jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Refactor matrix module
All checks were successful
Check flake / build-amd64-linux (push) Successful in 2m29s
Details

Browse Source
This commit is contained in:
Jordan Holt 2024-07-21 12:00:25 +01:00
parent 2f8f03faf8
commit abfb24ca21
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
2 changed files with 60 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/vps1/default.nix
View File

@ -64,11 +64,11 @@
headscale.enable = true;
matrix = {
enable = true;
bridges = {
signal = true;
whatsapp = true;
};
usePostgresql = databases.postgresql.enable;
bridges = [
"signal"
"whatsapp"
];
};
nginx.enable = true;
photoprism.enable = true;

110
modules/services/matrix/default.nix
View File

@ -7,43 +7,46 @@
let
cfg = config.modules.services.matrix;
validBridges = [
"signal"
"whatsapp"
];
in {
options.modules.services.matrix = {
enable = lib.mkEnableOption "matrix";
enableElementWeb = lib.mkOption {
default = true;
example = false;
element = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
bridges = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "A list of bridges to configure with Synapse.";
example = [ "signal" "whatsapp" ];
default = [];
apply = bridges:
if lib.all (bridge: lib.elem bridge validBridges) bridges
then lib.map (b: "mautrix-${b}") bridges
else throw "Invalid bridge(s) specified. Valid bridges are: ${lib.concatStringsSep ", " validBridges}";
bridges = {
signal = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable Signal bridge.";
};
whatsapp = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable WhatsApp bridge.";
};
};
serverName = lib.mkOption {
type = lib.types.str;
default = "vimium.com";
example = "vimium.com";
};
usePostgresql = lib.mkOption {
default = false;
example = true;
};
usePostgresql = lib.mkEnableOption "postgresql";
};
config = let
mkBridgeDatabase = bridge: {
name = bridge;
ensureDBOwnership = true;
matrixSubdomain = "matrix.${cfg.serverName}";
elementSubdomain = "chat.${cfg.serverName}";
matrixClientConfig = {
"m.homeserver" = {
base_url = "https://${matrixSubdomain}";
server_name = cfg.serverName;
};
"m.identity_server" = {};
};
matrixServerConfig."m.server" = "${matrixSubdomain}:443";
commonBridgeSettings = bridge: {
appservice = {
database = lib.mkIf cfg.usePostgresql {
@ -59,42 +62,30 @@ in {
};
permissions = {
"${cfg.serverName}" = "user";
"@jordan:vimium.com" = "admin";
"@jordan:${cfg.serverName}" = "admin";
};
provisioning = {
shared_secret = "disable";
};
};
homeserver = {
address = "https://matrix.${cfg.serverName}";
address = "https://${matrixSubdomain}";
domain = cfg.serverName;
};
};
matrixClientConfig = {
"m.homeserver" = {
base_url = "https://matrix.${cfg.serverName}";
server_name = cfg.serverName;
};
"m.identity_server" = {};
};
matrixServerConfig."m.server" = "matrix.${cfg.serverName}:443";
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
8448 # Matrix federation
];
security.acme.certs = {
"matrix.${cfg.serverName}" = {
"${matrixSubdomain}" = {
reloadServices = [ "matrix-synapse" ];
};
};
services.nginx.virtualHosts = {
"matrix.${cfg.serverName}" = {
"${matrixSubdomain}" = {
forceSSL = true;
enableACME = true;
listen = [
@ -144,12 +135,17 @@ in {
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${cfg.serverName}" = {
"${cfg.serverName}" = let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in {
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
} // (if cfg.enableElementWeb then {
"chat.${cfg.serverName}" = {
} // (if cfg.element.enable then {
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
@ -177,12 +173,12 @@ in {
max_upload_size = "100M";
report_stats = false;
server_name = cfg.serverName;
app_service_config_files = (lib.optional (lib.elem "mautrix-whatsapp" cfg.bridges)
app_service_config_files = (lib.optional cfg.bridges.whatsapp
"/var/lib/mautrix-whatsapp/whatsapp-registration.yaml");
};
};
systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups =
(lib.optional (lib.elem "mautrix-whatsapp" cfg.bridges)
(lib.optional cfg.bridges.whatsapp
config.systemd.services.mautrix-whatsapp.serviceConfig.Group);
services.postgresql = lib.mkIf cfg.usePostgresql {
@ -191,18 +187,30 @@ in {
name = "matrix-synapse";
ensureDBOwnership = true;
}
] ++ lib.map mkBridgeDatabase cfg.bridges;
] ++ (lib.optional cfg.bridges.signal
{
name = "mautrix-signal";
ensureDBOwnership = true;
})
++ (lib.optional cfg.bridges.whatsapp
{
name = "mautrix-whatsapp";
ensureDBOwnership = true;
});
ensureDatabases = [
"matrix-synapse"
] ++ cfg.bridges;
] ++ (lib.optional cfg.bridges.signal
"mautrix-signal")
++ (lib.optional cfg.bridges.whatsapp
"mautrix-whatsapp");
};
services.mautrix-signal = lib.mkIf (lib.elem "mautrix-signal" cfg.bridges) {
services.mautrix-signal = lib.mkIf cfg.bridges.signal {
enable = true;
settings = commonBridgeSettings "mautrix-signal";
};
services.mautrix-whatsapp = lib.mkIf (lib.elem "mautrix-whatsapp" cfg.bridges) {
services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp {
enable = true;
settings = {
bridge = {
@ -216,11 +224,5 @@ in {
};
} // commonBridgeSettings "mautrix-whatsapp";
};
services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable {
enable = true;
environmentFile = null;
settings = { SYNCV3_SERVER = "https://${cfg.serverName}"; };
};
};
}