2022-04-27 06:38:39 +00:00
|
|
|
# docs: https://nixos.wiki/wiki/Matrix
|
|
|
|
# docs: https://nixos.org/manual/nixos/stable/index.html#module-services-matrix-synapse
|
2022-06-09 00:03:41 +00:00
|
|
|
{ config, ... }:
|
2022-04-27 06:38:39 +00:00
|
|
|
|
|
|
|
{
|
2022-08-01 07:23:49 +00:00
|
|
|
sane.impermanence.service-dirs = [
|
2022-07-11 00:58:16 +00:00
|
|
|
# TODO: mode?
|
2022-07-15 08:01:41 +00:00
|
|
|
# user and group are both "matrix-appservice-irc"
|
2022-07-11 00:58:16 +00:00
|
|
|
{ user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }
|
|
|
|
{ user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; }
|
|
|
|
];
|
2022-04-27 06:38:39 +00:00
|
|
|
services.matrix-synapse.enable = true;
|
2022-05-28 19:35:43 +00:00
|
|
|
services.matrix-synapse.settings.server_name = "uninsane.org";
|
2022-04-27 06:38:39 +00:00
|
|
|
|
|
|
|
# services.matrix-synapse.enable_registration_captcha = true;
|
|
|
|
# services.matrix-synapse.enable_registration_without_verification = true;
|
2022-05-28 19:35:43 +00:00
|
|
|
services.matrix-synapse.settings.enable_registration = true;
|
2022-04-27 06:38:39 +00:00
|
|
|
# services.matrix-synapse.registration_shared_secret = "<shared key goes here>";
|
|
|
|
|
|
|
|
# default for listeners is port = 8448, tls = true, x_forwarded = false.
|
|
|
|
# we change this because the server is situated behind nginx.
|
2022-05-28 19:35:43 +00:00
|
|
|
services.matrix-synapse.settings.listeners = [
|
2022-04-27 06:38:39 +00:00
|
|
|
{
|
|
|
|
port = 8008;
|
2022-05-28 19:35:43 +00:00
|
|
|
bind_addresses = [ "127.0.0.1" ];
|
2022-04-27 06:38:39 +00:00
|
|
|
type = "http";
|
|
|
|
tls = false;
|
|
|
|
x_forwarded = true;
|
|
|
|
resources = [
|
|
|
|
{
|
|
|
|
names = [ "client" "federation" ];
|
|
|
|
compress = false;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2022-05-28 19:35:43 +00:00
|
|
|
services.matrix-synapse.settings.admin_contact = "admin.matrix@uninsane.org";
|
|
|
|
services.matrix-synapse.settings.registrations_require_3pid = [ "email" ];
|
2022-06-09 00:03:41 +00:00
|
|
|
|
|
|
|
services.matrix-synapse.extraConfigFiles = [
|
|
|
|
config.sops.secrets.matrix_synapse_secrets.path
|
|
|
|
];
|
2022-05-28 19:35:43 +00:00
|
|
|
|
|
|
|
# services.matrix-synapse.extraConfigFiles = [builtins.toFile "matrix-synapse-extra-config" ''
|
|
|
|
# admin_contact: "admin.matrix@uninsane.org"
|
|
|
|
# registrations_require_3pid:
|
|
|
|
# - email
|
|
|
|
# email:
|
|
|
|
# smtp_host: "mx.uninsane.org"
|
|
|
|
# smtp_port: 587
|
|
|
|
# smtp_user: "matrix-synapse"
|
|
|
|
# smtp_pass: "${secrets.matrix-synapse.smtp_pass}"
|
|
|
|
# require_transport_security: true
|
|
|
|
# enable_tls: true
|
|
|
|
# notif_from: "%(app)s <notify.matrix@uninsane.org>"
|
|
|
|
# app_name: "Uninsane Matrix"
|
|
|
|
# enable_notifs: true
|
|
|
|
# validation_token_lifetime: 96h
|
|
|
|
# invite_client_location: "https://web.matrix.uninsane.org"
|
|
|
|
# subjects:
|
|
|
|
# email_validation: "[%(server_name)s] Validate your email"
|
|
|
|
# ''];
|
|
|
|
services.matrix-synapse.settings.app_service_config_files = [
|
2022-05-08 05:03:43 +00:00
|
|
|
"/var/lib/matrix-appservice-irc/registration.yml" # auto-created by irc appservice
|
|
|
|
];
|
2022-04-27 06:38:39 +00:00
|
|
|
|
|
|
|
# new users may be registered on the CLI:
|
2022-05-10 01:18:07 +00:00
|
|
|
# register_new_matrix_user -c /nix/store/8n6kcka37jhmi4qpd2r03aj71pkyh21s-homeserver.yaml http://localhost:8008
|
|
|
|
#
|
|
|
|
# or provide an registration token then can use to register through the client.
|
|
|
|
# docs: https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/admin_api/registration_tokens.md
|
|
|
|
# first, grab your own user's access token (Help & About section in Element). then:
|
|
|
|
# curl --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens
|
|
|
|
# create a token with unlimited uses:
|
|
|
|
# curl -d '{}' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
|
|
|
|
# create a token with limited uses:
|
|
|
|
# curl -d '{ "uses_allowed": 1 }' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
|
2022-05-08 05:03:43 +00:00
|
|
|
|
|
|
|
# IRC bridging
|
|
|
|
# note: Rizon allows only FOUR simultaneous IRC connections per IP: https://wiki.rizon.net/index.php?title=Connection/Session_Limit_Exemptions
|
|
|
|
# Rizon supports CertFP for auth: https://wiki.rizon.net/index.php?title=CertFP
|
2022-05-17 01:58:12 +00:00
|
|
|
# services.matrix-appservice-irc.enable = true;
|
2022-05-08 05:03:43 +00:00
|
|
|
services.matrix-appservice-irc.registrationUrl = "http://127.0.0.1:8009";
|
|
|
|
# settings documented here: https://github.com/matrix-org/matrix-appservice-irc/blob/develop/config.sample.yaml
|
|
|
|
services.matrix-appservice-irc.settings = {
|
|
|
|
homeserver = {
|
|
|
|
url = "http://127.0.0.1:8008";
|
|
|
|
dropMatrixMessagesAfterSecs = 300;
|
|
|
|
domain = "uninsane.org";
|
|
|
|
enablePresence = true;
|
|
|
|
bindPort = 9999;
|
|
|
|
bindHost = "127.0.0.1";
|
|
|
|
};
|
2022-05-08 06:30:22 +00:00
|
|
|
|
2022-05-08 05:03:43 +00:00
|
|
|
ircService = {
|
|
|
|
servers = {
|
|
|
|
"irc.rizon.net" = {
|
|
|
|
name = "Rizon";
|
|
|
|
port = 6697; # SSL port
|
|
|
|
ssl = true;
|
2022-05-08 08:44:31 +00:00
|
|
|
sasl = true; # appservice doesn't support NickServ identification
|
2022-05-08 05:03:43 +00:00
|
|
|
botConfig = {
|
|
|
|
# bot has no presence in IRC channel; only real Matrix users
|
|
|
|
enabled = false;
|
2022-05-08 08:44:31 +00:00
|
|
|
# nick = "UninsaneDotOrg";
|
|
|
|
nick = "uninsane";
|
2022-05-08 06:30:22 +00:00
|
|
|
username = "uninsane";
|
2022-05-08 05:03:43 +00:00
|
|
|
};
|
|
|
|
dynamicChannels = {
|
|
|
|
enabled = true;
|
|
|
|
aliasTemplate = "#irc_rizon_$CHANNEL";
|
|
|
|
};
|
|
|
|
ircClients = {
|
2022-05-08 08:44:31 +00:00
|
|
|
nickTemplate = "$LOCALPARTsane";
|
2022-05-08 06:30:22 +00:00
|
|
|
# by default, Matrix will convert messages greater than (3) lines into a pastebin-like URL to send to IRC.
|
|
|
|
lineLimit = 20;
|
2022-05-08 05:03:43 +00:00
|
|
|
};
|
|
|
|
matrixClients = {
|
2022-05-08 06:30:22 +00:00
|
|
|
userTemplate = "@irc_rizon_$NICK"; # the :uninsane.org part is appended automatically
|
2022-05-08 05:03:43 +00:00
|
|
|
};
|
|
|
|
|
2022-05-08 08:44:31 +00:00
|
|
|
# this will let this user message the appservice with `!join #<IRCChannel>` and the rest "Just Works"
|
|
|
|
"@colin:uninsane.org" = "admin";
|
|
|
|
|
2022-05-08 05:03:43 +00:00
|
|
|
membershipLists = {
|
|
|
|
enabled = true;
|
|
|
|
global = {
|
|
|
|
ircToMatrix = {
|
|
|
|
initial = true;
|
|
|
|
incremental = true;
|
2022-05-08 06:30:22 +00:00
|
|
|
requireMatrixJoined = false;
|
2022-05-08 05:03:43 +00:00
|
|
|
};
|
|
|
|
matrixToIrc = {
|
|
|
|
initial = true;
|
|
|
|
incremental = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-05-08 06:30:22 +00:00
|
|
|
# sync room description?
|
|
|
|
bridgeInfoState = {
|
|
|
|
enabled = true;
|
|
|
|
initial = true;
|
|
|
|
};
|
2022-05-08 05:03:43 +00:00
|
|
|
|
2022-05-08 08:44:31 +00:00
|
|
|
# hardcoded mappings, for when dynamicChannels fails us. TODO: probably safe to remove these.
|
2022-05-17 01:58:12 +00:00
|
|
|
# mappings = {
|
|
|
|
# "#chat" = {
|
|
|
|
# roomIds = [ "!GXJSOTdbtxRboGtDep:uninsane.org" ];
|
|
|
|
# };
|
|
|
|
# # BakaBT requires account registration, which i think means my user needs to be added before the appservice user
|
|
|
|
# "#BakaBT" = {
|
|
|
|
# roomIds = [ "!feZKttuYuHilqPFSkD:uninsane.org" ];
|
|
|
|
# };
|
|
|
|
# };
|
2022-05-08 08:44:31 +00:00
|
|
|
# for per-user IRC password:
|
|
|
|
# invite @irc_rizon_NickServ:uninsane.org to a DM and type `help` => register
|
|
|
|
# invite the matrix-appservice-irc user to a DM and type `!help` => add PW to database
|
|
|
|
# passwordEncryptionKeyPath = "/path/to/privkey"; # appservice will generate its own if unspecified
|
2022-05-08 05:03:43 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-06-09 00:03:41 +00:00
|
|
|
|
|
|
|
sops.secrets.matrix_synapse_secrets = {
|
2022-06-12 22:11:41 +00:00
|
|
|
sopsFile = ../../../secrets/servo.yaml;
|
2022-06-09 00:03:41 +00:00
|
|
|
owner = config.users.users.matrix-synapse.name;
|
|
|
|
};
|
2022-04-27 06:38:39 +00:00
|
|
|
}
|