{ config, lib, pkgs, ... }: let homeserverDomain = config.services.matrix-synapse.settings.server_name; registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml"; registrationFileMautrix = "/var/lib/mautrix-telegram/telegram-registration.yaml"; settingsFile = builtins.head (builtins.match ".*--config='(.*)' \\\\.*" config.systemd.services.mautrix-telegram.preStart); in { services.postgresql = { enable = true; ensureUsers = [{ name = "mautrix-telegram"; ensureDBOwnership = true; }]; ensureDatabases = [ "mautrix-telegram" ]; }; age.secrets.mautrix-telegram = { file = ../../../../secrets/nuc/mautrix-telegram/env.age; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; services.matrix-synapse.settings.app_service_config_files = [ # The registration file is automatically generated after starting the # appservice for the first time. registrationFileSynapse ]; systemd.tmpfiles.rules = [ # copy registration file over to synapse "C ${registrationFileSynapse} - - - - ${registrationFileMautrix}" "Z /var/lib/matrix-synapse/ - matrix-synapse matrix-synapse - -" ]; services.mautrix-telegram = { enable = true; environmentFile = config.age.secrets.mautrix-telegram.path; settings = { homeserver = { address = "http://[::1]:8008"; domain = homeserverDomain; }; appservice = rec { # Use postgresql instead of sqlite database = "postgresql:///mautrix-telegram?host=/run/postgresql"; port = 8082; address = "http://localhost:${toString port}"; }; bridge = { relaybot.authless_portals = false; permissions = { "@rouven:${homeserverDomain}" = "admin"; }; relay_user_distinguishers = [ ]; }; }; }; # If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile # and write them to the settingsFile in /nix/store, which obviously fails. systemd.services.mautrix-telegram.serviceConfig.ExecStart = lib.mkForce (pkgs.writeShellScript "start" '' export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-) export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-) ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}' ''); }