bicep/matrix/hookshot: Configure matrix-hookshot

Co-authored-by: Daniel Olsen <daniel.olsen99@gmail.com>
2024-10-13 00:16:39 +02:00 · 2024-10-13 00:16:39 +02:00 · c1833eb07c
parent 5ee23ef2e2
commit c1833eb07c
4 changed files with 59 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -57,7 +57,7 @@
        rec {
          system = "x86_64-linux";
          specialArgs = {
-            inherit nixpkgs-unstable inputs;
+            inherit unstablePkgs inputs;
            values = import ./values.nix;
          };

--- a/hosts/bicep/services/matrix/default.nix
+++ b/hosts/bicep/services/matrix/default.nix
@ -10,6 +10,7 @@
    ./mjolnir.nix

    ./discord.nix
+    ./hookshot
  ];


--- a/hosts/bicep/services/matrix/hookshot/default.nix
+++ b/hosts/bicep/services/matrix/hookshot/default.nix
@ -0,0 +1,57 @@
+{ config, lib, unstablePkgs, inputs, ... }:
+
+{
+  imports = [
+    ./module.nix
+  ];
+
+  sops.secrets."matrix/registrations/matrix-hookshot" = {
+    sopsFile = ../../../../../secrets/bicep/matrix.yaml;
+    key = "registrations/matrix-hookshot";
+    owner = config.users.users.matrix-synapse.name;
+    group = config.users.groups.keys-matrix-registrations.name;
+  };
+
+  systemd.services.matrix-hookshot = {
+    serviceConfig.SupplementaryGroups = [ config.users.groups.keys-matrix-registrations.name ];
+  };
+
+  services.matrix-hookshot = {
+    enable = true;
+    package = unstablePkgs.matrix-hookshot;
+    registrationFile = config.sops.secrets."matrix/registrations/matrix-hookshot".path;
+    settings = {
+      bridge = {
+        bindAddress = "127.0.0.1";
+        domain = "pvv.ntnu,no";
+        url = "https://matrix.pvv.ntnu.no";
+        mediaUrl = "https://matrix.pvv.ntnu.no";
+        port = 9993;
+      };
+      listeners = [
+        {
+          bindAddress = "127.0.0.1";
+          port = 9000;
+          resources = [
+            "webhooks"
+            "metrics"
+            "provisioning"
+            "widgets"
+          ];
+        }
+      ];
+      generic = {
+        enabled = true;
+      };
+      feeds = {
+        enabled = true;
+      };
+    };
+  };
+
+  services.matrix-hookshot.serviceDependencies = [ "matrix-synapse.target" "nginx.service" ];
+
+  services.matrix-synapse-next.settings = {
+    app_service_config_files = [ config.sops.secrets."matrix/registrations/matrix-hookshot".path ];
+  };
+}
--- a/hosts/bicep/services/matrix/hookshot/module.nix
+++ b/hosts/bicep/services/matrix/hookshot/module.nix