commit 9f10f941d6bf5b4e3459034c54f4cf99c753a056
parent 4fe23c3d102f24a46438f7801ec9487c78091d24
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 00:19:16 +0100
parent 4fe23c3d102f24a46438f7801ec9487c78091d24
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 00:19:16 +0100
configurations/nixos/services: add `mautrix-signal` (and enable on hector)
3 files changed, 75 insertions(+), 0 deletions(-)
A
|
60
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/nixos/services/mautrix-signal.nix b/configurations/nixos/services/mautrix-signal.nix @@ -0,0 +1,60 @@ +{ secrets, config, pkgs, ... }: + +{ + + age.secrets.mautrixSignalEnv.file = secrets."${config.networking.hostName}".matrixSynapse.mautrixSignalEnv; + + users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ]; + + nixpkgs.overlays = [ (final: prev: { + mautrix-signal = prev.mautrix-signal.override { withGoolm = true; }; + }) ]; + + services.mautrix-signal = { + enable = true; + environmentFile = config.age.secrets.mautrixSignalEnv.path; + settings = { + network.device_name = "Mautix-Signal bridge (ctu.cx)"; + network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)"; + + homeserver.address = "https://matrix.ctu.cx"; + homeserver.domain = "ctu.cx"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-signal/mautrix-signal.db?_txlock=immediate"; + + backfill.enabled = true; + + double_puppet.secrets."ctu.cx" = "as_token:$MAUTRIX_SIGNAL_BRIDGE_DP_LOGIN_SHARED_SECRET"; + + appservice = { + hostname = "[::1]"; + port = 29328; + id = "signal"; + }; + + bridge = { + personal_filtering_spaces = true; + + permissions."ctu.cx" = "admin"; + + cleanup_on_logout = { + enabled = true; + manual = { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + }; + bad_credentials = { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + }; + }; + }; + }; + }; + +}
diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix @@ -55,6 +55,7 @@ # matrix server ctucxConfig.services.matrix-synapse ctucxConfig.services.mautrix-whatsapp + ctucxConfig.services.mautrix-signal ]; dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address;
diff --git a/secrets/hector/matrixSynapse/mautrixSignalEnv.age b/secrets/hector/matrixSynapse/mautrixSignalEnv.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dmt2bFNldHd2USt4R0xB +Y2dHV1E4cHBwdFp1OU5TbXlqVjg4MWxSOVJnCkVoV2NLWmxaOE9ZRG1OaFVqNlFu +NWRrQVI2cEl6Z0F5S3RWVGJsQVpuYVEKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFR6 +R2NoQ0VsYmhaN1Y4S0RIbkRFUmVsZDRqM1pOU3BZZEd0RUVKQ2h2alkKZUFmVHk5 +NUQrSitFMVBwazI3QUNia2xucXJMRDkxbURnaXFzWVlvRmp3NAotPiB6bDVHRlct +Z3JlYXNlIDlUO3NsREUgfQpETEp4Y0o4KzVNVXc0QUh2VUErVXA3MjA4RzdidENl +dm1tb0QwT21HSzgrdjhUSDF0WmtUSjZWSDMyMU9IOVFGCnhEUTRIcVFpWVV6eXF2 +cXVVd2FveWRERTRleVErZmZUOEgyRDh0dkZiQ1V6OFd6aWdBa05rWTdqUXcKLS0t +IHBXTHZMaVA4SlpGR01zS0I2bWNXNEY1T3NIaTJlNzdxdHFhUWpQLzVYcFkKSlhR +TEGY5qz7h/0m4zPcQckK2D3rviLzompbVOWMFzUC+H1UitgVjBZH7zEt0q53/08B +WX0stZi186sf8pOfutX9dRl0TkkyXX8DfNxpR2+nkgxW5KEkWHdxntDrrKwx2WDv +qEJ1SGgaseybG2A= +-----END AGE ENCRYPTED FILE-----