1
0
Fork 0

matrix: bridges are no longer containers

This commit is contained in:
Daniel Kempkens 2023-08-01 18:32:28 +02:00
parent 7ba43a7e24
commit e55ab84c44
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
12 changed files with 100 additions and 96 deletions

View file

@ -107,11 +107,6 @@
mautrix-signal-config = {
file = ./mautrix-signal/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/signal/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
};
signald-environment = {
@ -130,11 +125,6 @@
mautrix-whatsapp-config = {
file = ./mautrix-whatsapp/config.age;
symlink = false;
path = "/var/lib/matrix-bridges/whatsapp/config.yaml";
mode = "640";
owner = "1337";
group = "1337";
};
weewx-config = {

View file

@ -1,10 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU
wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E
-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs
0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY
-> g.G-grease X;7X` 3ecO{T|m
/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+
O15n2g
--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A
'ř»{Ă3Ć*vřäůѶ4†ŻŢ«ÎË<—;‰îQC(Őb-á `.˝goŕ ĐănČ˲< >:šľl0¬Ôň]Tâµ˝ 2Δ*‡ěhř”%Ýl<C39D>*WĹA Ŕü O(ëţí屄WăRŐA0[“­_HžCÎë6`
-> ssh-ed25519 MtGp6g /N1cHH7SmlpEdvKEcMzVflInTXChp+eWJFU2RoPWMUk
7nLndAtQ3DWXYmPvwq9tDPBiPLJMuDuCRtSXdFveSoo
-> ssh-ed25519 iO8/4g WSUXe/SRWLMN23PWyOM7qOCbXOFvTrzmTcq0zW/ABFs
NmQoYqT0x6t0WByQrIg+OAvP4VUU5tVydAHfVTZvPUE
-> eo6mwb;-grease :nS'C`f ?/iI)
oQ4Y4ksapQU8WwrdzObrSTiUiS37dk+c180046s7BqC6GX8iXFjR9kQSPb6tR9bl
Nhh/zHwzdGQmy7VekRL8ZdpbUeKd5D6X7w
--- aHWIb4WJ+O2kXUGFczOA6ngejy6jkMOmrFmcKLllq8s
*?DGõ¨L5¯¸ÄBf&AH¢;÷ aÀsŒã%1Íh1rdO­“²&ºq"DÕ`CQà5€Ÿ—xÐqÎÁ¸2¶Îñ»_æ[g¥½­Ddñó'+<2B>g¤)6nïÈ/Ä*,ð§—;lxS;R[”À†cµ (

View file

@ -1,54 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers = {
# https://gitlab.com/signald/signald
signald = {
image = "registry.gitlab.com/signald/signald:0.23.2";
environmentFiles = [ config.age.secrets.signald-environment.path ];
volumes = [
"/var/lib/matrix-bridges/signald:/signald"
];
};
# https://mau.dev/mautrix/signal
matrix-signal = {
image = "dock.mau.dev/mautrix/signal:v0.4.3";
dependsOn = [ "signald" ];
ports = [ "127.0.0.1:29328:29328" ];
volumes = [
"/var/lib/matrix-bridges/signal:/data"
"/var/lib/matrix-bridges/signald:/signald"
];
};
# https://mau.dev/mautrix/whatsapp
matrix-whatsapp = {
image = "dock.mau.dev/mautrix/whatsapp:v0.8.6";
ports = [ "127.0.0.1:29318:29318" ];
volumes = [
"/var/lib/matrix-bridges/whatsapp:/data"
];
};
};
systemd.services = {
podman-signald.restartTriggers = [
"${config.age.secrets.signald-environment.file}"
];
podman-matrix-signal.restartTriggers = [
"${config.age.secrets.mautrix-signal-config.file}"
];
podman-matrix-whatsapp.restartTriggers = [
"${config.age.secrets.mautrix-whatsapp-config.file}"
];
};
systemd.tmpfiles.rules = [
"d /var/lib/matrix-bridges/signald 0775 0 0"
"d /var/lib/matrix-bridges/signal 0775 1337 1337"
"d /var/lib/matrix-bridges/whatsapp 0775 1337 1337"
];
}

View file

@ -415,11 +415,11 @@
]
},
"locked": {
"lastModified": 1690846843,
"narHash": "sha256-sfguzocpi42+juoiUNLMtXws33DeEZkbEVTLtx/LKC8=",
"lastModified": 1690887397,
"narHash": "sha256-ckasuN7MgAiDgLkUo1IdEq8FEKymcUWKzmY6/R9KOOo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "310c0063b2558e94ad8bc3c1f2ddead82e0872cd",
"rev": "4542db605602898fe0c431e19f01e1af2865dae8",
"type": "github"
},
"original": {
@ -514,11 +514,11 @@
},
"nixos-stable": {
"locked": {
"lastModified": 1690726002,
"narHash": "sha256-cACz6jCJZtsZHGCJAN4vMobxzH5s6FCOTZHMrh/Hu0M=",
"lastModified": 1690835256,
"narHash": "sha256-SZy/Nvwbf6CorhEsvmjqgjoYNLnRfaKVZMfSnpUDPnc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "391e8db1f06c3f74c2d313a73135515023af3993",
"rev": "b7cde1c47b7316f6138a2b36ef6627f3d16d645c",
"type": "github"
},
"original": {
@ -530,11 +530,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1690833316,
"narHash": "sha256-+YU+/pTJmVKNW12R07/SJiTn7PQk90xwCI4D2PfLRPs=",
"lastModified": 1690860117,
"narHash": "sha256-srkCfjMlg777HxDVMfhkIFgRhhtuZjIOIyR2ejLYK+Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9418167277f665de6f4a29f414d438cf39c55b9e",
"rev": "96d403ee2479f2070050353b94808209f1352edb",
"type": "github"
},
"original": {

View file

@ -308,12 +308,12 @@ in
};
comment-nvim = buildVimPluginFrom2Nix {
pname = "comment.nvim";
version = "2023-06-12";
version = "2023-08-01";
src = fetchFromGitHub {
owner = "numtostr";
repo = "comment.nvim";
rev = "176e85eeb63f1a5970d6b88f1725039d85ca0055";
sha256 = "0y3zhv82hi8avxhmp1c9h0r17kfclwxphzyk7701f6wjky375ksw";
rev = "bacbed6346d1c5a095897f3fde3451a9a08e7f7d";
sha256 = "19s2kmflga4v0dqwjb79imbv4aa4hcck340159rbzdb8a3bfhrji";
fetchSubmodules = false;
};
};

View file

@ -49,13 +49,12 @@ in
../nixos/rimgo.nix
../nixos/synapse.nix
../nixos/matrix
../nixos/tailscale.nix
../nixos/websites-tanker.nix
../../container/matrix
../../container/proxitok
../../container/weewx
];

View file

@ -0,0 +1,7 @@
{
imports = [
./synapse.nix
./mautrix-whatsapp.nix
./mautrix-signal.nix
];
}

View file

@ -0,0 +1,39 @@
{ pkgs, config, ... }:
{
services.signald.enable = true;
systemd.services.signald.serviceConfig.EnvironmentFile = [
config.age.secrets.signald-environment.path
];
systemd.services.mautrix-signal = {
description = "A Matrix-Signal puppeting bridge";
wantedBy = [ "multi-user.target" ];
requires = [ "matrix-synapse.service" "signald.service" ];
after = [ "matrix-synapse.service" "signald.service" ];
restartTriggers = [ "${config.age.secrets.mautrix-signal-config.file}" ];
serviceConfig = {
User = config.services.signald.user;
Group = config.services.signald.group;
LoadCredential = [ "config:${config.age.secrets.mautrix-signal-config.path}" ];
ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal --config=%d/config --no-update";
Restart = "on-failure";
RestartSec = "5s";
StateDirectory = "mautrix-signal";
RuntimeDirectory = "mautrix-signal";
StateDirectoryMode = "0750";
RuntimeDirectoryMode = "0750";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateTmp = true;
};
};
services.matrix-synapse.settings.app_service_config_files = [
"/var/lib/matrix-synapse/bridges/registration-signal.yaml"
];
}

View file

@ -0,0 +1,30 @@
{ pkgs, config, ... }:
{
systemd.services.mautrix-whatsapp = {
description = "Matrix <-> Whatsapp hybrid puppeting/relaybot bridge";
wantedBy = [ "multi-user.target" ];
requires = [ "matrix-synapse.service" ];
after = [ "matrix-synapse.service" ];
restartTriggers = [ "${config.age.secrets.mautrix-whatsapp-config.file}" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "mautrix-whatsapp";
LoadCredential = [ "config:${config.age.secrets.mautrix-whatsapp-config.path}" ];
ExecStart = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp --config=%d/config --no-update";
Restart = "on-failure";
RestartSec = "5s";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateTmp = true;
};
};
services.matrix-synapse.settings.app_service_config_files = [
"/var/lib/matrix-synapse/bridges/registration-whatsapp.yaml"
];
}

View file

@ -15,7 +15,7 @@ in
listeners = [
{
bind_addresses = [ "127.0.0.1" "10.88.0.1" ];
bind_addresses = [ "127.0.0.1" ];
port = 8008;
tls = false;
type = "http";
@ -81,11 +81,6 @@ in
enable_metrics = false;
report_stats = false;
app_service_config_files = [
"/var/lib/matrix-bridges/signal/registration.yaml"
"/var/lib/matrix-bridges/whatsapp/registration.yaml"
];
experimental_features = {
msc3202_device_masquerading = true;
msc3202_transaction_extensions = true;
@ -107,9 +102,7 @@ in
};
};
systemd.services.matrix-synapse.after = [ "postgresql.service" "podman-wait-for-host-interface.service" ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];
systemd.services.matrix-synapse.after = [ "postgresql.service" ];
services.nginx.virtualHosts."${fqdn}" = {
quic = true;