daniel/dotfiles
1
0
Fork 0
Code Activity Actions

matrix: bridges are no longer containers

Browse source
This commit is contained in:
Daniel Kempkens 2023-08-01 18:32:28 +02:00
parent 7ba43a7e24
commit e55ab84c44
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
12 changed files with 100 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
agenix/hosts/tanker/config.nix
View file

@ -107,11 +107,6 @@
mautrix-signal-config = { mautrix-signal-config = {
file = ./mautrix-signal/config.age; file = ./mautrix-signal/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/signal/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
}; };
signald-environment = { signald-environment = {
@ -130,11 +125,6 @@
mautrix-whatsapp-config = { mautrix-whatsapp-config = {
file = ./mautrix-whatsapp/config.age; file = ./mautrix-whatsapp/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/whatsapp/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
}; };
weewx-config = { weewx-config = {

BIN
agenix/hosts/tanker/mautrix-signal/config.age
View file

Binary file not shown.

BIN
agenix/hosts/tanker/mautrix-whatsapp/config.age
View file

Binary file not shown.

18
agenix/hosts/tanker/signald/environment.age
View file

@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU -> ssh-ed25519 MtGp6g /N1cHH7SmlpEdvKEcMzVflInTXChp+eWJFU2RoPWMUk
wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E 7nLndAtQ3DWXYmPvwq9tDPBiPLJMuDuCRtSXdFveSoo
-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs -> ssh-ed25519 iO8/4g WSUXe/SRWLMN23PWyOM7qOCbXOFvTrzmTcq0zW/ABFs
0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY NmQoYqT0x6t0WByQrIg+OAvP4VUU5tVydAHfVTZvPUE
-> g.G-grease X;7X` 3ecO{T|m -> eo6mwb;-grease :nS'C`f ?/iI)
/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+ oQ4Y4ksapQU8WwrdzObrSTiUiS37dk+c180046s7BqC6GX8iXFjR9kQSPb6tR9bl
O15n2g Nhh/zHwzdGQmy7VekRL8ZdpbUeKd5D6X7w
--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A --- aHWIb4WJ+O2kXUGFczOA6ngejy6jkMOmrFmcKLllq8s
'ř»{Ă3Ć*vřäůѶ4†ŻŢ«ÎË<—;‰îQC(Őb-á `.˝goŕ ĐănČ˲< >:šľl0¬Ôň]Tâµ˝ 2Δ*‡ěhř”%Ýl<C39D>*WĹA Ŕü O(ëţí屄WăRŐA0[“­_HžCÎë6` *?DGõ¨L5¯¸ÄBf&AH¢;÷ aÀsŒã%1Íh1rdO­“²&ºq"DÕ`CQà5€Ÿ—xÐqÎÁ¸2¶Îñ»_æ[g¥½­Ddñó'+<2B>g¤)6nïÈ/Ä*,ð§—;lxS;R[”À†cµ (

54
container/matrix/default.nix
View file

@ -1,54 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers = {
# https://gitlab.com/signald/signald
signald = {
image = "registry.gitlab.com/signald/signald:0.23.2";
environmentFiles = [ config.age.secrets.signald-environment.path ];
volumes = [
"/var/lib/matrix-bridges/signald:/signald"
];
};
# https://mau.dev/mautrix/signal
matrix-signal = {
image = "dock.mau.dev/mautrix/signal:v0.4.3";
dependsOn = [ "signald" ];
ports = [ "127.0.0.1:29328:29328" ];
volumes = [
"/var/lib/matrix-bridges/signal:/data"
"/var/lib/matrix-bridges/signald:/signald"
];
};
# https://mau.dev/mautrix/whatsapp
matrix-whatsapp = {
image = "dock.mau.dev/mautrix/whatsapp:v0.8.6";
ports = [ "127.0.0.1:29318:29318" ];
volumes = [
"/var/lib/matrix-bridges/whatsapp:/data"
];
};
};
systemd.services = {
podman-signald.restartTriggers = [
"${config.age.secrets.signald-environment.file}"
];
podman-matrix-signal.restartTriggers = [
"${config.age.secrets.mautrix-signal-config.file}"
];
podman-matrix-whatsapp.restartTriggers = [
"${config.age.secrets.mautrix-whatsapp-config.file}"
];
};
systemd.tmpfiles.rules = [
"d /var/lib/matrix-bridges/signald 0775 0 0"
"d /var/lib/matrix-bridges/signal 0775 1337 1337"
"d /var/lib/matrix-bridges/whatsapp 0775 1337 1337"
];
}

18
flake.lock
View file

@ -415,11 +415,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690846843, "lastModified": 1690887397,
"narHash": "sha256-sfguzocpi42+juoiUNLMtXws33DeEZkbEVTLtx/LKC8=", "narHash": "sha256-ckasuN7MgAiDgLkUo1IdEq8FEKymcUWKzmY6/R9KOOo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "310c0063b2558e94ad8bc3c1f2ddead82e0872cd", "rev": "4542db605602898fe0c431e19f01e1af2865dae8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -514,11 +514,11 @@
}, },
"nixos-stable": { "nixos-stable": {
"locked": { "locked": {
"lastModified": 1690726002, "lastModified": 1690835256,
"narHash": "sha256-cACz6jCJZtsZHGCJAN4vMobxzH5s6FCOTZHMrh/Hu0M=", "narHash": "sha256-SZy/Nvwbf6CorhEsvmjqgjoYNLnRfaKVZMfSnpUDPnc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "391e8db1f06c3f74c2d313a73135515023af3993", "rev": "b7cde1c47b7316f6138a2b36ef6627f3d16d645c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -530,11 +530,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1690833316, "lastModified": 1690860117,
"narHash": "sha256-+YU+/pTJmVKNW12R07/SJiTn7PQk90xwCI4D2PfLRPs=", "narHash": "sha256-srkCfjMlg777HxDVMfhkIFgRhhtuZjIOIyR2ejLYK+Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9418167277f665de6f4a29f414d438cf39c55b9e", "rev": "96d403ee2479f2070050353b94808209f1352edb",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
home/programs/nvim/plugins.nix
View file

@ -308,12 +308,12 @@ in
}; };
comment-nvim = buildVimPluginFrom2Nix { comment-nvim = buildVimPluginFrom2Nix {
pname = "comment.nvim"; pname = "comment.nvim";
version = "2023-06-12"; version = "2023-08-01";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "numtostr"; owner = "numtostr";
repo = "comment.nvim"; repo = "comment.nvim";
rev = "176e85eeb63f1a5970d6b88f1725039d85ca0055"; rev = "bacbed6346d1c5a095897f3fde3451a9a08e7f7d";
sha256 = "0y3zhv82hi8avxhmp1c9h0r17kfclwxphzyk7701f6wjky375ksw"; sha256 = "19s2kmflga4v0dqwjb79imbv4aa4hcck340159rbzdb8a3bfhrji";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };

3
system/hosts/tanker.nix
View file

@ -49,13 +49,12 @@ in
../nixos/rimgo.nix ../nixos/rimgo.nix
../nixos/synapse.nix ../nixos/matrix
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/websites-tanker.nix ../nixos/websites-tanker.nix
../../container/matrix
../../container/proxitok ../../container/proxitok
../../container/weewx ../../container/weewx
]; ];

7
system/nixos/matrix/default.nix Normal file
View file

@ -0,0 +1,7 @@
{
imports = [
./synapse.nix
./mautrix-whatsapp.nix
./mautrix-signal.nix
];
}

39
system/nixos/matrix/mautrix-signal.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, config, ... }:
{
services.signald.enable = true;
systemd.services.signald.serviceConfig.EnvironmentFile = [
config.age.secrets.signald-environment.path
];
systemd.services.mautrix-signal = {
description = "A Matrix-Signal puppeting bridge";
wantedBy = [ "multi-user.target" ];
requires = [ "matrix-synapse.service" "signald.service" ];
after = [ "matrix-synapse.service" "signald.service" ];
restartTriggers = [ "${config.age.secrets.mautrix-signal-config.file}" ];
serviceConfig = {
User = config.services.signald.user;
Group = config.services.signald.group;
LoadCredential = [ "config:${config.age.secrets.mautrix-signal-config.path}" ];
ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal --config=%d/config --no-update";
Restart = "on-failure";
RestartSec = "5s";
StateDirectory = "mautrix-signal";
RuntimeDirectory = "mautrix-signal";
StateDirectoryMode = "0750";
RuntimeDirectoryMode = "0750";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateTmp = true;
};
};
services.matrix-synapse.settings.app_service_config_files = [
"/var/lib/matrix-synapse/bridges/registration-signal.yaml"
];
}

30
system/nixos/matrix/mautrix-whatsapp.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, config, ... }:
{
systemd.services.mautrix-whatsapp = {
description = "Matrix <-> Whatsapp hybrid puppeting/relaybot bridge";
wantedBy = [ "multi-user.target" ];
requires = [ "matrix-synapse.service" ];
after = [ "matrix-synapse.service" ];
restartTriggers = [ "${config.age.secrets.mautrix-whatsapp-config.file}" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "mautrix-whatsapp";
LoadCredential = [ "config:${config.age.secrets.mautrix-whatsapp-config.path}" ];
ExecStart = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp --config=%d/config --no-update";
Restart = "on-failure";
RestartSec = "5s";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateTmp = true;
};
};
services.matrix-synapse.settings.app_service_config_files = [
"/var/lib/matrix-synapse/bridges/registration-whatsapp.yaml"
];
}

11
system/nixos/synapse.nix → system/nixos/matrix/synapse.nix
View file

@ -15,7 +15,7 @@ in
listeners = [ listeners = [
{ {
bind_addresses = [ "127.0.0.1" "10.88.0.1" ]; bind_addresses = [ "127.0.0.1" ];
port = 8008; port = 8008;
tls = false; tls = false;
type = "http"; type = "http";
@ -81,11 +81,6 @@ in
enable_metrics = false; enable_metrics = false;
report_stats = false; report_stats = false;
app_service_config_files = [
"/var/lib/matrix-bridges/signal/registration.yaml"
"/var/lib/matrix-bridges/whatsapp/registration.yaml"
];
experimental_features = { experimental_features = {
msc3202_device_masquerading = true; msc3202_device_masquerading = true;
msc3202_transaction_extensions = true; msc3202_transaction_extensions = true;
@ -107,9 +102,7 @@ in
}; };
}; };
systemd.services.matrix-synapse.after = [ "postgresql.service" "podman-wait-for-host-interface.service" ]; systemd.services.matrix-synapse.after = [ "postgresql.service" ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
quic = true; quic = true;