forked from pub-solar/infra
wip: matrix moderation
This commit is contained in:
parent
0deb8eb6be
commit
5b4b60542c
47
hosts/nachtigall/apps/matrix/mjolnir.nix
Normal file
47
hosts/nachtigall/apps/matrix/mjolnir.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{ lib, flake, ... }:
|
||||||
|
{
|
||||||
|
age.secrets."matrix-mjolnir-password" = {
|
||||||
|
file = "${flake.self}/secrets/matrix-mjolnir-password.age";
|
||||||
|
mode = "640";
|
||||||
|
owner = "root";
|
||||||
|
group = "mjolnir";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Adopted from:
|
||||||
|
# https://github.com/NixOS/nixos-org-configurations/blob/42ab3d94c0b5995f2ea05eb0b20b4759192c01ff/non-critical-infra/modules/mjolnir.nix
|
||||||
|
#
|
||||||
|
# pantalaimon takes ages to start up, so mjolnir could hit the systemd burst
|
||||||
|
# limit and then just be down forever. We don't want mjolnir to ever go down,
|
||||||
|
# so disable rate-limiting and allow it to flap until pantalaimon is alive.
|
||||||
|
systemd.services.mjolnir.serviceConfig.Restart = lib.mkForce "always";
|
||||||
|
systemd.services.mjolnir.serviceConfig.RestartSec = 3;
|
||||||
|
systemd.services.mjolnir.unitConfig.StartLimitIntervalSec = 0;
|
||||||
|
|
||||||
|
services.pantalaimon-headless.instances.mjolnir.listenAddress = "127.0.0.1";
|
||||||
|
|
||||||
|
services.mjolnir = {
|
||||||
|
enable = true;
|
||||||
|
homeserverUrl = "https://matrix.pub.solar:443";
|
||||||
|
|
||||||
|
pantalaimon = {
|
||||||
|
enable = true;
|
||||||
|
username = "mjolnir";
|
||||||
|
passwordFile = "/run/agenix/matrix-mjolnir-password";
|
||||||
|
options = {
|
||||||
|
listenAddress = "127.0.0.1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
managementRoom = "#moderators:pub.solar";
|
||||||
|
|
||||||
|
# https://github.com/matrix-org/mjolnir/blob/master/config/default.yaml
|
||||||
|
settings = {
|
||||||
|
noop = false;
|
||||||
|
protectAllJoinedRooms = true;
|
||||||
|
fasterMembershipChecks = true;
|
||||||
|
|
||||||
|
# too noisy
|
||||||
|
verboseLogging = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -254,6 +254,31 @@ in
|
||||||
# "/matrix-mautrix-signal-registration.yaml"
|
# "/matrix-mautrix-signal-registration.yaml"
|
||||||
# "/matrix-mautrix-telegram-registration.yaml"
|
# "/matrix-mautrix-telegram-registration.yaml"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
modules = [
|
||||||
|
{
|
||||||
|
module = "mjolnir.Module";
|
||||||
|
config = {
|
||||||
|
# Prevent servers/users in the ban lists from inviting users on this
|
||||||
|
# server to rooms. Default true.
|
||||||
|
block_invites = true;
|
||||||
|
# Flag messages sent by servers/users in the ban lists as spam. Currently
|
||||||
|
# this means that spammy messages will appear as empty to users. Default
|
||||||
|
# false.
|
||||||
|
block_messages = false;
|
||||||
|
# Remove users from the user directory search by filtering matrix IDs and
|
||||||
|
# display names by the entries in the user ban list. Default false.
|
||||||
|
block_usernames = false;
|
||||||
|
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
|
||||||
|
# this list cannot be room aliases or permalinks. This server is expected
|
||||||
|
# to already be joined to the room - Mjolnir will not automatically join
|
||||||
|
# these rooms.
|
||||||
|
ban_lists = [
|
||||||
|
"!roomid:example.org"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
withJemalloc = true;
|
withJemalloc = true;
|
||||||
|
@ -275,8 +300,9 @@ in
|
||||||
"redis"
|
"redis"
|
||||||
];
|
];
|
||||||
|
|
||||||
plugins = [
|
plugins = with config.services.matrix-synapse.package.plugins; [
|
||||||
config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth
|
matrix-synapse-shared-secret-auth
|
||||||
|
matrix-synapse-mjolnir-antispam
|
||||||
];
|
];
|
||||||
|
|
||||||
sliding-sync = {
|
sliding-sync = {
|
||||||
|
|
25
secrets/matrix-mjolnir-password.age
Normal file
25
secrets/matrix-mjolnir-password.age
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg k0qY4jLPEdz8HDYS8Ubh5sUp+BidUJ9j3nPYqxwYwX0
|
||||||
|
ZWqonJ8wEFkt7iC4I6RzoVMcRRaK5yjFORz2ysTzrp4
|
||||||
|
-> ssh-ed25519 uYcDNw 4GC7Rc2iDtDKNObkZGzt6TLhY49SkYNSz4JbZtKva04
|
||||||
|
Z4q6od9qzaN28tizJhoO/lm1U2ymnu1hbUWoAMtNM+8
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
KNQhAEi5o9kk+EljFMRXjNoWa3xY+QEq3OaCkqkuEpr65wPmtrjVq/eMxAX31SgU
|
||||||
|
EwIjUlBf3XsdAZkYmrItBuPgwxKBClDhnOHZQS6GowYPOW+CDNlRzcp947kfCcdG
|
||||||
|
ZrbrMZb/zwqDNijOgjh1zn6kdaX2clp3wA5GdLP1pSRRBQWh7ZkGQkgiyQSLIHWu
|
||||||
|
nfo/liBJ6qMAGtVwlAHcYhQDiYsYoquRvQ7TsgdQtu9NPmKhwjWbpEaJSt7AMC2y
|
||||||
|
e9B8Lp46oPZHCptPqMBpvi5SPxg9X0wvj9Vg+3OG+dn0zvQmyTtEHq15I9MKSPCB
|
||||||
|
oNVgvrgEcgaKxMdJCqFdbCj5I+eyZZc9tHTggSzSLAYHzoY3TbYx6TOpeHbub3lc
|
||||||
|
cBCnbNTRwQCNQoBLXAKIkhcIv968D3RvtY5lPdQdU7MoW5GFHy67vmERMDBVCiYI
|
||||||
|
29HSxdLGTLUKOgzLdR0pxQnRPSdxEBw06gHRP3q6MDXH066Of5e/RRqvYzJX1VlH
|
||||||
|
cMhJjGTVZNnqP3RIVg1FMLfz6uooki8J9w42JOa9VVB3Zf5ics8vf7m3EObcHXL9
|
||||||
|
B/Wh6oy9L+q6vZHs8ix5cHmIQA3GLsSsdQ2NimVG+YO9zwUPq9MNqPpoZfXH+wa6
|
||||||
|
gUpANLeJjYzuo0Ob0gDMHSaFBfuyn1MxPipbccgnXG4
|
||||||
|
-> ssh-ed25519 YFSOsg AiVh32W3+y52eDKrMBU0qjertV661tD8jqb8q4ZAyy8
|
||||||
|
zIN8hgZ4ynWAt/HOcY4zzYHZUmeBNyk0TgtmztkGXi4
|
||||||
|
-> ssh-ed25519 iHV63A EfbQmp++H8mgZzmYpsrZNRo2tfRurA66Z7fk4NQuzxM
|
||||||
|
e6pH0+P/rtCPNcsuIZKop2RTd9eSv3hPcReNaZ/GkTs
|
||||||
|
-> ssh-ed25519 BVsyTA ngQM3zUSkkt855E1MI25RuEWRYqaMVstY338Tq/n8yM
|
||||||
|
wWtAV3MI0jQ9rlgeIO5DbPv0INH2KgV5Ic9NbXyNPDk
|
||||||
|
--- JAi1rNmpk8X4L+TLJfqZ5r+AyFVd/rkUHBA/Mjjde3I
|
||||||
|
ŸDO)SöÿøþxÞ±ªyµö|—3¨~ý`2æ*ʆ• Ôëý<C3AB>îè¶ÀÝ£Ðû¶Ë£'aAâfXFçÈÉÝðáäQXv[ï&a!úL©Í ª
|
|
@ -46,6 +46,7 @@ in
|
||||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"matrix-mjolnir-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
Loading…
Reference in a new issue