From 64ed527fbcaec3ff923b821b787c246ed3dd2796 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 17 Jan 2024 00:33:01 +0900
Subject: feat(modules/matrix-bridge): configure matrix-appservice-irc

---
 modules/services/matrix-bridge.nix | 99 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 98 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge.nix
index 3e86706..3ea46d8 100644
--- a/modules/services/matrix-bridge.nix
+++ b/modules/services/matrix-bridge.nix
@@ -244,17 +244,108 @@ in
       };
     };
 
+    services.matrix-appservice-irc = {
+      enable = true;
+      registrationUrl = "http://localhost:29321";
+      port = 29321;
+
+      settings = {
+        homeserver.url = "https://${cfg.realHost}";
+        homeserver.domain = cfg.domain;
+        homeserver.dropMatrixMessagesAfterSecs = 600; # 10 minutes
+
+        database.engine = "postgres";
+        database.connectionString = "postgres://matrix-appservice-irc:@/matrix-appservice-irc?host=/run/postgresql";
+
+        ircService.servers = let
+          # nix-community/nur-combined/repos/colinsane/hosts/by-name/servo/services/matrix/irc.nix@b2e96d5
+          ircServer = { name, additionalAddresses ? [], sasl ? true, port ? 6697}:
+            let lowerName = lib.toLower name;
+          in {
+            inherit name additionalAddresses sasl port;
+            ssl = true;
+            # Disable bridging of Matrix bots
+            botConfig.enabled = false;
+            dynamicChannels = {
+              enabled = true;
+              aliasTemplate = "#irc_${lowerName}_$CHANNEL";
+              published = false;
+              federate = false;
+            };
+            ircClients = {
+              nickTemplate = "$DISPLAY[m]";
+              allowNickChanges = true;
+              realNameFormat = "reverse-mxid";
+              lineLimit = 20;
+              # Safeguard: don't flood servers
+              maxClients = 2;
+              idleTimeout = 0;
+              concurrentReconnectLimit = 2;
+              reconnectIntervalMs = 60000;
+              kickOn = {
+                # only kick Matrix user from room when user quits
+                channelJoinFailure = false;
+                ircConnectionFailure = false;
+                userQuit = true;
+              };
+            };
+            matrixClients.userTemplate = "@irc_${lowerName}_$NICK";
+
+            "@sef:exotic.sh" = "admin";
+
+            memberShipLists = {
+              enabled = true;
+              # NOTE: when serving lots of Matrix users, these configs should
+              # be changed to reduce strain on IRC servers
+              global = {
+                ircToMatrix = {
+                  initial = true;
+                  incremental = true;
+                  requireMatrixJoined = false;
+                };
+                matrixToIrc = {
+                  initial = true;
+                  incremental = true;
+                };
+                # always bridge users, even if idle
+                ignoreIdleUsersOnStartup.enabled = false;
+              };
+              bridgeInfoState = {
+                enabled = true;
+                initial = true;
+              };
+            };
+          };
+        in {
+          "irc.libera.chat" = ircServer {
+            name = "libera";
+            # sasl = false;
+          };
+          "irc.oftc.net" = ircServer {
+            name = "oftc";
+            # sasl = false;
+          };
+        };
+      };
+    };
+
+    # HACK: https://github.com/NixOS/nixpkgs/issues/273929
+    systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce ''
+      @system-service @pkey ~@privileged @resources @chown
+    '';
+
 
     modules.persistence.directories = [
       "/var/lib/private/mautrix-telegram"
       "/var/lib/private/mautrix-signal"
       "/var/lib/private/mautrix-whatsapp"
       "/var/lib/private/mautrix-discord"
+      "/var/lib/matrix-appservice-irc"
       "/var/lib/signald"
     ];
 
     modules.services.postgresql.enable = true;
-    services.postgresql.ensureDatabases = [ "mautrix-telegram" "mautrix-signal" "mautrix-whatsapp" "mautrix-discord" ];
+    services.postgresql.ensureDatabases = [ "mautrix-telegram" "mautrix-signal" "mautrix-whatsapp" "mautrix-discord" "matrix-appservice-irc" ];
     services.postgresql.ensureUsers = [
       {
         name = "mautrix-telegram";
@@ -272,6 +363,10 @@ in
         name = "mautrix-discord";
         ensureDBOwnership = true;
       }
+      {
+        name = "matrix-appservice-irc";
+        ensureDBOwnership = true;
+      }
     ];
 
     systemd.services.matrix-synapse.serviceConfig.LoadCredential = [
@@ -280,6 +375,7 @@ in
       "mautrix-whatsapp:/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
       "mautrix-discord:/var/lib/mautrix-discord/discord-registration.yaml"
       "double-puppet:${config.sops.templates."double-puppet-registration.yaml".path}"
+      "appservice-irc:/var/lib/matrix-appservice-irc/registration.yml"
     ];
 
     services.matrix-synapse.settings.app_service_config_files = [
@@ -288,6 +384,7 @@ in
       "/run/credentials/matrix-synapse.service/mautrix-whatsapp"
       "/run/credentials/matrix-synapse.service/mautrix-discord"
       "/run/credentials/matrix-synapse.service/double-puppet"
+      "/run/credentials/matrix-synapse.service/appservice-irc"
     ];
   };
 }
-- 
cgit 1.4.1