about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-12-22 01:51:21 +0900
committersefidel <contact@sefidel.net>2023-12-22 01:51:21 +0900
commitae5670a754b50462120ccf7eaaa8ca70301a72b0 (patch)
treedaad2d97ad8af247503568f57c6b76943365b268
parent249adb0e6ca1f7b1844122633e8e1a8696d10315 (diff)
downloadinfra-ae5670a754b50462120ccf7eaaa8ca70301a72b0.tar.gz
infra-ae5670a754b50462120ccf7eaaa8ca70301a72b0.zip
feat(modules/matrix-bridge): add mautrix-discord
-rw-r--r--modules/services/matrix-bridge.nix49
-rw-r--r--systems/cobalt/secrets/secrets.yaml6
2 files changed, 51 insertions, 4 deletions
diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge.nix
index 3422a76..c70942f 100644
--- a/modules/services/matrix-bridge.nix
+++ b/modules/services/matrix-bridge.nix
@@ -7,6 +7,7 @@ in
 {
   imports = [
     ../../overlays/mautrix-signal-module.nix
+    ../../overlays/mautrix-discord-module.nix
   ];
 
   options.modules.services.matrix-bridge = {
@@ -179,16 +180,56 @@ in
       };
     };
 
+    services.mautrix-discord = {
+      enable = true;
+      environmentFile = cfg.secrets.mautrix-envs;
+      serviceDependencies = [ "matrix-synapse.service" ];
+
+      settings = {
+        homeserver.address = "https://${cfg.realHost}";
+        homeserver.domain = cfg.domain;
+        homeserver.verify_ssl = true;
+        appservice = {
+          address = "http://localhost:29320";
+          port = 29320;
+          database = {
+            type = "postgres";
+            uri = "postgres://mautrix-discord:@/mautrix-discord?host=/run/postgresql";
+          };
+          bot_avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
+          id = "discord";
+          max_body_size = 1;
+          provisioning.enabled = false;
+        };
+
+        bridge = {
+          username_template = "dsc_{{.}}";
+          delivery_receipts = true;
+          encryption = {
+            allow = true;
+            default = true;
+            require = true;
+            allow_key_sharing = true;
+          };
+          permissions = {
+            "@sef:exotic.sh" = "admin";
+            "exotic.sh" = "full";
+          };
+        };
+      };
+    };
+
 
     environment.persistence."/persist".directories = [
       "/var/lib/private/mautrix-telegram"
       "/var/lib/private/mautrix-signal"
       "/var/lib/private/mautrix-whatsapp"
+      "/var/lib/private/mautrix-discord"
       "/var/lib/signald"
     ];
 
     modules.services.postgresql.enable = true;
-    services.postgresql.ensureDatabases = [ "mautrix-telegram" "mautrix-signal" "mautrix-whatsapp" ];
+    services.postgresql.ensureDatabases = [ "mautrix-telegram" "mautrix-signal" "mautrix-whatsapp" "mautrix-discord" ];
     services.postgresql.ensureUsers = [
       {
         name = "mautrix-telegram";
@@ -202,18 +243,24 @@ in
         name = "mautrix-whatsapp";
         ensureDBOwnership = true;
       }
+      {
+        name = "mautrix-discord";
+        ensureDBOwnership = true;
+      }
     ];
 
     systemd.services.matrix-synapse.serviceConfig.LoadCredential = [
       "mautrix-telegram:/var/lib/mautrix-telegram/telegram-registration.yaml"
       "mautrix-signal:/var/lib/mautrix-signal/signal-registration.yaml"
       "mautrix-whatsapp:/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
+      "mautrix-discord:/var/lib/mautrix-discord/discord-registration.yaml"
     ];
 
     services.matrix-synapse.settings.app_service_config_files = [
       "/run/credentials/matrix-synapse.service/mautrix-telegram"
       "/run/credentials/matrix-synapse.service/mautrix-signal"
       "/run/credentials/matrix-synapse.service/mautrix-whatsapp"
+      "/run/credentials/matrix-synapse.service/mautrix-discord"
     ];
   };
 }
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index be519e0..ea90c1d 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -7,7 +7,7 @@ matrix-server-key: ENC[AES256_GCM,data:gv1zTWRNqmpB/WtPGwYahm9BnCNNsuzKN5oMTnkv1
 matrix-shared-secret: ENC[AES256_GCM,data:Xv9pOMA/kUJUrYxdXRA7NTrbkFvVsA==,iv:J3rZJGJ1cQPyhBK5lcd04dv2cGbhAvjg9IEQeXU+K/U=,tag:3YD3/MMUsVPnbW3ZUuf11Q==,type:str]
 synapse-extra-config: ENC[AES256_GCM,data:bJh9nMzZvP36Uwe7x03MLEk2N+FKq2V2YAFJT43vhMQ/XkvdN9yAeWhlxPGNEtl2wcMpCLnqbVAtfhJVI4VI5hGnue5HZz4Q51lbVQr2ZwzWuU6I25mY,iv:2qJuuyBlwgSWx5dkxGDbHhTW7ajI68lPgrvjdHmNTZ8=,tag:xRM6XGlitvcf+MrxBQ9GDw==,type:str]
 mjolnir-password: ENC[AES256_GCM,data:dyM2VVxn1PFRXy5dgfvq3EuWyGDhDZvJOd1sTnKE5q0Arv1y,iv:DD80um8QXLybj1w4ZsxPbv3+s2NrQfpPDAEpkztkMFo=,tag:3ZEJ7V+ICh2Ip5gZt06zjA==,type:str]
-mautrix-telegram-envs: ENC[AES256_GCM,data:hDfEI6tshgPHn/yPHkqO9/VZnB/vTnuyopVm2/0CKoWska66UXOHbXwvO6UXXUZldzkvKe6min3O9xjEGBC+SZdLWmfi6AxJvoKnmU2MzufNkrDG4k0turK7LwwVnm8ADZd9tEII+P3h42t78jhkgerailjP1rtVKleAZpr+ioRGhCTAE6tVWnhV4jveUwNkml+0AhMc3aY0N2PLvedw8p/jsX6Yujn2baKc7HOkvAasctqq/p8kdiTZCA+ASIVC15iR+KtGu2V7vXjDuzYU7Xv7+RbXN7rUTCBIJwyc3XxpwOmD46XR+/2iSZ3nL0PmDftbIEaA9LatjUap7mRFOwX5JruAl1XxAGdG965HZFyTHp1UggjjWvoHQmyb1xJXD5ZE+EU8obkFV0N1o7Q4XIF6/REz9+01JrOd1F5GxjoAo29JV+1lhdxGykrFcA63VLsXdsUgZflWH7Rxol2nOMI5t88+zohYJ5OpeLlRD0gVaX8dvgSzvzmZaNxASW+9tHOQBSzkZsM6jEon6ZXeAa0oh/ee+W82jHhe/ohlj0UV7TtpW/QWs3NR3mv1x41TMBawnVQ7sb9UH/sbdbajJYEAkSD/32ETSjXiQJsmhGEj5kRBNAQA16s1o0M24+UnpHo71jqQnRQpOUtFhLQqakOWvSdM4KgIXExc87Fkw+bQxLtpIup+T4WpJkCe5f5rB/jHvob33oitzjS1mam9UTtzwQjTuR/P4V8IORygDHlcq8W2PtDhWOdgtWI9cfIlqIIgu6+7Rg4+1dq5aw8j06eWrNH2NElPMji0opN+onT3VflgwGPXHlemId20Z2TXNuE6LlnUhyyxdh0rw3tVuCDcodzj4HfXk9mbjlTufyGKY41K/A6QTotiHANojizuTyulyjI3Gx1Wvzv8+Ib84SZGl9ZSsg7g6Ig5U12IJhNtZ/vMj8MHpRjxnyRmZ4jsQi9UctDKrhHjulD1WJyhBveoEv8L79c6e0xZYAwkSlxvdaOPK3OMGbbtbH8vy7WYXSwHZomwJ7BrsrQ/5lWav2xXzgM7ASnEg/rKBPr9YQYOBA==,iv:K2qdi99cjom4mzcNH26qqX3gQNSvZzuAh9QY4zmZv9I=,tag:e9/4biFz6mVsGHV/YOA1jg==,type:str]
+mautrix-telegram-envs: ENC[AES256_GCM,data:KrURn7ucbj8C7GagJqbBXpsqXO7FJIj3gT5cecPbsgQfHx7bAQauShMInJoAqNsnUrKlsiPuldJMtxfwnCC9x757K7rEa2hhEbARSO17PCwguV3L4h6FcjqXHZAdSA+4t8WuMBax6d9kZJC5PvJ6PUZqdawrWvpQqf0+kblToySAJ/rSbMbf6SUGwq4cnh7/g97QbmZSOkkcRprOw8BEUeUmxqmDEeWeY5d12jk8y34/OwEtwR7BUv2KzULeFAm+ojt+vBKqTWFU2iYmBdyLl+PbNEi4WGfFNd2xbl5ZlqOQoVsmw3Juw1xiGa2l48pq7vQapiZAc2pX9pAvTJm8VG3MOBjGavvyDZUOu/i6BvZtDepLeVp5xnlmq7OoGsg1bzPdcbjAfWvvtAee39/h/Byd0SjXrMzWxYgyPaKFPFEzYiE3Sd9Zd+rw7X7of6435mGXvLicEuNen/3SgvYqIKQrZcYSFu69A3ccfFE0jO6PJO7N8/GXNYJN6nBt8xCFXhyh1fDJi7uarhvmnePsbKl/UDiPkTp/czZw7XjBrK58bycDWl0VX7mIwyxrtpO3/SASz/JYP4i68GaBAu2tHQG4Swf/A4yMWkOD2VDwn8zx0XkzO1I/C2Ma5H9+95z9SRE63d0Gbh++dFGOkBzwcm/mmVc10pRov+SgQe2Cpilb+EUuRicyULvQdiduR/i8BHYVDczV1WQFpjDFVjHyw2VcIyEvu4R2rIpwYujo2YgR4KSuG1PovyRaUv5Qz4w/n4s7Az1rRTfgdFTsUH7aGPHKT6N+ENeRITD1nHQUiwewWivWxN4z0G1IFPCm/25O60jfnB5++mZS435Li9mzzxRkN5BEtW+Vp3Fp7xpOiVrnrbMVt+lZI9Lg26+stMO6IkrbqaOzq1RxsCMYHZRbOLpiEefpr2tdViwmT69RZ42X/lN6ZkWRdisyy/bTD6pogh46fFtJ2XC2utX9svEldG0bBxRy0yAKnityBhtjjdrFPyfQo/ns8pcX2QZR3fjT+NiiAIiLTxyzR0znGyMQ6M4BUqveuL9qOUEF7NX74XqKyFRkUvwjDnOBoDzQbtjyD9myWMsdR1CuBH0CuuNnF6E1LpR8MWD5qNTdYWQ3UxMYO9vbGM1fDwBkzr/tfGhx7nOXjLAk/SncRDs5vk0wD1HOpHR2S5TUY2j9AMmgGNMqI6Tmh9Uby+kzrjfnHstcKn4FP1StDBTciXRrwTSjcfJj4z43qd2cVcX6n8UYkxTcMlCTGhyz3WhQovjnbgobzZpBxHjg7wELDtxiaTmmAIaSm8FML4JXoW5Wunsafd4ZgySv8jFtOklNAyA=,iv:HHhk65QdxduVPktQpFEtTUYzcmWipR1iH1OeeTB48Cw=,tag:xuKPoLnhTerHfapXzKJQtA==,type:str]
 dendrite-envs: ENC[AES256_GCM,data:67FnrGQUZWFfHAoUM/idTZlBX7aek3fbPkswB9+3pjLNQuXpIWYoa2vpdGt7zec2n9o9z0V3LdlkookjS95aPpZmKYwPaKkH2L7Jaxw=,iv:c4lEReLizcQeTTiG7cJwd+2sBH+EKBGycKeoDgJ/394=,tag:zBBxIcXn+8Q90BkPidltfQ==,type:str]
 sliding-sync-secret: ENC[AES256_GCM,data:mBgQZ/SVRpvELrqwCzjxJETxDSj5gw+CcIb3rk/vjQ3j8tvjt4Z2GbuE6fwQ1CXhHKRL7kYOLn8ec7rgaMTr6me2pRcI+Sz/40IKUvlE,iv:NQvkJ4gjmOtfOyb8ciOudNHBYOytizNg6K6IhVxhE28=,tag:LNhd6MgUOPBHY9qK/tDBjA==,type:str]
 turn-secret: ENC[AES256_GCM,data:JA5/BlGwH6yIjYsFZGa8Nm8XVbOBKpre+NFybniOtlmbSx89ldKBvuqF2ZoPltJS+vzQ/+wxM/VorhF7M+s4jA==,iv:rK5SFj4VOzgfaP/LIzWTVFyCBmklGMSyd9iWbet2CVc=,tag:QycYCHH72bMMX5UubDHTlg==,type:str]
@@ -42,8 +42,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-06T14:07:55Z"
-    mac: ENC[AES256_GCM,data:aUq03Frpab/ixsQ6CqISOjEEwbUmIWKfuFbUNhZKoXGa5pqHZJD8P6PxoEWbAm59O/5h5LnPFJF44TMKZ7R2WQ3Twlq8fiM+J0Q7aaHUvsy7HEKQR4DMKgZ9QHikx77Z3+7zmGntszrQqS2ayd9ad3b/TGcBvaAD+iHIjvSJnas=,iv:xod4JS7GLTCNvV4d08qtv2O1FVvoAUzCRZTgKM3CptE=,tag:SbCke7FgMLLwLi+R3hT6Rg==,type:str]
+    lastmodified: "2023-12-21T16:45:56Z"
+    mac: ENC[AES256_GCM,data:UzH4NkZ/C3Qq+MygwWMOszF1bkH5RsVD1uOOgRoWKAhExnrjC7XfwOBZKpXQ05+Wymryo51lVw29xX7TRJziWVOQBpzTKxYB2z38DMG9qzmo/nFI1tk/y5OteW99ZCpGioCJ+UO1IwPtvNguNUuGi2xwv+7BL2t7XCrJZB94zzQ=,iv:Jvi0aNgrYxyi+kse48OYdE8opEJiS9eeznGFxdPstNw=,tag:DfgETyICkE+n29AUYbNu0A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1