commit b0de195cdb46d7228420a9f7f58ab2b9af9ead4d
parent 4ef5adfb4dd37864f044eb7a4ab135e3c923aa58
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 5 Jan 2024 17:33:29 +0100
parent 4ef5adfb4dd37864f044eb7a4ab135e3c923aa58
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 5 Jan 2024 17:33:29 +0100
machines/trabbi/matrix: add mautrix-whatsapp
5 files changed, 202 insertions(+), 122 deletions(-)
D
|
121
-------------------------------------------------------------------------------
A
|
68
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
122
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix @@ -21,7 +21,7 @@ # communication ./fedi ./mail - ./matrix-synapse.nix + ./matrix # vaultwarden password-store ./vaultwarden.nix
diff --git a/machines/trabbi/matrix-synapse.nix b/machines/trabbi/matrix-synapse.nix @@ -1,121 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: - -{ - - dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ]; - - age.secrets = { - restic-matrix-synapse.file = ./. + "/../../secrets/${config.networking.hostName}/restic/matrix-synapse.age"; - matrix-registration_shared_secret = { - file = ./. + "/../../secrets/${config.networking.hostName}/matrix-synapse/registration_shared_secret.age"; - owner = "matrix-synapse"; - }; - }; - - restic-backups.matrix-synapse = { - user = "matrix-synapse"; - passwordFile = config.age.secrets.restic-matrix-synapse.path; - postgresDatabases = [ "matrix-synapse" ]; - paths = [ "/var/lib/matrix-synapse" ]; - }; - - systemd.services.matrix-synapse.onFailure = [ "email-notify@%i.service" ]; - - services = { - postgresql = { - enable = true; - ensureUsers = [{ - name = "matrix-sliding-sync-proxy"; - ensurePermissions."DATABASE syncv3" = "ALL PRIVILEGES"; - }]; - ensureDatabases = [ "syncv3" ]; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - matrix-synapse = { - enable = true; - withJemalloc = true; - settings = { - server_name = "ctu.cx"; - public_baseurl = "https://matrix.ctu.cx/"; - max_upload_size = "100M"; - dynamic_thumbnails = true; - enable_registration = false; - registration_shared_secret_file = config.age.secrets.matrix-registration_shared_secret.path; - listeners = [{ - bind_addresses = [ "::1" ]; - port = 8008; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" ]; compress = true; } - { names = [ "federation" ]; compress = false; } - ]; - }]; - }; - }; - - matrix-sliding-sync-proxy = { - enable = true; - dbName = "syncv3"; - bind = "[::1]:8009"; - server = "http://[::1]:8008"; - package = pkgs.matrix-sliding-sync; - }; - - nginx = { - enable = true; - virtualHosts = { - - "ctu.cx" = let - matrixServerConfig = { "m.server" = "matrix.ctu.cx:443"; }; - matrixClientConfig = { "m.homeserver" = { "base_url" = "https://matrix.ctu.cx"; }; "org.matrix.msc3575.proxy" = { "url" = "https://matrix.ctu.cx"; }; }; - in { - enableACME = true; - forceSSL = true; - kTLS = true; - locations."/.well-known/matrix/server".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixServerConfig}'; - ''; - locations."/.well-known/matrix/client".extraConfig = '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON matrixClientConfig}'; - ''; - }; - - "matrix.ctu.cx" = { - enableACME = true; - forceSSL = true; - kTLS = true; - locations = { - "/_matrix".proxyPass = "http://[::1]:8008"; - "/_matrix/client/unstable/org.matrix.msc3575/".proxyPass = "http://[::1]:8009/_matrix/client/unstable/org.matrix.msc3575/"; -# "/_synapse".proxyPass = "http://[::1]:8008"; -# "/admin/".alias = "${pkgs.synapse-admin}/"; - "/".root = pkgs.cinny.override { - conf = { - defaultHomeserver = 0; - homeserverList = [ - "matrix.ctu.cx" - "matrix.flauschekatze.space" - ]; - allowCustomHomesevrers = false; - }; - }; - }; - }; - - }; - }; - - }; - -}
diff --git a/machines/trabbi/matrix/default.nix b/machines/trabbi/matrix/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + + imports = [ + ./synapse.nix + ./mautrix-whatsapp.nix + ]; + +}+ \ No newline at end of file
diff --git a/machines/trabbi/matrix/mautrix-whatsapp.nix b/machines/trabbi/matrix/mautrix-whatsapp.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: + +{ + + services.matrix-synapse.settings.app_service_config_files = [ + "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" + ]; + + users.users.matrix-synapse.extraGroups = [ + "mautrix-whatsapp" + ]; + + services.mautrix-whatsapp = { + enable = true; + settings = { + homeserver.address = "https://matrix.ctu.cx"; + homeserver.domain = "ctu.cx"; + + metrics.enabled = true; + + whatsapp.os_name = "Mautrix-WhatsApp bridge (ctu.cx)"; + + appservice = { + address = "http://localhost:29318"; + hostname = "[::1]"; + port = 29318; + + id = "whatsapp"; + + database.type = "sqlite3-fk-wal"; + database.uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate"; + }; + + bridge = { + command_prefix = "!wa"; + displayname_template = "{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)"; + username_template = "whatsapp_{{.}}"; + + delivery_receipts = true; + message_status_events = true; + message_error_notices = true; + call_start_notices = true; + identity_change_notices = true; + user_avatar_sync = true; + personal_filtering_spaces = true; + + encryption.allow = true; + + permissions = { + "ctu.cx" = "user"; + }; + + history_sync = { + backfill = true; + message_count = 250; + request_full_sync = true; + }; + + relay = { + enabled = true; + }; + }; + + }; + }; + +}+ \ No newline at end of file
diff --git a/machines/trabbi/matrix/synapse.nix b/machines/trabbi/matrix/synapse.nix @@ -0,0 +1,122 @@ +{ inputs, config, lib, pkgs, ... }: + +{ + + dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ]; + + age.secrets = { + restic-matrix-synapse.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/matrix-synapse.age"; + matrix-registration_shared_secret = { + file = ./. + "/../../../secrets/${config.networking.hostName}/matrix-synapse/registration_shared_secret.age"; + owner = "matrix-synapse"; + }; + + restic-backups.matrix-synapse = { + user = "matrix-synapse"; + passwordFile = config.age.secrets.restic-matrix-synapse.path; + postgresDatabases = [ "matrix-synapse" ]; + paths = [ "/var/lib/matrix-synapse" ]; + }; + + systemd.services.matrix-synapse = { + onFailure = [ "email-notify@%i.service" ]; + }; + + services = { + postgresql = { + enable = true; + ensureUsers = [{ + name = "matrix-sliding-sync-proxy"; + ensurePermissions."DATABASE syncv3" = "ALL PRIVILEGES"; + }]; + ensureDatabases = [ "syncv3" ]; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + + matrix-synapse = { + enable = true; + withJemalloc = true; + settings = { + server_name = "ctu.cx"; + public_baseurl = "https://matrix.ctu.cx/"; + max_upload_size = "100M"; + dynamic_thumbnails = true; + enable_registration = false; + enable_registration_without_verification = false; + registration_shared_secret_file = config.age.secrets.matrix-registration_shared_secret.path; + listeners = [{ + bind_addresses = [ "::1" ]; + port = 8008; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { names = [ "client" ]; compress = true; } + { names = [ "federation" ]; compress = false; } + ]; + }]; + }; + }; + + matrix-sliding-sync-proxy = { + enable = true; + dbName = "syncv3"; + bind = "[::1]:8009"; + server = "http://[::1]:8008"; + package = pkgs.matrix-sliding-sync; + }; + + nginx = { + enable = true; + virtualHosts = { + + "ctu.cx" = let + matrixServerConfig = { "m.server" = "matrix.ctu.cx:443"; }; + matrixClientConfig = { "m.homeserver" = { "base_url" = "https://matrix.ctu.cx"; }; "org.matrix.msc3575.proxy" = { "url" = "https://matrix.ctu.cx"; }; }; + in { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON matrixServerConfig}'; + ''; + locations."/.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON matrixClientConfig}'; + ''; + }; + + "matrix.ctu.cx" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations = { + "/_matrix".proxyPass = "http://[::1]:8008"; + "/_matrix/client/unstable/org.matrix.msc3575/".proxyPass = "http://[::1]:8009/_matrix/client/unstable/org.matrix.msc3575/"; +# "/_synapse".proxyPass = "http://[::1]:8008"; +# "/admin/".alias = "${pkgs.synapse-admin}/"; + "/".root = pkgs.cinny.override { + conf = { + defaultHomeserver = 0; + homeserverList = [ + "matrix.ctu.cx" + ]; + allowCustomHomesevrers = false; + }; + }; + }; + }; + + }; + }; + + }; + +}