loptland: init mautrix-bridge

2026-03-26 15:12:07 +01:00 · 2026-03-26 15:12:07 +01:00 · 8fab0c421c
commit 8fab0c421c
parent ff78e01175
5 changed files with 122 additions and 12 deletions
--- a/modules/server/mautrix-discord.nix
+++ b/modules/server/mautrix-discord.nix
@ -0,0 +1,105 @@
+{
+  flake.modules.nixos.mautrix-discord =
+    {
+      config,
+      pkgs,
+      lib,
+      ...
+    }:
+    let
+      matrixDomain = "alwayssleepy.online";
+      bridgePort = 29334;
+      sopsFile = ../../secrets/secrets-loptland.yaml;
+    in
+    {
+      sops.secrets."matrix/mautrix-discord/botToken" = {
+        inherit sopsFile;
+        owner = "mautrix-discord";
+      };
+
+      sops.templates."mautrix-discord.env" = {
+        owner = "mautrix-discord";
+        content = ''
+          MAUTRIX_DISCORD_DISCORD_BOT_TOKEN=${config.sops.placeholder."matrix/mautrix-discord/botToken"}
+        '';
+      };
+
+      services.postgresql = {
+        ensureDatabases = [ "mautrix-discord" ];
+        ensureUsers = [
+          {
+            name = "mautrix-discord";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+
+      # mautrix-discord (like matrix-synapse) requires C collation
+      systemd.services."mautrix-discord-db-setup" = {
+        description = "Set up mautrix-discord PostgreSQL database with C collation";
+        wantedBy = [ "mautrix-discord.service" ];
+        before = [ "mautrix-discord.service" ];
+        after = [
+          "postgresql.service"
+          "postgresql-setup.service"
+        ];
+        requires = [ "postgresql.service" ];
+        serviceConfig = {
+          Type = "oneshot";
+          User = "postgres";
+          RemainAfterExit = true;
+        };
+        script =
+          let
+            psql = lib.getExe' pkgs.postgresql "psql";
+          in
+          ''
+            COLLATION=$(${psql} -tAc "SELECT datcollate FROM pg_database WHERE datname = 'mautrix-discord'")
+            if [ "$COLLATION" != "C" ]; then
+              ${psql} -c "DROP DATABASE \"mautrix-discord\""
+              ${psql} -c "CREATE DATABASE \"mautrix-discord\" ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0 OWNER \"mautrix-discord\""
+            fi
+          '';
+      };
+
+      # mautrix-discord depends on libolm which is deprecated/insecure upstream.
+      nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
+
+      services.mautrix-discord = {
+        enable = true;
+        environmentFile = config.sops.templates."mautrix-discord.env".path;
+
+        settings = {
+          homeserver = {
+            address = "http://localhost:${toString 8008}";
+            domain = matrixDomain;
+          };
+
+          appservice = {
+            address = "http://localhost:${toString bridgePort}";
+            hostname = "127.0.0.1";
+            port = bridgePort;
+            database = {
+              type = "postgres";
+              uri = "postgres:///mautrix-discord?host=/var/run/postgresql";
+            };
+          };
+
+          bridge = {
+            relay = {
+              enabled = true;
+              admin_only = false;
+            };
+
+            permissions = {
+              "@cholli:${matrixDomain}" = "admin";
+              "${matrixDomain}" = "user";
+            };
+          };
+        };
+      };
+
+      # Give matrix-synapse access to the registration file via group membership
+      users.users.matrix-synapse.extraGroups = [ "mautrix-discord" ];
+    };
+}