commit 15d5bb229733f396906df4cc857f50086d6c3955
parent ff623a5f0b2c154dfda86d877ead4a81f5935a65
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 21 Mar 2025 16:05:28 +0100
parent ff623a5f0b2c154dfda86d877ead4a81f5935a65
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 21 Mar 2025 16:05:28 +0100
configurations/nixos/services: add `matrixBridges` (for whatsapp, telegram, signal)
7 files changed, 257 insertions(+), 0 deletions(-)
A
|
60
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
62
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
71
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/nixos/services/matrixBridges/mautrix-signal.nix b/configurations/nixos/services/matrixBridges/mautrix-signal.nix @@ -0,0 +1,60 @@ +{ secrets, config, pkgs, lib, ... }: + +{ + + age.secrets.mautrixSignalEnv.file = secrets."${config.networking.hostName}".mautrixSignalEnv; + + nixpkgs.overlays = [ (final: prev: { + mautrix-signal = prev.mautrix-signal.override { withGoolm = true; }; + }) ]; + + services.mautrix-signal = { + enable = true; + environmentFile = config.age.secrets.mautrixSignalEnv.path; + serviceDependencies = [ "conduwuit.service" ]; + settings = rec { + network.device_name = "Mautix-Signal (on ${homeserver.domain})"; + network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)"; + + homeserver.address = "http://[::1]:6167"; + homeserver.domain = "ctu.cx"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate"; + + encryption.allow = true; + encryption.default = true; + encryption.pickle_key = "$MAUTRIX_PICKLE_KEY"; + + relay.enabled = false; + backfill.enabled = true; + + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + + appservice = { + id = "signal"; + address = "http://[::1]:29328/"; + hostname = "[::1]"; + port = 29328; + as_token = "$MAUTRIX_AS_TOKEN"; + hs_token = "$MAUTRIX_HS_TOKEN"; + }; + + bridge = { + personal_filtering_spaces = true; + + permissions."${homeserver.domain}" = "admin"; + + cleanup_on_logout = { + enabled = true; + } // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); + }; + }; + }; + +}
diff --git a/configurations/nixos/services/matrixBridges/mautrix-telegram.nix b/configurations/nixos/services/matrixBridges/mautrix-telegram.nix @@ -0,0 +1,62 @@ +{ secrets, config, pkgs, lib, ... }: + +{ + + age.secrets.mautrixTelegramEnv.file = secrets."${config.networking.hostName}".mautrixTelegramEnv; + + nixpkgs.overlays = [ (final: prev: { + mautrix-telegramgo = prev.mautrix-telegram.override { withGoolm = true; }; + }) ]; + + services.mautrix-telegram = { + enable = true; + environmentFile = config.age.secrets.mautrixTelegramEnv.path; + serviceDependencies = [ "conduwuit.service" ]; + settings = rec { + network.device_info.device_model = "Mautix-TelegramGO (on ${homeserver.domain})"; + network.api_id = "$TELEGRAM_API_ID"; + network.api_hash = "$TELEGRAM_API_HASH"; + + homeserver.address = "http://[::1]:6167"; + homeserver.domain = "ctu.cx"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-telegram/mautrix-telegram.db?_txlock=immediate"; + + encryption.allow = true; + encryption.default = true; + encryption.pickle_key = "$MAUTRIX_PICKLE_KEY"; + + relay.enabled = false; + backfill.enabled = true; + backfill.max_initial_messages = 400; + + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + + appservice = { + id = "telegram"; + address = "http://[::1]:29317/"; + hostname = "[::1]"; + port = 29317; + as_token = "$MAUTRIX_AS_TOKEN"; + hs_token = "$MAUTRIX_HS_TOKEN"; + }; + + bridge = { + personal_filtering_spaces = true; + + permissions."${homeserver.domain}" = "admin"; + + cleanup_on_logout = { + enabled = true; + } // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); + }; + }; + }; + +}
diff --git a/configurations/nixos/services/matrixBridges/mautrix-whatsapp.nix b/configurations/nixos/services/matrixBridges/mautrix-whatsapp.nix @@ -0,0 +1,71 @@ +{ secrets, config, pkgs, lib, ... }: + +{ + + age.secrets.mautrixWhatsAppEnv.file = secrets."${config.networking.hostName}".mautrixWhatsAppEnv; + + nixpkgs.overlays = [ (final: prev: { + mautrix-whatsapp = prev.mautrix-whatsapp.override { withGoolm = true; }; + }) ]; + + services.mautrix-whatsapp = { + enable = true; + serviceDependencies = [ "conduwuit.service" ]; + environmentFile = config.age.secrets.mautrixWhatsAppEnv.path; + settings = rec { + network = { + displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)"; + os_name = "Mautrix-WhatsApp (on ${homeserver.domain})"; + identity_change_notices = true; + url_previews = true; + history_sync = { + request_full_sync = true; + full_sync_config.days_limit = 1000; + full_sync_config.size_mb_limit = 1024; + full_sync_config.storage_quota_mb = 1024; + }; + }; + + homeserver.address = "http://[::1]:6167/"; + homeserver.domain = "ctu.cx"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; + + encryption.allow = true; + encryption.default = true; + encryption.pickle_key = "$MAUTRIX_PICKLE_KEY"; + + relay.enabled = false; + backfill.enabled = true; + backfill.max_initial_messages = 100; + + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + + appservice = { + id = "whatsapp"; + address = "http://[::1]:29318/"; + hostname = "[::1]"; + port = 29318; + as_token = "$MAUTRIX_AS_TOKEN"; + hs_token = "$MAUTRIX_HS_TOKEN"; + }; + + bridge = { + personal_filtering_spaces = true; + + permissions."${homeserver.domain}" = "admin"; + + cleanup_on_logout = { + enabled = true; + } // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); + }; + }; + }; + +}
diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix @@ -54,6 +54,11 @@ # matrix server ctucxConfig.websites."matrix.ctu.cx" + + # matrix-bridges + ctucxConfig.services.matrixBridges.mautrix-signal + ctucxConfig.services.matrixBridges.mautrix-whatsapp + ctucxConfig.services.matrixBridges.mautrix-telegram ]; dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address;
diff --git a/secrets/hector/mautrixSignalEnv.age b/secrets/hector/mautrixSignalEnv.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZmMwN2srVi94TnBpMERi +V0VUT3Y1eFNiYStQMEpGT1NpbUxTc3laeVNrCmcrMStsSzJJdmpNc3FCdUl5U3k4 +NVY1OHZBVlRsS1JsbTE5QThZWW5VenMKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIEtV +MnhaT01XMWdRMmtVMFcwQ2lSNWRlVk5mM3dDY21jOElQZlNKeVRVUzgKM1l0SkI2 +SVd2YXdtNVNBc1gvWTRnSUtpZmNhdEJQdXZNU1I0VjhUNEY0awotPiAjIi1ncmVh +c2UKdkV6dEJwdjFjK1EvK3M1WmRncUZhY2I4Qk4yVm5lMkR6Rm1oMXBtUnJsMktL +c3pEbjg2bGp2NVI3V3ltS2NBYwpma2J2ZjNxNXIyR3krakxCWTVmWVZ0akpCNUdu +MUdIckd0QTBYSGQya3lEUnNaallIWCtNb3dodFk1MAotLS0gTVVkdnVmR3lzU1pW +VVlxN3gzb0Fxa01RU3ZsZ3hTdWEyYTZneS94bUlvSQpFRx4GEfwYOPQqiQpk1NQz +8M/ibchl3DFR0teC5u2ZrH0l7/42whzbAb5BiFbcNKT00ewyGwzZoEwSWaTE2p1R +v6qHglihOFcFt5gGjX0qRPolrmk3XVjEzjk6/RWL17iKv0lXGFv5ZDOJkC/rxQW9 +ajUm7qhn/GyIQ5KQqeXs9AYXz4qtvSbqEj5PZUm03RCK9iySPdv5fQ9uZO3NymG0 +1ePMWvEUWVJgyiXzpQbHSZZI6VAXGvYOFwiRsniVi2deSZpx3Odseq3kDgNByxPd +dwA/2Xwf12zslL+MD8GUpLrtSdzl8+7p7jYgaiO1xXgKr7Dwxf5HXQW4sUqU2L+2 +un+LyiJOpVApIG6upeE4gIZYSJrbqJvUvCNQuydz6ugugYC1uMD8ABLQEjBhjH6J +LSjDEKt8Tg0OpeQ+5CsArjt/8P/X6mJW60+6a9hip5nhvnvl7JuK7gjjONBY7TwP +UEvlywQtJpNNT+vOCPi5BQp1PbqH8H60SM96sVBvVtoghB/N1RCp532kLXi20qeG +9kjUBWW8YS1aggjpaaVZ +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/mautrixTelegramEnv.age b/secrets/hector/mautrixTelegramEnv.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVkJGdUplRWZTWTRCMHQ4 +UGtvS0poNGxkMlJ2RjVabURpdjVremY2ekFBCjhkVG42TDdyN2x3ckIrZGJ0aTNU +NUlVTlc1QktCaG14WDF6UVp0NkZNSlkKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIGRl +cW9wSU9Wd2NEbFJrUk9nUFpMU216UTBUa1llWFQzMmZZRDFaS002akUKMFpObk5t +dElrOCtRczh5Q2ZmdzhpZlVINlJPRWwzV2UwSkUyb0xLd2pvUQotPiBkOCFdLWdy +ZWFzZSB+ImRTICd3PFEgQWsKaHZwU1JneFRNYU1VMmI4SXRGRTdtdGoxb0lzMjVN +KytSOWRGUGcKLS0tIDZTRmV1SkNXaXFsbUtGRzNwb0VJUGtBTmM5OVFBd3Q4L2RC +ZStuZjJLMjgKzProSv+MKFSFbzwMXUG3xMEw6Rs+il/Nuv445mRwG6xMV7mmIyOx +uzDEyyRXJqk4ymm/cquBXrdNOZfthssJfBd48DKhqthan6fobCiwJ7iVJuGaHGJq ++RGQl6nXM6Dmo7zAKzAJwIhnPS2Xlvf44DQBtzftBNN94rvPRV0DshpB0mGjXp5L +zymwz1IjRp2793HXMGJlg78grSZSG7x/MqU1ZfeEq3YsqFDqDnhbOzkRk/dwvw35 +OP8H+jmNNSD6VwbDJt+vMc8H157qvqLsWtreeElW6qpggsw9P5163JRU7vfuM81t +H9uiT+FPHBgD/hsICgDumiwQ7gwdTR2Te+hLsvrGzKmZl1hAMM5pH/6JIpDLZrx5 +x+nOgb5mu4ZjWBzLU9ja0zhFuXd1wa7QIizMTFL9ygCcO6t0ltrpu9y91J7GnjJ4 +YIOEvisXsnih+XDOU37C4sc+IjN/cwlon71aRki+Sigi7ZbOG44ic5SiODKwKVkN +J8UmVAvszQhPFCxXnj2TCfV2b90S3wUF+tH6eNe/HZkbRSZe1tR1YWytDIPoO5Ss +iwN/RrNQcEm8Tb0yUjMFI4bb2qDr3FuVbeG9Tph13BaCNfJUmnKtaq8p/H3R0InR +vUPmEn43AmdEl9FJ/hDGQU7IjaPR8g== +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hector/mautrixWhatsAppEnv.age b/secrets/hector/mautrixWhatsAppEnv.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeUJsR09aOUxWQ2ZuZ1pL +dTJHZXU5T3d5ZHNpRDU1NHF0Tm9QQ3pFMHhnCnc3ZWFjaXJ4T1U2Y1pSdDNIMlEy +TUFOaTYvVHJKeFB3d3owenNjM0dnOXMKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFJ0 +MDVOMXBhSGdxUHZTUzVTRm9KUkF2TzhWNElXQmtkdzQ4Z0tNL1pmemsKOWUxUHNs +VFNTM0orbW50ZU02VG1VNEptZUdRSkd4d0NPTEl0QkxYMGFCTQotPiBNYUBPYlgt +Z3JlYXNlIEttSS5WIHw7Ilw6ID8gWzVgT2QKK205TTA4SE43TVhaRFBEZVlhU2Fk +SnJMM2RVMERpb1A0bnFJbnN0Zy9TOW12bWRURFBnQWpPdEVBYVRQSEkzWApTeVFr +ZjdRCi0tLSBvTVoxZDB3NzJhdFQ2ZWptbTUyOGN3NDhwMmlTT1hiVld4YVgxNEpt +bjFJCog+3PsSBv9WIELtShoIDoFlh7bYuIxQf2HL6zh3uYibO9lIshY2vdHt8O0D +0JqNKglMSAHiXhSw0KRAQrjLfbuLAQp34DlhVjjboWJIwqGKJn8vn1JEJw5Q3fMA +mFURoA+Y9z9HuPtp4PnyYHoVBAVI92TW5bT4j7msicW0IJpMGCRmVj0IJXYH/o7q +jCjujA+0Dl4krJyK11nAVzUfc4Q39RDdPXlNJXwiRMOF0+A3np7VdgbUbkWDY6vN +li315HVtJpnDK0mxVc0ha0N78qmjKJcJCFwdJvcrMp0rOUPJXTF+iGIiHNw5C6aw +KgiPkwcZnrP3XJjEXCL2xkKlpn4kXv7RfJu7zY33yPDH5JYAECdWJIvzgbEQtMDB +CPDsFnX3cvHvwBn9yP4kwDtwfBiqV8ESR1Bhg5F0g2/8S+0wdywCBTj6yNsCh/1v +quQs3Kbw2kNSOskXcjVVHmeIXF614YP7bmDi7vw9/pIgV2X6D1IjIdZ8KWyk6P3s +x2TsY7BabpDFo5QMflOX1JPQ1EbQnTE+EpXCWX8V8cAIink= +-----END AGE ENCRYPTED FILE-----