WIP: matrix: add signal bridge

ejabberd: TODO: fix acme/nginx group membership
pin nheko package
2023-01-16 06:20:17 +00:00 · 2023-01-16 05:59:52 +00:00 · 2023-01-15 07:52:21 +00:00 · 2023-01-15 07:36:04 +00:00
5 changed files with 46 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -62,11 +62,11 @@
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-d3XSehPFkNwvwlOYy7gch0NLxOgdXuV7j5r/Qsn7kHc=",
-        "path": "nixpatches",
+        "path": "/nix/store/wq6rmmnd7yhw9w44k54w4x5v63ah1psr-source/nixpatches",
        "type": "path"
      },
      "original": {
-        "path": "nixpatches",
+        "path": "/nix/store/wq6rmmnd7yhw9w44k54w4x5v63ah1psr-source/nixpatches",
        "type": "path"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@@ -24,10 +24,9 @@
    # <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
    nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    nixpkgs = {
-      url = "path:nixpatches";
+      url = "./nixpatches";
      inputs.nixpkgs.follows = "nixpkgs-unpatched";
-      # XXX: `path:` urls have poor UX in that they still get "locked" and require manual updates as if they were remote.
+      # TODO: remove this dependency injection: it's from when we used url = path:...
      # by linking back to ourselves here, we can update `nixpatches/list.nix` *without* having to run `nix flake update` afterward.
      inputs.patches.follows = "";
    };
    mobile-nixos = {
--- a/hosts/servo/services/ejabberd.nix
+++ b/hosts/servo/services/ejabberd.nix
@@ -46,6 +46,8 @@
  }];
  # provide access to certs
  # TODO: this should just be `acme`. then we also add nginx to the `acme` group.
  #   why is /var/lib/acme/* owned by `nginx` group??
  users.users.ejabberd.extraGroups = [ "nginx" ];
  security.acme.certs."uninsane.org".extraDomainNames = [
--- a/hosts/servo/services/matrix/default.nix
+++ b/hosts/servo/services/matrix/default.nix
@@ -6,8 +6,16 @@
  imports = [
    ./discord-puppet.nix
    # ./irc.nix
    ./signal.nix
  ];
  services.matrix-appservices = {
    # configure defaults. used by e.g. ./signal.nix
    homeserverUrl = "http://127.0.0.1:8008";
    homeserverDomain = "uninsane.org";
    addRegistrationFiles = true;
  };
  sane.persist.sys.plaintext = [
    { user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
  ];
--- a/hosts/servo/services/matrix/signal.nix
+++ b/hosts/servo/services/matrix/signal.nix
@@ -0,0 +1,32 @@
 { ... }:
 {
  services.signald.enable = true;
  # TODO: required?
  # comes from <nix-matrix-appservices:examples/mautrix.nix>
  systemd.services.matrix-as-signal = {
    requires = [ "signald.service" ];
    after = [ "signald.service" ];
    unitConfig = {
      JoinsNamespaceOf = "signald.service";
    };
    path = [
      pkgs.ffmpeg # voice messages need `ffmpeg`
    ];
  };
  services.matrix-appservices.services.signal = {
    port = 29184;
    format = "mautrix-python";
    package = pkgs.mautrix-signal;
    serviceConfig = {
      StateDirectory = [ "matrix-as-signal" "signald" ];
      SupplementaryGroups = [ "signald" ];
    };
    settings.signal = {
      socket_path = config.services.signald.socketPath;
      outgoing_attachment_dir = "/var/lib/signald/tmp";
    };
  };
 }
Author	SHA1	Message	Date
colin	c9d08c72e7	WIP: matrix: add signal bridge	2023-01-16 06:20:17 +00:00
colin	b4e19c037e	ejabberd: TODO: fix acme/nginx group membership	2023-01-16 05:59:52 +00:00
colin	bd504f6c83	pin `nheko` package	2023-01-15 07:52:21 +00:00
colin	bdd309eb15	flake: convert `path:nixpatches` -> `./nixpatches` to fix poor flake input invalidation	2023-01-15 07:36:04 +00:00