;
@ -357,18 +277,19 @@ IgnoreVerification = True
};
};
services.matrix-appservice-discord = {
enable = true;
settings = {
bridge = {
domain = "waffle.farm";
homeserverUrl = "https://matrix.waffle.farm";
enableSelfServiceBridging = true;
disableJoinLeaveNotifications = true;
disableInviteNotifications = true;
};
};
url = "http://localhost:8008";
environmentFile = "${discord-envs-dst}";
};
# services.matrix-appservice-discord = {
# enable = true;
# settings = {
# bridge = {
# domain = "waffle.farm";
# homeserverUrl = "https://matrix.waffle.farm";
# enableSelfServiceBridging = true;
# disableJoinLeaveNotifications = true;
# disableInviteNotifications = true;
# };
# };
# url = "http://localhost:8008";
# environmentFile = "${discord-envs-dst}";
# };
}

Write Preview
Loading…
Cancel
Save