forked from betamike/betamike-infra
support matrix slackbridge
This commit is contained in:
parent
50cf829d0e
commit
41de6bbd8a
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,3 +1,6 @@
|
|||||||
.envrc
|
.envrc
|
||||||
.terraform
|
.terraform
|
||||||
matrix_reg_key
|
matrix_reg_key
|
||||||
|
slack_client_secret
|
||||||
|
slack-registration.yaml
|
||||||
|
*_psql_password
|
||||||
|
@ -5,7 +5,14 @@ let
|
|||||||
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
|
storage-device = "/dev/disk/by-id/scsi-0DO_Volume_matrix-storage";
|
||||||
storage-dir = "/srv/matrix-data";
|
storage-dir = "/srv/matrix-data";
|
||||||
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
||||||
matrix-reg-key = (builtins.readFile ./matrix_reg_key);
|
slackbridge-dir = "${storage-dir}/slackbridge";
|
||||||
|
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
|
||||||
|
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
|
||||||
|
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
|
||||||
|
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
|
||||||
|
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
|
||||||
|
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
|
||||||
|
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
|
||||||
fqdn =
|
fqdn =
|
||||||
let
|
let
|
||||||
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
|
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
|
||||||
@ -15,7 +22,7 @@ in {
|
|||||||
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.jq matrix-registration ];
|
environment.systemPackages = [ pkgs.jq matrix-registration pkgs.matrix-appservice-slack ];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
|
||||||
@ -40,11 +47,14 @@ in {
|
|||||||
dataDir = "${storage-dir}/db";
|
dataDir = "${storage-dir}/db";
|
||||||
|
|
||||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
|
||||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||||
TEMPLATE template0
|
TEMPLATE template0
|
||||||
LC_COLLATE = "C"
|
LC_COLLATE = "C"
|
||||||
LC_CTYPE = "C";
|
LC_CTYPE = "C";
|
||||||
|
CREATE DATABASE slack_bridge;
|
||||||
|
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -87,6 +97,9 @@ in {
|
|||||||
locations."~ ^/(static|register)" = {
|
locations."~ ^/(static|register)" = {
|
||||||
proxyPass = "http://localhost:5000";
|
proxyPass = "http://localhost:5000";
|
||||||
};
|
};
|
||||||
|
locations."~ ^/slackbridge" = {
|
||||||
|
proxyPass = "http://localhost:9898";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
# Reverse proxy for Matrix client-server and server-server communication
|
# Reverse proxy for Matrix client-server and server-server communication
|
||||||
@ -131,6 +144,8 @@ in {
|
|||||||
allow_public_rooms_over_federation: true
|
allow_public_rooms_over_federation: true
|
||||||
auto_join_rooms:
|
auto_join_rooms:
|
||||||
- "#cryptic-chat:waffle.farm"
|
- "#cryptic-chat:waffle.farm"
|
||||||
|
app_service_config_files:
|
||||||
|
- "${slack-reg-dest-yaml}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
listeners = [
|
listeners = [
|
||||||
@ -206,4 +221,72 @@ password:
|
|||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.slackbridge = {
|
||||||
|
home = slackbridge-dir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.matrix-appservice-slack = let
|
||||||
|
slackbridge-config-file = pkgs.writeText "matrix-slack-bridge-config.yaml" ''
|
||||||
|
homeserver:
|
||||||
|
server_name: waffle.farm
|
||||||
|
url: http://[::1]:8008
|
||||||
|
media_url: "http://matrix.waffle.farm"
|
||||||
|
appservice_port: 8090
|
||||||
|
username_prefix: "slack_"
|
||||||
|
|
||||||
|
db:
|
||||||
|
engine: "postgres"
|
||||||
|
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
|
||||||
|
|
||||||
|
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
|
||||||
|
|
||||||
|
rtm:
|
||||||
|
enable: true
|
||||||
|
logging: "silent"
|
||||||
|
|
||||||
|
slack_hook_port: 9898
|
||||||
|
inbound_uri_prefix: "https://waffle.farm/slackbridge/"
|
||||||
|
|
||||||
|
# Optional. Allow users to add channels dynamically by using oauth, or puppet themselves.
|
||||||
|
#
|
||||||
|
oauth2:
|
||||||
|
client_id: "4494054004.1702274627236"
|
||||||
|
client_secret: "${slack-client-secret}"
|
||||||
|
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
|
||||||
|
|
||||||
|
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
|
||||||
|
enable_metrics: true
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
enabled: true
|
||||||
|
require_public_room: true
|
||||||
|
allow_private_channels: true
|
||||||
|
limits:
|
||||||
|
room_count: 20
|
||||||
|
team_count: 1
|
||||||
|
|
||||||
|
puppeting:
|
||||||
|
enabled: true
|
||||||
|
onboard_users: true
|
||||||
|
|
||||||
|
logging:
|
||||||
|
console: "debug"
|
||||||
|
|
||||||
|
bot_profile:
|
||||||
|
displayname: "Slack Bridger"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
description = "matrix-appservice-slack daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack -c ${slackbridge-config-file} -f ${slack-reg-dest-yaml} -p 8090";
|
||||||
|
User = "slackbridge";
|
||||||
|
Restart = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user