diff --git a/.gitignore b/.gitignore index c128f6d..b5b8ee5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ .envrc .terraform matrix_reg_key +slack_client_secret +slack-registration.yaml +*_psql_password diff --git a/nixos_configs/matrix.nix b/nixos_configs/matrix.nix index 7dc3e42..b7bbc41 100644 --- a/nixos_configs/matrix.nix +++ b/nixos_configs/matrix.nix @@ -5,7 +5,14 @@ let storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage"; storage-dir = "/srv/matrix-data"; matrix-reg-dir = "${storage-dir}/matrix-registration"; - matrix-reg-key = (builtins.readFile ./matrix_reg_key); + slackbridge-dir = "${storage-dir}/slackbridge"; + remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string; + matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key); + matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password); + slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password); + slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret); + slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml); + slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}"; fqdn = let join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; @@ -15,7 +22,7 @@ in { "${toString modulesPath}/virtualisation/digital-ocean-image.nix" ]; - environment.systemPackages = [ pkgs.jq matrix-registration ]; + environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack ]; services.openssh.enable = true; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; @@ -40,11 +47,14 @@ in { dataDir = "${storage-dir}/db"; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; + CREATE DATABASE slack_bridge; + CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}'; + GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user; ''; }; @@ -87,6 +97,9 @@ in { locations."~ ^/(static|register)" = { proxyPass = "http://localhost:5000"; }; + locations."~ ^/slackbridge" = { + proxyPass = "http://localhost:9898"; + }; }; # Reverse proxy for Matrix client-server and server-server communication @@ -131,6 +144,8 @@ in { allow_public_rooms_over_federation: true auto_join_rooms: - "#cryptic-chat:waffle.farm" + app_service_config_files: + - "${slack-reg-dest-yaml}" ''; listeners = [ @@ -206,4 +221,72 @@ password: Restart = "always"; }; }; + + users.users.slackbridge = { + home = slackbridge-dir; + createHome = true; + }; + + systemd.services.matrix-appservice-slack = let + slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" '' +homeserver: + server_name: waffle.farm + url: http://[::1]:8008 + media_url: "http://matrix.waffle.farm" + appservice_port: 8090 +username_prefix: "slack_" + +db: + engine: "postgres" + connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge" + +matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm" + +rtm: + enable: true + logging: "silent" + +slack_hook_port: 9898 +inbound_uri_prefix: "https://waffle.farm/slackbridge/" + +# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves. +# +oauth2: + client_id: "4494054004.1702274627236" + client_secret: "${slack-client-secret}" + #redirect_prefix: "https://waffle.farm/slackbridge/oauth" + +# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus +enable_metrics: true + +provisioning: + enabled: true + require_public_room: true + allow_private_channels: true + limits: + room_count: 20 + team_count: 1 + +puppeting: + enabled: true + onboard_users: true + +logging: + console: "debug" + +bot_profile: + displayname: "Slack Bridger" + ''; + in { + enable = true; + description = "matrix-appservice-slack daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090"; + User = "slackbridge"; + Restart = "always"; + }; + }; + }