mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 09:36:14 +01:00
Add the Matrix containers
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
parent
b513a10c77
commit
c1a727a699
|
@ -47,6 +47,11 @@
|
|||
nixos/systems/liveusb
|
||||
nixos/systems/blowhole
|
||||
|
||||
nixng/containers/matrix/mautrix-signal
|
||||
nixng/containers/matrix/mautrix-discord
|
||||
nixng/containers/matrix/mautrix-facebook
|
||||
nixng/containers/matrix/heisenbridge
|
||||
nixng/containers/matrix/synapse
|
||||
nixng/containers/website
|
||||
nixng/containers/ds3os
|
||||
overlays/udp-over-tcp.nix
|
||||
|
|
36
nixng/containers/matrix/heisenbridge/default.nix
Normal file
36
nixng/containers/matrix/heisenbridge/default.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
flake.nixngConfigurations.heisenbridge = inputs.nixng.nglib.makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "heisenbridge";
|
||||
inherit (inputs) nixpkgs;
|
||||
config =
|
||||
{ pkgs, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
getExe;
|
||||
in
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
init.services.heisenbridge = {
|
||||
enabled = true;
|
||||
# heisenbridge needs to retry the connection and task restarting does not work currently
|
||||
shutdownOnExit = false;
|
||||
script = pkgs.writeShellScript "heisenbridge" ''
|
||||
REGISTRATION_FILE="/var/lib/registrations/heisenbridge.yaml"
|
||||
|
||||
${getExe pkgs.heisenbridge} 'https://matrix.redalder.org/' \
|
||||
-c "$REGISTRATION_FILE" \
|
||||
$([ -e "$REGISTRATION_FILE" ] || echo "--generate") \
|
||||
-l 127.0.0.1 \
|
||||
-p 9898 \
|
||||
-o @magic_rb:matrix.redalder.org
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
41
nixng/containers/matrix/mautrix-discord/default.nix
Normal file
41
nixng/containers/matrix/mautrix-discord/default.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ inputs, config, ... }:
|
||||
{
|
||||
flake.nixngConfigurations.mautrixDiscord = inputs.nixng.nglib.makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "mautrix-discord";
|
||||
inherit (inputs) nixpkgs;
|
||||
config =
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
init.services.mautrix-discord = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script =
|
||||
let
|
||||
inherit (lib)
|
||||
getExe;
|
||||
mautrix-discord = (pkgs.appendOverlays [ config.flake.overlays.mautrix-discord ]).mautrix-discord;
|
||||
in
|
||||
pkgs.writeShellScript "mautrix-discord"
|
||||
''
|
||||
DATA_DIR="/var/lib/mautrix-discord"
|
||||
CONFIG_FILE="$DATA_DIR/config.yaml"
|
||||
REGISTRATION_FILE="/var/lib/registrations/mautrix-discord.yaml"
|
||||
DB_FILE="$DATA_DIR/sqlite.db"
|
||||
|
||||
${getExe pkgs.envsubst} < ${./mautrix-discord.yaml} > "$CONFIG_FILE"
|
||||
chmod 755 "$CONFIG_FILE"
|
||||
|
||||
[ -e "$REGISTRATION_FILE" ] || \
|
||||
${getExe mautrix-discord} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -g
|
||||
${getExe mautrix-discord} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -n
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
319
nixng/containers/matrix/mautrix-discord/mautrix-discord.yaml
Normal file
319
nixng/containers/matrix/mautrix-discord/mautrix-discord.yaml
Normal file
|
@ -0,0 +1,319 @@
|
|||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://matrix.redalder.org
|
||||
# Publicly accessible base URL for media, used for avatars in relay mode.
|
||||
# If not set, the connection address above will be used.
|
||||
public_address: null
|
||||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
|
||||
domain: matrix.redalder.org
|
||||
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
|
||||
async_media: false
|
||||
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: http://localhost:29334
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29334
|
||||
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
|
||||
type: postgres
|
||||
# The database URI.
|
||||
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
|
||||
# https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
|
||||
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
|
||||
uri: postgres://mautrix-discord:${MAUTRIX_DISCORD_APPSERVICE_DATABASE_PASSWORD}@127.0.0.1/mautrix-discord?sslmode=disable
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
|
||||
# Parsed with https://pkg.go.dev/time#ParseDuration
|
||||
max_conn_idle_time: null
|
||||
max_conn_lifetime: null
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: mudiscord
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: mudiscordbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: Mautrix Discord bridge bot
|
||||
avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC
|
||||
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
ephemeral_events: true
|
||||
|
||||
# Should incoming events be handled asynchronously?
|
||||
# This may be necessary for large public instances with lots of messages going through.
|
||||
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
|
||||
async_transactions: false
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "${MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN}"
|
||||
hs_token: "${MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Discord users.
|
||||
# {{.}} is replaced with the internal ID of the Discord user.
|
||||
username_template: discord_{{.}}
|
||||
# Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
|
||||
# Available variables:
|
||||
# .ID - Internal user ID
|
||||
# .Username - User's displayname on Discord
|
||||
# .Discriminator - The 4 numbers after the name on Discord
|
||||
# .Bot - Whether the user is a bot
|
||||
# .System - Whether the user is an official system user
|
||||
displayname_template: '{{.Username}}#{{.Discriminator}}{{if .Bot}} (bot){{end}}'
|
||||
# Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
|
||||
# Available variables:
|
||||
# .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
|
||||
# .ParentName - Parent channel name (used for categories).
|
||||
# .GuildName - Guild name.
|
||||
# .NSFW - Whether the channel is marked as NSFW.
|
||||
# .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
|
||||
channel_name_template: '
|
||||
{{- if or (eq .Type 3) (eq .Type 4) -}}
|
||||
{{.Name -}}
|
||||
{{- else if or (eq .Type 0) (eq .Type 2) -}}
|
||||
{{ .Name}} - {{.ParentName}} - {{.GuildName}}
|
||||
{{- else -}}
|
||||
#{{.Name}}
|
||||
{{- end -}}'
|
||||
# Displayname template for Discord guilds (bridged as spaces).
|
||||
# Available variables:
|
||||
# .Name - Guild name
|
||||
guild_name_template: '{{.Name}}'
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
|
||||
portal_message_buffer: 128
|
||||
|
||||
# Number of private channel portals to create on bridge startup.
|
||||
# Other portals will be created when receiving messages.
|
||||
startup_private_channel_create_limit: 5
|
||||
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
|
||||
delivery_receipts: false
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
|
||||
message_error_notices: true
|
||||
# Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
|
||||
# This can avoid unnecessary invite events in guild rooms when members are synced in.
|
||||
restricted_rooms: true
|
||||
# Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix?
|
||||
# This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4).
|
||||
autojoin_thread_on_open: true
|
||||
# Should inline fields in Discord embeds be bridged as HTML tables to Matrix?
|
||||
# Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI.
|
||||
embed_fields_as_tables: true
|
||||
# Should guild channels be muted when the portal is created? This only meant for single-user instances,
|
||||
# it won't mute it for all users if there are multiple Matrix users in the same Discord guild.
|
||||
mute_channels_on_create: false
|
||||
# Should the bridge update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it, except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# Should incoming custom emoji reactions be bridged as mxc:// URIs?
|
||||
# If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available.
|
||||
custom_emoji_reactions: true
|
||||
# Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
|
||||
# If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
|
||||
delete_portal_on_channel_delete: false
|
||||
# Should the bridge delete all portal rooms when you leave a guild on Discord?
|
||||
# This only applies if the guild has no other Matrix users on this bridge instance.
|
||||
delete_guild_on_leave: true
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: false
|
||||
# Settings for converting animated stickers.
|
||||
animated_sticker:
|
||||
# Format to which animated stickers should be converted.
|
||||
# disable - No conversion, send as-is (lottie JSON)
|
||||
# png - converts to non-animated png (fastest)
|
||||
# gif - converts to animated gif
|
||||
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
||||
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
|
||||
target: webp
|
||||
# Arguments for converter. All converters take width and height.
|
||||
args:
|
||||
width: 320
|
||||
height: 320
|
||||
fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
|
||||
# Servers to always allow double puppeting from
|
||||
double_puppet_server_map: {}
|
||||
# example.com: https://example.com
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, double puppeting will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret_map: {}
|
||||
# example.com: foobar
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: '!discord'
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
management_room_text:
|
||||
# Sent when joining a room.
|
||||
welcome: "Hello, I'm a Discord bridge bot."
|
||||
# Sent when joining a management room and the user is already logged in.
|
||||
welcome_connected: "Use `help` for help."
|
||||
# Sent when joining a management room and the user is not logged in.
|
||||
welcome_unconnected: "Use `help` for help or `login` to log in."
|
||||
# Optional extra text sent when joining a management room.
|
||||
additional_help: ""
|
||||
|
||||
# Settings for backfilling messages.
|
||||
backfill:
|
||||
# Limits for forward backfilling.
|
||||
forward_limits:
|
||||
# Initial backfill (when creating portal). 0 means backfill is disabled.
|
||||
# A special unlimited value is not supported, you must set a limit. Initial backfill will
|
||||
# fetch all messages first before backfilling anything, so high limits can take a lot of time.
|
||||
initial:
|
||||
dm: 0
|
||||
channel: 0
|
||||
# Missed message backfill (on startup).
|
||||
# 0 means backfill is disabled, -1 means fetch all messages since last bridged message.
|
||||
# When using unlimited backfill (-1), messages are backfilled as they are fetched.
|
||||
# With limits, all messages up to the limit are fetched first and backfilled afterwards.
|
||||
missed:
|
||||
dm: 0
|
||||
channel: 0
|
||||
# Maximum members in a guild to enable backfilling. Set to -1 to disable limit.
|
||||
# This can be used as a rough heuristic to disable backfilling in channels that are too active.
|
||||
# Currently only applies to missed message backfill.
|
||||
max_guild_members: -1
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: false
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
|
||||
# Settings for provisioning API
|
||||
provisioning:
|
||||
# Prefix for the provisioning API paths.
|
||||
prefix: /_matrix/provision
|
||||
# Shared secret for authentication. If set to "generate", a random secret will be generated,
|
||||
# or if set to "disable", the provisioning API will be disabled.
|
||||
shared_secret: generate
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relay - Talk through the relaybot (if enabled), no access otherwise
|
||||
# user - Access to use the bridge to chat with a Discord account.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"*": relay
|
||||
"matrix.redalder.org": user
|
||||
"@magic_rb:matrix.redalder.org": admin
|
||||
|
||||
# Logging config. See https://github.com/tulir/zeroconfig for details.
|
||||
logging:
|
||||
min_level: debug
|
||||
writers:
|
||||
- type: stdout
|
||||
format: pretty-colored
|
||||
- type: file
|
||||
format: json
|
||||
filename: ./logs/mautrix-discord.log
|
||||
max_size: 100
|
||||
max_backups: 10
|
||||
compress: true
|
45
nixng/containers/matrix/mautrix-facebook/default.nix
Normal file
45
nixng/containers/matrix/mautrix-facebook/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
flake.nixngConfigurations.mautrixFacebook = inputs.nixng.nglib.makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "mautrix-facebook";
|
||||
inherit (inputs) nixpkgs;
|
||||
config =
|
||||
{ pkgs, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
singleton;
|
||||
in
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
init.services.mautrix-facebook = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script =
|
||||
let
|
||||
mautrix-facebook = pkgs.mautrix-facebook.overridePythonAttrs (old: {
|
||||
propagatedBuildInputs = singleton pkgs.python3.pkgs.aiosqlite ++ old.propagatedBuildInputs;
|
||||
});
|
||||
in
|
||||
pkgs.writeShellScript "mautrix-facebook"
|
||||
''
|
||||
DATA_DIR="/var/lib/mautrix-facebook"
|
||||
CONFIG_FILE="$DATA_DIR/config.yaml"
|
||||
REGISTRATION_FILE="/var/lib/registrations/mautrix-facebook.yaml"
|
||||
DB_FILE="$DATA_DIR/sqlite.db"
|
||||
|
||||
cp ${./mautrix-facebook.yaml} "$CONFIG_FILE" ; chmod 755 "$CONFIG_FILE"
|
||||
${pkgs.sqlite}/bin/sqlite3 $DB_FILE '.databases ; .quit'
|
||||
|
||||
[ -e "$REGISTRATION_FILE" ] || \
|
||||
${mautrix-facebook}/bin/mautrix-facebook -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -g
|
||||
${mautrix-facebook}/bin/mautrix-facebook -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -n
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
433
nixng/containers/matrix/mautrix-facebook/mautrix-facebook.yaml
Normal file
433
nixng/containers/matrix/mautrix-facebook/mautrix-facebook.yaml
Normal file
|
@ -0,0 +1,433 @@
|
|||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://matrix.redalder.org
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: matrix.redalder.org
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# Number of retries for all HTTP requests if the homeserver isn't reachable.
|
||||
http_retry_count: 4
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's Facebook MQTT connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Whether asynchronous uploads via MSC2246 should be enabled for media.
|
||||
# Requires a media repo that supports MSC2246.
|
||||
async_media: false
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: http://localhost:29319
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29319
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are supported.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////var/lib/mautrix-facebook/sqlite.db
|
||||
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
|
||||
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
|
||||
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
||||
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
|
||||
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
|
||||
database_opts:
|
||||
min_size: 1
|
||||
max_size: 10
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
public:
|
||||
# Whether or not the public-facing endpoints should be enabled.
|
||||
enabled: true
|
||||
# The prefix to use in the public-facing endpoints.
|
||||
prefix: /mufb
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: https://matrix.redalder.org/mufb
|
||||
# Shared secret for integration managers such as mautrix-manager.
|
||||
# If set to "generate", a random string will be generated on the next startup.
|
||||
# If null, integration manager access to the API will not be possible.
|
||||
shared_secret: generate
|
||||
# Allow logging in within Matrix. If false, users can only log in using the web interface.
|
||||
allow_matrix_login: true
|
||||
# Segment API key to enable analytics tracking for web server endpoints. Set to null to disable.
|
||||
# Currently the only events are login start, success and fail.
|
||||
segment_key: null
|
||||
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
|
||||
segment_user_id: null
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: mufacebook
|
||||
# Username of the appservice bot.
|
||||
bot_username: mufacebookbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Mautrix Facebook bridge bot
|
||||
bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak
|
||||
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
|
||||
ephemeral_events: true
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
# as_token: "This value is generated when generating the registration"
|
||||
# hs_token: "This value is generated when generating the registration"
|
||||
|
||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||
metrics:
|
||||
enabled: false
|
||||
listen_port: 8000
|
||||
|
||||
# Manhole config.
|
||||
manhole:
|
||||
# Whether or not opening the manhole is allowed.
|
||||
enabled: false
|
||||
# The path for the unix socket.
|
||||
path: /var/tmp/mautrix-facebook.manhole
|
||||
# The list of UIDs who can be added to the whitelist.
|
||||
# If empty, any UIDs can be specified in the open-manhole command.
|
||||
whitelist:
|
||||
- 0
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Facebook users.
|
||||
# {userid} is replaced with the user ID of the Facebook user.
|
||||
username_template: "facebook_{userid}"
|
||||
# Displayname template for Facebook users.
|
||||
# {displayname} is replaced with the display name of the Facebook user
|
||||
# as defined below in displayname_preference.
|
||||
# Keys available for displayname_preference are also available here.
|
||||
displayname_template: "{displayname} (FB)"
|
||||
# Available keys:
|
||||
# "name" (full name)
|
||||
# "first_name"
|
||||
# "last_name"
|
||||
# "nickname"
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
- first_name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!fb"
|
||||
|
||||
# Whether or not the Facebook users of logged in Matrix users should be
|
||||
# invited to private chats when the user sends a message from another client.
|
||||
invite_own_puppet_to_pm: false
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications
|
||||
# when double puppeting is enabled
|
||||
sync_with_custom_puppets: false
|
||||
# Whether or not to update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Servers to always allow double puppeting from
|
||||
double_puppet_server_map: {}
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
# If using this for other servers than the bridge's server,
|
||||
# you must also set the URL in the double_puppet_server_map.
|
||||
login_shared_secret_map: {}
|
||||
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
|
||||
# so it might be more suspicious to Facebook.
|
||||
presence_from_facebook: false
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
|
||||
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||
# been sent to Facebook.
|
||||
delivery_receipts: false
|
||||
# Whether or not delivery errors should be reported as messages in the Matrix room.
|
||||
delivery_error_reports: true
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Whether to allow inviting arbitrary mxids to portal rooms
|
||||
allow_invites: false
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: true
|
||||
# Settings for backfilling messages from Facebook.
|
||||
backfill:
|
||||
# Allow backfilling at all?
|
||||
enable: true
|
||||
# Use MSC2716 for backfilling? If this is disabled, backfilling only happens when syncing threads,
|
||||
# and the incremental settings below don't apply.
|
||||
#
|
||||
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
|
||||
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
|
||||
msc2716: false
|
||||
# Use double puppets for backfilling?
|
||||
#
|
||||
# If using MSC2716, the double puppets must be in the appservice's user ID namespace
|
||||
# (because the bridge can't use the double puppet access token with batch sending).
|
||||
#
|
||||
# Even without MSC2716, bridging old messages with correct timestamps requires the double
|
||||
# puppets to be in an appservice namespace, or the server to be modified to allow
|
||||
# overriding timestamps anyway.
|
||||
double_puppet_backfill: false
|
||||
# The maximum number of conversations that should be synced.
|
||||
# Other conversations will be backfilled on demand when the start PM
|
||||
# provisioning endpoint is used or when a message comes in from that
|
||||
# chat.
|
||||
# If set to -1, all conversations will by synced.
|
||||
max_conversations: 20
|
||||
# The minimum amount of time to wait between syncing each thread. This
|
||||
# helps avoid situations where you sync too quickly.
|
||||
min_sync_thread_delay: 5
|
||||
# If this value is greater than 0, then if the conversation's last
|
||||
# message was more than this number of hours ago, then the conversation
|
||||
# will automatically be marked it as read.
|
||||
# Conversations that have a last message that is less than this number
|
||||
# of hours ago will have their unread status synced from Facebook.
|
||||
unread_hours_threshold: 0
|
||||
|
||||
# Settings for how quickly to backoff when rate-limits are encountered
|
||||
# while backfilling.
|
||||
backoff:
|
||||
# How many seconds to wait after getting rate limited during a
|
||||
# thread list fetch.
|
||||
thread_list: 300
|
||||
# How many seconds to wait after getting rate limited during a
|
||||
# message history fetch.
|
||||
message_history: 300
|
||||
|
||||
# Settings for backfills.
|
||||
#
|
||||
# During initial/incremental sync, the entirety of the thread that is
|
||||
# available will be backfilled. For example, on initial sync, about 20
|
||||
# messages are included for each thread in the thread list returned by
|
||||
# the server. After that, incremental backfills will be run for each of
|
||||
# the portals in a round-robin fashion until all portals have been
|
||||
# backfilled as configured below.
|
||||
incremental:
|
||||
# The maximum number of pages to backfill per batch.
|
||||
max_pages: 10
|
||||
# The maximum number of total pages to backfill per portal.
|
||||
# If set to -1, infinite pages will be synced.
|
||||
max_total_pages: -1
|
||||
# The number of seconds to wait between backfilling each page.
|
||||
page_delay: 5
|
||||
# The number of seconds to wait after backfilling the batch of
|
||||
# messages.
|
||||
post_batch_delay: 20
|
||||
|
||||
periodic_reconnect:
|
||||
# Interval in seconds in which to automatically reconnect all users.
|
||||
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
|
||||
# Set to -1 to disable periodic reconnections entirely.
|
||||
# Set to a list of two items to randomize the interval (min, max).
|
||||
interval: -1
|
||||
# What to do in periodic reconnects. Either "refresh" or "reconnect"
|
||||
mode: refresh
|
||||
# Should even disconnected users be reconnected?
|
||||
always: false
|
||||
# Only reconnect if the user has been connected for longer than this value
|
||||
min_connected_time: 0
|
||||
# The number of seconds that a disconnection can last without triggering an automatic re-sync
|
||||
# and missed message backfilling when reconnecting.
|
||||
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
|
||||
resync_max_disconnected_time: 5
|
||||
# The maximum number of conversations that should be synced when we get a
|
||||
# message sync error. In general, 1 page (20) is sufficient.
|
||||
max_startup_thread_sync_count: 20
|
||||
# Whether or not temporary disconnections should send notices to the notice room.
|
||||
# If this is false, disconnections will never send messages and connections will only send
|
||||
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
|
||||
temporary_disconnect_notices: false
|
||||
# Disable bridge notices entirely
|
||||
disable_bridge_notices: false
|
||||
# Should Matrix m.notice-type messages be bridged to Facebook?
|
||||
bridge_matrix_notices: true
|
||||
on_reconnection_fail:
|
||||
# What to do if a reconnection attempt fails? Options: reconnect, refresh, null
|
||||
action: reconnect
|
||||
# Seconds to wait before attempting to refresh the connection, set a list of two items to
|
||||
# to randomize the interval (min, max).
|
||||
wait_for: 0
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it,
|
||||
# except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# When using double puppeting, should muted chats be muted in Matrix?
|
||||
mute_bridging: false
|
||||
# Whether or not mute status and tags should only be bridged when the portal room is created.
|
||||
tag_only_on_create: true
|
||||
# If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or
|
||||
# other configuration. This may be useful if you don't want to use the default proxy for large files.
|
||||
sandbox_media_download: false
|
||||
# URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable).
|
||||
get_proxy_api_url: null
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
# Disable generating reply fallbacks? Some extremely bad clients still rely on them,
|
||||
# but they're being phased out and will be completely removed in the future.
|
||||
disable_reply_fallbacks: false
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: false
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relay - Allowed to be relayed through the bridge, no access to commands.
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"*": "relay"
|
||||
"matrix.redalder.org": "user"
|
||||
"@magic_rb:matrix.redalder.org": "admin"
|
||||
|
||||
relay:
|
||||
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
|
||||
# authenticated user into a relaybot for that chat.
|
||||
enabled: false
|
||||
# The formats to use when sending messages to Messenger via a relay user.
|
||||
#
|
||||
# Available variables:
|
||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||
# $message - The message content
|
||||
message_formats:
|
||||
m.text: '<b>$sender_displayname</b>: $message'
|
||||
m.notice: '<b>$sender_displayname</b>: $message'
|
||||
m.emote: '* <b>$sender_displayname</b> $message'
|
||||
m.file: '<b>$sender_displayname</b> sent a file'
|
||||
m.image: '<b>$sender_displayname</b> sent an image'
|
||||
m.audio: '<b>$sender_displayname</b> sent an audio file'
|
||||
m.video: '<b>$sender_displayname</b> sent a video'
|
||||
m.location: '<b>$sender_displayname</b> sent a location'
|
||||
|
||||
facebook:
|
||||
device_seed: generate
|
||||
default_region_hint: ODN
|
||||
connection_type: WIFI
|
||||
carrier: Verizon
|
||||
hni: 311390
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_facebook.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.RotatingFileHandler
|
||||
formatter: normal
|
||||
filename: ./mautrix-facebook.log
|
||||
maxBytes: 10485760
|
||||
backupCount: 10
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
maufbapi:
|
||||
level: DEBUG
|
||||
paho:
|
||||
level: INFO
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [file, console]
|
46
nixng/containers/matrix/mautrix-signal/default.nix
Normal file
46
nixng/containers/matrix/mautrix-signal/default.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
flake.nixngConfigurations.mautrixSignal = inputs.nixng.nglib.makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "mautrix-signal";
|
||||
inherit (inputs) nixpkgs;
|
||||
config =
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
init.services.mautrix-signal = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script = pkgs.writeShellScript "mautrix-signal" ''
|
||||
DATA_DIR="/var/lib/mautrix-signal"
|
||||
CONFIG_FILE="$DATA_DIR/config.yaml"
|
||||
REGISTRATION_FILE="/var/lib/registrations/mautrix-signal.yaml"
|
||||
DB_FILE="$DATA_DIR/sqlite.db"
|
||||
|
||||
cp ${./mautrix-signal.yaml} "$CONFIG_FILE" ; chmod 755 "$CONFIG_FILE"
|
||||
|
||||
[ -e "$REGISTRATION_FILE" ] || \
|
||||
${lib.getExe pkgs.mautrix-signal} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -g
|
||||
${lib.getExe pkgs.mautrix-signal} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -n
|
||||
'';
|
||||
};
|
||||
|
||||
init.services.signald = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script = pkgs.writeShellScript "signald" ''
|
||||
DATA_DIR="/var/lib/signald"
|
||||
SOCKET_PATH="/var/run/signald/signald.sock"
|
||||
mkdir -p $(dirname $SOCKET_PATH)
|
||||
|
||||
export LANG=en_US.UTF-8
|
||||
${lib.getExe pkgs.signald} -d $DATA_DIR -s $SOCKET_PATH
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
372
nixng/containers/matrix/mautrix-signal/mautrix-signal.yaml
Normal file
372
nixng/containers/matrix/mautrix-signal/mautrix-signal.yaml
Normal file
|
@ -0,0 +1,372 @@
|
|||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://matrix.redalder.org
|
||||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
|
||||
domain: matrix.redalder.org
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# Number of retries for all HTTP requests if the homeserver isn't reachable.
|
||||
http_retry_count: 4
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Maximum number of simultaneous HTTP connections to the homeserver.
|
||||
connection_limit: 100
|
||||
# Whether asynchronous uploads via MSC2246 should be enabled for media.
|
||||
# Requires a media repo that supports MSC2246.
|
||||
async_media: false
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: http://localhost:29328
|
||||
# When using https:// the TLS certificate and key files for the address.
|
||||
tls_cert: false
|
||||
tls_key: false
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29328
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are supported.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: postgres://mautrix-signal@127.0.0.1/mautrix-signal
|
||||
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
|
||||
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
|
||||
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
|
||||
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
|
||||
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
|
||||
database_opts:
|
||||
min_size: 1
|
||||
max_size: 10
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: musignal
|
||||
# Username of the appservice bot.
|
||||
bot_username: musignalbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Mautrix Signal bridge bot
|
||||
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
|
||||
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
|
||||
ephemeral_events: true
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
# as_token: "This value is generated when generating the registration"
|
||||
# hs_token: "This value is generated when generating the registration"
|
||||
|
||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||
metrics:
|
||||
enabled: false
|
||||
listen_port: 8000
|
||||
|
||||
# Manhole config.
|
||||
manhole:
|
||||
# Whether or not opening the manhole is allowed.
|
||||
enabled: false
|
||||
# The path for the unix socket.
|
||||
path: /var/tmp/mautrix-signal.manhole
|
||||
# The list of UIDs who can be added to the whitelist.
|
||||
# If empty, any UIDs can be specified in the open-manhole command.
|
||||
whitelist:
|
||||
- 0
|
||||
|
||||
signal:
|
||||
# Path to signald unix socket
|
||||
socket_path: /var/run/signald/signald.sock
|
||||
# Directory for temp files when sending files to Signal. This should be an
|
||||
# absolute path that signald can read. For attachments in the other direction,
|
||||
# make sure signald is configured to use an absolute path as the data directory.
|
||||
outgoing_attachment_dir: /tmp
|
||||
# Directory where signald stores avatars for groups.
|
||||
avatar_dir: /var/lib/signald/avatars
|
||||
# Directory where signald stores auth data. Used to delete data when logging out.
|
||||
data_dir: /var/lib/signald/data
|
||||
# Whether or not unknown signald accounts should be deleted when the bridge is started.
|
||||
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
|
||||
delete_unknown_accounts_on_start: false
|
||||
# Whether or not message attachments should be removed from disk after they're bridged.
|
||||
remove_file_after_handling: true
|
||||
# Whether or not users can register a primary device
|
||||
registration_enabled: false
|
||||
# Whether or not to enable disappearing messages in groups. If enabled, then the expiration
|
||||
# time of the messages will be determined by the first users to read the message, rather
|
||||
# than individually. If the bridge has a single user, this can be turned on safely.
|
||||
enable_disappearing_messages_in_groups: false
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Signal users.
|
||||
# {userid} is replaced with the UUID of the Signal user.
|
||||
username_template: "signal_{userid}"
|
||||
# Displayname template for Signal users.
|
||||
# {displayname} is replaced with the displayname of the Signal user, which is the first
|
||||
# available variable in displayname_preference. The variables in displayname_preference
|
||||
# can also be used here directly.
|
||||
displayname_template: "{displayname} (Signal)"
|
||||
# Whether or not contact list displaynames should be used.
|
||||
# Possible values: disallow, allow, prefer
|
||||
#
|
||||
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
|
||||
# be conflicts between names from different users' contact lists.
|
||||
contact_list_names: disallow
|
||||
# Available variables: full_name, first_name, last_name, phone, uuid
|
||||
displayname_preference:
|
||||
- full_name
|
||||
- phone
|
||||
|
||||
# Whether or not to create portals for all groups on login/connect.
|
||||
autocreate_group_portal: true
|
||||
# Whether or not to create portals for all contacts on login/connect.
|
||||
autocreate_contact_portal: false
|
||||
# Whether or not to make portals of Signal groups in which joining via invite link does
|
||||
# not need to be approved by an administrator publicly joinable on Matrix.
|
||||
public_portals: false
|
||||
# Whether or not to use /sync to get read receipts and typing notifications
|
||||
# when double puppeting is enabled
|
||||
sync_with_custom_puppets: false
|
||||
# Whether or not to update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
|
||||
double_puppet_server_map: {}
|
||||
# example.com: https://example.com
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
# If using this for other servers than the bridge's server,
|
||||
# you must also set the URL in the double_puppet_server_map.
|
||||
login_shared_secret_map: {}
|
||||
# example.com: foo
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: false
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: false
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||
# been sent to Signal. This let's you check manually whether the bridge is receiving your
|
||||
# messages.
|
||||
# Note that this is not related to Signal delivery receipts.
|
||||
delivery_receipts: false
|
||||
# Whether or not delivery errors should be reported as messages in the Matrix room.
|
||||
delivery_error_reports: true
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it,
|
||||
# except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# Interval at which to resync contacts (in seconds).
|
||||
periodic_sync: 0
|
||||
# Should leaving the room on Matrix make the user leave on Signal?
|
||||
bridge_matrix_leave: true
|
||||
# Should the bridge auto-create a group chat on Signal when a ghost is invited to a room?
|
||||
# Requires the user to have sufficient power level and double puppeting enabled.
|
||||
create_group_on_invite: true
|
||||
hacky_contact_name_mixup_detection: false
|
||||
|
||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
|
||||
provisioning:
|
||||
# Whether or not the provisioning API should be enabled.
|
||||
enabled: true
|
||||
# The prefix to use in the provisioning API endpoints.
|
||||
prefix: /_matrix/provision
|
||||
# The shared secret to authorize users of the API.
|
||||
# Set to "generate" to generate and save a new token.
|
||||
shared_secret: generate
|
||||
# Segment API key to enable analytics tracking for web server
|
||||
# endpoints. Set to null to disable.
|
||||
# Currently the only events are login start, QR code scan, and login
|
||||
# success/failure.
|
||||
segment_key: null
|
||||
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
|
||||
segment_user_id: null
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!signal"
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
management_room_text:
|
||||
# Sent when joining a room.
|
||||
welcome: "Hello, I'm a Signal bridge bot."
|
||||
# Sent when joining a management room and the user is already logged in.
|
||||
welcome_connected: "Use `help` for help."
|
||||
# Sent when joining a management room and the user is not logged in.
|
||||
welcome_unconnected: "Use `help` for help or `link` to log in."
|
||||
# Optional extra text sent when joining a management room.
|
||||
additional_help: ""
|
||||
|
||||
# Send each message separately (for readability in some clients)
|
||||
management_room_multiple_messages: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relay - Allowed to be relayed through the bridge, no access to commands.
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"*": "relay"
|
||||
"matrix.redalder.org": "user"
|
||||
"@magic_rb:matrix.redalder.org": "admin"
|
||||
|
||||
relay:
|
||||
# Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
|
||||
# authenticated user into a relaybot for that chat.
|
||||
enabled: false
|
||||
# The formats to use when sending messages to Signal via a relay user.
|
||||
#
|
||||
# Available variables:
|
||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||
# $message - The message content
|
||||
message_formats:
|
||||
m.text: '$sender_displayname: $message'
|
||||
m.notice: '$sender_displayname: $message'
|
||||
m.emote: '* $sender_displayname $message'
|
||||
m.file: '$sender_displayname sent a file'
|
||||
m.image: '$sender_displayname sent an image'
|
||||
m.audio: '$sender_displayname sent an audio file'
|
||||
m.video: '$sender_displayname sent a video'
|
||||
m.location: '$sender_displayname sent a location'
|
||||
# Specify a dedicated relay account. Must be a regular matrix account logged into this bridge
|
||||
# and double puppeting working to auto-accept invites. When this user is invited to a room
|
||||
# it will automatically be set as the relay user. May be overridden with `set-relay` or `unset-relay`
|
||||
relaybot: '@relaybot:example.com'
|
||||
# Whether or not invites from non-logged-in users should be relayed
|
||||
invite: true
|
||||
|
||||
# Format for generating URLs from location messages for sending to Signal
|
||||
# Google Maps: 'https://www.google.com/maps/place/{lat},{long}'
|
||||
# OpenStreetMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}'
|
||||
location_format: 'https://www.google.com/maps/place/{lat},{long}'
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_signal.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.RotatingFileHandler
|
||||
formatter: normal
|
||||
filename: ./mautrix-signal.log
|
||||
maxBytes: 10485760
|
||||
backupCount: 10
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [file, console]
|
21
nixng/containers/matrix/synapse/common_config.nix
Normal file
21
nixng/containers/matrix/synapse/common_config.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ logConfig }:
|
||||
{
|
||||
server_name = "matrix.redalder.org";
|
||||
report_stats = "yes";
|
||||
pid_file = "/homeserver.pid";
|
||||
|
||||
log_config = logConfig;
|
||||
|
||||
trusted_key_servers = [ {
|
||||
server_name = "matrix.org";
|
||||
} ];
|
||||
media_store_path = "/var/lib/synapse/media_store";
|
||||
signing_key_path = "/var/lib/synapse/signing.key";
|
||||
|
||||
enable_registration = false;
|
||||
enable_registration_without_verification = false;
|
||||
|
||||
federation_sender_instances = [
|
||||
"worker-federation-sender-0"
|
||||
];
|
||||
}
|
52
nixng/containers/matrix/synapse/default.nix
Normal file
52
nixng/containers/matrix/synapse/default.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ inputs, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
singleton;
|
||||
|
||||
commonConfig = pkgs:
|
||||
(pkgs.formats.yaml {}).generate "common.yaml"
|
||||
(import ./common_config.nix { logConfig = logConfig pkgs; });
|
||||
logConfig = pkgs:
|
||||
(pkgs.formats.yaml {}).generate "log.yaml"
|
||||
(import ./log_config.nix {});
|
||||
|
||||
callPackage = lib.callPackageWith {
|
||||
inherit (inputs)
|
||||
nixpkgs;
|
||||
inherit (inputs.nixng.nglib)
|
||||
makeSystem;
|
||||
inherit
|
||||
commonConfig
|
||||
logConfig;
|
||||
};
|
||||
in
|
||||
{
|
||||
flake.nixngConfigurations.synapseFederationSender = callPackage ./generic_worker.nix {
|
||||
name = "generic";
|
||||
listener_resources = singleton "health";
|
||||
};
|
||||
flake.nixngConfigurations.synapseFederationReceiver = callPackage ./generic_worker.nix {
|
||||
name = "generic";
|
||||
listener_resources = [
|
||||
"health"
|
||||
"federation"
|
||||
];
|
||||
};
|
||||
flake.nixngConfigurations.synapseClient = callPackage ./generic_worker.nix {
|
||||
name = "generic";
|
||||
listener_resources = [
|
||||
"client"
|
||||
"health"
|
||||
];
|
||||
};
|
||||
flake.nixngConfigurations.synapseSync = callPackage ./generic_worker.nix {
|
||||
name = "generic";
|
||||
listener_resources = [
|
||||
"client"
|
||||
"health"
|
||||
];
|
||||
};
|
||||
flake.nixngConfigurations.synapseRedis = callPackage ./redis.nix {};
|
||||
flake.nixngConfigurations.synapsePostgreSQL = callPackage ./postgresql.nix {};
|
||||
flake.nixngConfigurations.synapse = callPackage ./synapse.nix {};
|
||||
}
|
59
nixng/containers/matrix/synapse/generic_worker.nix
Normal file
59
nixng/containers/matrix/synapse/generic_worker.nix
Normal file
|
@ -0,0 +1,59 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
|
||||
, listener_resources
|
||||
, name
|
||||
, logConfig
|
||||
, commonConfig
|
||||
}:
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "synapse-worker-${name}";
|
||||
inherit nixpkgs;
|
||||
config = ({ pkgs, ... }:
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
services.synapse.workers.${name} = {
|
||||
settings = {
|
||||
worker_app = "synapse.app.generic_worker";
|
||||
|
||||
# The replication listener on the main synapse process.
|
||||
worker_replication_host = "127.0.0.1";
|
||||
worker_replication_http_port = 9093;
|
||||
|
||||
worker_listeners = [
|
||||
{
|
||||
port = 6167;
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = true;
|
||||
bind_adrresses = [ "0.0.0.0" ];
|
||||
resources =
|
||||
[
|
||||
{
|
||||
names = listener_resources;
|
||||
compress = false;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
worker_log_config = logConfig pkgs;
|
||||
};
|
||||
arguments = {
|
||||
config-path = [
|
||||
(commonConfig pkgs)
|
||||
"/secrets/extra.yaml"
|
||||
"/var/lib/registrations/extra.yaml"
|
||||
];
|
||||
keys-directory = [
|
||||
"/var/lib/synapse/keys"
|
||||
];
|
||||
};
|
||||
};
|
||||
});
|
||||
}
|
18
nixng/containers/matrix/synapse/log_config.nix
Normal file
18
nixng/containers/matrix/synapse/log_config.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ }:
|
||||
{
|
||||
version = 1;
|
||||
|
||||
formatters.precise.format = "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
|
||||
handlers.console = {
|
||||
class = "logging.StreamHandler";
|
||||
formatter = "precise";
|
||||
};
|
||||
|
||||
loggers."synapse.storage.SQL".level = "INFO";
|
||||
root = {
|
||||
level = "INFO";
|
||||
handlers = [ "console" ];
|
||||
};
|
||||
|
||||
disable_existing_loggers = false;
|
||||
}
|
58
nixng/containers/matrix/synapse/postgresql.nix
Normal file
58
nixng/containers/matrix/synapse/postgresql.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
}:
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-synapse-postgresql";
|
||||
inherit nixpkgs;
|
||||
config =
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
config = {
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = {};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_12;
|
||||
|
||||
initialScript = "/secrets/init.sql";
|
||||
enableTCPIP = true;
|
||||
|
||||
authentication = "host all all all md5";
|
||||
|
||||
ensureDatabases = {
|
||||
"synapse" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
||||
"mautrix-facebook" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
||||
"mautrix-signal" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
||||
"mautrix-whatsapp" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
||||
"mautrix-discord" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
||||
};
|
||||
ensureExtensions = {};
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "synapse";
|
||||
ensurePermissions."DATABASE \"synapse\"" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = "mautrix-facebook";
|
||||
ensurePermissions."DATABASE \"mautrix-facebook\"" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = "mautrix-signal";
|
||||
ensurePermissions."DATABASE \"mautrix-signal\"" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = "mautrix-whatsapp";
|
||||
ensurePermissions."DATABASE \"mautrix-whatsapp\"" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = "mautrix-discord";
|
||||
ensurePermissions."DATABASE \"mautrix-discord\"" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
2276
nixng/containers/matrix/synapse/redis.conf
Normal file
2276
nixng/containers/matrix/synapse/redis.conf
Normal file
File diff suppressed because it is too large
Load diff
46
nixng/containers/matrix/synapse/redis.nix
Normal file
46
nixng/containers/matrix/synapse/redis.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
}:
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "redis";
|
||||
inherit nixpkgs;
|
||||
config =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
users.users."redis" = {
|
||||
home = "/var/empty";
|
||||
uid = 9001;
|
||||
group = "redis";
|
||||
};
|
||||
|
||||
users.groups."redis" = {
|
||||
gid = 9001;
|
||||
};
|
||||
|
||||
init.services.redis = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script = pkgs.writeShellScript "redis-run" ''
|
||||
cd /var/lib/redis
|
||||
chpst -U redis:redis ${pkgs.redis}/bin/redis-server ${./redis.conf}
|
||||
'';
|
||||
};
|
||||
|
||||
init.services.redis-setup = {
|
||||
enabled = true;
|
||||
script = pkgs.writeShellScript "redis-run" ''
|
||||
export PATH="${pkgs.redis}/bin:$PATH"
|
||||
nc -z 127.0.0.1 6379 -w 10 -v || exit 1
|
||||
|
||||
redis-cli acl setuser default on '>'"$(cat /secrets/redis_password)" allcommands allkeys
|
||||
sleep 86400
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
72
nixng/containers/matrix/synapse/synapse.nix
Normal file
72
nixng/containers/matrix/synapse/synapse.nix
Normal file
|
@ -0,0 +1,72 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
|
||||
, commonConfig
|
||||
}:
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "synapse";
|
||||
inherit nixpkgs;
|
||||
config =
|
||||
{ pkgs, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
singleton;
|
||||
in
|
||||
{
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = { };
|
||||
};
|
||||
|
||||
init.services.synapse = {
|
||||
enabled = true;
|
||||
shutdownOnExit = true;
|
||||
script =
|
||||
let
|
||||
synapseConfig = (pkgs.formats.yaml {}).generate "synapse.yaml"
|
||||
{
|
||||
listeners =
|
||||
[
|
||||
# The HTTP replication port
|
||||
{
|
||||
port = 9093;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "http";
|
||||
resources = [
|
||||
{
|
||||
names = [ "replication" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
port = 6167;
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = true;
|
||||
bind_adrresses = [ "0.0.0.0" ];
|
||||
resources = singleton {
|
||||
names = [ "client" "federation" ];
|
||||
compress = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
public_baseurl = "https://matrix.redalder.org/";
|
||||
|
||||
# Add a random shared secret to authenticate traffic.
|
||||
worker_replication_secret = "";
|
||||
};
|
||||
in
|
||||
pkgs.writeShellScript "synapse" ''
|
||||
${pkgs.matrix-synapse}/bin/synapse_homeserver \
|
||||
--config-path ${synapseConfig} \
|
||||
--config-path ${commonConfig pkgs} \
|
||||
--config-path /secrets/extra.yaml \
|
||||
--config-path /var/lib/registrations/extra.yaml \
|
||||
--keys-directory /var/lib/synapse/keys \
|
||||
$([ -e /var/lib/synapse/signing.key ] || echo --generate-keys)
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue