1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
{
povSelf,
pkgs,
lib,
config,
hostConfig,
...
}:
let
inherit (lib) types;
cfg = lib.getAttrFromPath povSelf config;
in
{
options.enable = {
type = types.bool;
default = false;
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true;
message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module.";
}
];
sops.secrets."environments/mautrixBridges/signal" = { };
modules.services.mautrixBridge.signal = {
enable = true;
package = pkgs.mautrix-signal.override { withGoolm = true; };
environmentFile = config.sops.secrets."environments/mautrixBridges/signal".path;
serviceDependencies = [ "grapevine.service" ];
settings = rec {
network.device_name = "Mautix-Signal (on ${homeserver.domain})";
network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)";
homeserver.address = "http://[::1]:6167";
homeserver.domain = "zaphyra.eu";
database.type = "sqlite3-fk-wal";
database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate";
encryption.allow = true;
encryption.default = true;
encryption.pickle_key = "$MAUTRIX_PICKLE_KEY";
relay.enabled = false;
backfill.enabled = true;
# double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET";
appservice = {
id = "signal";
address = "http://[::1]:29328/";
hostname = "[::1]";
port = 29328;
as_token = "$MAUTRIX_AS_TOKEN";
hs_token = "$MAUTRIX_HS_TOKEN";
};
bridge = {
personal_filtering_spaces = true;
permissions."${homeserver.domain}" = "admin";
cleanup_on_logout =
{
enabled = true;
}
// (lib.genAttrs [ "manual" "bad_credentials" ] (name: {
shared_has_users = "delete";
shared_no_users = "delete";
relayed = "delete";
private = "delete";
}));
};
};
};
};
}