rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

matrix: add telegram bridge

Browse source
This commit is contained in:
Rouven Seifert 2024-02-29 15:37:22 +01:00
parent b0ccdd3924
commit 6159a76a85
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
7 changed files with 84 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.lock
View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708806879, "lastModified": 1709204054,
"narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=", "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a", "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -296,11 +296,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1708807242, "lastModified": 1709150264,
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/nuc/default.nix
View file

@ -11,6 +11,7 @@
./modules/hydra ./modules/hydra
# ./modules/prometheus # ./modules/prometheus
./modules/matrix ./modules/matrix
./modules/mautrix-telegram
./modules/seafile ./modules/seafile
./modules/uptime-kuma ./modules/uptime-kuma
./modules/vaultwarden ./modules/vaultwarden

74
hosts/nuc/modules/mautrix-telegram/default.nix Normal file
View file

@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
let
homeserverDomain = config.services.matrix-synapse.settings.server_name;
registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml";
registrationFileMautrix = "/var/lib/mautrix-telegram/telegram-registration.yaml";
settingsFile = builtins.head (builtins.match ".*--config='(.*)' \\\\.*" config.systemd.services.mautrix-telegram.preStart);
in
{
services.postgresql = {
enable = true;
ensureUsers = [{
name = "mautrix-telegram";
ensureDBOwnership = true;
}];
ensureDatabases = [ "mautrix-telegram" ];
};
age.secrets.mautrix-telegram = {
file = ../../../../secrets/nuc/mautrix-telegram/env.age;
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
};
services.matrix-synapse.settings.app_service_config_files = [
# The registration file is automatically generated after starting the
# appservice for the first time.
registrationFileSynapse
];
systemd.tmpfiles.rules = [
# copy registration file over to synapse
"C ${registrationFileSynapse} - - - - ${registrationFileMautrix}"
"Z /var/lib/matrix-synapse/ - matrix-synapse matrix-synapse - -"
];
services.mautrix-telegram = {
enable = true;
environmentFile = config.age.secrets.mautrix-telegram.path;
settings = {
homeserver = {
address = "http://[::1]:8008";
domain = homeserverDomain;
};
appservice = rec {
# Use postgresql instead of sqlite
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
port = 8082;
address = "http://localhost:${toString port}";
};
bridge = {
relaybot.authless_portals = false;
permissions = {
"@rouven:${homeserverDomain}" = "admin";
};
relay_user_distinguishers = [ ];
};
};
};
# If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile
# and write them to the settingsFile in /nix/store, which obviously fails.
systemd.services.mautrix-telegram.serviceConfig.ExecStart =
lib.mkForce (pkgs.writeShellScript "start" ''
export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-)
export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-)
${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}'
'');
}

1
hosts/nuc/modules/seafile/default.nix
View file

@ -9,6 +9,7 @@ in
initialAdminPassword = "unused garbage"; initialAdminPassword = "unused garbage";
ccnetSettings.General.SERVICE_URL = "https://${domain}"; ccnetSettings.General.SERVICE_URL = "https://${domain}";
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp"; ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
seafileSettings.fileserver.port = 8083;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;

1
secrets.nix
View file

@ -18,6 +18,7 @@ in
# nuc # nuc
"secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ];
"secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ];
"secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];

BIN
secrets/nuc/mautrix-telegram/env.age Normal file
View file

Binary file not shown.

2
users/rouven/modules/packages.nix
View file

@ -64,7 +64,7 @@
# fancy tools # fancy tools
just just
(himalaya.override { buildFeatures = [ "pgp-commands" ]; }) himalaya
# strace but with colors # strace but with colors
(strace.overrideAttrs (_: { (strace.overrideAttrs (_: {
patches = [ patches = [