oysteikt/nix-dotfiles
oysteikt/nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity
a1f48392ed
nix-dotfiles/hosts/tsuki/services/matrix/bridges/matrix-appservice-irc.nix

207 lines
5.7 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }: let
cfg = config.services.matrix-appservice-irc;
in {
sops = {
secrets = {
"matrix/bridges/irc/id" = {};
"matrix/bridges/irc/hs_token" = {};
"matrix/bridges/irc/as_token" = {};
};
templates."matrix-appservice-irc-registration.yml" = {
owner = "matrix-appservice-irc";
group = "matrix-synapse";
mode = "0440";
file = let
inherit (config.sops) placeholder;
in (pkgs.formats.yaml {}).generate "matrix-appservice-irc-registration.yml" {
id = placeholder."matrix/bridges/irc/id";
hs_token = placeholder."matrix/bridges/irc/hs_token";
as_token = placeholder."matrix/bridges/irc/as_token";
url = cfg.registrationUrl;
sender_localpart = cfg.localpart;
"de.sorunome.msc2409.push_ephemeral" = true;
protocols = [ "irc" ];
namespaces = {
aliases = [
{
exclusive = true;
regex = "#lainchanirc_.*:nani\\.wtf";
}
{
exclusive = true;
regex = "#liberairc_.*:nani\\.wtf";
}
];
users = [
{
exclusive = true;
regex = "@lainanon_.*:nani\\.wtf";
}
{
exclusive = true;
regex = "@liberauser_.*:nani\\.wtf";
}
];
};
rate_limited = false;
};
};
};
services.matrix-appservice-irc = {
enable = true;
registrationUrl = "http://localhost:${toString cfg.port}";
settings = {
homeserver = {
url = "https://matrix.nani.wtf";
domain = "nani.wtf";
enablePresence = true;
};
database = {
engine = "postgres";
# TODO: use unix socket
connectionString = "postgres://matrix-appservice-irc:@localhost:${toString config.services.postgresql.port}/matrix-appservice-irc?sslmode=disable";
};
ircService = {
mediaProxy.publicUrl = "https://irc-matrix.nani.wtf/media";
servers = {
"irc.libera.chat" = {
name = "libera";
port = 6697;
ssl = true;
networkId = "ircLiberaChat";
botConfig.enable = false;
dynamicChannels = {
enabled = true;
createAlias = true;
aliasTemplate = "#liberairc_$CHANNEL";
published = true;
useHomeserverDirectory = true;
joinRule = "public";
federate = true;
};
matrixClients = {
userTemplate = "@liberauser_$NICK";
};
ircClients = {
nickTemplate = "$LOCALPART[m]";
allowNickChanges = true;
};
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
};
matrixToIrc = {
initial = true;
incremental = true;
};
};
};
permissions."@h7x4:nani.wtf" = "admin";
# TODO: Port forward
ident.enable = true;
# TODO: Metrics
};
"irc.lainchan.org" = {
name = "lainchan";
port = 6697;
ssl = true;
networkId = "ircLainchanOrg";
botConfig.enable = false;
dynamicChannels = {
enabled = true;
createAlias = true;
aliasTemplate = "#lainchanirc_$CHANNEL";
published = true;
useHomeserverDirectory = true;
joinRule = "public";
federate = true;
};
matrixClients = {
userTemplate = "@lainanon_$NICK";
};
ircClients = {
nickTemplate = "$LOCALPART[m]";
allowNickChanges = true;
};
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
};
matrixToIrc = {
initial = true;
incremental = true;
};
};
};
permissions."@h7x4:nani.wtf" = "admin";
# TODO: Port forward
ident.enable = true;
# TODO: Metrics
};
};
};
};
};
services.matrix-synapse-next.settings.app_service_config_files = [
config.sops.templates."matrix-appservice-irc-registration.yml".path
];
systemd.services.matrix-appservice-irc = {
enableStrictShellChecks = false;
requires = [
"matrix-synapse.service"
"postgresql.service"
];
serviceConfig.BindReadOnlyPaths = [
"${config.sops.templates."matrix-appservice-irc-registration.yml".path}:/var/lib/matrix-appservice-irc/registration.yml"
];
preStart = lib.mkForce ''
umask 077
# Generate key for crypting passwords
if ! [ -f "${cfg.settings.ircService.passwordEncryptionKeyPath}" ]; then
${pkgs.openssl}/bin/openssl genpkey \
-out "${cfg.settings.ircService.passwordEncryptionKeyPath}" \
-outform PEM \
-algorithm RSA \
-pkeyopt "rsa_keygen_bits:${toString cfg.passwordEncryptionKeyLength}"
fi
if ! [ -f "${cfg.settings.ircService.mediaProxy.signingKeyPath}"]; then
${lib.getExe pkgs.nodejs} ${pkgs.matrix-appservice-irc}/lib/generate-signing-key.js > "${cfg.settings.ircService.mediaProxy.signingKeyPath}"
fi
'';
};
}
Reference in New Issue View Git Blame Copy Permalink