ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

WIP
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse source
This commit is contained in:
Bruno BELANYI 2022-09-05 10:12:01 +02:00
parent b582aff866
commit 5487f3f5c8
5 changed files with 193 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
flake.lock
View file

@ -21,6 +21,37 @@
"type": "github"
}
},
"devshell": {
"locked": {
"lastModified": 1642188268,
"narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
"owner": "numtide",
"repo": "devshell",
"rev": "696acc29668b644df1740b69e1601119bf6da83b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1641205782,
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"futils": {
"locked": {
"lastModified": 1659877975,
@ -61,6 +92,45 @@
"type": "github"
}
},
"matrix-appservices": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1662227278,
"narHash": "sha256-n58O7wTmORHg+cwYrbKjnlKi3UQkDug9l0FY9RB6zIM=",
"owner": "coffeetables",
"repo": "nix-matrix-appservices",
"rev": "41c1418781dbdfae5d1c15a29b7f1b8f67e5d69f",
"type": "gitlab"
},
"original": {
"owner": "coffeetables",
"ref": "main",
"repo": "nix-matrix-appservices",
"type": "gitlab"
}
},
"nixlib": {
"locked": {
"lastModified": 1643502816,
"narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
"owner": "divnix",
"repo": "nixpkgs.lib",
"rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1662019588,
@ -122,6 +192,7 @@
"agenix": "agenix",
"futils": "futils",
"home-manager": "home-manager",
"matrix-appservices": "matrix-appservices",
"nixpkgs": "nixpkgs",
"nur": "nur",
"pre-commit-hooks": "pre-commit-hooks"

14
flake.nix
View file

@ -29,6 +29,19 @@
};
};
matrix-appservices = {
type = "gitlab";
owner = "coffeetables";
repo = "nix-matrix-appservices";
ref = "main";
inputs = {
# devshell.follows = "devshell";
# flake-compat.follows = "flake-compat";
# nixlib.follows = "nixlib";
nixpkgs.follows = "nixpkgs";
};
};
nixpkgs = {
type = "github";
owner = "NixOS";
@ -61,6 +74,7 @@
, agenix
, futils
, home-manager
, matrix-appservices
, nixpkgs
, nur
, pre-commit-hooks

3
machines/porthos/services.nix
View file

@ -68,6 +68,9 @@ in
matrix = {
enable = true;
mailConfigFile = secrets."matrix/mail".path;
bridges = {
enable = true;
};
# Only necessary when doing the initial registration
# secret = "change-me";
};

101
modules/services/matrix/bridges.nix Normal file
View file

@ -0,0 +1,101 @@
# Matrix bridges, thanks to [1].
#
# [1]: https://gitlab.com/coffeetables/nix-matrix-appservices/
{ config, inputs, lib, pkgs, ... }:
let
cfg = config.my.services.matrix.bridges;
domain = config.networking.domain;
in
{
imports = [
inputs.matrix-appservices.nixosModules.matrix-appservices
];
options.my.services.matrix.bridges = with lib; {
enable = mkEnableOption "Matrix bridges configuration";
};
config = lib.mkIf cfg.enable {
services.nginx.virtualHosts = {
"matrix.${domain}" = {
locations."/bridges/facebook/login" = {
proxyPass = "http://[::1]:29181";
};
};
};
services.matrix-appservices = {
homeserver = "matrix-synapse";
homeserverDomain = "belanyi.fr";
homeserverURL = "https://matrix.belanyi.fr";
addRegistrationFiles = true;
# FIXME: explicitly configure logging through systemd, not log files
# FIXME: register ports to avoid conflicts
services = {
# discord = {
# port = 29180;
# format = "mautrix-go";
# package = pkgs.mautrix-discord;
# };
facebook = {
port = 29181;
format = "mautrix-python";
package = pkgs.mautrix-facebook;
settings = {
appservice = {
# Enable login by link
public = {
enabled = true;
prefix = "/bridges/facebook/login";
external = "https://matrix.${domain}/bridges/facebook/login";
};
};
bridge = {
# Enable encryption by default
encryption = {
allow = true;
default = true;
allow_key_sharing = true;
# FIXME: crash loop if not defined explicitly...
verification_levels = {
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive = "unverified";
# Minimum level that the bridge should accept for incoming Matrix messages.
send = "unverified";
# Minimum level that the bridge should require for accepting key requests.
share = "cross-signed-tofu";
};
};
};
};
};
whatsapp = {
port = 29182;
format = "mautrix-go";
package = pkgs.mautrix-whatsapp;
settings = {
bridge = {
# Create a space for all bridges chat rooms
personal_filtering_spaces = true;
# Enable encryption by default
encryption = {
allow = true;
default = true;
allow_key_sharing = true;
};
};
};
};
};
};
};
}

4
modules/services/matrix/default.nix
View file

@ -16,6 +16,10 @@ let
domain = config.networking.domain;
in
{
imports = [
./bridges.nix
];
options.my.services.matrix = with lib; {
enable = mkEnableOption "Matrix Synapse";