WIP

2022-09-05 10:12:01 +02:00 · 2022-09-05 10:12:01 +02:00 · 5487f3f5c8
commit 5487f3f5c8
parent b582aff866
5 changed files with 193 additions and 0 deletions
--- a/modules/services/matrix/bridges.nix
+++ b/modules/services/matrix/bridges.nix
@ -0,0 +1,101 @@
+# Matrix bridges, thanks to [1].
+#
+# [1]: https://gitlab.com/coffeetables/nix-matrix-appservices/
+{ config, inputs, lib, pkgs, ... }:
+let
+  cfg = config.my.services.matrix.bridges;
+  domain = config.networking.domain;
+in
+{
+  imports = [
+    inputs.matrix-appservices.nixosModules.matrix-appservices
+  ];
+
+  options.my.services.matrix.bridges = with lib; {
+    enable = mkEnableOption "Matrix bridges configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nginx.virtualHosts = {
+      "matrix.${domain}" = {
+        locations."/bridges/facebook/login" = {
+          proxyPass = "http://[::1]:29181";
+        };
+      };
+    };
+
+    services.matrix-appservices = {
+      homeserver = "matrix-synapse";
+
+      homeserverDomain = "belanyi.fr";
+      homeserverURL = "https://matrix.belanyi.fr";
+
+      addRegistrationFiles = true;
+
+      # FIXME: explicitly configure logging through systemd, not log files
+      # FIXME: register ports to avoid conflicts
+      services = {
+        # discord = {
+        #   port = 29180;
+        #   format = "mautrix-go";
+        #   package = pkgs.mautrix-discord;
+        # };
+
+        facebook = {
+          port = 29181;
+          format = "mautrix-python";
+          package = pkgs.mautrix-facebook;
+
+          settings = {
+            appservice = {
+              # Enable login by link
+              public = {
+                enabled = true;
+                prefix = "/bridges/facebook/login";
+                external = "https://matrix.${domain}/bridges/facebook/login";
+              };
+            };
+
+            bridge = {
+              # Enable encryption by default
+              encryption = {
+                allow = true;
+                default = true;
+                allow_key_sharing = true;
+
+                # FIXME: crash loop if not defined explicitly...
+                verification_levels = {
+                  # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
+                  receive = "unverified";
+                  # Minimum level that the bridge should accept for incoming Matrix messages.
+                  send = "unverified";
+                  # Minimum level that the bridge should require for accepting key requests.
+                  share = "cross-signed-tofu";
+                };
+              };
+            };
+          };
+        };
+
+        whatsapp = {
+          port = 29182;
+          format = "mautrix-go";
+          package = pkgs.mautrix-whatsapp;
+
+          settings = {
+            bridge = {
+              # Create a space for all bridges chat rooms
+              personal_filtering_spaces = true;
+              # Enable encryption by default
+              encryption = {
+                allow = true;
+                default = true;
+                allow_key_sharing = true;
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@ -16,6 +16,10 @@ let
  domain = config.networking.domain;
 in
 {
+  imports = [
+    ./bridges.nix
+  ];
+
  options.my.services.matrix = with lib; {
    enable = mkEnableOption "Matrix Synapse";