DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Meta Bridge; Exposed Grafana as widget

Browse Source
This commit is contained in:
DerGrumpf
2026-05-27 23:22:24 +02:00
parent d517e877f0
commit 1ba87bb462
4 changed files with 139 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/roles/matrix/default.nix
+1
View File
@@ -11,5 +11,6 @@
./maubot.nix ./maubot.nix
./discord-bridge.nix ./discord-bridge.nix
./whatsapp-bridge.nix ./whatsapp-bridge.nix
./meta-bridge.nix
]; ];
} }
nixos/roles/matrix/meta-bridge.nix
+125
View File
@@ -0,0 +1,125 @@
{ config, lib, ... }:
{
sops.secrets = {
meta_as_token = {
owner = "mautrix-meta-facebook";
group = "mautrix-meta";
};
meta_hs_token = {
owner = "mautrix-meta-facebook";
group = "mautrix-meta";
};
instagram_as_token = {
owner = "mautrix-meta-instagram";
group = "mautrix-meta";
};
instagram_hs_token = {
owner = "mautrix-meta-instagram";
group = "mautrix-meta";
};
};
systemd.services = {
mautrix-meta-facebook-env = {
before = [ "mautrix-meta-facebook-registration.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /run/mautrix-meta-facebook
echo "META_AS_TOKEN=$(cat ${config.sops.secrets.meta_as_token.path})" > /run/mautrix-meta-facebook/env
echo "META_HS_TOKEN=$(cat ${config.sops.secrets.meta_hs_token.path})" >> /run/mautrix-meta-facebook/env
chmod 600 /run/mautrix-meta-facebook/env
chown mautrix-meta-facebook:mautrix-meta /run/mautrix-meta-facebook/env
'';
};
mautrix-meta-instagram-env = {
before = [ "mautrix-meta-instagram-registration.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /run/mautrix-meta-instagram
echo "INSTAGRAM_AS_TOKEN=$(cat ${config.sops.secrets.instagram_as_token.path})" > /run/mautrix-meta-instagram/env
echo "INSTAGRAM_HS_TOKEN=$(cat ${config.sops.secrets.instagram_hs_token.path})" >> /run/mautrix-meta-instagram/env
chmod 600 /run/mautrix-meta-instagram/env
chown mautrix-meta-instagram:mautrix-meta /run/mautrix-meta-instagram/env
'';
};
mautrix-meta-facebook-registration.serviceConfig.UMask = lib.mkForce "0022";
mautrix-meta-instagram-registration.serviceConfig.UMask = lib.mkForce "0022";
};
services = {
postgresql = {
ensureUsers = [
{
name = "mautrix-meta-facebook";
ensureDBOwnership = true;
}
{
name = "mautrix-meta-instagram";
ensureDBOwnership = true;
}
];
ensureDatabases = [
"mautrix-meta-facebook"
"mautrix-meta-instagram"
];
};
mautrix-meta.instances = {
facebook = {
enable = true;
environmentFile = "/run/mautrix-meta-facebook/env";
settings = {
homeserver = {
address = "http://127.0.0.1:8008";
domain = "cyperpunk.de";
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-facebook?host=/run/postgresql&sslmode=disable";
};
appservice = {
as_token = "$META_AS_TOKEN";
hs_token = "$META_HS_TOKEN";
};
bridge.permissions = {
"cyperpunk.de" = "user";
"@dergrumpf:cyperpunk.de" = "admin";
};
};
};
instagram = {
enable = true;
environmentFile = "/run/mautrix-meta-instagram/env";
settings = {
homeserver = {
address = "http://127.0.0.1:8008";
domain = "cyperpunk.de";
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-instagram?host=/run/postgresql&sslmode=disable";
};
appservice = {
as_token = "$INSTAGRAM_AS_TOKEN";
hs_token = "$INSTAGRAM_HS_TOKEN";
};
bridge.permissions = {
"cyperpunk.de" = "user";
"@dergrumpf:cyperpunk.de" = "admin";
};
};
};
};
};
}
nixos/roles/nginx.nix
+4
View File
@@ -81,6 +81,10 @@ in
"/grafana" = { "/grafana" = {
proxyPass = "http://${upstream}:2342"; proxyPass = "http://${upstream}:2342";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = ''
add_header X-Frame-Options "";
add_header Content-Security-Policy "frame-ancestors *";
'';
}; };
}; };
}; };
secrets/secrets.yaml
+9 -5
View File
@@ -19,6 +19,10 @@ coturn_static_auth_secret: ENC[AES256_GCM,data:7AI0E8Hu4WxI5q4j1GqBMSQ+evE006uPM
discord_bot_token: ENC[AES256_GCM,data:j37Qo3FCyRwNFqWSWpnQKCs+AxH5HlQ8U5If7ylHilQoORp8Pb3TtNETTJSjZyvUXllldevAbHrbAEEKnNfoUJx1U8/wl6H0,iv:WQqxFXTE+0LIB2lSvVcnr4LNXPE7uzNc0Kk8NU6Z/aE=,tag:fNeQLhoThEgfa4sSGKLZCw==,type:str] discord_bot_token: ENC[AES256_GCM,data:j37Qo3FCyRwNFqWSWpnQKCs+AxH5HlQ8U5If7ylHilQoORp8Pb3TtNETTJSjZyvUXllldevAbHrbAEEKnNfoUJx1U8/wl6H0,iv:WQqxFXTE+0LIB2lSvVcnr4LNXPE7uzNc0Kk8NU6Z/aE=,tag:fNeQLhoThEgfa4sSGKLZCw==,type:str]
discord_client_id: ENC[AES256_GCM,data:U/iUKXT6Nsl6LRN9lPh1xaIaqw==,iv:k7kQ8rJBrMs3YwD9aDfZ6qhd7H3aVsSPTOwEIxVTw2Y=,tag:2wKhxGbf+P+h3BYeWUSczA==,type:str] discord_client_id: ENC[AES256_GCM,data:U/iUKXT6Nsl6LRN9lPh1xaIaqw==,iv:k7kQ8rJBrMs3YwD9aDfZ6qhd7H3aVsSPTOwEIxVTw2Y=,tag:2wKhxGbf+P+h3BYeWUSczA==,type:str]
discord_pickle_key: ENC[AES256_GCM,data:6j1pBQxmK8kFELSBBeJ0FwzAHz1GTGhxQwrvhlLtiU9+HICBBJqmFra1veZSO4yLchye/yPZ9Ha7oau+SgOI6w==,iv:YcTQQFcfLK33CpZnhEiKkt71e4ziarGKPyt7mmdQ+NA=,tag:AJRD4xYvYOZ0L1Xo+O+aGg==,type:str] discord_pickle_key: ENC[AES256_GCM,data:6j1pBQxmK8kFELSBBeJ0FwzAHz1GTGhxQwrvhlLtiU9+HICBBJqmFra1veZSO4yLchye/yPZ9Ha7oau+SgOI6w==,iv:YcTQQFcfLK33CpZnhEiKkt71e4ziarGKPyt7mmdQ+NA=,tag:AJRD4xYvYOZ0L1Xo+O+aGg==,type:str]
meta_as_token: ENC[AES256_GCM,data:WNkfHIRl9bGdzGRgjE2C9fymA0nX/ginNqRldyygaWw=,iv:BTVB+sf46mEQ/+FXCe4SRgmkfpnO2wnWlpKr/4uQbe0=,tag:qP42MN2qm1Tn6physjLK5g==,type:str]
meta_hs_token: ENC[AES256_GCM,data:BG7sSy0dIxf8EwjIA3rXxRZ+6IRPc2sJKSFXw+aldvY=,iv:gjk3pl/iV6rivxxrnR0jjEiSkmj0Jl5ojsudepKpxtY=,tag:n+BGaHRD+CqfXCbRPtFmfw==,type:str]
instagram_as_token: ENC[AES256_GCM,data:zKAv60IezEYqDEZNOFS5aKgNztBL9JUM9sfTZCD+vkg=,iv:3xCkVfT0S947LzpDzC0N1kuHOBhVaveK3m0cay0DlGc=,tag:NgJq8YN2r6NKj8pwlsgkXA==,type:str]
instagram_hs_token: ENC[AES256_GCM,data:+Lp9PQLUxyn/xS+L/hFcsufF0UxQJTiEd/7su8NmobI=,iv:ad9Urc8CwTfLWWRpUL6/TxfTB7LU8XoPq3kp8ifhfr0=,tag:0KkcdDAB/9rcuIgbLBZAkQ==,type:str]
pg_replication_password: ENC[AES256_GCM,data:w2h07D+j3LNkcbvoKQ2Qp3HSvC2Wf5HRAPAo/HNhmUkHBOaDyILNxo7IDjqajv0jytpG7q4joCJQhS7tEUlA9Q==,iv:26ZurAq61IDqGdAl0yPpoTJElo93hJJIEUlza4DGDNc=,tag:a46FOKgeqEEZE+rC+H9NbQ==,type:str] pg_replication_password: ENC[AES256_GCM,data:w2h07D+j3LNkcbvoKQ2Qp3HSvC2Wf5HRAPAo/HNhmUkHBOaDyILNxo7IDjqajv0jytpG7q4joCJQhS7tEUlA9Q==,iv:26ZurAq61IDqGdAl0yPpoTJElo93hJJIEUlza4DGDNc=,tag:a46FOKgeqEEZE+rC+H9NbQ==,type:str]
kanidm_gitea_secret: ENC[AES256_GCM,data:RavtSb5BaJGwwLB/oGzG/KK2AyV+IzEjihVxnD3/dVnxmxcG+CITIYPLvFUJjmvY,iv:Cg8dAhtJXDvRGULIkpWAyuhhlLEdvN+4lyjHPR/740I=,tag:8kMGrOjXEA4GWSLlP7oIkA==,type:str] kanidm_gitea_secret: ENC[AES256_GCM,data:RavtSb5BaJGwwLB/oGzG/KK2AyV+IzEjihVxnD3/dVnxmxcG+CITIYPLvFUJjmvY,iv:Cg8dAhtJXDvRGULIkpWAyuhhlLEdvN+4lyjHPR/740I=,tag:8kMGrOjXEA4GWSLlP7oIkA==,type:str]
gitea: gitea:
@@ -30,8 +34,7 @@ ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545Q
ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str] ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str]
sops: sops:
age: age:
- recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t - enc: |
enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMVVaazhud2paM29JbEJx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMVVaazhud2paM29JbEJx
aUFnajhSd3NxTzB0MndhRk03WjNvV3BVc0NNCnpxR1pjbXVrZ3RPQkppNHJpQ3pX aUFnajhSd3NxTzB0MndhRk03WjNvV3BVc0NNCnpxR1pjbXVrZ3RPQkppNHJpQ3pX
@@ -39,7 +42,8 @@ sops:
N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-27T19:38:22Z" recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t
mac: ENC[AES256_GCM,data:oHpPWV/tK6nWdqUdzCjyNWW6hhzJpy2QSxvGoTDkk20L8O89K2ee7xfMmFVLYc6t/Kvd4nb12RcwYBV/5EEB9bBtn0IMGILsOKHV74iWYbWF+3Nd1mwtWngKj/ILd4cmMdNmXtRnIv6C4dR1P97ezVRqXqoFg094Pty8BZLmYx0=,iv:YwDNYOjGK31BL7FzlF7g2JqVMYmCEbTILYJeCA1Reig=,tag:Tx7CvuESuTihRYKE5A4aFQ==,type:str] lastmodified: "2026-05-27T20:55:18Z"
mac: ENC[AES256_GCM,data:qHJwYNk4rR37KAKFKGpMfkY/Q3VJ+15yM3cUUaF6/MrHn5BtE6aoV9jjxoXbftTjNTmRRw37M4rVJJjaw+5baWwLrHpBGD5vNJC3HLwH9Mx/UmL9m90dpUWxQN9U5ah3jcg5uZzIZWhC32YNNYiuBz+qK7FwtxgEoXPbxVuh8zM=,iv:QTKO8cF5wIad/yIIs4a4/WC0lxIrCgYNZ9vfMiI28Ic=,tag:cKdCiu9w4pvpxAuMmZxDTA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.2 version: 3.13.1