commit 867d5d874068d7d135ec7bb17ae1924ef78f3265
parent e11a8f6728217775e55784fcd7acd20f21889799
Author: Katja (zaphyra) <git@ctu.cx>
Date: Mon, 26 May 2025 11:11:36 +0200
parent e11a8f6728217775e55784fcd7acd20f21889799
Author: Katja (zaphyra) <git@ctu.cx>
Date: Mon, 26 May 2025 11:11:36 +0200
config/nixos/modules/presets/katja/mautrixBridges: add `telegram` (and enable on host `morio`)
3 files changed, 90 insertions(+), 2 deletions(-)
A
|
86
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/presets/katja/mautrixBridges/telegram.nix b/config/nixos/modules/presets/katja/mautrixBridges/telegram.nix @@ -0,0 +1,86 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; + message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; + } + ]; + + sops.secrets."environments/mautrixBridges/telegram" = { }; + + modules.services.mautrixBridge.telegram = { + enable = true; + package = pkgs.mautrix-telegramgo.override { withGoolm = true; }; + environmentFile = config.sops.secrets."environments/mautrixBridges/telegram".path; + serviceDependencies = [ "grapevine.service" ]; + settings = rec { + network.device_info.device_model = "Mautix-TelegramGO (on ${homeserver.domain})"; + network.api_id = "$TELEGRAM_API_ID"; + network.api_hash = "$TELEGRAM_API_HASH"; + + homeserver.address = "http://[::1]:6167"; + homeserver.domain = "zaphyra.eu"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-telegram/mautrix-telegram.db?_txlock=immediate"; + + encryption.allow = true; + encryption.default = true; + encryption.pickle_key = "$MAUTRIX_PICKLE_KEY"; + + relay.enabled = false; + backfill.enabled = true; + backfill.max_initial_messages = 400; + + # double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + + appservice = { + id = "telegram"; + address = "http://[::1]:29317/"; + hostname = "[::1]"; + port = 29317; + as_token = "$MAUTRIX_AS_TOKEN"; + hs_token = "$MAUTRIX_HS_TOKEN"; + }; + + bridge = { + personal_filtering_spaces = true; + + permissions."${homeserver.domain}" = "admin"; + + cleanup_on_logout = + { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); + }; + }; + }; + }; + +}
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -64,6 +64,7 @@ mailServer.enable = true; mautrixBridges.signal.enable = true; mautrixBridges.whatsapp.enable = true; + mautrixBridges.telegram.enable = true; }; };
diff --git a/secrets/morio.yaml b/secrets/morio.yaml @@ -18,6 +18,7 @@ environments: mautrixBridges: signal: ENC[AES256_GCM,data:PuyUzSf4Xl3eJDDoDSX3gz6B1oXXiMWeECtOs3pmd2n6rJYRWRD7Ve6iz6a9/VdIFNomNSyGVBPJ6y+YZlD3Gq4g+U3a6hsAsBbIU4REVP/9igwLmP+fB3FMNzE9gcN0MSZx5dxSEFuVGgktvGH9Vb7SSHfjhPxfhRd67SS+MFrxwYCpfxlh9PxKBT3EqA8hWgPB7bxBcaW/khf996xdMfHeaxxQAXDyanOgIn5iDtrM9PbHsEpS8xlN1fSVQKYbQgz+WnL+7hudvj/rXeGNVxMXd//7JTsopzslGQ1JtgwN9fJ8uDKytWux54dmSvdUL35cDgmn/4AUSL/hQvOm4i12+9MbOj9/9l6clp+BSS2fI1XhDWEWOqG7/Cb85ABRmQzDlE3EfMPQF4HY4PKh1F+Xy1BgbbWSDoeQEs3jWqO6Qgq3fW8RO06/DU/11IFb0BhSAyUrlB9FnD4mvMY2Sf9Sdw5hUsuJ2psPSLCrjiYoPnOyIuELCctW3SkBeNn1,iv:Min6Y4qEZQAxQ2gTQR5+vZuSeY0YY3Wa6ixr6NnHhPY=,tag:3qB8BHmPCyFLYR7j2HxgVA==,type:str] whatsapp: ENC[AES256_GCM,data:7vGIEBWX2Pu8y3pb69cOAMRTG37F5Yg82OkJDzpxk86+q5JLYCSjPEUR90OdyguKb8Ru4TMbqRw87pWkV2AA8YUMY6RUKzgeRghXNZQjhLo6eFTYxGILkjw+7CeuwJlzlmvbunvO1iuV8TduGSQSN+9rCyugHeqoMldRIcgHLkTBJ5XwsT/8gGzwlGsGD3GOr3weeAhCCZc4jRKlep3h3oGi3WqabpG8Pjp9FTCpVi7JuFA9cSXbSpiVU7PwG8ACDeZqcGTn3dQhdtYrBvBkiGgMY3Bjn8O73/6m6xJ1TChqPOMiR5xWBA0hdKUQImOo7qEbGqsWew1ucejrP8Skj6BOUDHag1r7eKNtXYxSstAXt3u7UVZbyX641SJ8umezpQtr+A+WiCrZZAOhGf5tgZRh3zCGaMOO8HjpEj0dvpgs73ZPpzPGxvDk7Yvws22Oka7vlBeqLknAFAV7SA7ZqakqPXeFlYt9PMVCPHTZTzDrzwpRyEnTmilPyto0lJX3,iv:7voliAT5vclU+ZPtoYr3+TCOa42eNJ+iEHMn5rwdg4Q=,tag:tDai6Pf1wx6Pt4qGAo7KYw==,type:str] + telegram: ENC[AES256_GCM,data:97fb0qEgYI5wfTshkHkDt28WKh86e7/ymJVE77/D7XUr25g9IGS4vpdZs/UXf6iSPURKQXWFhxfLR4Nbye3EaSF/RWt4J/+21djw5niVFlsH0QSzdSQgnEi630pT8yRYGEAXA4VMQQMseuCJDphbZTusTsRpgZ45hFIvFMXHqKT688N9xTgErca0N6knjDmvELyaeB/IkvNukr1F8Z84MW/9bxcDwLsl/sRgl/vSHTXR9usmT2tJ+p3D7p+DehZaDEhggduCRTvnKIqJBbQwhwNR7/rFCsHz0bMzuwYqpLrGnIoJ5ZigzaZ4j9iaBBgxTKOzJoe8fnQQPeqdemwCTTHndLMzA2ZjlYi2o1a4hYdNUcEd6OAr8j860JWNoTAHI7wq3jLjzvuwV3j4KhPXbGNx2e+Vnasn2TQi6SHsWNK1hW3z3svI7HmMoLB6i4iy7o+YrLISre7spnuISVFquAKR/3GUAoxwLl4abZKxZT9fL1HoTGZC18fDA0jlesCkZSZp7CvuW3LnEjnrWLfhFZMFCVHiKq3crlCVWMxmJ3verWI0fd5XHqg8o+ed47fW1lBd7sewREmN/7u3c/USMOS04kn9604p45IIG00=,iv:MlZa2nMYD9AB/TmY8QDYpArRizyYe732v4CzGB5PB7w=,tag:XijkOhRqrYp+5NlyiHejkg==,type:str] sops: age: - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn @@ -29,8 +30,8 @@ sops: bDRhUEtDdmlZa0ZENFhSVnNqVjFCR1UKEIkSg3tKFkwlnNXFFqCBtdZBGz1bEmWl wghkTtqTl++759zZAAmjdnFFQWs/AoCZ5g/GUidz6HHcFdxMpGVmiA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-26T08:23:49Z" - mac: ENC[AES256_GCM,data:eGXn/YP0CEqyHPxYBJrQw85FHbX+iU0TPSe0MeJzF2svkT23UtAHM0tMCBTB06UfG25zBs6XFjQ9q/rB3L1yVGlBAbnvn3aPXAvym59O4utVO1q2Wd/l+Bvglr17IJbKRNy5TQLo8d1FO9tJQnAaaeeSvtYVlMt8AuU9Wn9hUcQ=,iv:Jvk5OsYWH+spq2WVsL2F+V5+MHjkuZ/xHiw5v+uBxkY=,tag:bgLJsV908myIHDGGGXPYvw==,type:str] + lastmodified: "2025-05-26T08:46:25Z" + mac: ENC[AES256_GCM,data:pDDYQv1ds3SvKFsai3LzQ2l4GfrD5Gb2d/YRudMl0GGeVpWEiK7QRp8pa/gDFFVMSCSeFd2tKXh6Ijt5i+iDFxscXNsyXT36B7DJvATuhSBCYOTz7ju7Wjq9V1v3dogheZHU8S7eAXLN1xt9kfoP8Il5diTn00EELbX5EAmfdjM=,iv:sobV/7MkF3Nzjj8oc572HQVbG4YKCgq3Chmn0KdAkUs=,tag:PKzOyeKiejfNXEr3LpaqLg==,type:str] pgp: - created_at: "2025-05-21T08:09:28Z" enc: |-