From 5487f3f5c82ffd5ada79a9537b37380536dd44f8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 5 Sep 2022 10:12:01 +0200
Subject: [PATCH] WIP

---
 flake.lock                          |  71 +++++++++++++++++++
 flake.nix                           |  14 ++++
 machines/porthos/services.nix       |   3 +
 modules/services/matrix/bridges.nix | 101 ++++++++++++++++++++++++++++
 modules/services/matrix/default.nix |   4 ++
 5 files changed, 193 insertions(+)
 create mode 100644 modules/services/matrix/bridges.nix

diff --git a/flake.lock b/flake.lock
index 430a448..dede124 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,37 @@
         "type": "github"
       }
     },
+    "devshell": {
+      "locked": {
+        "lastModified": 1642188268,
+        "narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "696acc29668b644df1740b69e1601119bf6da83b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1641205782,
+        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "futils": {
       "locked": {
         "lastModified": 1659877975,
@@ -61,6 +92,45 @@
         "type": "github"
       }
     },
+    "matrix-appservices": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-compat": "flake-compat",
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1662227278,
+        "narHash": "sha256-n58O7wTmORHg+cwYrbKjnlKi3UQkDug9l0FY9RB6zIM=",
+        "owner": "coffeetables",
+        "repo": "nix-matrix-appservices",
+        "rev": "41c1418781dbdfae5d1c15a29b7f1b8f67e5d69f",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "coffeetables",
+        "ref": "main",
+        "repo": "nix-matrix-appservices",
+        "type": "gitlab"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1643502816,
+        "narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1662019588,
@@ -122,6 +192,7 @@
         "agenix": "agenix",
         "futils": "futils",
         "home-manager": "home-manager",
+        "matrix-appservices": "matrix-appservices",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
         "pre-commit-hooks": "pre-commit-hooks"
diff --git a/flake.nix b/flake.nix
index a86ac33..84f170f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -29,6 +29,19 @@
       };
     };
 
+    matrix-appservices = {
+      type = "gitlab";
+      owner = "coffeetables";
+      repo = "nix-matrix-appservices";
+      ref = "main";
+      inputs = {
+        # devshell.follows = "devshell";
+        # flake-compat.follows = "flake-compat";
+        # nixlib.follows = "nixlib";
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+
     nixpkgs = {
       type = "github";
       owner = "NixOS";
@@ -61,6 +74,7 @@
     , agenix
     , futils
     , home-manager
+    , matrix-appservices
     , nixpkgs
     , nur
     , pre-commit-hooks
diff --git a/machines/porthos/services.nix b/machines/porthos/services.nix
index 5cb8665..2661121 100644
--- a/machines/porthos/services.nix
+++ b/machines/porthos/services.nix
@@ -68,6 +68,9 @@ in
     matrix = {
       enable = true;
       mailConfigFile = secrets."matrix/mail".path;
+      bridges = {
+        enable = true;
+      };
       # Only necessary when doing the initial registration
       # secret = "change-me";
     };
diff --git a/modules/services/matrix/bridges.nix b/modules/services/matrix/bridges.nix
new file mode 100644
index 0000000..1fa47e8
--- /dev/null
+++ b/modules/services/matrix/bridges.nix
@@ -0,0 +1,101 @@
+# Matrix bridges, thanks to [1].
+#
+# [1]: https://gitlab.com/coffeetables/nix-matrix-appservices/
+{ config, inputs, lib, pkgs, ... }:
+let
+  cfg = config.my.services.matrix.bridges;
+  domain = config.networking.domain;
+in
+{
+  imports = [
+    inputs.matrix-appservices.nixosModules.matrix-appservices
+  ];
+
+  options.my.services.matrix.bridges = with lib; {
+    enable = mkEnableOption "Matrix bridges configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nginx.virtualHosts = {
+      "matrix.${domain}" = {
+        locations."/bridges/facebook/login" = {
+          proxyPass = "http://[::1]:29181";
+        };
+      };
+    };
+
+    services.matrix-appservices = {
+      homeserver = "matrix-synapse";
+
+      homeserverDomain = "belanyi.fr";
+      homeserverURL = "https://matrix.belanyi.fr";
+
+      addRegistrationFiles = true;
+
+      # FIXME: explicitly configure logging through systemd, not log files
+      # FIXME: register ports to avoid conflicts
+      services = {
+        # discord = {
+        #   port = 29180;
+        #   format = "mautrix-go";
+        #   package = pkgs.mautrix-discord;
+        # };
+
+        facebook = {
+          port = 29181;
+          format = "mautrix-python";
+          package = pkgs.mautrix-facebook;
+
+          settings = {
+            appservice = {
+              # Enable login by link
+              public = {
+                enabled = true;
+                prefix = "/bridges/facebook/login";
+                external = "https://matrix.${domain}/bridges/facebook/login";
+              };
+            };
+
+            bridge = {
+              # Enable encryption by default
+              encryption = {
+                allow = true;
+                default = true;
+                allow_key_sharing = true;
+
+                # FIXME: crash loop if not defined explicitly...
+                verification_levels = {
+                  # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
+                  receive = "unverified";
+                  # Minimum level that the bridge should accept for incoming Matrix messages.
+                  send = "unverified";
+                  # Minimum level that the bridge should require for accepting key requests.
+                  share = "cross-signed-tofu";
+                };
+              };
+            };
+          };
+        };
+
+        whatsapp = {
+          port = 29182;
+          format = "mautrix-go";
+          package = pkgs.mautrix-whatsapp;
+
+          settings = {
+            bridge = {
+              # Create a space for all bridges chat rooms
+              personal_filtering_spaces = true;
+              # Enable encryption by default
+              encryption = {
+                allow = true;
+                default = true;
+                allow_key_sharing = true;
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix
index 6adcd00..b3db0ba 100644
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@@ -16,6 +16,10 @@ let
   domain = config.networking.domain;
 in
 {
+  imports = [
+    ./bridges.nix
+  ];
+
   options.my.services.matrix = with lib; {
     enable = mkEnableOption "Matrix Synapse";