mautrix-signal: get a *little* closer to working
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from its config file -- which we place in the nix store. as such, we have no easy way of getting the token from registration.yaml over to mautrix-signal. this is presumably what the environmentFile stuff is meant for, but it doesn't *really* help much. i think it makes sense to pursue coffeetables' nix-matrix-appservices module, which has good-looking AS_TOKEN support: <https://gitlab.com/coffeetables/nix-matrix-appservices>
This commit is contained in:
parent
0eb46a3179
commit
9eafacad12
|
@ -23,6 +23,8 @@
|
||||||
sane.ids.mediawiki.uid = 2402;
|
sane.ids.mediawiki.uid = 2402;
|
||||||
sane.ids.signald.uid = 2403;
|
sane.ids.signald.uid = 2403;
|
||||||
sane.ids.signald.gid = 2403;
|
sane.ids.signald.gid = 2403;
|
||||||
|
sane.ids.mautrix-signal.uid = 2404;
|
||||||
|
sane.ids.mautrix-signal.gid = 2404;
|
||||||
|
|
||||||
sane.ids.colin.uid = 1000;
|
sane.ids.colin.uid = 1000;
|
||||||
sane.ids.guest.uid = 1100;
|
sane.ids.guest.uid = 1100;
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
services.signald.enable = true;
|
services.signald.enable = true;
|
||||||
services.mautrix-signal.enable = true;
|
services.mautrix-signal.enable = true;
|
||||||
|
|
||||||
|
services.mautrix-signal.settings.homeserver.domain = "uninsane.org";
|
||||||
services.matrix-synapse.settings.app_service_config_files = [
|
services.matrix-synapse.settings.app_service_config_files = [
|
||||||
# auto-created by mautrix-signal service
|
# auto-created by mautrix-signal service
|
||||||
"/var/lib/mautrix-signal/signal-registration.yaml"
|
"/var/lib/mautrix-signal/signal-registration.yaml"
|
||||||
|
|
|
@ -23,6 +23,7 @@ in
|
||||||
homeserver = {
|
homeserver = {
|
||||||
address = "http://localhost:8008";
|
address = "http://localhost:8008";
|
||||||
software = "standard";
|
software = "standard";
|
||||||
|
# domain = "SETME";
|
||||||
};
|
};
|
||||||
|
|
||||||
appservice = rec {
|
appservice = rec {
|
||||||
|
@ -45,16 +46,17 @@ in
|
||||||
logging = {
|
logging = {
|
||||||
version = 1;
|
version = 1;
|
||||||
|
|
||||||
formatters.journal_fmt.format = "%(name)s: %(message)s";
|
formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
|
||||||
handlers.journal = {
|
|
||||||
class = "systemd.journal.JournalHandler";
|
handlers.console = {
|
||||||
formatter = "journal_fmt";
|
class = "logging.StreamHandler";
|
||||||
SYSLOG_IDENTIFIER = "mautrix-signal";
|
formatter = "precise";
|
||||||
};
|
};
|
||||||
# log to systemd instead of file/console
|
|
||||||
|
# log to console/systemd instead of file
|
||||||
root = {
|
root = {
|
||||||
level = "INFO";
|
level = "INFO";
|
||||||
handlers = ["journal"];
|
handlers = ["console"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -92,6 +94,13 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
users.groups.mautrix-signal = {};
|
||||||
|
|
||||||
|
users.users.mautrix-signal = {
|
||||||
|
group = "mautrix-signal";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.mautrix-signal = {
|
systemd.services.mautrix-signal = {
|
||||||
description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
|
description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
|
||||||
|
|
||||||
|
@ -100,6 +109,8 @@ in
|
||||||
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||||
path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg`
|
path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg`
|
||||||
|
|
||||||
|
# environment.HOME = dataDir;
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
# generate the appservice's registration file if absent
|
# generate the appservice's registration file if absent
|
||||||
if [ ! -f '${registrationFile}' ]; then
|
if [ ! -f '${registrationFile}' ]; then
|
||||||
|
@ -115,20 +126,23 @@ in
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
|
|
||||||
|
User = "mautrix-signal";
|
||||||
|
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
ProtectKernelTunables = true;
|
ProtectKernelTunables = true;
|
||||||
ProtectKernelModules = true;
|
ProtectKernelModules = true;
|
||||||
ProtectControlGroups = true;
|
ProtectControlGroups = true;
|
||||||
|
|
||||||
DynamicUser = true;
|
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
StateDirectory = baseNameOf dataDir;
|
# WorkingDirectory = pkgs.mautrix-signal;
|
||||||
|
# StateDirectory = baseNameOf dataDir;
|
||||||
UMask = "0027";
|
UMask = "0027";
|
||||||
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.mautrix-signal}/bin/mautrix-signal \
|
${pkgs.mautrix-signal}/bin/mautrix-signal \
|
||||||
--config='${settingsFile}'
|
--config='${settingsFile}' \
|
||||||
|
--no-update
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user