From ca239ca3e6fedea9449ba12add328b7f9466117d Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Wed, 5 Oct 2022 22:02:07 -0700
Subject: [PATCH] matrix: set up Discord bridge

verified working after i fill in the Discord secrets, but i need to find
a way to provide those outside of the nix store.
---
 machines/servo/services/ipfs.nix              |  2 +-
 machines/servo/services/matrix/default.nix    | 43 ++++++++++++++++++-
 .../02-auto-approve.patch                     | 16 +++++++
 pkgs/matrix-appservice-discord/default.nix    |  4 +-
 4 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 pkgs/matrix-appservice-discord/02-auto-approve.patch

diff --git a/machines/servo/services/ipfs.nix b/machines/servo/services/ipfs.nix
index e2383eab..083e25ba 100644
--- a/machines/servo/services/ipfs.nix
+++ b/machines/servo/services/ipfs.nix
@@ -12,7 +12,7 @@
     # TODO: mode? could be more granular
     { user = "261"; group = "261"; directory = "/var/lib/ipfs"; }
   ];
-  services.ipfs.enable = true;
+  # services.ipfs.enable = true;
   services.ipfs.localDiscovery = true;
   services.ipfs.swarmAddress = [
     # "/dns4/ipfs.uninsane.org/tcp/4001"
diff --git a/machines/servo/services/matrix/default.nix b/machines/servo/services/matrix/default.nix
index cb05e000..837806a6 100644
--- a/machines/servo/services/matrix/default.nix
+++ b/machines/servo/services/matrix/default.nix
@@ -1,12 +1,13 @@
 # docs: https://nixos.wiki/wiki/Matrix
 # docs: https://nixos.org/manual/nixos/stable/index.html#module-services-matrix-synapse
-{ config, ... }:
+{ config, lib, ... }:
 
 {
   sane.impermanence.service-dirs = [
     # TODO: mode?
     # user and group are both "matrix-appservice-irc"
     { user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }
+    { user = "matrix-appservice-discord"; group = "matrix-appservice-discord"; directory = "/var/lib/matrix-appservice-discord"; }
     { user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; }
   ];
   services.matrix-synapse.enable = true;
@@ -64,6 +65,7 @@
   # ''];
   services.matrix-synapse.settings.app_service_config_files = [
     "/var/lib/matrix-appservice-irc/registration.yml"  # auto-created by irc appservice
+    "/var/lib/matrix-appservice-discord/discord-registration.yaml"  # auto-created by discord appservice
   ];
 
   # new users may be registered on the CLI:
@@ -78,6 +80,45 @@
   # create a token with limited uses:
   #   curl -d '{ "uses_allowed": 1 }' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
 
+  # Discord bridging
+  # docs: https://github.com/matrix-org/matrix-appservice-discord
+  services.matrix-appservice-discord.enable = false;
+  services.matrix-appservice-discord.settings = {
+    bridge = {
+      homeserverUrl = "http://127.0.0.1:8008";
+      domain = "uninsane.org";
+      adminMxid = "admin.matrix@uninsane.org";
+      enableSelfServiceBridging = true;
+      disablePortalBridging = false;
+      disableInviteNotifications = false;
+    };
+    # these are marked as required in the yaml schema
+    auth = {
+      clientId = "FILLME";
+      botToken = "FILLME";
+      usePrivilegedIntents = false;
+    };
+    logging = {
+      # silly, verbose, info, http, warn, error, silent
+      console = "verbose";
+    };
+  };
+  # fix up to not use /var/lib/private, but just /var/lib
+  systemd.services.matrix-appservice-discord.serviceConfig = {
+    DynamicUser = lib.mkForce false;
+    User = "matrix-appservice-discord";
+    Group = "matrix-appservice-discord";
+  };
+  users.groups.matrix-appservice-discord = {};
+  users.users.matrix-appservice-discord = {
+    description = "User for the Matrix-Discord bridge";
+    group = "matrix-appservice-discord";
+    isSystemUser = true;
+  };
+  users.users.matrix-appservice-discord.uid = 2134;  # TODO: move to allocations
+  users.groups.matrix-appservice-discord.gid = 2134;  # TODO
+
+
   # IRC bridging
   # note: Rizon allows only FOUR simultaneous IRC connections per IP: https://wiki.rizon.net/index.php?title=Connection/Session_Limit_Exemptions
   # Rizon supports CertFP for auth: https://wiki.rizon.net/index.php?title=CertFP
diff --git a/pkgs/matrix-appservice-discord/02-auto-approve.patch b/pkgs/matrix-appservice-discord/02-auto-approve.patch
new file mode 100644
index 00000000..30db4300
--- /dev/null
+++ b/pkgs/matrix-appservice-discord/02-auto-approve.patch
@@ -0,0 +1,16 @@
+diff --git a/src/provisioner.ts b/src/provisioner.ts
+index c1568af..28a44c5 100644
+--- a/src/provisioner.ts
++++ b/src/provisioner.ts
+@@ -99,8 +99,9 @@
+         this.pendingRequests.set(channelId, approveFn);
+         setTimeout(() => approveFn(false, true), timeout);
+ 
+-        await channel.send(`${requestor} on matrix would like to bridge this channel. Someone with permission` +
+-            " to manage webhooks please reply with `!matrix approve` or `!matrix deny` in the next 5 minutes");
++        // await channel.send(`${requestor} on matrix would like to bridge this channel. Someone with permission` +
++        //     " to manage webhooks please reply with `!matrix approve` or `!matrix deny` in the next 5 minutes");
++        approveFn(true);
+         return await deferP;
+ 
+     }
diff --git a/pkgs/matrix-appservice-discord/default.nix b/pkgs/matrix-appservice-discord/default.nix
index 0a4ff198..5b093b60 100644
--- a/pkgs/matrix-appservice-discord/default.nix
+++ b/pkgs/matrix-appservice-discord/default.nix
@@ -4,8 +4,10 @@
   # 2022-10-05: the service can't login as an ordinary user unless i change the source
   doCheck = false;
   patches = (upstream.patches or []) ++ [
-    # bind to an IP address which is usable behind a netns
+    # don't register with better-discord as a bot
     ./01-puppet.patch
+    # don't ask Discord admin for approval before bridging
+    ./02-auto-approve.patch
   ];
 }))