From 98b152e9c15b56795419abde6e7b1f30def3d3d7 Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 24 Jul 2023 12:52:57 +0200 Subject: Feat(system): Add initial mautrix-telegram config This won't work and isn't supposed to, in fact this commit is designed to be squashed or rebased. The config in system/services/matrix/bridges/mautrix-telegram/default.nix is mainly copy-pasted from nixos-wiki. --- system/secrets/default.nix | 6 ++ system/secrets/mautrix-telegram/passwd.tix | 15 +++++ system/secrets/secrets.nix | 5 ++ .../matrix/bridges/mautrix-telegram/default.nix | 67 ++++++++++++++++++++++ 4 files changed, 93 insertions(+) create mode 100644 system/secrets/mautrix-telegram/passwd.tix create mode 100644 system/services/matrix/bridges/mautrix-telegram/default.nix diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 5cd401c..39f4a65 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -13,6 +13,12 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; + mautrix-telegram_environment_file = { + file = ./mautrix-telegram/passwd.tix; + mode = "700"; + owner = "mautrix-telegram"; + group = "mautrix-telegram"; + }; }; }; } diff --git a/system/secrets/mautrix-telegram/passwd.tix b/system/secrets/mautrix-telegram/passwd.tix new file mode 100644 index 0000000..77b49a1 --- /dev/null +++ b/system/secrets/mautrix-telegram/passwd.tix @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUFpzMlY0alllN3hhZkNS +c3BWcmRzMXpBWUlFRW1iZS9kUk1yTDJIU1Q0CnlBSXRXODIyTmRkZlRsSFlKWnFz +c3VpNVV5Z08wUjR1aXBTTEJaTFNPR00KLT4gWDI1NTE5IHhZUHFidmw2TU5Mamhx +SWJxYm5NUGdzUWE1STFBZ3pvUXE0QzR0UXlNWFkKMW83djRpaXpCTk85Rm9XYXRO +VDFSSGJ1MXdRNkp3enRiYVVZZFFxOWttNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +TTlpSER5MDNnWWE1QXJUYnp0aDFQVCtKQkFNeDNNTm9qNER5OFVweUNHdworM3JH +SXBjYXZnWHdlTUdqNElobTRIaWVmWGVPQUlDc0xweUhFZ3FwcHI4Ci0+ICxpYW5I +LWdyZWFzZSAkPSA5ZT1+VTA9PCB6NncKOWpiN0JzNGh2Y285V0c0Ci0tLSBsRXZq +ZGJ3MGRDMjkxem90Z0RBRTRFOVBpazI3V215aGh3M29JYUMwWHpzCiqyW8IgNn41 +7ysY8UKDiPWeQ2v+1agnhcGTyMDk3ZGYjVnpkeMea+jA8XKVDpCr3J4nIOJn85uE +AqIl7H7ZH2QH+3niN9iaophP3vIhaOXB/5XdFw7z/593oEx3jbrqsw722v7BRVm8 +hkOaBHR9TbvjIW6PkI28pPbA//B4Yp8GDdqqsO/3gGdDS/APb3cKbgn1ba5t064B +K1aN+sACPPZNBkQ29vcNngziCtln/FDEBkHOaLnqSD1ZuU5n +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 2fd4132..5f23972 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -14,4 +14,9 @@ in { sils server1 ]; + "mautrix-telegram/passwd.tix".publicKeys = [ + soispha + sils + server1 + ]; } diff --git a/system/services/matrix/bridges/mautrix-telegram/default.nix b/system/services/matrix/bridges/mautrix-telegram/default.nix new file mode 100644 index 0000000..ec54321 --- /dev/null +++ b/system/services/matrix/bridges/mautrix-telegram/default.nix @@ -0,0 +1,67 @@ +{config, ...}: { + services.matrix-synapse.settings.app_service_config_files = [ + # The registration file is automatically generated after starting the + # appservice for the first time. + # cp /var/lib/mautrix-telegram/telegram-registration.yaml \ + # /var/lib/matrix-synapse/ + # chown matrix-synapse:matrix-synapse \ + # /var/lib/matrix-synapse/telegram-registration.yaml + "/var/lib/matrix-synapse/telegram-registration.yaml" + ]; + + services.mautrix-telegram = { + enable = true; + + # file containing the appservice and telegram tokens + environmentFile = "${config.age.secrets.mautrix-telegram_environment_file.path}"; + + # The appservice is pre-configured to use SQLite by default. + # It's also possible to use PostgreSQL. + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = "domain.tld"; + }; + appservice = { + provisioning.enabled = false; + id = "telegram"; + public = { + enabled = true; + prefix = "/public"; + external = "http://domain.tld:8080/public"; + }; + + # The service uses SQLite by default, but it's also possible to use + # PostgreSQL instead: + #database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + relaybot.authless_portals = false; + permissions = { + "@someadmin:domain.tld" = "admin"; + }; + + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; +} -- cgit 1.4.1