From dcf492209b5df9bd9690ab7ad5d39c9c0ee28ea0 Mon Sep 17 00:00:00 2001
From: DerGrumpf <phil.keier@hotmail.com>
Date: Thu, 7 May 2026 15:38:05 +0200
Subject: [PATCH] fixed brigde stuff; added maubot

---
 nixos/roles/matrix/default.nix        |  1 +
 nixos/roles/matrix/discord-bridge.nix |  3 +-
 nixos/roles/matrix/maubot.nix         | 46 +++++++++++++++++++++++++++
 nixos/roles/matrix/synapse.nix        |  7 ++++
 4 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 nixos/roles/matrix/maubot.nix

diff --git a/nixos/roles/matrix/default.nix b/nixos/roles/matrix/default.nix
index 8d3f947..de1e2c8 100644
--- a/nixos/roles/matrix/default.nix
+++ b/nixos/roles/matrix/default.nix
@@ -8,6 +8,7 @@
     ./clients.nix
     ./mjolnir.nix
     ./coturn.nix
+    ./maubot.nix
     ./discord-bridge.nix
     ./whatsapp-bridge.nix
   ];
diff --git a/nixos/roles/matrix/discord-bridge.nix b/nixos/roles/matrix/discord-bridge.nix
index 9bcf190..217188b 100644
--- a/nixos/roles/matrix/discord-bridge.nix
+++ b/nixos/roles/matrix/discord-bridge.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 {
   nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
 
@@ -61,4 +61,5 @@
       };
     };
   };
+  systemd.services.mautrix-discord-registration.serviceConfig.UMask = lib.mkForce "0022";
 }
diff --git a/nixos/roles/matrix/maubot.nix b/nixos/roles/matrix/maubot.nix
new file mode 100644
index 0000000..d1066ef
--- /dev/null
+++ b/nixos/roles/matrix/maubot.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+{
+  services = {
+    maubot = {
+      enable = true;
+      plugins = [ config.services.maubot.package.plugins.weather ];
+      settings = {
+        database = "postgresql:///maubot?host=/run/postgresql";
+        homeservers = {
+          "cyperpunk.de" = {
+            url = "https://matrix.cyperpunk.de";
+          };
+        };
+        admins = {
+          root = "";
+          dergrumpf = "$2b$12$62kYoqsSloK3hco/N/EZUupD/JOjTMMVhUf064cqveBJYXGJJF8Hi";
+        };
+        plugin_directories = {
+          upload = "/var/lib/maubot/plugins";
+          load = [ "/var/lib/maubot/plugins" ];
+          trash = "/var/lib/maubot/trash";
+        };
+      };
+    };
+
+    postgresql = {
+      ensureUsers = [
+        {
+          name = "maubot";
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [ "maubot" ];
+    };
+
+    nginx.virtualHosts."cyperpunk.de".locations."/_matrix/maubot/" = {
+      proxyPass = "http://127.0.0.1:29316";
+      proxyWebsockets = true;
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/maubot/plugins 0750 maubot maubot -"
+    "d /var/lib/maubot/trash 0750 maubot maubot -"
+  ];
+}
diff --git a/nixos/roles/matrix/synapse.nix b/nixos/roles/matrix/synapse.nix
index 1715766..ca57fa7 100644
--- a/nixos/roles/matrix/synapse.nix
+++ b/nixos/roles/matrix/synapse.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  lib,
   ...
 }:
 let
@@ -151,4 +152,10 @@ in
       '';
     };
   };
+
+  systemd.services.matrix-synapse.serviceConfig.ReadOnlyPaths = [
+    "/var/lib/mautrix-discord"
+    "/var/lib/mautrix-whatsapp"
+  ];
+
 }