nixos-config/machines/renge/services/matrix/mautrix-signal.nix

{ config, lib, pkgs, ... }:
let
  synapseCfg = config.services.matrix-synapse.settings;

  cfg = rec {
    homeserver = {
      address = synapseCfg.public_baseurl;
      domain = synapseCfg.server_name;
    };
    appservice = rec {
      hostname = "127.0.0.1";
      port = 29328;
      address = "http://${hostname}:${toString port}";
      provisioning.shared_secret = "disable";
      database = "postgres:///mautrix-signal";
    };
    signal = {
      enable_disappearing_messages_in_groups = true;
    };
    bridge = {
      contact_list_names = "prefer";
      encryption = {
        allow = true;
        default = true;
      };
      delivery_receipts = true;
      provisioning.enabled = false;
      permissions = {
        # Only one user since using the name from the address book does not
        # work with multiple users
        "@simon:${homeserver.domain}" = "admin";
      };
      location_format = "https://www.openstreetmap.org/?mlat={lat}&mlon={long}";
    };
    logging = {
      version = 1;
      formatters = {
        colored = {
          "()" = "mautrix_signal.util.ColorFormatter";
          format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";
        };
        normal.format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";
      };
      handlers = {
        console = {
          class = "logging.StreamHandler";
          formatter = "colored";
        };
      };
      loggers = {
        mau.level = "INFO";
        aiohttp.level = "INFO";
      };
      root = {
        level = "INFO";
        handlers = [ "console" ];
      };
    };
  };

  generatedConfig = pkgs.runCommandNoCC "mautrix-signal-config" { } ''
    mkdir $out
    cat ${pkgs.writeText "mautrix-signal.yaml" (lib.generators.toYAML { } cfg)} > $out/config.yaml
    ${pkgs.mautrix-signal}/bin/mautrix-signal -c $out/config.yaml -g -r $out/registration.yaml
  '';
in
{
  services.signald = {
    enable = true;
    group = "signald";
  };

  systemd.services.signald.serviceConfig.ExecStart = lib.mkForce "${pkgs.signald}/bin/signald -d /var/lib/signald -s ${config.services.signald.socketPath}";

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "mautrix-signal" ];
    ensureUsers = lib.singleton {
      name = "mautrix-signal";
      ensurePermissions = { "DATABASE \"mautrix-signal\"" = "ALL PRIVILEGES"; };
    };
  };

  systemd.services.mautrix-signal = {
    after = [ "network.target" "matrix-synapse.service" ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
      DynamicUser = true;
      PrivateTmp = true;
      SupplementaryGroups = [ "signald" ];
      StateDirectory = "mautrix-signal";
      WorkingDirectory = "/var/lib/mautrix-signal";
      ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal -c ${generatedConfig}/config.yaml";
      Restart = "on-failure";
    };

    unitConfig = {
      JoinsNamespaceOf = "signald.service";
    };
  };

  services.matrix-synapse.settings.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";
}
renge/mautrix-signal: Init 2022-10-14 08:03:03 +02:00			`{ config, lib, pkgs, ... }:`
			`let`
			`synapseCfg = config.services.matrix-synapse.settings;`

			`cfg = rec {`
			`homeserver = {`
			`address = synapseCfg.public_baseurl;`
			`domain = synapseCfg.server_name;`
			`};`
			`appservice = rec {`
			`hostname = "127.0.0.1";`
			`port = 29328;`
			`address = "http://${hostname}:${toString port}";`
			`provisioning.shared_secret = "disable";`
			`database = "postgres:///mautrix-signal";`
			`};`
			`signal = {`
			`enable_disappearing_messages_in_groups = true;`
			`};`
			`bridge = {`
			`contact_list_names = "prefer";`
			`encryption = {`
			`allow = true;`
			`default = true;`
			`};`
			`delivery_receipts = true;`
			`provisioning.enabled = false;`
			`permissions = {`
			`# Only one user since using the name from the address book does not`
			`# work with multiple users`
			`"@simon:${homeserver.domain}" = "admin";`
			`};`
			`location_format = "https://www.openstreetmap.org/?mlat={lat}&mlon={long}";`
			`};`
			`logging = {`
			`version = 1;`
			`formatters = {`
			`colored = {`
			`"()" = "mautrix_signal.util.ColorFormatter";`
			`format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";`
			`};`
			`normal.format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";`
			`};`
			`handlers = {`
			`console = {`
			`class = "logging.StreamHandler";`
			`formatter = "colored";`
			`};`
			`};`
			`loggers = {`
			`mau.level = "INFO";`
			`aiohttp.level = "INFO";`
			`};`
			`root = {`
			`level = "INFO";`
			`handlers = [ "console" ];`
			`};`
			`};`
			`};`

			`generatedConfig = pkgs.runCommandNoCC "mautrix-signal-config" { } ''`
			`mkdir $out`
			`cat ${pkgs.writeText "mautrix-signal.yaml" (lib.generators.toYAML { } cfg)} > $out/config.yaml`
			`${pkgs.mautrix-signal}/bin/mautrix-signal -c $out/config.yaml -g -r $out/registration.yaml`
			`'';`
			`in`
			`{`
			`services.signald = {`
			`enable = true;`
			`group = "signald";`
			`};`

Drop temporary unstable packages 2022-12-10 14:49:16 +01:00			`systemd.services.signald.serviceConfig.ExecStart = lib.mkForce "${pkgs.signald}/bin/signald -d /var/lib/signald -s ${config.services.signald.socketPath}";`
renge/mautrix-signal: Use unstable package The stable package is broken. 2022-11-12 00:09:22 +01:00
renge/mautrix-signal: Init 2022-10-14 08:03:03 +02:00			`services.postgresql = {`
			`enable = true;`
			`ensureDatabases = [ "mautrix-signal" ];`
			`ensureUsers = lib.singleton {`
			`name = "mautrix-signal";`
			`ensurePermissions = { "DATABASE \"mautrix-signal\"" = "ALL PRIVILEGES"; };`
			`};`
			`};`

			`systemd.services.mautrix-signal = {`
			`after = [ "network.target" "matrix-synapse.service" ];`
			`wantedBy = [ "multi-user.target" ];`

			`serviceConfig = {`
			`DynamicUser = true;`
renge/mautrix-signal: Allow file transfer mautrix-whatsapp places a file in /tmp/ for file transfers. However, signald is running with PrivateTemp=true. This uses systemd’s feature that allows a unit to share a namespace with another one and places mautrix-signal in the same namespace as signald, so they share their private tmp directory. 2022-10-16 15:52:08 +02:00			`PrivateTmp = true;`
renge/mautrix-signal: Init 2022-10-14 08:03:03 +02:00			`SupplementaryGroups = [ "signald" ];`
			`StateDirectory = "mautrix-signal";`
			`WorkingDirectory = "/var/lib/mautrix-signal";`
			`ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal -c ${generatedConfig}/config.yaml";`
			`Restart = "on-failure";`
			`};`
renge/mautrix-signal: Allow file transfer mautrix-whatsapp places a file in /tmp/ for file transfers. However, signald is running with PrivateTemp=true. This uses systemd’s feature that allows a unit to share a namespace with another one and places mautrix-signal in the same namespace as signald, so they share their private tmp directory. 2022-10-16 15:52:08 +02:00
			`unitConfig = {`
			`JoinsNamespaceOf = "signald.service";`
			`};`
renge/mautrix-signal: Init 2022-10-14 08:03:03 +02:00			`};`

			`services.matrix-synapse.settings.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";`
			`}`