zaphyra's git: nixfiles

zaphyra's nixfiles

path: /nixosModules/zpha/configure/matrixBridges.nix 4.88 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
111 
112 
113 
114 
115 
116 
117 
118 
119 
120 
121 
122 
123 
124 
125 
126 
127 
128 
129 
130 
131 
132 
133 
134 
135 
136 
137 
138 
139 
140 
141 
142 
143 
144 
145 
146 
147 
148 
149 
150 
151 
152 
153 
154 
155 
156 
{
  config,
  lib,
  pkgs,
  ...
}:

{

  options.zpha.configure.matrixBridges.enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.configure.matrixBridges.enable {
    assertions = [
      {
        assertion = config.zpha.websites."continuwuity.zaphyra.eu".enable;
        message = "The option 'zpha.websites.\"continuwuity.zaphyra.eu\"' must be enabled in order to use this module.";
      }
    ];

    sops.secrets = {
      "environments/mautrixBridges/signal" = { };
      "environments/mautrixBridges/telegram" = { };
      "environments/mautrixBridges/whatsapp" = { };
    };

    common.configure.persist.system.dirs = [
      "/var/lib/private/mautrix-signal"
      "/var/lib/private/mautrix-telegram"
      "/var/lib/private/mautrix-whatsapp"
    ];

    common.services.mautrixBridge =
      let
        commonSettings = rec {
          database.type = "sqlite3-fk-wal";

          homeserver.address = "http://[::1]:6167";
          homeserver.domain = "zaphyra.eu";

          encryption.allow = true;
          encryption.default = true;
          encryption.pickle_key = "$MAUTRIX_PICKLE_KEY";

          relay.enabled = false;
          backfill.enabled = true;

          double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET";

          bridge = {
            personal_filtering_spaces = true;

            permissions."${homeserver.domain}" = "admin";

            cleanup_on_logout = {
              enabled = true;
            }
            // (lib.genAttrs [ "manual" "bad_credentials" ] (_name: {
              shared_has_users = "delete";
              shared_no_users = "delete";
              relayed = "delete";
              private = "delete";
            }));
          };
        };
      in
      {
        signal = {
          enable = true;
          package = pkgs.mautrix-signal.override { withGoolm = true; };
          environmentFile = config.sops.secrets."environments/mautrixBridges/signal".path;
          serviceDependencies = [ "continuwuity.service" ];
          settings = lib.recursiveUpdate commonSettings {
            database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate";

            network = {
              device_name = "Mautix-Signal (on zaphyra.eu)";
              displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)";
            };

            appservice = {
              id = "signal";
              address = "http://[::1]:29328/";
              hostname = "[::1]";
              port = 29328;
              as_token = "$MAUTRIX_AS_TOKEN";
              hs_token = "$MAUTRIX_HS_TOKEN";
            };
          };
        };

        telegram = {
          enable = true;
          package = pkgs.zpha.mautrix-telegram;
          environmentFile = config.sops.secrets."environments/mautrixBridges/telegram".path;
          serviceDependencies = [ "continuwuity.service" ];
          settings = lib.recursiveUpdate commonSettings {
            database.uri = "file:/var/lib/mautrix-telegram/mautrix-telegram.db?_txlock=immediate";

            backfill.max_initial_messages = 400;

            appservice = {
              id = "telegram";
              address = "http://[::1]:29317/";
              hostname = "[::1]";
              port = 29317;
              as_token = "$MAUTRIX_AS_TOKEN";
              hs_token = "$MAUTRIX_HS_TOKEN";
            };

            network = {
              device_info.device_model = "Mautix-TelegramGO (on zaphyra.eu)";
              api_id = "$TELEGRAM_API_ID";
              api_hash = "$TELEGRAM_API_HASH";
            };
          };
        };

        whatsapp = {
          enable = true;
          package = pkgs.mautrix-whatsapp.override { withGoolm = true; };
          environmentFile = config.sops.secrets."environments/mautrixBridges/whatsapp".path;
          serviceDependencies = [ "continuwuity.service" ];
          settings = lib.recursiveUpdate commonSettings {
            database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate";

            backfill.max_initial_messages = 100;

            appservice = {
              id = "whatsapp";
              address = "http://[::1]:29318/";
              hostname = "[::1]";
              port = 29318;
              as_token = "$MAUTRIX_AS_TOKEN";
              hs_token = "$MAUTRIX_HS_TOKEN";
            };

            network = {
              displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
              os_name = "Mautrix-WhatsApp (on zaphyra.eu)";
              identity_change_notices = true;
              url_previews = true;
              history_sync = {
                request_full_sync = true;
                full_sync_config = {
                  days_limit = 1000;
                  size_mb_limit = 1024;
                  storage_quota_mb = 1024;
                };
              };
            };
          };
        };
      };
  };

}