nix-config/modules/services/matrix/bridges.nix

102 lines
2.8 KiB
Nix
Raw Normal View History

2022-09-05 10:12:01 +02:00
# Matrix bridges, thanks to [1].
#
# [1]: https://gitlab.com/coffeetables/nix-matrix-appservices/
{ config, inputs, lib, pkgs, ... }:
let
cfg = config.my.services.matrix.bridges;
domain = config.networking.domain;
in
{
imports = [
inputs.matrix-appservices.nixosModules.matrix-appservices
];
options.my.services.matrix.bridges = with lib; {
enable = mkEnableOption "Matrix bridges configuration";
};
config = lib.mkIf cfg.enable {
services.nginx.virtualHosts = {
"matrix.${domain}" = {
locations."/bridges/facebook/login" = {
proxyPass = "http://[::1]:29181";
};
};
};
services.matrix-appservices = {
homeserver = "matrix-synapse";
homeserverDomain = "belanyi.fr";
homeserverURL = "https://matrix.belanyi.fr";
addRegistrationFiles = true;
# FIXME: explicitly configure logging through systemd, not log files
# FIXME: register ports to avoid conflicts
services = {
# discord = {
# port = 29180;
# format = "mautrix-go";
# package = pkgs.mautrix-discord;
# };
facebook = {
port = 29181;
format = "mautrix-python";
package = pkgs.mautrix-facebook;
settings = {
appservice = {
# Enable login by link
public = {
enabled = true;
prefix = "/bridges/facebook/login";
external = "https://matrix.${domain}/bridges/facebook/login";
};
};
bridge = {
# Enable encryption by default
encryption = {
allow = true;
default = true;
allow_key_sharing = true;
# FIXME: crash loop if not defined explicitly...
verification_levels = {
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive = "unverified";
# Minimum level that the bridge should accept for incoming Matrix messages.
send = "unverified";
# Minimum level that the bridge should require for accepting key requests.
share = "cross-signed-tofu";
};
};
};
};
};
whatsapp = {
port = 29182;
format = "mautrix-go";
package = pkgs.mautrix-whatsapp;
settings = {
bridge = {
# Create a space for all bridges chat rooms
personal_filtering_spaces = true;
# Enable encryption by default
encryption = {
allow = true;
default = true;
allow_key_sharing = true;
};
};
};
};
};
};
};
}