
171 lines
6.7 KiB

# docs:
# docs:
{ config, ... }:
sane.impermanence.service-dirs = [
# TODO: mode?
# user and group are both "matrix-appservice-irc"
{ user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }
{ user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; }
services.matrix-synapse.enable = true;
services.matrix-synapse.settings.log_config = ./synapse-log_level.yaml;
services.matrix-synapse.settings.server_name = "";
# services.matrix-synapse.enable_registration_captcha = true;
# services.matrix-synapse.enable_registration_without_verification = true;
services.matrix-synapse.settings.enable_registration = true;
# services.matrix-synapse.registration_shared_secret = "<shared key goes here>";
# default for listeners is port = 8448, tls = true, x_forwarded = false.
# we change this because the server is situated behind nginx.
services.matrix-synapse.settings.listeners = [
port = 8008;
bind_addresses = [ "" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
names = [ "client" "federation" ];
compress = false;
services.matrix-synapse.settings.admin_contact = "";
services.matrix-synapse.settings.registrations_require_3pid = [ "email" ];
services.matrix-synapse.extraConfigFiles = [
# services.matrix-synapse.extraConfigFiles = [builtins.toFile "matrix-synapse-extra-config" ''
# admin_contact: ""
# registrations_require_3pid:
# - email
# email:
# smtp_host: ""
# smtp_port: 587
# smtp_user: "matrix-synapse"
# smtp_pass: "${secrets.matrix-synapse.smtp_pass}"
# require_transport_security: true
# enable_tls: true
# notif_from: "%(app)s <>"
# app_name: "Uninsane Matrix"
# enable_notifs: true
# validation_token_lifetime: 96h
# invite_client_location: ""
# subjects:
# email_validation: "[%(server_name)s] Validate your email"
# ''];
services.matrix-synapse.settings.app_service_config_files = [
"/var/lib/matrix-appservice-irc/registration.yml" # auto-created by irc appservice
# new users may be registered on the CLI:
# register_new_matrix_user -c /nix/store/8n6kcka37jhmi4qpd2r03aj71pkyh21s-homeserver.yaml http://localhost:8008
# or provide an registration token then can use to register through the client.
# docs:
# first, grab your own user's access token (Help & About section in Element). then:
# curl --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens
# create a token with unlimited uses:
# curl -d '{}' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
# create a token with limited uses:
# curl -d '{ "uses_allowed": 1 }' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
# IRC bridging
# note: Rizon allows only FOUR simultaneous IRC connections per IP:
# Rizon supports CertFP for auth:
# services.matrix-appservice-irc.enable = true;
services.matrix-appservice-irc.registrationUrl = "";
# settings documented here:
services.matrix-appservice-irc.settings = {
homeserver = {
url = "";
dropMatrixMessagesAfterSecs = 300;
domain = "";
enablePresence = true;
bindPort = 9999;
bindHost = "";
ircService = {
servers = {
"" = {
name = "Rizon";
port = 6697; # SSL port
ssl = true;
sasl = true; # appservice doesn't support NickServ identification
botConfig = {
# bot has no presence in IRC channel; only real Matrix users
enabled = false;
# nick = "UninsaneDotOrg";
nick = "uninsane";
username = "uninsane";
dynamicChannels = {
enabled = true;
aliasTemplate = "#irc_rizon_$CHANNEL";
ircClients = {
nickTemplate = "$LOCALPARTsane";
# by default, Matrix will convert messages greater than (3) lines into a pastebin-like URL to send to IRC.
lineLimit = 20;
matrixClients = {
userTemplate = "@irc_rizon_$NICK"; # the part is appended automatically
# this will let this user message the appservice with `!join #<IRCChannel>` and the rest "Just Works"
"" = "admin";
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
requireMatrixJoined = false;
matrixToIrc = {
initial = true;
incremental = true;
# sync room description?
bridgeInfoState = {
enabled = true;
initial = true;
# hardcoded mappings, for when dynamicChannels fails us. TODO: probably safe to remove these.
# mappings = {
# "#chat" = {
# roomIds = [ "!" ];
# };
# # BakaBT requires account registration, which i think means my user needs to be added before the appservice user
# "#BakaBT" = {
# roomIds = [ "!" ];
# };
# };
# for per-user IRC password:
# invite to a DM and type `help` => register
# invite the matrix-appservice-irc user to a DM and type `!help` => add PW to database
# passwordEncryptionKeyPath = "/path/to/privkey"; # appservice will generate its own if unspecified
sops.secrets.matrix_synapse_secrets = {
sopsFile = ../../../../secrets/servo.yaml;
owner =;