forked from betamike/betamike-infra
support matrix slackbridge
This commit is contained in:
parent
50cf829d0e
commit
41de6bbd8a
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,3 +1,6 @@
|
||||
.envrc
|
||||
.terraform
|
||||
matrix_reg_key
|
||||
slack_client_secret
|
||||
slack-registration.yaml
|
||||
*_psql_password
|
||||
|
@ -5,7 +5,14 @@ let
|
||||
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
|
||||
storage-dir = "/srv/matrix-data";
|
||||
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
||||
matrix-reg-key = (builtins.readFile ./matrix_reg_key);
|
||||
slackbridge-dir = "${storage-dir}/slackbridge";
|
||||
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
|
||||
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
|
||||
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
|
||||
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
|
||||
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
|
||||
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
|
||||
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
|
||||
fqdn =
|
||||
let
|
||||
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
|
||||
@ -15,7 +22,7 @@ in {
|
||||
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.jq matrix-registration ];
|
||||
environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack ];
|
||||
services.openssh.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||
|
||||
@ -40,11 +47,14 @@ in {
|
||||
dataDir = "${storage-dir}/db";
|
||||
|
||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
CREATE DATABASE slack_bridge;
|
||||
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
|
||||
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
|
||||
'';
|
||||
};
|
||||
|
||||
@ -87,6 +97,9 @@ in {
|
||||
locations."~ ^/(static|register)" = {
|
||||
proxyPass = "http://localhost:5000";
|
||||
};
|
||||
locations."~ ^/slackbridge" = {
|
||||
proxyPass = "http://localhost:9898";
|
||||
};
|
||||
|
||||
};
|
||||
# Reverse proxy for Matrix client-server and server-server communication
|
||||
@ -131,6 +144,8 @@ in {
|
||||
allow_public_rooms_over_federation: true
|
||||
auto_join_rooms:
|
||||
- "#cryptic-chat:waffle.farm"
|
||||
app_service_config_files:
|
||||
- "${slack-reg-dest-yaml}"
|
||||
'';
|
||||
|
||||
listeners = [
|
||||
@ -206,4 +221,72 @@ password:
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.slackbridge = {
|
||||
home = slackbridge-dir;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.services.matrix-appservice-slack = let
|
||||
slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" ''
|
||||
homeserver:
|
||||
server_name: waffle.farm
|
||||
url: http://[::1]:8008
|
||||
media_url: "http://matrix.waffle.farm"
|
||||
appservice_port: 8090
|
||||
username_prefix: "slack_"
|
||||
|
||||
db:
|
||||
engine: "postgres"
|
||||
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
|
||||
|
||||
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
|
||||
|
||||
rtm:
|
||||
enable: true
|
||||
logging: "silent"
|
||||
|
||||
slack_hook_port: 9898
|
||||
inbound_uri_prefix: "https://waffle.farm/slackbridge/"
|
||||
|
||||
# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves.
|
||||
#
|
||||
oauth2:
|
||||
client_id: "4494054004.1702274627236"
|
||||
client_secret: "${slack-client-secret}"
|
||||
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
|
||||
|
||||
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
|
||||
enable_metrics: true
|
||||
|
||||
provisioning:
|
||||
enabled: true
|
||||
require_public_room: true
|
||||
allow_private_channels: true
|
||||
limits:
|
||||
room_count: 20
|
||||
team_count: 1
|
||||
|
||||
puppeting:
|
||||
enabled: true
|
||||
onboard_users: true
|
||||
|
||||
logging:
|
||||
console: "debug"
|
||||
|
||||
bot_profile:
|
||||
displayname: "Slack Bridger"
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
description = "matrix-appservice-slack daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090";
|
||||
User = "slackbridge";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user