matrix: bridges are no longer containers
This commit is contained in:
parent
7ba43a7e24
commit
e55ab84c44
12 changed files with 100 additions and 96 deletions
|
@ -107,11 +107,6 @@
|
|||
|
||||
mautrix-signal-config = {
|
||||
file = ./mautrix-signal/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/matrix-bridges/signal/config.yaml";
|
||||
mode = "640";
|
||||
owner = "1337";
|
||||
group = "1337";
|
||||
};
|
||||
|
||||
signald-environment = {
|
||||
|
@ -130,11 +125,6 @@
|
|||
|
||||
mautrix-whatsapp-config = {
|
||||
file = ./mautrix-whatsapp/config.age;
|
||||
symlink = false;
|
||||
path = "/var/lib/matrix-bridges/whatsapp/config.yaml";
|
||||
mode = "640";
|
||||
owner = "1337";
|
||||
group = "1337";
|
||||
};
|
||||
|
||||
weewx-config = {
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,10 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g TjcF9u1gbYjURFImt7uh+O7hNw3E2pR6H/i8Xd90DkU
|
||||
wdeuBiwP0BTzMeVx+i7+jpWFaAW+dMnsXakFenPad/E
|
||||
-> ssh-ed25519 iO8/4g V/BUJLff8IK0g5UFXqJ5ftK6Fs8zpheFr4ETzKQd5xs
|
||||
0hzEB9qG6VX878t7tZzfjyH2BkgAhl+uDR4jX9chwgY
|
||||
-> g.G-grease X;7X` 3ecO{T|m
|
||||
/2RKLQzMCznCQXYnltmy7YhoXzHRJ4oxdArYCfQzJEcWDwy465xgm8EMNdu0mNA+
|
||||
O15n2g
|
||||
--- C896AcFfLEvwf3tcYqZP5dfPKFmE4oaaKH6KveEao6A
|
||||
'ř»{Ă3‹Ć*vřä–‹ůѶ4†ŻŢ«ÎË–<—;‰îQC(Őb-á`.˝goŕ ĐănČ˲<>:šľl0¬Ô‘ň]Tâµ˝ 2Δ*‡ěh‘ř”%Ýl<C39D>*WĹA Ŕü
O(ëţí屄WăRŐA0[“_HžCÎë6`
|
||||
-> ssh-ed25519 MtGp6g /N1cHH7SmlpEdvKEcMzVflInTXChp+eWJFU2RoPWMUk
|
||||
7nLndAtQ3DWXYmPvwq9tDPBiPLJMuDuCRtSXdFveSoo
|
||||
-> ssh-ed25519 iO8/4g WSUXe/SRWLMN23PWyOM7qOCbXOFvTrzmTcq0zW/ABFs
|
||||
NmQoYqT0x6t0WByQrIg+OAvP4VUU5tVydAHfVTZvPUE
|
||||
-> eo6mwb;-grease :nS'C`f ?/iI)
|
||||
oQ4Y4ksapQU8WwrdzObrSTiUiS37dk+c180046s7BqC6GX8iXFjR9kQSPb6tR9bl
|
||||
Nhh/zHwzdGQmy7VekRL8ZdpbUeKd5D6X7w
|
||||
--- aHWIb4WJ+O2kXUGFczOA6ngejy6jkMOmrFmcKLllq8s
|
||||
*?DGõ¨L5¯¸Ä‚Bf&AH¢;÷ aÀsŒã%1Íh1rdO“²&ºq"DÕ`CQà5€Ÿ—xÐqÎÁ¸2¶Îñ»_æ[g¥½‹Ddñó'+<2B>g¤)6nïÈ/Ä*,ð§—;lxS;R[”‹À†cµ ›(
|
|
@ -1,54 +0,0 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
virtualisation.oci-containers.containers = {
|
||||
# https://gitlab.com/signald/signald
|
||||
signald = {
|
||||
image = "registry.gitlab.com/signald/signald:0.23.2";
|
||||
environmentFiles = [ config.age.secrets.signald-environment.path ];
|
||||
volumes = [
|
||||
"/var/lib/matrix-bridges/signald:/signald"
|
||||
];
|
||||
};
|
||||
|
||||
# https://mau.dev/mautrix/signal
|
||||
matrix-signal = {
|
||||
image = "dock.mau.dev/mautrix/signal:v0.4.3";
|
||||
dependsOn = [ "signald" ];
|
||||
ports = [ "127.0.0.1:29328:29328" ];
|
||||
volumes = [
|
||||
"/var/lib/matrix-bridges/signal:/data"
|
||||
"/var/lib/matrix-bridges/signald:/signald"
|
||||
];
|
||||
};
|
||||
|
||||
# https://mau.dev/mautrix/whatsapp
|
||||
matrix-whatsapp = {
|
||||
image = "dock.mau.dev/mautrix/whatsapp:v0.8.6";
|
||||
ports = [ "127.0.0.1:29318:29318" ];
|
||||
volumes = [
|
||||
"/var/lib/matrix-bridges/whatsapp:/data"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
podman-signald.restartTriggers = [
|
||||
"${config.age.secrets.signald-environment.file}"
|
||||
];
|
||||
|
||||
podman-matrix-signal.restartTriggers = [
|
||||
"${config.age.secrets.mautrix-signal-config.file}"
|
||||
];
|
||||
|
||||
podman-matrix-whatsapp.restartTriggers = [
|
||||
"${config.age.secrets.mautrix-whatsapp-config.file}"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/matrix-bridges/signald 0775 0 0"
|
||||
"d /var/lib/matrix-bridges/signal 0775 1337 1337"
|
||||
"d /var/lib/matrix-bridges/whatsapp 0775 1337 1337"
|
||||
];
|
||||
}
|
18
flake.lock
18
flake.lock
|
@ -415,11 +415,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690846843,
|
||||
"narHash": "sha256-sfguzocpi42+juoiUNLMtXws33DeEZkbEVTLtx/LKC8=",
|
||||
"lastModified": 1690887397,
|
||||
"narHash": "sha256-ckasuN7MgAiDgLkUo1IdEq8FEKymcUWKzmY6/R9KOOo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "310c0063b2558e94ad8bc3c1f2ddead82e0872cd",
|
||||
"rev": "4542db605602898fe0c431e19f01e1af2865dae8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -514,11 +514,11 @@
|
|||
},
|
||||
"nixos-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1690726002,
|
||||
"narHash": "sha256-cACz6jCJZtsZHGCJAN4vMobxzH5s6FCOTZHMrh/Hu0M=",
|
||||
"lastModified": 1690835256,
|
||||
"narHash": "sha256-SZy/Nvwbf6CorhEsvmjqgjoYNLnRfaKVZMfSnpUDPnc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "391e8db1f06c3f74c2d313a73135515023af3993",
|
||||
"rev": "b7cde1c47b7316f6138a2b36ef6627f3d16d645c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -530,11 +530,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1690833316,
|
||||
"narHash": "sha256-+YU+/pTJmVKNW12R07/SJiTn7PQk90xwCI4D2PfLRPs=",
|
||||
"lastModified": 1690860117,
|
||||
"narHash": "sha256-srkCfjMlg777HxDVMfhkIFgRhhtuZjIOIyR2ejLYK+Y=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9418167277f665de6f4a29f414d438cf39c55b9e",
|
||||
"rev": "96d403ee2479f2070050353b94808209f1352edb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -308,12 +308,12 @@ in
|
|||
};
|
||||
comment-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "comment.nvim";
|
||||
version = "2023-06-12";
|
||||
version = "2023-08-01";
|
||||
src = fetchFromGitHub {
|
||||
owner = "numtostr";
|
||||
repo = "comment.nvim";
|
||||
rev = "176e85eeb63f1a5970d6b88f1725039d85ca0055";
|
||||
sha256 = "0y3zhv82hi8avxhmp1c9h0r17kfclwxphzyk7701f6wjky375ksw";
|
||||
rev = "bacbed6346d1c5a095897f3fde3451a9a08e7f7d";
|
||||
sha256 = "19s2kmflga4v0dqwjb79imbv4aa4hcck340159rbzdb8a3bfhrji";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -49,13 +49,12 @@ in
|
|||
|
||||
../nixos/rimgo.nix
|
||||
|
||||
../nixos/synapse.nix
|
||||
../nixos/matrix
|
||||
|
||||
../nixos/tailscale.nix
|
||||
|
||||
../nixos/websites-tanker.nix
|
||||
|
||||
../../container/matrix
|
||||
../../container/proxitok
|
||||
../../container/weewx
|
||||
];
|
||||
|
|
7
system/nixos/matrix/default.nix
Normal file
7
system/nixos/matrix/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./synapse.nix
|
||||
./mautrix-whatsapp.nix
|
||||
./mautrix-signal.nix
|
||||
];
|
||||
}
|
39
system/nixos/matrix/mautrix-signal.nix
Normal file
39
system/nixos/matrix/mautrix-signal.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
services.signald.enable = true;
|
||||
systemd.services.signald.serviceConfig.EnvironmentFile = [
|
||||
config.age.secrets.signald-environment.path
|
||||
];
|
||||
|
||||
systemd.services.mautrix-signal = {
|
||||
description = "A Matrix-Signal puppeting bridge";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "matrix-synapse.service" "signald.service" ];
|
||||
after = [ "matrix-synapse.service" "signald.service" ];
|
||||
restartTriggers = [ "${config.age.secrets.mautrix-signal-config.file}" ];
|
||||
serviceConfig = {
|
||||
User = config.services.signald.user;
|
||||
Group = config.services.signald.group;
|
||||
LoadCredential = [ "config:${config.age.secrets.mautrix-signal-config.path}" ];
|
||||
ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal --config=%d/config --no-update";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
|
||||
StateDirectory = "mautrix-signal";
|
||||
RuntimeDirectory = "mautrix-signal";
|
||||
StateDirectoryMode = "0750";
|
||||
RuntimeDirectoryMode = "0750";
|
||||
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse.settings.app_service_config_files = [
|
||||
"/var/lib/matrix-synapse/bridges/registration-signal.yaml"
|
||||
];
|
||||
}
|
30
system/nixos/matrix/mautrix-whatsapp.nix
Normal file
30
system/nixos/matrix/mautrix-whatsapp.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
systemd.services.mautrix-whatsapp = {
|
||||
description = "Matrix <-> Whatsapp hybrid puppeting/relaybot bridge";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "matrix-synapse.service" ];
|
||||
after = [ "matrix-synapse.service" ];
|
||||
restartTriggers = [ "${config.age.secrets.mautrix-whatsapp-config.file}" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
StateDirectory = "mautrix-whatsapp";
|
||||
LoadCredential = [ "config:${config.age.secrets.mautrix-whatsapp-config.path}" ];
|
||||
ExecStart = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp --config=%d/config --no-update";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse.settings.app_service_config_files = [
|
||||
"/var/lib/matrix-synapse/bridges/registration-whatsapp.yaml"
|
||||
];
|
||||
}
|
|
@ -15,7 +15,7 @@ in
|
|||
|
||||
listeners = [
|
||||
{
|
||||
bind_addresses = [ "127.0.0.1" "10.88.0.1" ];
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
port = 8008;
|
||||
tls = false;
|
||||
type = "http";
|
||||
|
@ -81,11 +81,6 @@ in
|
|||
enable_metrics = false;
|
||||
report_stats = false;
|
||||
|
||||
app_service_config_files = [
|
||||
"/var/lib/matrix-bridges/signal/registration.yaml"
|
||||
"/var/lib/matrix-bridges/whatsapp/registration.yaml"
|
||||
];
|
||||
|
||||
experimental_features = {
|
||||
msc3202_device_masquerading = true;
|
||||
msc3202_transaction_extensions = true;
|
||||
|
@ -107,9 +102,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse.after = [ "postgresql.service" "podman-wait-for-host-interface.service" ];
|
||||
|
||||
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];
|
||||
systemd.services.matrix-synapse.after = [ "postgresql.service" ];
|
||||
|
||||
services.nginx.virtualHosts."${fqdn}" = {
|
||||
quic = true;
|
Loading…
Reference in a new issue