DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ba87bb4620c0971a131c73e551c6236bbdb2a6a
cyper-nix/nixos/roles/matrix/meta-bridge.nix
T

126 lines
3.7 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
sops.secrets = {
meta_as_token = {
owner = "mautrix-meta-facebook";
group = "mautrix-meta";
};
meta_hs_token = {
owner = "mautrix-meta-facebook";
group = "mautrix-meta";
};
instagram_as_token = {
owner = "mautrix-meta-instagram";
group = "mautrix-meta";
};
instagram_hs_token = {
owner = "mautrix-meta-instagram";
group = "mautrix-meta";
};
};
systemd.services = {
mautrix-meta-facebook-env = {
before = [ "mautrix-meta-facebook-registration.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /run/mautrix-meta-facebook
echo "META_AS_TOKEN=$(cat ${config.sops.secrets.meta_as_token.path})" > /run/mautrix-meta-facebook/env
echo "META_HS_TOKEN=$(cat ${config.sops.secrets.meta_hs_token.path})" >> /run/mautrix-meta-facebook/env
chmod 600 /run/mautrix-meta-facebook/env
chown mautrix-meta-facebook:mautrix-meta /run/mautrix-meta-facebook/env
'';
};
mautrix-meta-instagram-env = {
before = [ "mautrix-meta-instagram-registration.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /run/mautrix-meta-instagram
echo "INSTAGRAM_AS_TOKEN=$(cat ${config.sops.secrets.instagram_as_token.path})" > /run/mautrix-meta-instagram/env
echo "INSTAGRAM_HS_TOKEN=$(cat ${config.sops.secrets.instagram_hs_token.path})" >> /run/mautrix-meta-instagram/env
chmod 600 /run/mautrix-meta-instagram/env
chown mautrix-meta-instagram:mautrix-meta /run/mautrix-meta-instagram/env
'';
};
mautrix-meta-facebook-registration.serviceConfig.UMask = lib.mkForce "0022";
mautrix-meta-instagram-registration.serviceConfig.UMask = lib.mkForce "0022";
};
services = {
postgresql = {
ensureUsers = [
{
name = "mautrix-meta-facebook";
ensureDBOwnership = true;
}
{
name = "mautrix-meta-instagram";
ensureDBOwnership = true;
}
];
ensureDatabases = [
"mautrix-meta-facebook"
"mautrix-meta-instagram"
];
};
mautrix-meta.instances = {
facebook = {
enable = true;
environmentFile = "/run/mautrix-meta-facebook/env";
settings = {
homeserver = {
address = "http://127.0.0.1:8008";
domain = "cyperpunk.de";
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-facebook?host=/run/postgresql&sslmode=disable";
};
appservice = {
as_token = "$META_AS_TOKEN";
hs_token = "$META_HS_TOKEN";
};
bridge.permissions = {
"cyperpunk.de" = "user";
"@dergrumpf:cyperpunk.de" = "admin";
};
};
};
instagram = {
enable = true;
environmentFile = "/run/mautrix-meta-instagram/env";
settings = {
homeserver = {
address = "http://127.0.0.1:8008";
domain = "cyperpunk.de";
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-instagram?host=/run/postgresql&sslmode=disable";
};
appservice = {
as_token = "$INSTAGRAM_AS_TOKEN";
hs_token = "$INSTAGRAM_HS_TOKEN";
};
bridge.permissions = {
"cyperpunk.de" = "user";
"@dergrumpf:cyperpunk.de" = "admin";
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink