Feat(system): Add initial mautrix-telegram config mautrix-telegram

This won't work and isn't supposed to, in fact this commit is designed
to be squashed or rebased. The config in
system/services/matrix/bridges/mautrix-telegram/default.nix is mainly
copy-pasted from nixos-wiki.

4 files changed, 93 insertions, 0 deletions

diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index 5cd401c..39f4a65 100644
--- a/system/secrets/default.nix
+++ b/system/secrets/default.nix
@@ -13,6 +13,12 @@
         owner = "matrix-synapse";
         group = "matrix-synapse";
       };
+      mautrix-telegram_environment_file = {
+        file = ./mautrix-telegram/passwd.tix;
+        mode = "700";
+        owner = "mautrix-telegram";
+        group = "mautrix-telegram";
+      };
     };
   };
 }
diff --git a/system/secrets/mautrix-telegram/passwd.tix b/system/secrets/mautrix-telegram/passwd.tix
new file mode 100644
index 0000000..77b49a1
--- /dev/null
+++ b/system/secrets/mautrix-telegram/passwd.tix
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUFpzMlY0alllN3hhZkNS
+c3BWcmRzMXpBWUlFRW1iZS9kUk1yTDJIU1Q0CnlBSXRXODIyTmRkZlRsSFlKWnFz
+c3VpNVV5Z08wUjR1aXBTTEJaTFNPR00KLT4gWDI1NTE5IHhZUHFidmw2TU5Mamhx
+SWJxYm5NUGdzUWE1STFBZ3pvUXE0QzR0UXlNWFkKMW83djRpaXpCTk85Rm9XYXRO
+VDFSSGJ1MXdRNkp3enRiYVVZZFFxOWttNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg
+TTlpSER5MDNnWWE1QXJUYnp0aDFQVCtKQkFNeDNNTm9qNER5OFVweUNHdworM3JH
+SXBjYXZnWHdlTUdqNElobTRIaWVmWGVPQUlDc0xweUhFZ3FwcHI4Ci0+ICxpYW5I
+LWdyZWFzZSAkPSA5ZT1+VTA9PCB6NncKOWpiN0JzNGh2Y285V0c0Ci0tLSBsRXZq
+ZGJ3MGRDMjkxem90Z0RBRTRFOVBpazI3V215aGh3M29JYUMwWHpzCiqyW8IgNn41
+7ysY8UKDiPWeQ2v+1agnhcGTyMDk3ZGYjVnpkeMea+jA8XKVDpCr3J4nIOJn85uE
+AqIl7H7ZH2QH+3niN9iaophP3vIhaOXB/5XdFw7z/593oEx3jbrqsw722v7BRVm8
+hkOaBHR9TbvjIW6PkI28pPbA//B4Yp8GDdqqsO/3gGdDS/APb3cKbgn1ba5t064B
+K1aN+sACPPZNBkQ29vcNngziCtln/FDEBkHOaLnqSD1ZuU5n
+-----END AGE ENCRYPTED FILE-----
diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix
index 2fd4132..5f23972 100644
--- a/system/secrets/secrets.nix
+++ b/system/secrets/secrets.nix
@@ -14,4 +14,9 @@ in {
     sils
     server1
   ];
+  "mautrix-telegram/passwd.tix".publicKeys = [
+    soispha
+    sils
+    server1
+  ];
 }
diff --git a/system/services/matrix/bridges/mautrix-telegram/default.nix b/system/services/matrix/bridges/mautrix-telegram/default.nix
new file mode 100644
index 0000000..ec54321
--- /dev/null
+++ b/system/services/matrix/bridges/mautrix-telegram/default.nix
@@ -0,0 +1,67 @@
+{config, ...}: {
+  services.matrix-synapse.settings.app_service_config_files = [
+    # The registration file is automatically generated after starting the
+    # appservice for the first time.
+    # cp /var/lib/mautrix-telegram/telegram-registration.yaml \
+    #   /var/lib/matrix-synapse/
+    # chown matrix-synapse:matrix-synapse \
+    #   /var/lib/matrix-synapse/telegram-registration.yaml
+    "/var/lib/matrix-synapse/telegram-registration.yaml"
+  ];
+
+  services.mautrix-telegram = {
+    enable = true;
+
+    # file containing the appservice and telegram tokens
+    environmentFile = "${config.age.secrets.mautrix-telegram_environment_file.path}";
+
+    # The appservice is pre-configured to use SQLite by default.
+    # It's also possible to use PostgreSQL.
+    settings = {
+      homeserver = {
+        address = "http://localhost:8008";
+        domain = "domain.tld";
+      };
+      appservice = {
+        provisioning.enabled = false;
+        id = "telegram";
+        public = {
+          enabled = true;
+          prefix = "/public";
+          external = "http://domain.tld:8080/public";
+        };
+
+        # The service uses SQLite by default, but it's also possible to use
+        # PostgreSQL instead:
+        #database = "postgresql:///mautrix-telegram?host=/run/postgresql";
+      };
+      bridge = {
+        relaybot.authless_portals = false;
+        permissions = {
+          "@someadmin:domain.tld" = "admin";
+        };
+
+        # Animated stickers conversion requires additional packages in the
+        # service's path.
+        # If this isn't a fresh installation, clearing the bridge's uploaded
+        # file cache might be necessary (make a database backup first!):
+        # delete from telegram_file where \
+        #   mime_type in ('application/gzip', 'application/octet-stream')
+        animated_sticker = {
+          target = "gif";
+          args = {
+            width = 256;
+            height = 256;
+            fps = 30; # only for webm
+            background = "020202"; # only for gif, transparency not supported
+          };
+        };
+      };
+    };
+  };
+
+  systemd.services.mautrix-telegram.path = with pkgs; [
+    lottieconverter # for animated stickers conversion, unfree package
+    ffmpeg # if converting animated stickers to webm (very slow!)
+  ];
+}