summary refs log tree commit diff stats
path: root/system/services/matrix
diff options
context:
space:
mode:
authorsils <sils@sils.li>2023-10-14 15:28:05 +0200
committersils <sils@sils.li>2023-10-14 15:28:05 +0200
commit04e4866a17853d583c943b52ec2b9c5e7518e4ae (patch)
treebd079002dbebd4fffc533596c3f4e5a99a6b3a56 /system/services/matrix
parentFix(system/services/etebase): Add proxy parameters (diff)
parentfix(system/services/mastodon): Correctly avoid string casts (diff)
downloadnixos-server-04e4866a17853d583c943b52ec2b9c5e7518e4ae.tar.gz
nixos-server-04e4866a17853d583c943b52ec2b9c5e7518e4ae.zip
Merge branch 'main' into etebase
Diffstat (limited to '')
-rw-r--r--system/services/matrix/bridges/mautrix-whatsapp.nix149
-rw-r--r--system/services/matrix/default.nix35
2 files changed, 184 insertions, 0 deletions
diff --git a/system/services/matrix/bridges/mautrix-whatsapp.nix b/system/services/matrix/bridges/mautrix-whatsapp.nix
new file mode 100644
index 0000000..1c68af9
--- /dev/null
+++ b/system/services/matrix/bridges/mautrix-whatsapp.nix
@@ -0,0 +1,149 @@
+# TAKEN FROM: https://raw.githubusercontent.com/Vskilet/nixpkgs/mautrix-whatsapp2/nixos/modules/services/matrix/mautrix-whatsapp.nix
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.mautrix-whatsapp;
+  dataDir = "/var/lib/mautrix-whatsapp";
+  settingsFormat = pkgs.formats.json {};
+
+  registrationFile = "${dataDir}/whatsapp-registration.yaml";
+  settingsFile = settingsFormat.generate "config.json" cfg.settings;
+
+  startupScript = ''
+    ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
+      | .[0].appservice.hs_token = .[1].hs_token
+      | .[0]' ${settingsFile} ${registrationFile} \
+      > ${dataDir}/config.yml
+
+    ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
+      --config='${dataDir}/config.yml' \
+      --registration='${registrationFile}'
+  '';
+in {
+  options.services.mautrix-whatsapp = {
+    enable = mkEnableOption "Mautrix-whatsapp, a puppeting bridge between Matrix and WhatsApp.";
+
+    settings = mkOption rec {
+      apply = recursiveUpdate default;
+      inherit (settingsFormat) type;
+
+      description = lib.mdDoc ''
+        {file}`config.yaml` configuration as a Nix attribute set.
+        Configuration options should match those described in
+        [example-config.yaml](https://github.com/mautrix/whatsapp/blob/master/example-config.yaml).
+      '';
+      default = {
+        homeserver = {
+          domain = config.services.matrix-synapse.settings.server_name;
+        };
+        appservice = {
+          address = "http://localhost:29318";
+          hostname = "0.0.0.0";
+          port = 29318;
+          database = {
+            type = "sqlite3";
+            uri = "${dataDir}/mautrix-whatsapp.db";
+          };
+          id = "whatsapp";
+          bot = {
+            username = "whatsappbot";
+            displayname = "WhatsApp Bot";
+          };
+          as_token = "";
+          hs_token = "";
+        };
+        bridge = {
+          username_template = "whatsapp_{{.}}";
+          displayname_template = "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}";
+          command_prefix = "!wa";
+          permissions."*" = "relay";
+        };
+        relay = {
+          enabled = true;
+          management = "!whatsappbot:${toString config.services.matrix-synapse.settings.server_name}";
+        };
+        logging = {
+          directory = "${dataDir}/logs";
+          file_name_format = "{{.Date}}-{{.Index}}.log";
+          file_date_format = "2006-01-02";
+          file_mode = 0384;
+          timestamp_format = "Jan _2, 2006 15:04:05";
+          print_level = "info";
+        };
+      };
+      example = {
+        settings = {
+          homeserver.address = "https://matrix.myhomeserver.org";
+          bridge.permissions = {
+            "@admin:myhomeserver.org" = "admin";
+          };
+        };
+      };
+    };
+
+    serviceDependencies = mkOption {
+      type = with types; listOf str;
+      default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
+      defaultText = literalExpression ''
+        optional config.services.matrix-synapse.enable "matrix-synapse.service"
+      '';
+      description = lib.mdDoc ''
+        List of Systemd services to require and wait for when starting the application service.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.mautrix-whatsapp = {
+      description = "Mautrix-WhatsApp Service - A WhatsApp bridge for Matrix";
+
+      wantedBy = ["multi-user.target"];
+      wants = ["network-online.target"] ++ cfg.serviceDependencies;
+      after = ["network-online.target"] ++ cfg.serviceDependencies;
+
+      preStart = ''
+        # generate the appservice's registration file if absent
+        if [ ! -f '${registrationFile}' ]; then
+          ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
+            --generate-registration \
+            --config='${settingsFile}' \
+            --registration='${registrationFile}'
+        fi
+        chmod 640 ${registrationFile}
+      '';
+
+      script = startupScript;
+
+      serviceConfig = {
+        Type = "simple";
+        #DynamicUser = true;
+        PrivateTmp = true;
+        StateDirectory = baseNameOf dataDir;
+        WorkingDirectory = "${dataDir}";
+
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectControlGroups = true;
+        User = "mautrix-whatsapp";
+        Group = "matrix-synapse";
+        SupplementaryGroups = "matrix-synapse";
+        UMask = 0027;
+        Restart = "always";
+      };
+    };
+
+    users.groups.mautrix-whatsapp = {};
+    users.users.mautrix-whatsapp = {
+      isSystemUser = true;
+      group = "mautrix-whatsapp";
+      home = dataDir;
+    };
+    services.matrix-synapse.settings.app_service_config_files = ["${registrationFile}"];
+  };
+}
diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix
index 62345a7..ed3b567 100644
--- a/system/services/matrix/default.nix
+++ b/system/services/matrix/default.nix
@@ -12,15 +12,27 @@
     return 200 '${builtins.toJSON data}';
   '';
 in {
+  imports = [
+    ./bridges/mautrix-whatsapp.nix
+  ];
+
   networking.firewall.allowedTCPPorts = [80 443];
 
   services.postgresql.enable = true;
   services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
+    --Matrix:
     CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
     CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
       TEMPLATE template0
       LC_COLLATE = "C"
       LC_CTYPE = "C";
+
+    --Whatsapp-bridge:
+    CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
+    CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
+      TEMPLATE template0
+      LC_COLLATE = "C"
+      LC_CTYPE = "C";
   '';
 
   services.nginx = {
@@ -52,6 +64,29 @@ in {
     };
   };
 
+  services.mautrix-whatsapp = {
+    enable = true;
+    settings = {
+      appservice = {
+        database = {
+          type = "postgres";
+          uri = "postgres:///mautrix-whatsapp?host=/run/postgresql";
+        };
+        whatsapp = {
+          # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list.
+          # This also determints the whatsapp icon
+          browser_name = "unknown";
+        };
+      };
+      homeserver.address = "https://matrix.vhack.eu";
+      bridge.permissions = {
+        "@soispha:vhack.eu" = "admin";
+        "@sils:vhack.eu" = "admin";
+        "@nightingale:vhack.eu" = "admin";
+      };
+    };
+  };
+
   services.matrix-synapse = {
     enable = true;
     dataDir = "/var/lib/matrix";