{inputs, ...}: { flake.nixngConfigurations.mautrixSignal = inputs.nixng.nglib.makeSystem { system = "x86_64-linux"; name = "mautrix-signal"; inherit (inputs) nixpkgs; config = { pkgs, lib, ... }: { dumb-init = { enable = true; type.services = {}; }; init.services.mautrix-signal = { enabled = true; shutdownOnExit = true; script = let nixpkgsSignal = pkgs.fetchFromGitHub { owner = "NixOS"; repo = "nixpkgs"; rev = "cf886946e2917dc1b1e7836e129bedce778cf347"; hash = "sha256-dUaQCYgKc4TNFY7HXyFQEvA5jM2ckvV9Pf8/jZqRGTA="; }; boringssl-wrapper = pkgs.runCommand "boringssl-wrapper" {} '' mkdir $out cd $out ln -s ${pkgs.boringssl.out}/lib build ln -s ${pkgs.boringssl.dev}/include include ''; libsignal-ffi = pkgs.rustPlatform.buildRustPackage rec { pname = "libsignal-ffi"; # must match the version used in mautrix-signal # see https://github.com/mautrix/signal/issues/401 version = "0.41.0"; src = pkgs.fetchFromGitHub { owner = "signalapp"; repo = "libsignal"; rev = "v${version}"; hash = "sha256-U/Wy7nzRQJLdc/dGmYR418Nt1KV70HbcgnDHmYxKytg="; }; nativeBuildInputs = [pkgs.protobuf] ++ lib.optionals pkgs.stdenv.isDarwin [pkgs.xcodebuild]; buildInputs = [pkgs.rustPlatform.bindgenHook]; env.BORING_BSSL_PATH = "${boringssl-wrapper}"; # The Cargo.lock contains git dependencies cargoLock = { lockFile = "${nixpkgsSignal}/pkgs/by-name/li/libsignal-ffi/Cargo.lock"; outputHashes = { "boring-3.1.0" = "sha256-R6hh4K57mgV10nuVcMZETvxlQsMsmGapgCQ7pjuognk="; "curve25519-dalek-4.1.1" = "sha256-p9Vx0lAaYILypsI4/RVsHZLOqZKaa4Wvf7DanLA38pc="; }; }; cargoBuildFlags = ["-p" "libsignal-ffi"]; meta = with lib; { description = "A C ABI library which exposes Signal protocol logic"; homepage = "https://github.com/signalapp/libsignal"; license = licenses.agpl3Plus; maintainers = with maintainers; [niklaskorz]; }; }; mautrix-signal = pkgs.buildGoModule rec { pname = "mautrix-signal"; version = "0.5.1"; src = pkgs.fetchFromGitHub { owner = "mautrix"; repo = "signal"; rev = "v${version}"; hash = "sha256-juem0enwwY5HOgci9Am2xcAsJK0F48DtpU7J/Osqd9k="; }; buildInputs = [ pkgs.olm # must match the version used in https://github.com/mautrix/signal/tree/main/pkg/libsignalgo # see https://github.com/mautrix/signal/issues/401 libsignal-ffi ]; vendorHash = "sha256-CnuRzDiUVJt4PrU8u7UmT1ejrdpsohmDv8M0qfFb0Ac="; doCheck = false; meta = with lib; { homepage = "https://github.com/mautrix/signal"; description = "A Matrix-Signal puppeting bridge"; license = licenses.agpl3Plus; maintainers = with maintainers; [expipiplus1 niklaskorz ma27]; mainProgram = "mautrix-signal"; }; }; in pkgs.writeShellScript "mautrix-signal" '' DATA_DIR="/var/lib/mautrix-signal" CONFIG_FILE="$DATA_DIR/config.yaml" REGISTRATION_FILE="/var/lib/registrations/mautrix-signal.yaml" DB_FILE="$DATA_DIR/sqlite.db" cp ${./mautrix-signal.yaml} "$CONFIG_FILE" ; chmod 755 "$CONFIG_FILE" [ -e "$REGISTRATION_FILE" ] || \ ${lib.getExe' mautrix-signal "mautrix-signal"} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -g sed -i \ -e 's/@AS_TOKEN@/'"$(${lib.getExe pkgs.yq} -r '.as_token' "$REGISTRATION_FILE")/" \ -e 's/@HS_TOKEN@/'"$(${lib.getExe pkgs.yq} -r '.hs_token' "$REGISTRATION_FILE")/" \ "$CONFIG_FILE" ${lib.getExe' mautrix-signal "mautrix-signal"} -c "$CONFIG_FILE" -r "$REGISTRATION_FILE" -n ''; }; }; }; }