sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions
synix/modules/nixos/matrix-synapse/bridges.nix
sid 95a533c876
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details
initial commit
2026-02-23 20:34:35 +01:00

151 lines
4.2 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.matrix-synapse;
mkMautrixBridgeOptions = name: pkgName: {
enable = mkEnableOption "Mautrix-${name} for your Matrix-Synapse instance.";
package = mkPackageOption pkgs pkgName { };
admin = mkOption {
type = types.str;
description = "The user to give admin permissions to.";
example = "@admin:example.com";
};
};
mkMautrixBridge = name: port: {
environment.systemPackages = [ cfg.bridges.${name}.package ];
services."mautrix-${name}" = {
enable = true;
package = cfg.bridges.${name}.package;
environmentFile = mkIf cfg.sops config.sops.templates."mautrix-${name}/env-file".path;
settings = {
bridge = {
permissions = {
"*" = "relay";
"${cfg.settings.server_name}" = "user";
"${cfg.bridges.${name}.admin}" = "admin";
};
};
homeserver = {
address = "http://localhost:${toString cfg.port}";
domain = cfg.settings.server_name;
};
appservice = {
address = "http://localhost:${toString port}";
public_address = cfg.settings.public_baseurl;
hostname = "localhost";
inherit port;
};
provisioning.shared_secret = "$MAUTRIX_${toUpper name}_PROVISIONING_SHARED_SECRET";
public_media = {
enabled = false;
signing_key = "$MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY";
};
direct_media = {
enabled = false;
server_key = "$MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY";
};
backfill = {
enabled = true;
};
encryption = {
allow = true;
default = true;
require = false;
pickle_key = "$MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY";
};
};
};
sops = mkIf cfg.sops (
let
owner = "mautrix-${name}";
group = "mautrix-${name}";
mode = "0400";
in
{
secrets."mautrix-${name}/encryption-pickle-key" = {
inherit owner group mode;
};
secrets."mautrix-${name}/provisioning-shared-secret" = {
inherit owner group mode;
};
secrets."mautrix-${name}/public-media-signing-key" = {
inherit owner group mode;
};
secrets."mautrix-${name}/direct-media-server-key" = {
inherit owner group mode;
};
templates."mautrix-${name}/env-file" = {
inherit owner group mode;
content = ''
MAUTRIX_${toUpper name}_ENCRYPTION_PICKLE_KEY=${
config.sops.placeholder."mautrix-${name}/encryption-pickle-key"
}
MAUTRIX_${toUpper name}_PROVISIONING_SHARED_SECRET=${
config.sops.placeholder."mautrix-${name}/provisioning-shared-secret"
}
MAUTRIX_${toUpper name}_PUBLIC_MEDIA_SIGNING_KEY=${
config.sops.placeholder."mautrix-${name}/public-media-signing-key"
}
MAUTRIX_${toUpper name}_DIRECT_MEDIA_SERVER_KEY=${
config.sops.placeholder."mautrix-${name}/direct-media-server-key"
}
'';
};
}
);
};
inherit (lib)
mkEnableOption
mkIf
mkMerge
mkOption
mkPackageOption
toUpper
types
;
inherit (builtins) toString;
in
{
options.services.matrix-synapse = {
bridges = {
whatsapp = mkMautrixBridgeOptions "WhatsApp" "mautrix-whatsapp";
signal = mkMautrixBridgeOptions "Signal" "mautrix-signal";
};
};
config = mkMerge [
(mkIf cfg.bridges.whatsapp.enable (mkMautrixBridge "whatsapp" 29318))
(mkIf cfg.bridges.whatsapp.enable {
services.mautrix-whatsapp = {
settings = {
network = {
displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
history_sync.request_full_sync = true;
};
};
};
})
(mkIf cfg.bridges.signal.enable (mkMautrixBridge "signal" 29328))
(mkIf cfg.bridges.signal.enable {
services.mautrix-signal = {
settings = {
network = {
displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\" }} (S)";
};
};
};
})
];
}
Reference in a new issue View git blame Copy permalink