WIP: matrix: add signal bridge

ejabberd: TODO: fix acme/nginx group membership
pin nheko package
2023-01-16 06:20:17 +00:00 · 2023-01-16 05:59:52 +00:00 · 2023-01-15 07:52:21 +00:00 · 2023-01-15 07:36:04 +00:00
6 changed files with 77 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -61,22 +61,22 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-9froWbTkSKX7cYSb0wh58TsftbHL0bNHay1yAW0Wiws=",
-        "path": "nixpatches",
+        "narHash": "sha256-d3XSehPFkNwvwlOYy7gch0NLxOgdXuV7j5r/Qsn7kHc=",
+        "path": "/nix/store/wq6rmmnd7yhw9w44k54w4x5v63ah1psr-source/nixpatches",
        "type": "path"
      },
      "original": {
-        "path": "nixpatches",
+        "path": "/nix/store/wq6rmmnd7yhw9w44k54w4x5v63ah1psr-source/nixpatches",
        "type": "path"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1673612960,
-        "narHash": "sha256-DWR7hrbecJKmUJCswk9MXZta710mq+3jZwTvHU/UfyY=",
+        "lastModified": 1673704454,
+        "narHash": "sha256-5Wdj1MgdOgn3+dMFIBtg+IAYZApjF8JzwLWDPieg0C4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e285dd0ca97c264003867c7329f0d1f4f028739c",
+        "rev": "a83ed85c14fcf242653df6f4b0974b7e1c73c6c6",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -24,10 +24,9 @@
    # <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
    nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    nixpkgs = {
-      url = "path:nixpatches";
+      url = "./nixpatches";
      inputs.nixpkgs.follows = "nixpkgs-unpatched";
-      # XXX: `path:` urls have poor UX in that they still get "locked" and require manual updates as if they were remote.
-      # by linking back to ourselves here, we can update `nixpatches/list.nix` *without* having to run `nix flake update` afterward.
+      # TODO: remove this dependency injection: it's from when we used url = path:...
      inputs.patches.follows = "";
    };
    mobile-nixos = {
@@ -85,6 +84,7 @@
                nixpkgs.overlays = [
                  self.overlays.default
                  self.overlays.passthru
+                  self.overlays.pins
                ];
              }
            ];
@@ -122,10 +122,11 @@
      overlays = rec {
        default = pkgs;
        pkgs = import ./overlays/pkgs.nix;
+        pins = import ./overlays/pins.nix;  # TODO: move to `nixpatches/` input
        passthru =
          let
            stable = next: prev: {
-              stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform}";
+              stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
            };
            mobile = (import "${mobile-nixos}/overlay/overlay.nix");
            uninsane = uninsane-dot-org.overlay;
--- a/hosts/servo/services/ejabberd.nix
+++ b/hosts/servo/services/ejabberd.nix
@@ -46,6 +46,8 @@
  }];

  # provide access to certs
+  # TODO: this should just be `acme`. then we also add nginx to the `acme` group.
+  #   why is /var/lib/acme/* owned by `nginx` group??
  users.users.ejabberd.extraGroups = [ "nginx" ];

  security.acme.certs."uninsane.org".extraDomainNames = [
--- a/hosts/servo/services/matrix/default.nix
+++ b/hosts/servo/services/matrix/default.nix
@@ -6,8 +6,16 @@
  imports = [
    ./discord-puppet.nix
    # ./irc.nix
+    ./signal.nix
  ];

+  services.matrix-appservices = {
+    # configure defaults. used by e.g. ./signal.nix
+    homeserverUrl = "http://127.0.0.1:8008";
+    homeserverDomain = "uninsane.org";
+    addRegistrationFiles = true;
+  };
+
  sane.persist.sys.plaintext = [
    { user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
  ];
--- a/hosts/servo/services/matrix/signal.nix
+++ b/hosts/servo/services/matrix/signal.nix
@@ -0,0 +1,32 @@
+{ ... }:
+{
+  services.signald.enable = true;
+
+  # TODO: required?
+  # comes from <nix-matrix-appservices:examples/mautrix.nix>
+  systemd.services.matrix-as-signal = {
+    requires = [ "signald.service" ];
+    after = [ "signald.service" ];
+    unitConfig = {
+      JoinsNamespaceOf = "signald.service";
+    };
+    path = [
+      pkgs.ffmpeg # voice messages need `ffmpeg`
+    ];
+  };
+
+
+  services.matrix-appservices.services.signal = {
+    port = 29184;
+    format = "mautrix-python";
+    package = pkgs.mautrix-signal;
+    serviceConfig = {
+      StateDirectory = [ "matrix-as-signal" "signald" ];
+      SupplementaryGroups = [ "signald" ];
+    };
+    settings.signal = {
+      socket_path = config.services.signald.socketPath;
+      outgoing_attachment_dir = "/var/lib/signald/tmp";
+    };
+  };
+}
--- a/overlays/pins.nix
+++ b/overlays/pins.nix
@@ -0,0 +1,24 @@
+(next: prev: {
+  inherit (next.stable)
+    # TODO(unpin): broken on 2023/01/14 via mtxclient dep, aarch64-only:
+    #   error: builder for '/nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv' failed with exit code 2;
+    #      last 10 log lines:
+    #      > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:370: CMakeFiles/matrix_client.dir/lib/structs/events/encrypted.cpp.o] Error 1
+    #      > In file included from /build/source/include/mtxclient/crypto/client.hpp:17,
+    #      >                  from /build/source/lib/crypto/utils.cpp:17:
+    #      > /build/source/include/mtx/identifiers.hpp:12:10: fatal error: compare: No such file or directory
+    #      >    12 | #include <compare>
+    #      >       |          ^~~~~~~~~
+    #      > compilation terminated.
+    #      > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:132: CMakeFiles/matrix_client.dir/lib/crypto/utils.cpp.o] Error 1
+    #      > make[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/matrix_client.dir/all] Error 2
+    #      > make: *** [Makefile:136: all] Error 2
+    #      For full logs, run 'nix log /nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv'.
+    #   error: 1 dependencies of derivation '/nix/store/4i2d1qdh4x6n23h1jbcbhm8q9q2hch9a-nheko-0.11.0.drv' failed to build
+    #   error: 1 dependencies of derivation '/nix/store/k4f7k7cvjp8rb7clhlfq3yxgs6lbfmk7-home-manager-path.drv' failed to build
+    #   error: 1 dependencies of derivation '/nix/store/67d9k554188lh4ddl4ar6j74mpc3r4sv-home-manager-generation.drv' failed to build
+    #   error: 1 dependencies of derivation '/nix/store/5qjxzhsw1jvh2d7jypbcam9409ivb472-user-environment.drv' failed to build
+    #   error: 1 dependencies of derivation '/nix/store/hrb3qpdbisqh0lzlyz1g9g4164khmqwn-etc.drv' failed to build
+    #   error: 1 dependencies of derivation '/nix/store/ny21xyicbgim5wy7ksg2hibd9gn7i01b-nixos-system-moby-23.05pre-git.drv' failed to build
+    nheko;
+})
Author	SHA1	Message	Date
colin	c9d08c72e7	WIP: matrix: add signal bridge	2023-01-16 06:20:17 +00:00
colin	b4e19c037e	ejabberd: TODO: fix acme/nginx group membership	2023-01-16 05:59:52 +00:00
colin	bd504f6c83	pin `nheko` package	2023-01-15 07:52:21 +00:00
colin	bdd309eb15	flake: convert `path:nixpatches` -> `./nixpatches` to fix poor flake input invalidation	2023-01-15 07:36:04 +00:00