Set up matrix properly

- fixed federation
- hooked up bridges:
  - mx-discord-puppet
  - mautrix-facebook
This commit is contained in:
Oystein Kristoffer Tveit 2022-04-12 03:28:10 +02:00
parent d906a0b697
commit ade8bdfc2c
2 changed files with 150 additions and 7 deletions

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, secrets, ... }: {
# configure synapse to point users to coturn
# TODO: configure synapse to point users to coturn
services.matrix-synapse = {
enable = true;
turn_uris = let
@ -13,6 +13,8 @@
server_name = "nani.wtf";
public_baseurl = "https://matrix.nani.wtf";
registration_shared_secret = secrets.keys.matrix.registration-shared-secret;
enable_metrics = true;
listeners = [
@ -42,6 +44,14 @@
password = "synapse";
};
# TODO: Figure out a way to do this declaratively.
# The files need to be owned by matrix-synapse
app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml"
# (pkgs.writeText "facebook-registrations.yaml" (builtins.toJSON config.services.mautrix-facebook.registrationData))
"/var/lib/matrix-synapse/facebook-registration.yaml"
];
# redis.enabled = true;
# settings = {
@ -53,13 +63,132 @@
services.redis.enable = true;
# enable coturn
services.mx-puppet-discord = {
enable = true;
settings = {
bridge = {
bindAddress = "localhost";
domain = "nani.wtf";
# TODO: connect via localhost
homeserverUrl = "https://matrix.nani.wtf";
port = secrets.ports.matrix.mx-puppet-discord;
enableGroupSync = true;
};
database = {
filename = "/var/lib/mx-puppet-discord/database.db";
};
namePatterns = {
room = ":name";
user = ":name";
userOverride = ":displayname";
group = ":name";
};
presence = {
enabled = true;
interval = 500;
};
logging = {
console = "info";
lineDateFormat = "MMM-D HH:mm:ss.SSS";
};
provisioning.whitelist = [ "@h7x4:nani\\.wtf" ];
relay.whitelist = [ "@h7x4:nani\\.wtf" ];
selfService.whitelist = [ "@h7x4:nani\\.wtf" ];
};
};
services.mautrix-facebook = {
enable = true;
configurePostgresql = true;
registrationData = {
# NOTE: This is a randomly generated UUID
inherit (secrets.keys.matrix.mautrix-facebook) as_token;
inherit (secrets.keys.matrix.mautrix-facebook) hs_token;
};
settings = {
homeserver = {
# TODO: connect via localhost
address = "https://matrix.nani.wtf";
domain = "nani.wtf";
};
appservice = rec {
address = "http://${hostname}:${toString port}";
bot_username = "facebookbot";
hostname = "0.0.0.0";
ephemeral_events = true;
port = secrets.ports.matrix.mautrix-facebook;
inherit (secrets.keys.matrix.mautrix-facebook) as_token;
inherit (secrets.keys.matrix.mautrix-facebook) hs_token;
};
bridge = {
encryption = {
allow = true;
default = true;
};
backfilling = {
initial_limit = 8000;
};
username_template = "facebook_{userid}";
sync_with_custom_puppets = false;
permissions = {
"@h7x4:nani.wtf" = "admin";
"nani.wtf" = "user";
};
};
logging = {
formatters = {
journal_fmt = {
format = "%(name)s: %(message)s";
};
};
handlers = {
journal = {
SYSLOG_IDENTIFIER = "mautrix-facebook";
class = "systemd.journal.JournalHandler";
formatter = "journal_fmt";
};
};
root = {
handlers = [
"journal"
];
level = "INFO";
};
version = 1;
};
manhole = {
enabled = false;
};
metrics = {
enabled = false;
};
};
};
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = secrets.ports.matrix.min;
max-port = secrets.ports.matrix.max;
min-port = secrets.ports.matrix.coturn.min;
max-port = secrets.ports.matrix.coturn.max;
use-auth-secret = true;
static-auth-secret = secrets.keys.matrix.static-auth-secret;
realm = "turn.nani.wtf";
@ -114,8 +243,8 @@
networking.firewall = {
interfaces.enp2s0 = let
range = with config.services.coturn; [ {
from = secrets.ports.matrix.min;
to = secrets.ports.matrix.max;
from = secrets.ports.matrix.coturn.min;
to = secrets.ports.matrix.coturn.max;
} ];
in
{

View File

@ -81,9 +81,23 @@
in (listToAttrs [
# (makeACMEProxy ["gitlab"] "http://unix:/run/gitlab/gitlab-workhorse.socket" {})
{
name = "nani.wtf";
value = {
locations."/test".root = pkgs.writeText "asdf.txt" "hello";
locations."/.well-known/matrix/server".extraConfig = ''
return 200 '{"m.server": "matrix.nani.wtf:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
'';
enableACME = true;
forceSSL = true;
};
}
(makeACMEProxy ["plex"] "http://localhost:${s ports.plex}" {})
(makeACMEHost ["www"] { root = "${inputs.website.defaultPackage.${pkgs.system}}/"; })
(makeACMEProxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {})
(makeACMEHost ["madmin"] { root = "${pkgs.synapse-admin}/"; })
(makeACMEProxy ["git"] "http://localhost:${s ports.gitea}" {})
(makeClientCertHost ["cache"] { root = "/var/lib/nix-cache"; })
(makeClientCertProxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {