From 13a91c8948cc00b3eaadaeb374a32f910a2f2870 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 12 Jun 2023 16:54:44 +0200
Subject: [PATCH] Use postgresql as database for Matrix bridges

---
 configuration.nix         |  10 ++++++++++
 modules/communication.nix |  18 +++++++++---------
 secrets/facebook.age      | Bin 0 -> 394 bytes
 secrets/secrets.nix       |   2 ++
 secrets/signal.age        |   8 ++++++++
 secrets/telegram.age      | Bin 317 -> 451 bytes
 6 files changed, 29 insertions(+), 9 deletions(-)
 create mode 100644 secrets/facebook.age
 create mode 100644 secrets/signal.age

diff --git a/configuration.nix b/configuration.nix
index 54aa1ee..c7cbd5f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -162,6 +162,16 @@ with pkgs;
       owner = "coolneng";
       group = "podman";
     };
+    secrets.facebook = {
+      file = secrets/facebook.age;
+      owner = "matrix-as-facebook";
+      group = "matrix-as-facebook";
+    };
+    secrets.signal = {
+      file = secrets/signal.age;
+      owner = "matrix-as-signal";
+      group = "matrix-as-signal";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
diff --git a/modules/communication.nix b/modules/communication.nix
index dc997f9..84b3089 100644
--- a/modules/communication.nix
+++ b/modules/communication.nix
@@ -26,14 +26,7 @@ in {
         dns_cache.enabled = true;
       };
       # HACK Inherit postgres connection string for the rest of the DBs
-      app_service_api = {
-        inherit database;
-        config_files = [
-          "/var/lib/matrix-as-facebook/facebook-registration.yaml"
-          "/var/lib/matrix-as-signal/signal-registration.yaml"
-          "/var/lib/matrix-as-telegram/telegram-registration.yaml"
-        ];
-      };
+      app_service_api = { inherit database; };
       media_api = { inherit database; };
       room_server = { inherit database; };
       push_server = { inherit database; };
@@ -71,6 +64,7 @@ in {
         package = mautrix-telegram;
         serviceConfig.EnvironmentFile = config.age.secrets.telegram.path;
         settings = {
+          appservice.database = "$DB_STRING";
           homeserver.software = "standard";
           telegram = {
             api_id = "$API_ID";
@@ -86,18 +80,24 @@ in {
         port = 8228;
         format = "mautrix-python";
         package = mautrix-facebook;
-        settings.homeserver.software = "standard";
+        serviceConfig.EnvironmentFile = config.age.secrets.facebook.path;
+        settings = {
+          appservice.database = "$DB_STRING";
+          homeserver.software = "standard";
+        };
       };
       signal = {
         port = 8338;
         format = "mautrix-python";
         package = mautrix-signal;
         serviceConfig = {
+          EnvironmentFile = config.age.secrets.signal.path;
           StateDirectory = [ "matrix-as-signal" "signald" ];
           JoinNamespaceOf = "signald.service";
           SupplementaryGroups = [ "signald" ];
         };
         settings = {
+          appservice.database = "$DB_STRING";
           homeserver.software = "standard";
           signal = {
             socket_path = config.services.signald.socketPath;
diff --git a/secrets/facebook.age b/secrets/facebook.age
new file mode 100644
index 0000000000000000000000000000000000000000..211ed88c32fef54d8a51cec5ec7895263701d7b3
GIT binary patch
literal 394
zcmV;50d@XiXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LX;ooTM`s{c
zRB3igR5?*JSy^*gctmb`W-Cr}F?M=Tb4Y4;azSTuZEbI9VKFp#RdWh=PBwCQGBr3<
zXE8~3O-5x?R%TOmS2RLpL~VF6dPh!bRa7-AXL4_NXh{k!J|JdFXGbk(a%Ew2WeQY5
zLvmU;Fik;pcR6WQRB&o+PI60eFLX~?MPp)kV>3=s3N0-yAVX#|WJ5)Fd17ltD>E-R
zY-ChPP-<d#c{gN7V^?xWX>(LmNOx;+O)_bB3Q;BE>ieTozYrS3Y{Aa>h(YY{C}Rr`
zc{_yS!EeSsyqLtn5_xzi4G%g#9QQdJi=?@BvvQJ|H@EIW-!Fy{o1zbl$uJ}40D5#G
zJve@4EI83nOpGJFM4Vx8%4kH(Gh+>Fg?@yYQUJ6Ta~I+s>Kb)MH2)<s`|QrnY-xic
o+=%IbE-^^Yby|n0vVCEyEia3%1n@l_F#e>D#hXvE0>vLMDOC}d?EnA(

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 63fee05..6cafe5f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,4 +15,6 @@ in {
   "mqtt-sender.age".publicKeys = [ zion ];
   "mqtt-receiver.age".publicKeys = [ zion ];
   "nightscout.age".publicKeys = [ zion ];
+  "facebook.age".publicKeys = [ zion ];
+  "signal.age".publicKeys = [ zion ];
 }
diff --git a/secrets/signal.age b/secrets/signal.age
new file mode 100644
index 0000000..15ffa46
--- /dev/null
+++ b/secrets/signal.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg J/gZDBtDsIzjCzO1y2vXgxl8YuvWJgcpk+8KMOp63kg
+1XF9JFAIscHWFJMTctZOxVIBYhYliUFays5gwjZt6hs
+-> vM4\2y\'-grease
+bj9VKIuH0l1v5X8N2v4p+u3VySDKjj3WAyVZ7f+wmy16wncrNyMtiUZ+ELBWfqXd
+XOyeGZoKBHwd8lOgkZ+va0BEkBJs9piX
+--- K2uN9JxuqPQpAxjQ+6dgsqhsq50nTkLsw8QGJprE5hQ
+HÈó²SÍ:¤eJ4}'˜¨›TØÔË¦œ†[Â'‡Möì²9†à×E6_®§°¶ÉùØ_‚¸ˆ´yPM8''¬'¹F¦¶‹ŒáäRÚ¡"¯Ý±XæúÔÈ;ò¸4¼J/>kÝ5Ê<¾å:ßM»lK$¼ÓŸqöSô„»À#ºÅŒjÁX)ÀÓv¶ŽôÂ–¬OuÚøJ´P¤¿˜~
\ No newline at end of file
diff --git a/secrets/telegram.age b/secrets/telegram.age
index c4213927de457c464dff508876fa5ec03432c45a..16581b606b7d29587dff6d18160bf2c59371c721 100644
GIT binary patch
delta 417
zcmV;S0bc&S0>cB4EPqc^Pi;t5K{Ik=V_`u@baz)bMo4vNVKZkhZ8mU7HZ(O=M^Hg<
zY(h3scM552Zb4ypFJWbMZB}Y)dPYewax+3#X>c!8L^gRhLrQQnP*Xy2IcZ`>Gzu*~
zAT2Fta%Ew2Wgu`^D@A@FDN{f}eIQ<PQXp?VJWx_+aSBFpGk<PTFIHi0Pk2}gEiEk|
zQ*KvUPiHYuYDH*iWlLm1FlB0SF?LICXhlX(bb4rELRMrjS93I1Lrr4}u3nJ;1`Vn;
z_RpQTBm=Q*_f77oXo)UR#DS@KF9W{*)>ly`+TGV`9BHzIetcdzKANW!rk4v(uzq4t
z@l|(KdcRlg*?%pc3?0nR|CJgdflp<9q_%n>!5X1OEx=Lo^z{S=C!-1=4<^qYED~^7
z^Muz7@A54N3zP*j3k#)<(Q`YU8@4<$glDIpOEKP+fHBe%Tq-h8ZQpDDxe;~O){{Oj
z{%{bF;$PsFSw}F3vhv0xMnd(cH8hJt-av=)HjXJSUmE5U^?>zn`aE=4$qetV>>^5o
L08E_0G}MxEW5uU%

delta 282
zcmV+#0p<R~1HA%}EPrxSI9g6|Rz*xUVpMlfICN23LPuyqM{;gYH!EvdVPj)vMl?(`
zLQi%?I0{*0Qb|WiGg@OqYBED;ZAUppMOSZSVM=O7M{spPWO;5@PgprYZEQ|ZQ3@?S
zAYUSJP%u#~XL4m>b7dfHAvrKjV^J&$Xmx5ZQFU&0Wk^kURew@1F>-5dND3`2Eg&;D
zNK0ZjIW~4-Fl{n+F)~C+VK`-EZ!~i=HBd86Q%+ejS42)~VP|1?ZwjZ&E&htln97W|
z!vvVuLlq}`@hB=&fJbwz=h--`*8HWj1y>=qv<y>TZ#=@GdGkr8e^@NMJzn;pDaV2J
g{zhRI)yd4bUlWBthS)Y(XI^Z(Y$_w2Z&40UTH``#EC2ui