Set up matrix properly
- fixed federation - hooked up bridges: - mx-discord-puppet - mautrix-facebook
This commit is contained in:
parent
d906a0b697
commit
ade8bdfc2c
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, secrets, ... }: {
|
||||
|
||||
# configure synapse to point users to coturn
|
||||
# TODO: configure synapse to point users to coturn
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
turn_uris = let
|
||||
|
@ -13,6 +13,8 @@
|
|||
server_name = "nani.wtf";
|
||||
public_baseurl = "https://matrix.nani.wtf";
|
||||
|
||||
registration_shared_secret = secrets.keys.matrix.registration-shared-secret;
|
||||
|
||||
enable_metrics = true;
|
||||
|
||||
listeners = [
|
||||
|
@ -42,6 +44,14 @@
|
|||
password = "synapse";
|
||||
};
|
||||
|
||||
# TODO: Figure out a way to do this declaratively.
|
||||
# The files need to be owned by matrix-synapse
|
||||
app_service_config_files = [
|
||||
"/var/lib/matrix-synapse/discord-registration.yaml"
|
||||
# (pkgs.writeText "facebook-registrations.yaml" (builtins.toJSON config.services.mautrix-facebook.registrationData))
|
||||
"/var/lib/matrix-synapse/facebook-registration.yaml"
|
||||
];
|
||||
|
||||
# redis.enabled = true;
|
||||
|
||||
# settings = {
|
||||
|
@ -53,13 +63,132 @@
|
|||
|
||||
services.redis.enable = true;
|
||||
|
||||
# enable coturn
|
||||
services.mx-puppet-discord = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
||||
bridge = {
|
||||
bindAddress = "localhost";
|
||||
domain = "nani.wtf";
|
||||
# TODO: connect via localhost
|
||||
homeserverUrl = "https://matrix.nani.wtf";
|
||||
|
||||
port = secrets.ports.matrix.mx-puppet-discord;
|
||||
enableGroupSync = true;
|
||||
};
|
||||
|
||||
database = {
|
||||
filename = "/var/lib/mx-puppet-discord/database.db";
|
||||
};
|
||||
|
||||
namePatterns = {
|
||||
room = ":name";
|
||||
user = ":name";
|
||||
userOverride = ":displayname";
|
||||
group = ":name";
|
||||
};
|
||||
|
||||
presence = {
|
||||
enabled = true;
|
||||
interval = 500;
|
||||
};
|
||||
|
||||
logging = {
|
||||
console = "info";
|
||||
lineDateFormat = "MMM-D HH:mm:ss.SSS";
|
||||
};
|
||||
|
||||
provisioning.whitelist = [ "@h7x4:nani\\.wtf" ];
|
||||
relay.whitelist = [ "@h7x4:nani\\.wtf" ];
|
||||
selfService.whitelist = [ "@h7x4:nani\\.wtf" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.mautrix-facebook = {
|
||||
enable = true;
|
||||
configurePostgresql = true;
|
||||
|
||||
registrationData = {
|
||||
# NOTE: This is a randomly generated UUID
|
||||
inherit (secrets.keys.matrix.mautrix-facebook) as_token;
|
||||
inherit (secrets.keys.matrix.mautrix-facebook) hs_token;
|
||||
};
|
||||
|
||||
settings = {
|
||||
homeserver = {
|
||||
# TODO: connect via localhost
|
||||
address = "https://matrix.nani.wtf";
|
||||
domain = "nani.wtf";
|
||||
};
|
||||
|
||||
appservice = rec {
|
||||
address = "http://${hostname}:${toString port}";
|
||||
bot_username = "facebookbot";
|
||||
hostname = "0.0.0.0";
|
||||
|
||||
ephemeral_events = true;
|
||||
|
||||
port = secrets.ports.matrix.mautrix-facebook;
|
||||
inherit (secrets.keys.matrix.mautrix-facebook) as_token;
|
||||
inherit (secrets.keys.matrix.mautrix-facebook) hs_token;
|
||||
};
|
||||
|
||||
bridge = {
|
||||
encryption = {
|
||||
allow = true;
|
||||
default = true;
|
||||
};
|
||||
backfilling = {
|
||||
initial_limit = 8000;
|
||||
};
|
||||
username_template = "facebook_{userid}";
|
||||
sync_with_custom_puppets = false;
|
||||
permissions = {
|
||||
"@h7x4:nani.wtf" = "admin";
|
||||
"nani.wtf" = "user";
|
||||
};
|
||||
};
|
||||
|
||||
logging = {
|
||||
formatters = {
|
||||
journal_fmt = {
|
||||
format = "%(name)s: %(message)s";
|
||||
};
|
||||
};
|
||||
handlers = {
|
||||
journal = {
|
||||
SYSLOG_IDENTIFIER = "mautrix-facebook";
|
||||
class = "systemd.journal.JournalHandler";
|
||||
formatter = "journal_fmt";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
handlers = [
|
||||
"journal"
|
||||
];
|
||||
level = "INFO";
|
||||
};
|
||||
version = 1;
|
||||
};
|
||||
|
||||
manhole = {
|
||||
enabled = false;
|
||||
};
|
||||
|
||||
metrics = {
|
||||
enabled = false;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
services.coturn = rec {
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = secrets.ports.matrix.min;
|
||||
max-port = secrets.ports.matrix.max;
|
||||
min-port = secrets.ports.matrix.coturn.min;
|
||||
max-port = secrets.ports.matrix.coturn.max;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret = secrets.keys.matrix.static-auth-secret;
|
||||
realm = "turn.nani.wtf";
|
||||
|
@ -114,8 +243,8 @@
|
|||
networking.firewall = {
|
||||
interfaces.enp2s0 = let
|
||||
range = with config.services.coturn; [ {
|
||||
from = secrets.ports.matrix.min;
|
||||
to = secrets.ports.matrix.max;
|
||||
from = secrets.ports.matrix.coturn.min;
|
||||
to = secrets.ports.matrix.coturn.max;
|
||||
} ];
|
||||
in
|
||||
{
|
||||
|
|
|
@ -81,9 +81,23 @@
|
|||
|
||||
in (listToAttrs [
|
||||
# (makeACMEProxy ["gitlab"] "http://unix:/run/gitlab/gitlab-workhorse.socket" {})
|
||||
{
|
||||
name = "nani.wtf";
|
||||
value = {
|
||||
locations."/test".root = pkgs.writeText "asdf.txt" "hello";
|
||||
locations."/.well-known/matrix/server".extraConfig = ''
|
||||
return 200 '{"m.server": "matrix.nani.wtf:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
}
|
||||
(makeACMEProxy ["plex"] "http://localhost:${s ports.plex}" {})
|
||||
(makeACMEHost ["www"] { root = "${inputs.website.defaultPackage.${pkgs.system}}/"; })
|
||||
(makeACMEProxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {})
|
||||
(makeACMEHost ["madmin"] { root = "${pkgs.synapse-admin}/"; })
|
||||
(makeACMEProxy ["git"] "http://localhost:${s ports.gitea}" {})
|
||||
(makeClientCertHost ["cache"] { root = "/var/lib/nix-cache"; })
|
||||
(makeClientCertProxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {
|
||||
|
|
Loading…
Reference in New Issue