2023-04-16 13:13:36 +00:00
|
|
|
# config docs:
|
|
|
|
# - <https://github.com/matrix-org/matrix-appservice-irc/blob/develop/config.sample.yaml>
|
|
|
|
# probably want to remove that.
|
2022-10-06 09:19:44 +00:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
2023-04-16 13:13:36 +00:00
|
|
|
let
|
2023-06-27 07:18:02 +00:00
|
|
|
ircServer = { name, additionalAddresses ? [], sasl ? true, port ? 6697 }: let
|
2023-04-16 13:13:36 +00:00
|
|
|
lowerName = lib.toLower name;
|
|
|
|
in {
|
2023-04-17 01:57:27 +00:00
|
|
|
# XXX sasl: appservice doesn't support NickServ identification (only SASL, or PASS if sasl = false)
|
2023-06-27 07:18:02 +00:00
|
|
|
inherit name additionalAddresses sasl port;
|
2023-04-16 13:13:36 +00:00
|
|
|
ssl = true;
|
|
|
|
botConfig = {
|
|
|
|
# bot has no presence in IRC channel; only real Matrix users
|
|
|
|
enabled = false;
|
|
|
|
# this is the IRC username/nickname *of the bot* (not visible in channels): not of the end-user.
|
|
|
|
# the irc username/nick of a mapped Matrix user is determined further down in `ircClients` section.
|
|
|
|
# if `enabled` is false, then this name probably never shows up on the IRC side (?)
|
|
|
|
nick = "uninsane";
|
|
|
|
username = "uninsane";
|
|
|
|
joinChannelsIfNoUsers = false;
|
|
|
|
};
|
|
|
|
dynamicChannels = {
|
|
|
|
enabled = true;
|
|
|
|
aliasTemplate = "#irc_${lowerName}_$CHANNEL";
|
|
|
|
published = false; # false => irc rooms aren't listed in homeserver public rooms list
|
|
|
|
federate = false; # false => Matrix users from other homeservers can't join IRC channels
|
|
|
|
};
|
|
|
|
ircClients = {
|
|
|
|
nickTemplate = "$LOCALPARTsane"; # @colin:uninsane.org (Matrix) -> colinsane (IRC)
|
2023-04-18 00:58:15 +00:00
|
|
|
realnameFormat = "reverse-mxid"; # @colin:uninsane.org (Matrix) -> org.uninsane:colin (IRC)
|
|
|
|
# realnameFormat = "localpart"; # @colin:uninsane.org (Matrix) -> colin (IRC) -- but requires the mxid patch below
|
2023-04-16 13:13:36 +00:00
|
|
|
# by default, Matrix will convert messages greater than (3) lines into a pastebin-like URL to send to IRC.
|
|
|
|
lineLimit = 20;
|
|
|
|
# Rizon in particular allows only 4 connections from one IP before a 30min ban.
|
|
|
|
# that's effectively reduced to 2 during a netsplit, or maybe during a restart.
|
|
|
|
# - https://wiki.rizon.net/index.php?title=Connection/Session_Limit_Exemptions
|
|
|
|
# especially, misconfigurations elsewhere in this config may cause hundreds of connections
|
|
|
|
# so this is a safeguard.
|
|
|
|
maxClients = 2;
|
|
|
|
# don't have the bridge disconnect me from IRC when idle.
|
|
|
|
idleTimeout = 0;
|
|
|
|
concurrentReconnectLimit = 2;
|
|
|
|
reconnectIntervalMs = 60000;
|
|
|
|
kickOn = {
|
|
|
|
# remove Matrix user from room when...
|
|
|
|
channelJoinFailure = false;
|
|
|
|
ircConnectionFailure = false;
|
|
|
|
userQuit = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
matrixClients = {
|
|
|
|
userTemplate = "@irc_${lowerName}_$NICK"; # the :uninsane.org part is appended automatically
|
|
|
|
};
|
|
|
|
|
|
|
|
# this will let this user message the appservice with `!join #<IRCChannel>` and the rest "Just Works"
|
|
|
|
"@colin:uninsane.org" = "admin";
|
|
|
|
|
|
|
|
membershipLists = {
|
|
|
|
enabled = true;
|
|
|
|
global = {
|
|
|
|
ircToMatrix = {
|
|
|
|
initial = true;
|
|
|
|
incremental = true;
|
|
|
|
requireMatrixJoined = false;
|
|
|
|
};
|
|
|
|
matrixToIrc = {
|
|
|
|
initial = true;
|
|
|
|
incremental = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ignoreIdleUsersOnStartup = {
|
|
|
|
enabled = false; # false => always bridge users, even if idle
|
|
|
|
};
|
|
|
|
};
|
|
|
|
# sync room description?
|
|
|
|
bridgeInfoState = {
|
|
|
|
enabled = true;
|
|
|
|
initial = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# for per-user IRC password:
|
|
|
|
# - invite @irc_${lowerName}_NickServ:uninsane.org to a DM and type `help` => register
|
|
|
|
# - invite the matrix-appservice-irc user to a DM and type `!help` => add PW to database
|
|
|
|
# to validate that i'm authenticated on the IRC network, DM @irc_${lowerName}_NickServ:uninsane.org:
|
|
|
|
# - send: `STATUS colinsane`
|
|
|
|
# - response should be `3`: "user recognized as owner via password identification"
|
|
|
|
# passwordEncryptionKeyPath = "/path/to/privkey"; # appservice will generate its own if unspecified
|
|
|
|
};
|
|
|
|
in
|
2022-10-06 09:19:44 +00:00
|
|
|
{
|
2023-04-18 00:58:15 +00:00
|
|
|
|
|
|
|
nixpkgs.overlays = [
|
|
|
|
(next: prev: {
|
|
|
|
matrix-appservice-irc = prev.matrix-appservice-irc.overrideAttrs (super: {
|
|
|
|
patches = super.patches or [] ++ [
|
|
|
|
./irc-no-reveal-bridge.patch
|
|
|
|
# ./irc-no-reveal-mxid.patch
|
|
|
|
];
|
|
|
|
});
|
|
|
|
})
|
|
|
|
];
|
|
|
|
|
2023-01-06 11:29:13 +00:00
|
|
|
sane.persist.sys.plaintext = [
|
2022-10-06 09:19:44 +00:00
|
|
|
# TODO: mode?
|
2023-07-08 00:56:20 +00:00
|
|
|
{ user = "matrix-appservice-irc"; group = "matrix-appservice-irc"; path = "/var/lib/matrix-appservice-irc"; }
|
2022-10-06 09:19:44 +00:00
|
|
|
];
|
|
|
|
|
2023-06-21 06:12:08 +00:00
|
|
|
# XXX: matrix-appservice-irc PreStart tries to chgrp the registration.yml to matrix-synapse,
|
|
|
|
# which requires matrix-appservice-irc to be of that group
|
|
|
|
users.users.matrix-appservice-irc.extraGroups = [ "matrix-synapse" ];
|
|
|
|
# weird race conditions around registration.yml mean we want matrix-synapse to be of matrix-appservice-irc group too.
|
|
|
|
users.users.matrix-synapse.extraGroups = [ "matrix-appservice-irc" ];
|
|
|
|
|
2022-10-06 09:19:44 +00:00
|
|
|
services.matrix-synapse.settings.app_service_config_files = [
|
|
|
|
"/var/lib/matrix-appservice-irc/registration.yml" # auto-created by irc appservice
|
|
|
|
];
|
|
|
|
|
2022-10-07 09:04:25 +00:00
|
|
|
services.matrix-appservice-irc.enable = true;
|
2022-10-06 09:19:44 +00:00
|
|
|
services.matrix-appservice-irc.registrationUrl = "http://127.0.0.1:8009";
|
|
|
|
services.matrix-appservice-irc.settings = {
|
|
|
|
homeserver = {
|
|
|
|
url = "http://127.0.0.1:8008";
|
|
|
|
dropMatrixMessagesAfterSecs = 300;
|
|
|
|
domain = "uninsane.org";
|
|
|
|
enablePresence = true;
|
|
|
|
bindPort = 9999;
|
|
|
|
bindHost = "127.0.0.1";
|
|
|
|
};
|
|
|
|
|
|
|
|
ircService = {
|
|
|
|
servers = {
|
2023-05-16 05:55:16 +00:00
|
|
|
"irc.esper.net" = ircServer {
|
|
|
|
name = "esper";
|
|
|
|
sasl = false;
|
|
|
|
# notable channels:
|
|
|
|
# - #merveilles
|
|
|
|
};
|
2023-05-19 10:47:30 +00:00
|
|
|
"irc.libera.chat" = ircServer {
|
|
|
|
name = "libera";
|
2023-05-24 07:40:35 +00:00
|
|
|
sasl = false;
|
2023-05-19 10:47:30 +00:00
|
|
|
# notable channels:
|
|
|
|
# - #hare
|
|
|
|
};
|
2023-04-16 13:13:36 +00:00
|
|
|
"irc.myanonamouse.net" = ircServer {
|
|
|
|
name = "MyAnonamouse";
|
|
|
|
additionalAddresses = [ "irc2.myanonamouse.net" ];
|
2023-04-17 01:57:27 +00:00
|
|
|
sasl = false;
|
2022-10-06 09:19:44 +00:00
|
|
|
};
|
2023-05-16 05:55:16 +00:00
|
|
|
"irc.oftc.net" = ircServer {
|
|
|
|
name = "oftc";
|
2023-06-27 07:18:02 +00:00
|
|
|
sasl = false;
|
2023-05-16 05:55:16 +00:00
|
|
|
# notable channels:
|
|
|
|
# - #sxmo
|
|
|
|
# - #sxmo-offtopic
|
2023-05-09 08:01:26 +00:00
|
|
|
};
|
2023-05-16 05:55:16 +00:00
|
|
|
"irc.rizon.net" = ircServer { name = "Rizon"; };
|
2022-10-06 09:19:44 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2023-06-21 06:12:08 +00:00
|
|
|
|
|
|
|
systemd.services.matrix-appservice-irc.serviceConfig = {
|
|
|
|
# XXX 2023/06/20: nixos specifies this + @aio and @memlock as forbidden
|
|
|
|
# the service actively uses at least one of these, and both of them are fairly innocuous
|
|
|
|
SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @setuid @swap";
|
|
|
|
};
|
2022-10-06 09:19:44 +00:00
|
|
|
}
|