Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

loptland: init mautrix-bridge

Browse source
This commit is contained in:
Christoph Hollizeck 2026-03-26 15:12:07 +01:00
parent ff78e01175
commit 8fab0c421c
5 changed files with 122 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/hosts/loptland/default.nix
View file

@ -32,6 +32,7 @@ topLevel: {
# services # services
matrix-synapse matrix-synapse
mautrix-discord
# game server # game server
minecraft-server minecraft-server

2
modules/server/acme.nix
View file

@ -44,7 +44,7 @@ topLevel: {
inherit (topLevel.config.flake.meta.users.cholli) email; inherit (topLevel.config.flake.meta.users.cholli) email;
group = lib.mkIf config.services.nginx.enable "nginx"; group = lib.mkIf config.services.nginx.enable "nginx";
reloadServices = lib.mkIf config.services.nginx.enable "nginx.service"; reloadServices = lib.mkIf config.services.nginx.enable [ "nginx.service" ];
dnsProvider = "netcup"; dnsProvider = "netcup";
environmentFile = config.sops.templates."netcup.env".path; environmentFile = config.sops.templates."netcup.env".path;

18
modules/server/matrix-synapse.nix
View file

@ -1,6 +1,6 @@
{ {
flake.modules.nixos.matrix-synapse = flake.modules.nixos.matrix-synapse =
{ config, ... }: { config, pkgs, lib, ... }:
let let
domainName = "alwayssleepy.online"; domainName = "alwayssleepy.online";
matrixPort = 8008; matrixPort = 8008;
@ -40,13 +40,15 @@
User = "postgres"; User = "postgres";
RemainAfterExit = true; RemainAfterExit = true;
}; };
script = '' script =
COLLATION=$(psql -tAc "SELECT datcollate FROM pg_database WHERE datname = 'matrix-synapse'") let psql = lib.getExe' pkgs.postgresql "psql"; in
if [ "$COLLATION" != "C" ]; then ''
psql -c "DROP DATABASE \"matrix-synapse\"" COLLATION=$(${psql} -tAc "SELECT datcollate FROM pg_database WHERE datname = 'matrix-synapse'")
psql -c "CREATE DATABASE \"matrix-synapse\" ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0 OWNER \"matrix-synapse\"" if [ "$COLLATION" != "C" ]; then
fi ${psql} -c "DROP DATABASE \"matrix-synapse\""
''; ${psql} -c "CREATE DATABASE \"matrix-synapse\" ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0 OWNER \"matrix-synapse\""
fi
'';
}; };
services.matrix-synapse = { services.matrix-synapse = {

105
modules/server/mautrix-discord.nix Normal file
View file

@ -0,0 +1,105 @@
{
flake.modules.nixos.mautrix-discord =
{
config,
pkgs,
lib,
...
}:
let
matrixDomain = "alwayssleepy.online";
bridgePort = 29334;
sopsFile = ../../secrets/secrets-loptland.yaml;
in
{
sops.secrets."matrix/mautrix-discord/botToken" = {
inherit sopsFile;
owner = "mautrix-discord";
};
sops.templates."mautrix-discord.env" = {
owner = "mautrix-discord";
content = ''
MAUTRIX_DISCORD_DISCORD_BOT_TOKEN=${config.sops.placeholder."matrix/mautrix-discord/botToken"}
'';
};
services.postgresql = {
ensureDatabases = [ "mautrix-discord" ];
ensureUsers = [
{
name = "mautrix-discord";
ensureDBOwnership = true;
}
];
};
# mautrix-discord (like matrix-synapse) requires C collation
systemd.services."mautrix-discord-db-setup" = {
description = "Set up mautrix-discord PostgreSQL database with C collation";
wantedBy = [ "mautrix-discord.service" ];
before = [ "mautrix-discord.service" ];
after = [
"postgresql.service"
"postgresql-setup.service"
];
requires = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
};
script =
let
psql = lib.getExe' pkgs.postgresql "psql";
in
''
COLLATION=$(${psql} -tAc "SELECT datcollate FROM pg_database WHERE datname = 'mautrix-discord'")
if [ "$COLLATION" != "C" ]; then
${psql} -c "DROP DATABASE \"mautrix-discord\""
${psql} -c "CREATE DATABASE \"mautrix-discord\" ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0 OWNER \"mautrix-discord\""
fi
'';
};
# mautrix-discord depends on libolm which is deprecated/insecure upstream.
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
services.mautrix-discord = {
enable = true;
environmentFile = config.sops.templates."mautrix-discord.env".path;
settings = {
homeserver = {
address = "http://localhost:${toString 8008}";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:${toString bridgePort}";
hostname = "127.0.0.1";
port = bridgePort;
database = {
type = "postgres";
uri = "postgres:///mautrix-discord?host=/var/run/postgresql";
};
};
bridge = {
relay = {
enabled = true;
admin_only = false;
};
permissions = {
"@cholli:${matrixDomain}" = "admin";
"${matrixDomain}" = "user";
};
};
};
};
# Give matrix-synapse access to the registration file via group membership
users.users.matrix-synapse.extraGroups = [ "mautrix-discord" ];
};
}

8
secrets/secrets-loptland.yaml
View file

@ -22,6 +22,8 @@ hydra:
private-key: ENC[AES256_GCM,data:FqdXFj4/leKNtNJ1H1sBnb/Gnso9soaLtdUToMsx3O6LAn2smdkFrguY9EESm+o1nIBWwc1S2cE/sfH8FR89NWbyfCDTsQLHRIIEYMS2kKLv7hqqdsmyQojW38TnUYtSo5W1V9pdmeYuotUrM7bPmW/Io/7/G/vW6LxtI7Mx1qT7OXnyEJVYsvY6TtJitWO0/jGUAGOyvu/+YhV4yRmArM2kjT+iYb8/dN0HpqCwo6aLvY7ctAA6ggESciuovEtUMv19y+RpMUaHxloziM3SFz/GjXekrqtPGDkCUusSChXuhzfmZDoz4dzNnkKn8HsmxzByzaTyNH9kCxzNV7vULTKi6/O4ny64FOk6pjymz2Yv6pK+pm3tP2wrPwynn3C1giwFCGn+2Nazixj4g4wd5iSFwNeAsDbLU0b3YN/NgQv0TeKGXR01Xgqvt06vtAnkpu8byPBUX5cz15kJckeztVHYCQyz6Uthk6NN+ScLok1z3I7Vn37KsF0Ka7k22aPMwXLLKkfEneavT41x1VNBq7Nedf9EFjjUG8S7,iv:mTlEphmcoFMv7dxIeSpsi77e3CJULcXxcOF1Nq66mUM=,tag:K2aGpaw2xeEj8537kB/cGA==,type:str] private-key: ENC[AES256_GCM,data:FqdXFj4/leKNtNJ1H1sBnb/Gnso9soaLtdUToMsx3O6LAn2smdkFrguY9EESm+o1nIBWwc1S2cE/sfH8FR89NWbyfCDTsQLHRIIEYMS2kKLv7hqqdsmyQojW38TnUYtSo5W1V9pdmeYuotUrM7bPmW/Io/7/G/vW6LxtI7Mx1qT7OXnyEJVYsvY6TtJitWO0/jGUAGOyvu/+YhV4yRmArM2kjT+iYb8/dN0HpqCwo6aLvY7ctAA6ggESciuovEtUMv19y+RpMUaHxloziM3SFz/GjXekrqtPGDkCUusSChXuhzfmZDoz4dzNnkKn8HsmxzByzaTyNH9kCxzNV7vULTKi6/O4ny64FOk6pjymz2Yv6pK+pm3tP2wrPwynn3C1giwFCGn+2Nazixj4g4wd5iSFwNeAsDbLU0b3YN/NgQv0TeKGXR01Xgqvt06vtAnkpu8byPBUX5cz15kJckeztVHYCQyz6Uthk6NN+ScLok1z3I7Vn37KsF0Ka7k22aPMwXLLKkfEneavT41x1VNBq7Nedf9EFjjUG8S7,iv:mTlEphmcoFMv7dxIeSpsi77e3CJULcXxcOF1Nq66mUM=,tag:K2aGpaw2xeEj8537kB/cGA==,type:str]
matrix: matrix:
registrationSharedSecret: ENC[AES256_GCM,data:6IBlAfQhWlywWo/l8u5gAfW7bTgXwrAyk8WBBWkJQK+FL9LvUU5hDscozHrPIiRRzZdyeoAZ7phirDk3kN9E6Q==,iv:arZaxnIEUU3psaV8PqKAb46nlq73r2SAVlmCY+y+HB0=,tag:X/zsAtryEfl2PHKQ6GQfbg==,type:str] registrationSharedSecret: ENC[AES256_GCM,data:6IBlAfQhWlywWo/l8u5gAfW7bTgXwrAyk8WBBWkJQK+FL9LvUU5hDscozHrPIiRRzZdyeoAZ7phirDk3kN9E6Q==,iv:arZaxnIEUU3psaV8PqKAb46nlq73r2SAVlmCY+y+HB0=,tag:X/zsAtryEfl2PHKQ6GQfbg==,type:str]
mautrix-discord:
botToken: ENC[AES256_GCM,data:IrYMnUNorLK8853LXubpaXX2LwKbtlsdQzDHoeUq1VLyeH6Kz2CdnOV7UfuR4I0oEXBvw16PS+aBqjQCLcWGgXdTInEmq7lJ,iv:FmPlP1ZTdTTVcJeO0sKwiyaJ9KrZ8jbbyEiCK+O2XuI=,tag:Z+gVRNC34XV2OAUJcburIQ==,type:str]
sops: sops:
age: age:
- recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
@ -42,7 +44,7 @@ sops:
czdSTjNGSEpURlZEUTlIaUtGQUk5cW8KvylMTgtmHNvGnN7DonAsYQZB31mVli75 czdSTjNGSEpURlZEUTlIaUtGQUk5cW8KvylMTgtmHNvGnN7DonAsYQZB31mVli75
3OTN+mOetq2YNxh/Se7vqzwbZnshfTDk9nJi9bKZQhBt2nYR8eLRkg== 3OTN+mOetq2YNxh/Se7vqzwbZnshfTDk9nJi9bKZQhBt2nYR8eLRkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-26T10:22:50Z" lastmodified: "2026-03-26T12:52:45Z"
mac: ENC[AES256_GCM,data:RFNQKhb5AGMNZuZ8efT8s2/DrwOaN+Lge4M2a36NOzuNJ4xTI3Xcp0vEqpARplF9PSBZ64asWYqu4e21+KfS76Is6EaSyvfUc53QoX38zjn6S7EobiVwkCXcEfOAXOd14qqQNOBHcC4ELI5Ah0N7x/iYjX2+BYILQQCcgAGnbDE=,iv:/vJ7JsiP8adC5IUBYod/iHA3qQtDfrV9fmaglZyzQCA=,tag:vy9FfzKXSCCBM3cVMcAcfQ==,type:str] mac: ENC[AES256_GCM,data:ObHBFxdJlDrJJY9y+yRAJ+7lnBbIpAzV53Jc6BR5lvuwywu1LgPTigqs2YgK8Nnl7GSsW84s4ewN+aYj5UANx47iylSCyIQmfLz56d8r6REjNtH/hnRyoR7s2tFHE8FYlsW9P2PNSNBkjkPovWrPBejZ4ZmZdhaXbCx/13tJXU8=,iv:X6FyE7S5uo0fwluFtpUraiLJQ4FMbAMBiMaaggPaWdY=,tag:VEHWZ8QMGulYs0h+Q1CAvA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.2