zaphyra's git: nixfiles

config/nixos/modules/presets/katja/mautrixBridges: add `signal` (and enable on host `morio`)

diff --git a/config/nixos/modules/presets/katja/mautrixBridges/signal.nix b/config/nixos/modules/presets/katja/mautrixBridges/signal.nix
@@ -0,0 +1,84 @@
+{
+  povSelf,
+  pkgs,
+  lib,
+  config,
+  hostConfig,
+  ...
+}:
+let
+  inherit (lib) types;
+  cfg = lib.getAttrFromPath povSelf config;
+
+in
+{
+
+  options.enable = {
+    type = types.bool;
+    default = false;
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true;
+        message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module.";
+      }
+    ];
+
+    sops.secrets."environments/mautrixBridges/signal" = { };
+
+    modules.services.mautrixBridge.signal = {
+      enable = true;
+      package = pkgs.mautrix-signal.override { withGoolm = true; };
+      environmentFile = config.sops.secrets."environments/mautrixBridges/signal".path;
+      serviceDependencies = [ "grapevine.service" ];
+      settings = rec {
+        network.device_name = "Mautix-Signal (on ${homeserver.domain})";
+        network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)";
+
+        homeserver.address = "http://[::1]:6167";
+        homeserver.domain = "zaphyra.eu";
+
+        database.type = "sqlite3-fk-wal";
+        database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate";
+
+        encryption.allow = true;
+        encryption.default = true;
+        encryption.pickle_key = "$MAUTRIX_PICKLE_KEY";
+
+        relay.enabled = false;
+        backfill.enabled = true;
+
+        #      double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET";
+
+        appservice = {
+          id = "signal";
+          address = "http://[::1]:29328/";
+          hostname = "[::1]";
+          port = 29328;
+          as_token = "$MAUTRIX_AS_TOKEN";
+          hs_token = "$MAUTRIX_HS_TOKEN";
+        };
+
+        bridge = {
+          personal_filtering_spaces = true;
+
+          permissions."${homeserver.domain}" = "admin";
+
+          cleanup_on_logout =
+            {
+              enabled = true;
+            }
+            // (lib.genAttrs [ "manual" "bad_credentials" ] (name: {
+              shared_has_users = "delete";
+              shared_no_users = "delete";
+              relayed = "delete";
+              private = "delete";
+            }));
+        };
+      };
+    };
+  };
+
+}

diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix
@@ -62,6 +62,7 @@
             syncthing.enable = false;
             dnsServer.enable = true;
             mailServer.enable = true;
+            mautrixBridges.signal.enable = true;
           };
         };
 

diff --git a/secrets/morio.yaml b/secrets/morio.yaml
@@ -15,11 +15,9 @@ radicaleUsers: ENC[AES256_GCM,data:kH5XW/Gr2xMJWm68unKtZ+L19S74gOf1YXw5QtPcBnp8j
 gotosocialEnv: ENC[AES256_GCM,data:5hvURqX+EqN8zpjirBmh5TIWWgaCga9QxnAfyW1rwOXELnM9ZBJAmqwLdxUa2j2DGrXsqw==,iv:nhVyiAoOJY0HtjB13FnmnQyLB+BWSRwDVrwUiFHBrE4=,tag:P207zPou7yXJKJBf+pxlHg==,type:str]
 environments:
     vaultwarden: ENC[AES256_GCM,data:kIFPmYWNZ/n+azRhLFUA+AbBH4QpV1qOvRBVRB7RcxPmntqJuXQR1/7bqIjTGKc6H6Xzh4nhXtrHIBusF4IMz4vRa47ZQ35Kkuj+VVRXTx6KebFQSsN0PggvSsDQHtjInXge3KbszTSmptm58O2hLTznln7220vvWTJw+zIZZPhnwCc61sa+6BcakUmm2Mvv9DsO3TRzO6de94DiRpFrohBDOmszfDKPvURKW+QWnL+242H4NxttvzwhSN2dCyECTfbFhpVbK9aDjhI9Sl1pX4lwYZgtg2VbiVr61iNter+q6cLzWe6sOKCoCONO79DENKnsMoDa693rF1vQoPP1QVKsuWc+uxXFxfArZzmHLcxMJTo=,iv:dhV8x1ckZgpjZLs2r+X3Dqks5RXJMxfxAhff6MmQUBM=,tag:lSgrK+T0CqJCe/idwuG37A==,type:str]
+    mautrixBridges:
+        signal: ENC[AES256_GCM,data:PuyUzSf4Xl3eJDDoDSX3gz6B1oXXiMWeECtOs3pmd2n6rJYRWRD7Ve6iz6a9/VdIFNomNSyGVBPJ6y+YZlD3Gq4g+U3a6hsAsBbIU4REVP/9igwLmP+fB3FMNzE9gcN0MSZx5dxSEFuVGgktvGH9Vb7SSHfjhPxfhRd67SS+MFrxwYCpfxlh9PxKBT3EqA8hWgPB7bxBcaW/khf996xdMfHeaxxQAXDyanOgIn5iDtrM9PbHsEpS8xlN1fSVQKYbQgz+WnL+7hudvj/rXeGNVxMXd//7JTsopzslGQ1JtgwN9fJ8uDKytWux54dmSvdUL35cDgmn/4AUSL/hQvOm4i12+9MbOj9/9l6clp+BSS2fI1XhDWEWOqG7/Cb85ABRmQzDlE3EfMPQF4HY4PKh1F+Xy1BgbbWSDoeQEs3jWqO6Qgq3fW8RO06/DU/11IFb0BhSAyUrlB9FnD4mvMY2Sf9Sdw5hUsuJ2psPSLCrjiYoPnOyIuELCctW3SkBeNn1,iv:Min6Y4qEZQAxQ2gTQR5+vZuSeY0YY3Wa6ixr6NnHhPY=,tag:3qB8BHmPCyFLYR7j2HxgVA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn
           enc: |

@@ -30,8 +28,8 @@ sops:
             bDRhUEtDdmlZa0ZENFhSVnNqVjFCR1UKEIkSg3tKFkwlnNXFFqCBtdZBGz1bEmWl
             wghkTtqTl++759zZAAmjdnFFQWs/AoCZ5g/GUidz6HHcFdxMpGVmiA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-25T16:33:00Z"
-    mac: ENC[AES256_GCM,data:DDfRoe1mhUZtCqx1yxkBI7Dw2dCQLtqJEnII+IID4I+dFS2V+tyrF+bG9NppUgDXIRS5FH6yUFCfQ3/VHZycYKpHZWIi5EChafdvsv7u96PF5IJp9ZSiv99snmvUf591qzCN4I+Coz/QBKkXW8GRDHyKU2WJWr6q/TrA7ql/F+0=,iv:a5hfsPn9cPh3M4tf+oU0zEi1rP2UgJEYAOgEXLEQUOM=,tag:4aZunkYyNTnCrHZJhF7Q8A==,type:str]
+    lastmodified: "2025-05-26T07:31:04Z"
+    mac: ENC[AES256_GCM,data:PA6Y0U/zotdJPKa0LiMC7vvIiuyhw0L1mNv5mtKRvnQNhnTpjOFDCtS1vYNzurw1GlCh//KspxJK3hNZhXpPzDSM5GIz+JxLTS1LdACyN28vlb3n4pRvRflNjet765S6MVLzoPat/9ebeYghxlGTzXntckaKvj0YwBeIVEeMYEQ=,iv:IdwSgEt2Jmom9UYZKDnkZRIY6AmWIodK4a6rW2NmUEQ=,tag:TQPSKgE5He++PwOkPcrOtQ==,type:str]
     pgp:
         - created_at: "2025-05-21T08:09:28Z"
           enc: |-

@@ -54,4 +52,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2