diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix index 499cbe3..353348e 100644 --- a/hosts/vps1/default.nix +++ b/hosts/vps1/default.nix @@ -64,11 +64,11 @@ headscale.enable = true; matrix = { enable = true; + bridges = { + signal = true; + whatsapp = true; + }; usePostgresql = databases.postgresql.enable; - bridges = [ - "signal" - "whatsapp" - ]; }; nginx.enable = true; photoprism.enable = true; diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 26f5a6d..c5b0eaf 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -7,43 +7,46 @@ let cfg = config.modules.services.matrix; - validBridges = [ - "signal" - "whatsapp" - ]; in { options.modules.services.matrix = { enable = lib.mkEnableOption "matrix"; - enableElementWeb = lib.mkOption { - default = true; - example = false; + element = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; - bridges = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "A list of bridges to configure with Synapse."; - example = [ "signal" "whatsapp" ]; - default = []; - apply = bridges: - if lib.all (bridge: lib.elem bridge validBridges) bridges - then lib.map (b: "mautrix-${b}") bridges - else throw "Invalid bridge(s) specified. Valid bridges are: ${lib.concatStringsSep ", " validBridges}"; + bridges = { + signal = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable Signal bridge."; + }; + whatsapp = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable WhatsApp bridge."; + }; }; serverName = lib.mkOption { type = lib.types.str; default = "vimium.com"; example = "vimium.com"; }; - usePostgresql = lib.mkOption { - default = false; - example = true; - }; + usePostgresql = lib.mkEnableOption "postgresql"; }; config = let - mkBridgeDatabase = bridge: { - name = bridge; - ensureDBOwnership = true; + matrixSubdomain = "matrix.${cfg.serverName}"; + elementSubdomain = "chat.${cfg.serverName}"; + matrixClientConfig = { + "m.homeserver" = { + base_url = "https://${matrixSubdomain}"; + server_name = cfg.serverName; + }; + "m.identity_server" = {}; }; + matrixServerConfig."m.server" = "${matrixSubdomain}:443"; commonBridgeSettings = bridge: { appservice = { database = lib.mkIf cfg.usePostgresql { @@ -59,42 +62,30 @@ in { }; permissions = { "${cfg.serverName}" = "user"; - "@jordan:vimium.com" = "admin"; + "@jordan:${cfg.serverName}" = "admin"; }; provisioning = { shared_secret = "disable"; }; }; homeserver = { - address = "https://matrix.${cfg.serverName}"; + address = "https://${matrixSubdomain}"; domain = cfg.serverName; }; }; - matrixClientConfig = { - "m.homeserver" = { - base_url = "https://matrix.${cfg.serverName}"; - server_name = cfg.serverName; - }; - "m.identity_server" = {}; - }; - matrixServerConfig."m.server" = "matrix.${cfg.serverName}:443"; - mkWellKnown = data: '' - more_set_headers 'Content-Type: application/json'; - return 200 '${builtins.toJSON data}'; - ''; in lib.mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 8448 # Matrix federation ]; security.acme.certs = { - "matrix.${cfg.serverName}" = { + "${matrixSubdomain}" = { reloadServices = [ "matrix-synapse" ]; }; }; services.nginx.virtualHosts = { - "matrix.${cfg.serverName}" = { + "${matrixSubdomain}" = { forceSSL = true; enableACME = true; listen = [ @@ -144,12 +135,17 @@ in { "/_synapse/client".proxyPass = "http://localhost:8008"; }; }; - "${cfg.serverName}" = { + "${cfg.serverName}" = let + mkWellKnown = data: '' + more_set_headers 'Content-Type: application/json'; + return 200 '${builtins.toJSON data}'; + ''; + in { locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); }; - } // (if cfg.enableElementWeb then { - "chat.${cfg.serverName}" = { + } // (if cfg.element.enable then { + "${elementSubdomain}" = { forceSSL = true; enableACME = true; root = pkgs.unstable.element-web.override { @@ -177,12 +173,12 @@ in { max_upload_size = "100M"; report_stats = false; server_name = cfg.serverName; - app_service_config_files = (lib.optional (lib.elem "mautrix-whatsapp" cfg.bridges) + app_service_config_files = (lib.optional cfg.bridges.whatsapp "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"); }; }; systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = - (lib.optional (lib.elem "mautrix-whatsapp" cfg.bridges) + (lib.optional cfg.bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group); services.postgresql = lib.mkIf cfg.usePostgresql { @@ -191,18 +187,30 @@ in { name = "matrix-synapse"; ensureDBOwnership = true; } - ] ++ lib.map mkBridgeDatabase cfg.bridges; + ] ++ (lib.optional cfg.bridges.signal + { + name = "mautrix-signal"; + ensureDBOwnership = true; + }) + ++ (lib.optional cfg.bridges.whatsapp + { + name = "mautrix-whatsapp"; + ensureDBOwnership = true; + }); ensureDatabases = [ "matrix-synapse" - ] ++ cfg.bridges; + ] ++ (lib.optional cfg.bridges.signal + "mautrix-signal") + ++ (lib.optional cfg.bridges.whatsapp + "mautrix-whatsapp"); }; - services.mautrix-signal = lib.mkIf (lib.elem "mautrix-signal" cfg.bridges) { + services.mautrix-signal = lib.mkIf cfg.bridges.signal { enable = true; settings = commonBridgeSettings "mautrix-signal"; }; - services.mautrix-whatsapp = lib.mkIf (lib.elem "mautrix-whatsapp" cfg.bridges) { + services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp { enable = true; settings = { bridge = { @@ -216,11 +224,5 @@ in { }; } // commonBridgeSettings "mautrix-whatsapp"; }; - - services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable { - enable = true; - environmentFile = null; - settings = { SYNCV3_SERVER = "https://${cfg.serverName}"; }; - }; }; }