magic_rb/cluster
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/cluster synced 2024-11-21 15:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse source 
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2022-09-19 01:11:59 +02:00 committed by main
parent 15f505a6fd
commit cd88bccac1
5 changed files with 480 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
containers/conduit.nix
View file

@ -10,59 +10,101 @@ nglib.makeSystem {
type.services = { };
};
init.services.conduit = {
init.services.synapse = {
enabled = true;
shutdownOnExit = true;
script =
let
conduitConfig = pkgs.writeText "conduit.toml"
''
[global]
# The server_name is the pretty name of this server. It is used as a suffix for user
# and room ids. Examples: matrix.org, conduit.rs
logConfig = (pkgs.formats.yaml {}).generate "log.yaml"
{
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
# The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
version = 1;
# If that's not possible for you, you can create /.well-known files to redirect
# requests. See
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and
# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information
formatters.precise.format = "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
handlers.console =
{
class = "logging.StreamHandler";
formatter = "precise";
};
loggers."synapse.storage.SQL" =
{
level = "INFO";
};
root =
{
level = "INFO";
handlers = [ "console" ];
};
# YOU NEED TO EDIT THIS
server_name = "matrix.redalder.org"
disable_existing_loggers = false;
};
synapseConfig = (pkgs.formats.yaml {}).generate "conduit.yaml"
{
server_name = "matrix.redalder.org";
report_stats = "yes";
pid_file = "/homeserver.pid";
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
enable_registration = false;
enable_registration_without_verification = false;
# The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port
# 443 and 8448 will be forwarded to the Conduit instance running on this port
port = 6167
# Max size for uploads
max_request_size = 20_000_000 # in bytes
# Enables registration. If set to false, no users can register on this server.
allow_registration = true
allow_federation = true
trusted_servers = ["matrix.org"]
# How many requests Conduit sends to other servers at the same time
#max_concurrent_requests = 100
#log = "info,state_res=warn,rocket=off,_=off,sled=off"
address = "127.0.0.1"
'';
listeners =
[
{
port = 6167;
tls = false;
type = "http";
x_forwarded = true;
bind_adrresses = [ "127.0.0.1" ];
resources =
[
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
database =
{
name = "sqlite3";
compress = false;
args.database = "/var/lib/synapse/sqlite.db";
};
log_config = logConfig;
trusted_key_servers =
[
{
server_name = "matrix.org";
}
];
media_store_path = "/var/lib/synapse/media_store";
signing_key_path = "/var/lib/synapse/signing.key";
};
in
pkgs.writeShellScript "conduit"
''
CONDUIT_CONFIG=${conduitConfig} ${pkgs.matrix-conduit}/bin/conduit
[ -e /var/lib/synapse/signing.key ] || \
${pkgs.matrix-synapse}/bin/synapse_homeserver \
--config-path ${synapseConfig} \
--config-path /secrets/extra.yaml \
--config-path /var/lib/registrations/extra.yaml \
--keys-directory /var/lib/synapse/keys \
--generate-keys
${pkgs.matrix-synapse}/bin/synapse_homeserver \
--config-path ${synapseConfig} \
--config-path /secrets/extra.yaml \
--config-path /var/lib/registrations/extra.yaml \
--keys-directory /var/lib/synapse/keys
'';
};
});

1
containers/ingress-toothpick.nix
View file

@ -67,6 +67,7 @@ nglib.makeSystem {
extraDomains = [
"hydra.redalder.org"
"gitea.redalder.org"
"matrix.redalder.org"
"nixng.org"
];
webroot = "/var/www/certbot";

36
containers/mautrix-facebook.nix Normal file
View file

@ -0,0 +1,36 @@
{ nglib, nixpkgs }:
nglib.makeSystem {
system = "x86_64-linux";
name = "nixng-gitea";
inherit nixpkgs;
config = ({ pkgs, ... }:
{
dumb-init = {
enable = true;
type.services = { };
};
init.services.mautrix-facebook = {
enabled = true;
shutdownOnExit = true;
script =
let
config = ./mautrix-facebook.yaml;
in
pkgs.writeShellScript "mautrix-facebook"
''
DATA_DIR="/var/lib/mautrix-facebook"
CONFIG_FILE="$DATA_DIR/config.yaml"
REGISTRATION_FILE="/var/lib/registrations/mautrix-facebook.yaml"
DB_FILE="$DATA_DIR/sqlite.db"
cp ${config} "$CONFIG_FILE" ; chmod 755 "$CONFIG_FILE"
${pkgs.sqlite}/bin/sqlite3 $DB_FILE '.databases ; .quit'
[ -e "$REGISTRATION_FILE" ] || \
${pkgs.mautrix-facebook}/bin/mautrix-facebook -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -g
${pkgs.mautrix-facebook}/bin/mautrix-facebook -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -n
'';
};
});
}

359
containers/mautrix-facebook.yaml Normal file
View file

@ -0,0 +1,359 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://matrix.redalder.org
# The domain of the homeserver (for MXIDs, etc).
domain: matrix.redalder.org
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Facebook MQTT connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://localhost:29319
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////var/lib/mautrix-facebook/sqlite.db
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: /mufb
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://matrix.redalder.org/mufb
# Shared secret for integration managers such as mautrix-manager.
# If set to "generate", a random string will be generated on the next startup.
# If null, integration manager access to the API will not be possible.
shared_secret: generate
# Allow logging in within Matrix. If false, users can only log in using the web interface.
allow_matrix_login: true
# Segment API key to enable analytics tracking for web server endpoints. Set to null to disable.
# Currently the only events are login start, success and fail.
segment_key: null
# The unique ID of this appservice.
id: mufacebook
# Username of the appservice bot.
bot_username: mufacebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Mautrix Facebook bridge bot
bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
# as_token: "This value is generated when generating the registration"
# hs_token: "This value is generated when generating the registration"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-facebook.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: "{displayname} (FB)"
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
- first_name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
example.com: https://example.com
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
example.com: foobar
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Facebook.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether to allow inviting arbitrary mxids to portal rooms
allow_invites: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Facebook.
backfill:
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when backfilling history from Facebook. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# Maximum number of messages to backfill if messages were missed while
# the bridge was disconnected.
# Set to 0 to disable backfilling missed messages.
missed_limit: 1000
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
# Set to a list of two items to randomize the interval (min, max).
interval: -1
# What to do in periodic reconnects. Either "refresh" or "reconnect"
mode: refresh
# Should even disconnected users be reconnected?
always: false
# Only reconnect if the user has been connected for longer than this value
min_connected_time: 0
# The number of seconds that a disconnection can last without triggering an automatic re-sync
# and missed message backfilling when reconnecting.
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
resync_max_disconnected_time: 5
# Should the bridge do a resync on startup?
sync_on_startup: true
# Whether or not temporary disconnections should send notices to the notice room.
# If this is false, disconnections will never send messages and connections will only send
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
temporary_disconnect_notices: false
# Disable bridge notices entirely
disable_bridge_notices: false
on_reconnection_fail:
# What to do if a reconnection attempt fails? Options: reconnect, refresh, null
action: reconnect
# Seconds to wait before attempting to refresh the connection, set a list of two items to
# to randomize the interval (min, max).
wait_for: 0
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or
# other configuration. This may be useful if you don't want to use the default proxy for large files.
sandbox_media_download: false
# URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable).
get_proxy_api_url: null
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": "relay"
"matrix.redalder.org": "user"
"@magic_rb:matrix.redalder.org": "admin"
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Messenger via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '<b>$sender_displayname</b>: $message'
m.notice: '<b>$sender_displayname<b>: $message'
m.emote: '* <b>$sender_displayname<b> $message'
m.file: '<b>$sender_displayname</b> sent a file'
m.image: '<b>$sender_displayname</b> sent an image'
m.audio: '<b>$sender_displayname</b> sent an audio file'
m.video: '<b>$sender_displayname</b> sent a video'
m.location: '<b>$sender_displayname</b> sent a location'
facebook:
device_seed: generate
default_region_hint: ODN
connection_type: WIFI
carrier: Verizon
hni: 311390
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: normal
filename: ./mautrix-facebook.log
maxBytes: 10485760
backupCount: 10
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
maufbapi:
level: DEBUG
paho:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [file, console]

1
flake.nix
View file

@ -47,6 +47,7 @@
reicio = import ./containers/reicio.nix base;
baikal = import ./containers/baikal.nix base;
conduit = import ./containers/conduit.nix base;
mautrix-facebook = import ./containers/mautrix-facebook.nix base;
};
hydraJobs =