mautrix-signal: get a *little* closer to working
it looks like mautrix-signal reads the appserver token (AS_TOKEN) from its config file -- which we place in the nix store. as such, we have no easy way of getting the token from registration.yaml over to mautrix-signal. this is presumably what the environmentFile stuff is meant for, but it doesn't *really* help much. i think it makes sense to pursue coffeetables' nix-matrix-appservices module, which has good-looking AS_TOKEN support: <https://gitlab.com/coffeetables/nix-matrix-appservices>
This commit is contained in:
parent
0eb46a3179
commit
9eafacad12
|
@ -23,6 +23,8 @@
|
|||
sane.ids.mediawiki.uid = 2402;
|
||||
sane.ids.signald.uid = 2403;
|
||||
sane.ids.signald.gid = 2403;
|
||||
sane.ids.mautrix-signal.uid = 2404;
|
||||
sane.ids.mautrix-signal.gid = 2404;
|
||||
|
||||
sane.ids.colin.uid = 1000;
|
||||
sane.ids.guest.uid = 1100;
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
services.signald.enable = true;
|
||||
services.mautrix-signal.enable = true;
|
||||
|
||||
services.mautrix-signal.settings.homeserver.domain = "uninsane.org";
|
||||
services.matrix-synapse.settings.app_service_config_files = [
|
||||
# auto-created by mautrix-signal service
|
||||
"/var/lib/mautrix-signal/signal-registration.yaml"
|
||||
|
|
|
@ -23,6 +23,7 @@ in
|
|||
homeserver = {
|
||||
address = "http://localhost:8008";
|
||||
software = "standard";
|
||||
# domain = "SETME";
|
||||
};
|
||||
|
||||
appservice = rec {
|
||||
|
@ -45,16 +46,17 @@ in
|
|||
logging = {
|
||||
version = 1;
|
||||
|
||||
formatters.journal_fmt.format = "%(name)s: %(message)s";
|
||||
handlers.journal = {
|
||||
class = "systemd.journal.JournalHandler";
|
||||
formatter = "journal_fmt";
|
||||
SYSLOG_IDENTIFIER = "mautrix-signal";
|
||||
formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
|
||||
|
||||
handlers.console = {
|
||||
class = "logging.StreamHandler";
|
||||
formatter = "precise";
|
||||
};
|
||||
# log to systemd instead of file/console
|
||||
|
||||
# log to console/systemd instead of file
|
||||
root = {
|
||||
level = "INFO";
|
||||
handlers = ["journal"];
|
||||
handlers = ["console"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -92,6 +94,13 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.groups.mautrix-signal = {};
|
||||
|
||||
users.users.mautrix-signal = {
|
||||
group = "mautrix-signal";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
systemd.services.mautrix-signal = {
|
||||
description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
|
||||
|
||||
|
@ -100,6 +109,8 @@ in
|
|||
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
|
||||
path = [ pkgs.ffmpeg ]; # voice messages need `ffmpeg`
|
||||
|
||||
# environment.HOME = dataDir;
|
||||
|
||||
preStart = ''
|
||||
# generate the appservice's registration file if absent
|
||||
if [ ! -f '${registrationFile}' ]; then
|
||||
|
@ -115,20 +126,23 @@ in
|
|||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
User = "mautrix-signal";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
|
||||
DynamicUser = true;
|
||||
PrivateTmp = true;
|
||||
StateDirectory = baseNameOf dataDir;
|
||||
# WorkingDirectory = pkgs.mautrix-signal;
|
||||
# StateDirectory = baseNameOf dataDir;
|
||||
UMask = "0027";
|
||||
|
||||
ExecStart = ''
|
||||
${pkgs.mautrix-signal}/bin/mautrix-signal \
|
||||
--config='${settingsFile}'
|
||||
--config='${settingsFile}' \
|
||||
--no-update
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user