From 0eb46a3179ec3a32f32f5be772c2d573fe7ef9cf Mon Sep 17 00:00:00 2001 From: colin Date: Mon, 16 Jan 2023 09:03:56 +0000 Subject: [PATCH] add mautrix-signal (experimental) --- hosts/common/ids.nix | 2 + hosts/servo/services/matrix/default.nix | 1 + hosts/servo/services/matrix/signal.nix | 10 ++ modules/services/default.nix | 1 + modules/services/mautrix-signal.nix | 136 ++++++++++++++++++++++++ 5 files changed, 150 insertions(+) create mode 100644 hosts/servo/services/matrix/signal.nix create mode 100644 modules/services/mautrix-signal.nix diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix index aefa1a2a..b319351e 100644 --- a/hosts/common/ids.nix +++ b/hosts/common/ids.nix @@ -21,6 +21,8 @@ sane.ids.freshrss.uid = 2401; sane.ids.freshrss.gid = 2401; sane.ids.mediawiki.uid = 2402; + sane.ids.signald.uid = 2403; + sane.ids.signald.gid = 2403; sane.ids.colin.uid = 1000; sane.ids.guest.uid = 1100; diff --git a/hosts/servo/services/matrix/default.nix b/hosts/servo/services/matrix/default.nix index bf830d52..3d7021ac 100644 --- a/hosts/servo/services/matrix/default.nix +++ b/hosts/servo/services/matrix/default.nix @@ -6,6 +6,7 @@ imports = [ ./discord-puppet.nix # ./irc.nix + ./signal.nix ]; sane.persist.sys.plaintext = [ diff --git a/hosts/servo/services/matrix/signal.nix b/hosts/servo/services/matrix/signal.nix new file mode 100644 index 00000000..ada3c0d8 --- /dev/null +++ b/hosts/servo/services/matrix/signal.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + services.signald.enable = true; + services.mautrix-signal.enable = true; + + services.matrix-synapse.settings.app_service_config_files = [ + # auto-created by mautrix-signal service + "/var/lib/mautrix-signal/signal-registration.yaml" + ]; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index 1ca1035c..d0ae9590 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,7 @@ ./duplicity.nix ./dyn-dns.nix ./kiwix-serve.nix + ./mautrix-signal.nix ./nixserve.nix ./trust-dns.nix ]; diff --git a/modules/services/mautrix-signal.nix b/modules/services/mautrix-signal.nix new file mode 100644 index 00000000..743cefcd --- /dev/null +++ b/modules/services/mautrix-signal.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + dataDir = "/var/lib/mautrix-signal"; + registrationFile = "${dataDir}/signal-registration.yaml"; + cfg = config.services.mautrix-signal; + settingsFormat = pkgs.formats.json {}; + settingsFile = + settingsFormat.generate "mautrix-signal-config.json" cfg.settings; +in +{ + options = { + services.mautrix-signal = { + enable = mkEnableOption (lib.mdDoc "Mautrix-Signal, a Matrix-Signal puppeting bridge"); + + settings = mkOption rec { + apply = recursiveUpdate default; + inherit (settingsFormat) type; + default = { + # defaults based on this upstream example config: + # - + homeserver = { + address = "http://localhost:8008"; + software = "standard"; + }; + + appservice = rec { + address = "http://${hostname}:${toString port}"; + hostname = "localhost"; + port = 29328; + + database = "sqlite:///${dataDir}/mautrix-signal.db"; + database_opts = {}; + bot_username = "signalbot"; + }; + + bridge = { + username_template = "signal_{userid}"; + permissions."*" = "relay"; + double_puppet_server_map = {}; + login_shared_secret_map = {}; + }; + + logging = { + version = 1; + + formatters.journal_fmt.format = "%(name)s: %(message)s"; + handlers.journal = { + class = "systemd.journal.JournalHandler"; + formatter = "journal_fmt"; + SYSLOG_IDENTIFIER = "mautrix-signal"; + }; + # log to systemd instead of file/console + root = { + level = "INFO"; + handlers = ["journal"]; + }; + }; + }; + example = literalExpression '' + { + homeserver = { + address = "http://localhost:8008"; + domain = "mydomain.example"; + }; + + bridge.permissions = { + "@admin:mydomain.example" = "admin"; + "mydomain.example" = "user"; + }; + } + ''; + description = lib.mdDoc '' + {file}`config.yaml` configuration as a Nix attribute set. + Configuration options should match those described in + [example-config.yaml](https://github.com/mautrix/signale/blob/master/mautrix_signal/example-config.yaml). + ''; + }; + + serviceDependencies = mkOption { + type = with types; listOf str; + default = optional config.services.matrix-synapse.enable "matrix-synapse.service"; + defaultText = literalExpression '' + optional config.services.matrix-synapse.enable "matrix-synapse.service" + ''; + description = lib.mdDoc '' + List of Systemd services to require and wait for when starting the application service. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.mautrix-signal = { + description = "Mautrix-Signal, a Matrix-Signal puppeting bridge."; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ] ++ cfg.serviceDependencies; + after = [ "network-online.target" ] ++ cfg.serviceDependencies; + path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg` + + preStart = '' + # generate the appservice's registration file if absent + if [ ! -f '${registrationFile}' ]; then + ${pkgs.mautrix-signal}/bin/mautrix-signal \ + --generate-registration \ + --base-config='${pkgs.mautrix-signal}/${pkgs.mautrix-signal.pythonModule.sitePackages}/mautrix_signal/example-config.yaml' \ + --config='${settingsFile}' \ + --registration='${registrationFile}' + fi + ''; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + + DynamicUser = true; + PrivateTmp = true; + StateDirectory = baseNameOf dataDir; + UMask = "0027"; + + ExecStart = '' + ${pkgs.mautrix-signal}/bin/mautrix-signal \ + --config='${settingsFile}' + ''; + }; + }; + }; +}