zion/modules/communication.nix

{ config, lib, pkgs, ... }:

with pkgs;

# NOTE Reference the environment variable set in the corresponding agenix secret
let
  database = {
    connection_string = "$DB_STRING";
    max_open_conns = 100;
    max_idle_conns = 5;
    conn_max_lifetime = -1;
  };

in {
  # Matrix server configuration
  services.dendrite = {
    enable = true;
    httpPort = 8008;
    environmentFile = config.age.secrets.dendrite-postgres.path;
    loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
    settings = {
      global = {
        server_name = "coolneng.duckdns.org";
        private_key = config.age.secrets.dendrite.path;
        inherit database;
        dns_cache.enabled = true;
      };
      # HACK Inherit postgres connection string for the rest of the DBs
      app_service_api = { inherit database; };
      media_api = { inherit database; };
      room_server = { inherit database; };
      push_server = { inherit database; };
      mscs = {
        inherit database;
        mscs = [ "msc2836" "msc2946" ];
      };
      sync_api = { inherit database; };
      key_server = { inherit database; };
      federation_api = { inherit database; };
      user_api = {
        account_database = database;
        device_database = database;
      };
    };
  };

  # Start dendrite after config files are mounted
  systemd.services.dendrite.unitConfig.RequiresMountsFor = [
    /var/lib/matrix-as-facebook
    /var/lib/matrix-as-signal
    /var/lib/matrix-as-telegram
  ];

  # Matrix bridges
  services.matrix-appservices = {
    homeserver = "dendrite";
    homeserverDomain = "coolneng.duckdns.org";
    homeserverURL = "https://matrix.coolneng.duckdns.org";
    addRegistrationFiles = true;
    services = {
      telegram = {
        port = 8118;
        format = "mautrix-python";
        package = mautrix-telegram;
        serviceConfig.EnvironmentFile = config.age.secrets.telegram.path;
        settings = {
          appservice.database = "$DB_STRING";
          homeserver.software = "standard";
          telegram = {
            api_id = "$API_ID";
            api_hash = "$API_HASH";
          };
          bridge = {
            permissions."@coolneng:coolneng.duckdns.org" = "admin";
            backfill.normal_groups = true;
          };
        };
      };
      facebook = {
        port = 8228;
        format = "mautrix-python";
        package = mautrix-facebook;
        serviceConfig.EnvironmentFile = config.age.secrets.facebook.path;
        settings = {
          appservice.database = "$DB_STRING";
          homeserver.software = "standard";
          bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
        };
      };
      signal = {
        port = 8338;
        format = "mautrix-python";
        package = mautrix-signal;
        serviceConfig = {
          EnvironmentFile = config.age.secrets.signal.path;
          StateDirectory = [ "matrix-as-signal" "signald" ];
          JoinNamespaceOf = "signald.service";
          SupplementaryGroups = [ "signald" ];
        };
        settings = {
          appservice.database = "$DB_STRING";
          homeserver.software = "standard";
          bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
          signal = {
            socket_path = config.services.signald.socketPath;
            outgoing_attachment_dir = "/var/lib/signald/tmp";
          };
        };
      };
    };
  };

  # Additional settings for mautrix-signal
  services.signald = {
    enable = true;
    user = "matrix-as-signal";
  };
  systemd.services.matrix-as-signal = {
    requires = [ "signald.service" ];
    after = [ "signald.service" ];
    unitConfig.JoinsNamespaceOf = "signald.service";
    path = [ ffmpeg ];
  };

  # Enable voice messages for facebook
  systemd.services.matrix-as-facebook.path = [ ffmpeg ];

  # MQTT configuration
  services.mosquitto = {
    enable = true;
    dataDir = "/vault/mosquitto";
    logType = [ "websockets" "error" "warning" "notice" "information" ];
    logDest = [ "syslog" ];
    listeners = [{
      users.homeostasis = {
        acl = [ "write #" ];
        hashedPasswordFile = config.age.secrets.mqtt-sender.path;
      };
      users.prometheus = {
        acl = [ "read #" ];
        hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
      };
    }];
  };

}
Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`{ config, lib, pkgs, ... }:`

Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`with pkgs;`

			`# NOTE Reference the environment variable set in the corresponding agenix secret`
Optimize dendrite performance 2022-10-23 17:34:55 +02:00			`let`
			`database = {`
			`connection_string = "$DB_STRING";`
			`max_open_conns = 100;`
			`max_idle_conns = 5;`
			`conn_max_lifetime = -1;`
			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00
			`in {`
Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`# Matrix server configuration`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`services.dendrite = {`
Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`enable = true;`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`httpPort = 8008;`
			`environmentFile = config.age.secrets.dendrite-postgres.path;`
			`loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];`
Adapt matrix-synapse to upstream changes 2022-03-21 16:24:28 +01:00			`settings = {`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`global = {`
			`server_name = "coolneng.duckdns.org";`
			`private_key = config.age.secrets.dendrite.path;`
			`inherit database;`
Optimize dendrite performance 2022-10-23 17:34:55 +02:00			`dns_cache.enabled = true;`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`};`
			`# HACK Inherit postgres connection string for the rest of the DBs`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`app_service_api = { inherit database; };`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`media_api = { inherit database; };`
			`room_server = { inherit database; };`
			`push_server = { inherit database; };`
			`mscs = {`
			`inherit database;`
			`mscs = [ "msc2836" "msc2946" ];`
			`};`
			`sync_api = { inherit database; };`
			`key_server = { inherit database; };`
			`federation_api = { inherit database; };`
			`user_api = {`
			`account_database = database;`
			`device_database = database;`
			`};`
Adapt matrix-synapse to upstream changes 2022-03-21 16:24:28 +01:00			`};`
Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`};`

Specify ZFS datasets dependencies for each service 2023-06-08 18:33:01 +02:00			`# Start dendrite after config files are mounted`
			`systemd.services.dendrite.unitConfig.RequiresMountsFor = [`
			`/var/lib/matrix-as-facebook`
			`/var/lib/matrix-as-signal`
			`/var/lib/matrix-as-telegram`
			`];`

Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`# Matrix bridges`
			`services.matrix-appservices = {`
			`homeserver = "dendrite";`
Fix Matrix bridges configuration 2022-07-20 19:18:10 +02:00			`homeserverDomain = "coolneng.duckdns.org";`
			`homeserverURL = "https://matrix.coolneng.duckdns.org";`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`addRegistrationFiles = true;`
			`services = {`
			`telegram = {`
Set up Mautrix-Telegram bridge 2021-02-03 18:38:41 +01:00			`port = 8118;`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`format = "mautrix-python";`
			`package = mautrix-telegram;`
Set up the Telegram bridge 2022-07-20 22:38:20 +02:00			`serviceConfig.EnvironmentFile = config.age.secrets.telegram.path;`
Configure the Telegram bridge properly 2022-07-22 17:14:00 +02:00			`settings = {`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`appservice.database = "$DB_STRING";`
Add required option to all mautrix bridges 2022-11-14 00:58:06 +01:00			`homeserver.software = "standard";`
Configure the Telegram bridge properly 2022-07-22 17:14:00 +02:00			`telegram = {`
			`api_id = "$API_ID";`
			`api_hash = "$API_HASH";`
			`};`
			`bridge = {`
			`permissions."@coolneng:coolneng.duckdns.org" = "admin";`
			`backfill.normal_groups = true;`
			`};`
Set up the Telegram bridge 2022-07-20 22:38:20 +02:00			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`};`
			`facebook = {`
			`port = 8228;`
			`format = "mautrix-python";`
			`package = mautrix-facebook;`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`serviceConfig.EnvironmentFile = config.age.secrets.facebook.path;`
			`settings = {`
			`appservice.database = "$DB_STRING";`
			`homeserver.software = "standard";`
Give admin rights to Matrix bridges 2023-07-15 18:24:56 +02:00			`bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`};`
			`signal = {`
			`port = 8338;`
			`format = "mautrix-python";`
Upgrade to NixOS 23.05 and SSD boot 2023-06-08 18:30:16 +02:00			`package = mautrix-signal;`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`serviceConfig = {`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`EnvironmentFile = config.age.secrets.signal.path;`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`StateDirectory = [ "matrix-as-signal" "signald" ];`
			`JoinNamespaceOf = "signald.service";`
			`SupplementaryGroups = [ "signald" ];`
			`};`
Add required option to all mautrix bridges 2022-11-14 00:58:06 +01:00			`settings = {`
Use postgresql as database for Matrix bridges 2023-06-12 16:54:44 +02:00			`appservice.database = "$DB_STRING";`
Add required option to all mautrix bridges 2022-11-14 00:58:06 +01:00			`homeserver.software = "standard";`
Give admin rights to Matrix bridges 2023-07-15 18:24:56 +02:00			`bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";`
Add required option to all mautrix bridges 2022-11-14 00:58:06 +01:00			`signal = {`
			`socket_path = config.services.signald.socketPath;`
			`outgoing_attachment_dir = "/var/lib/signald/tmp";`
			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`};`
Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`};`
			`};`
			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00
			`# Additional settings for mautrix-signal`
Change owner for the signald service 2022-07-20 22:37:52 +02:00			`services.signald = {`
			`enable = true;`
			`user = "matrix-as-signal";`
			`};`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`systemd.services.matrix-as-signal = {`
			`requires = [ "signald.service" ];`
			`after = [ "signald.service" ];`
Enable voice messages for signal and facebook 2022-11-14 12:27:25 +01:00			`unitConfig.JoinsNamespaceOf = "signald.service";`
Add ffmpeg to Mautrix signal path 2022-08-29 21:41:53 +02:00			`path = [ ffmpeg ];`
Migrate from Synapse to Dendrite 2022-07-20 16:34:14 +02:00			`};`

Enable voice messages for signal and facebook 2022-11-14 12:27:25 +01:00			`# Enable voice messages for facebook`
			`systemd.services.matrix-as-facebook.path = [ ffmpeg ];`

Set up MQTT broker 2023-04-03 00:50:47 +02:00			`# MQTT configuration`
			`services.mosquitto = {`
			`enable = true;`
			`dataDir = "/vault/mosquitto";`
			`logType = [ "websockets" "error" "warning" "notice" "information" ];`
			`logDest = [ "syslog" ];`
			`listeners = [{`
			`users.homeostasis = {`
			`acl = [ "write #" ];`
			`hashedPasswordFile = config.age.secrets.mqtt-sender.path;`
			`};`
			`users.prometheus = {`
			`acl = [ "read #" ];`
			`hashedPasswordFile = config.age.secrets.mqtt-receiver.path;`
			`};`
			`}];`
			`};`

Set up Matrix and Element 2020-12-28 18:42:26 +01:00			`}`