diff --git a/hosts/tsuki/services/matrix.nix b/hosts/tsuki/services/matrix.nix index f3be0d2..80a6ab8 100644 --- a/hosts/tsuki/services/matrix.nix +++ b/hosts/tsuki/services/matrix.nix @@ -1,6 +1,6 @@ -{config, pkgs, lib, secrets, ...}: { +{ config, pkgs, lib, secrets, ... }: { - # configure synapse to point users to coturn + # TODO: configure synapse to point users to coturn services.matrix-synapse = { enable = true; turn_uris = let @@ -13,6 +13,8 @@ server_name = "nani.wtf"; public_baseurl = "https://matrix.nani.wtf"; + registration_shared_secret = secrets.keys.matrix.registration-shared-secret; + enable_metrics = true; listeners = [ @@ -42,6 +44,14 @@ password = "synapse"; }; + # TODO: Figure out a way to do this declaratively. + # The files need to be owned by matrix-synapse + app_service_config_files = [ + "/var/lib/matrix-synapse/discord-registration.yaml" + # (pkgs.writeText "facebook-registrations.yaml" (builtins.toJSON config.services.mautrix-facebook.registrationData)) + "/var/lib/matrix-synapse/facebook-registration.yaml" + ]; + # redis.enabled = true; # settings = { @@ -53,13 +63,132 @@ services.redis.enable = true; - # enable coturn + services.mx-puppet-discord = { + enable = true; + settings = { + + bridge = { + bindAddress = "localhost"; + domain = "nani.wtf"; + # TODO: connect via localhost + homeserverUrl = "https://matrix.nani.wtf"; + + port = secrets.ports.matrix.mx-puppet-discord; + enableGroupSync = true; + }; + + database = { + filename = "/var/lib/mx-puppet-discord/database.db"; + }; + + namePatterns = { + room = ":name"; + user = ":name"; + userOverride = ":displayname"; + group = ":name"; + }; + + presence = { + enabled = true; + interval = 500; + }; + + logging = { + console = "info"; + lineDateFormat = "MMM-D HH:mm:ss.SSS"; + }; + + provisioning.whitelist = [ "@h7x4:nani\\.wtf" ]; + relay.whitelist = [ "@h7x4:nani\\.wtf" ]; + selfService.whitelist = [ "@h7x4:nani\\.wtf" ]; + }; + }; + + services.mautrix-facebook = { + enable = true; + configurePostgresql = true; + + registrationData = { + # NOTE: This is a randomly generated UUID + inherit (secrets.keys.matrix.mautrix-facebook) as_token; + inherit (secrets.keys.matrix.mautrix-facebook) hs_token; + }; + + settings = { + homeserver = { + # TODO: connect via localhost + address = "https://matrix.nani.wtf"; + domain = "nani.wtf"; + }; + + appservice = rec { + address = "http://${hostname}:${toString port}"; + bot_username = "facebookbot"; + hostname = "0.0.0.0"; + + ephemeral_events = true; + + port = secrets.ports.matrix.mautrix-facebook; + inherit (secrets.keys.matrix.mautrix-facebook) as_token; + inherit (secrets.keys.matrix.mautrix-facebook) hs_token; + }; + + bridge = { + encryption = { + allow = true; + default = true; + }; + backfilling = { + initial_limit = 8000; + }; + username_template = "facebook_{userid}"; + sync_with_custom_puppets = false; + permissions = { + "@h7x4:nani.wtf" = "admin"; + "nani.wtf" = "user"; + }; + }; + + logging = { + formatters = { + journal_fmt = { + format = "%(name)s: %(message)s"; + }; + }; + handlers = { + journal = { + SYSLOG_IDENTIFIER = "mautrix-facebook"; + class = "systemd.journal.JournalHandler"; + formatter = "journal_fmt"; + }; + }; + root = { + handlers = [ + "journal" + ]; + level = "INFO"; + }; + version = 1; + }; + + manhole = { + enabled = false; + }; + + metrics = { + enabled = false; + }; + + }; + + }; + services.coturn = rec { enable = true; no-cli = true; no-tcp-relay = true; - min-port = secrets.ports.matrix.min; - max-port = secrets.ports.matrix.max; + min-port = secrets.ports.matrix.coturn.min; + max-port = secrets.ports.matrix.coturn.max; use-auth-secret = true; static-auth-secret = secrets.keys.matrix.static-auth-secret; realm = "turn.nani.wtf"; @@ -114,8 +243,8 @@ networking.firewall = { interfaces.enp2s0 = let range = with config.services.coturn; [ { - from = secrets.ports.matrix.min; - to = secrets.ports.matrix.max; + from = secrets.ports.matrix.coturn.min; + to = secrets.ports.matrix.coturn.max; } ]; in { diff --git a/hosts/tsuki/services/nginx.nix b/hosts/tsuki/services/nginx.nix index 05c8d7b..64d8dc0 100644 --- a/hosts/tsuki/services/nginx.nix +++ b/hosts/tsuki/services/nginx.nix @@ -81,9 +81,23 @@ in (listToAttrs [ # (makeACMEProxy ["gitlab"] "http://unix:/run/gitlab/gitlab-workhorse.socket" {}) + { + name = "nani.wtf"; + value = { + locations."/test".root = pkgs.writeText "asdf.txt" "hello"; + locations."/.well-known/matrix/server".extraConfig = '' + return 200 '{"m.server": "matrix.nani.wtf:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; + ''; + enableACME = true; + forceSSL = true; + }; + } (makeACMEProxy ["plex"] "http://localhost:${s ports.plex}" {}) (makeACMEHost ["www"] { root = "${inputs.website.defaultPackage.${pkgs.system}}/"; }) (makeACMEProxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {}) + (makeACMEHost ["madmin"] { root = "${pkgs.synapse-admin}/"; }) (makeACMEProxy ["git"] "http://localhost:${s ports.gitea}" {}) (makeClientCertHost ["cache"] { root = "/var/lib/nix-cache"; }) (makeClientCertProxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {