wip: matrix moderation with draupnir
All checks were successful
Flake checks / Check (pull_request) Successful in 5m38s
All checks were successful
Flake checks / Check (pull_request) Successful in 5m38s
This commit is contained in:
parent
57a5ace727
commit
7ca53774ce
17
flake.lock
17
flake.lock
|
@ -360,6 +360,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-draupnir": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1720089221,
|
||||||
|
"narHash": "sha256-8abrPKFI9eqopZ/ewSeSPen4X9bs6xoyvFsfirvbJmk=",
|
||||||
|
"owner": "teutat3s",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "078583b84242644a668ee29e995bce02192dbd16",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "teutat3s",
|
||||||
|
"ref": "draupnir-pr",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717284937,
|
"lastModified": 1717284937,
|
||||||
|
@ -386,6 +402,7 @@
|
||||||
"nixos-flake": "nixos-flake",
|
"nixos-flake": "nixos-flake",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-2205": "nixpkgs-2205",
|
"nixpkgs-2205": "nixpkgs-2205",
|
||||||
|
"nixpkgs-draupnir": "nixpkgs-draupnir",
|
||||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||||
"triton-vmtools": "triton-vmtools",
|
"triton-vmtools": "triton-vmtools",
|
||||||
"unstable": "unstable"
|
"unstable": "unstable"
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05";
|
nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||||
|
nixpkgs-draupnir.url = "github:teutat3s/nixpkgs/draupnir-pr";
|
||||||
|
|
||||||
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
self.nixosModules.tmate
|
self.nixosModules.tmate
|
||||||
self.nixosModules.obs-portal
|
self.nixosModules.obs-portal
|
||||||
self.nixosModules.matrix
|
self.nixosModules.matrix
|
||||||
|
self.nixosModules.matrix-draupnir
|
||||||
self.nixosModules.matrix-irc
|
self.nixosModules.matrix-irc
|
||||||
self.nixosModules.matrix-telegram
|
self.nixosModules.matrix-telegram
|
||||||
self.nixosModules.nginx-matrix
|
self.nixosModules.nginx-matrix
|
||||||
|
|
24
modules/matrix-draupnir/default.nix
Normal file
24
modules/matrix-draupnir/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ config, flake, ... }:
|
||||||
|
{
|
||||||
|
imports = [ "${flake.inputs.nixpkgs-draupnir}/nixos/modules/services/matrix/draupnir.nix" ];
|
||||||
|
|
||||||
|
disabledModules = [ "services/matrix/draupnir.nix" ];
|
||||||
|
|
||||||
|
age.secrets."matrix-draupnir-access-token" = {
|
||||||
|
file = "${flake.self}/secrets/matrix-draupnir-access-token.age";
|
||||||
|
mode = "640";
|
||||||
|
owner = "root";
|
||||||
|
group = "draupnir";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.draupnir = {
|
||||||
|
enable = true;
|
||||||
|
accessTokenFile = config.age.secrets.matrix-draupnir-access-token.path;
|
||||||
|
# https://github.com/the-draupnir-project/Draupnir/blob/main/config/default.yaml
|
||||||
|
settings = {
|
||||||
|
homeserverUrl = "http://localhost:8008";
|
||||||
|
managementRoom = "#moderators:pub.solar";
|
||||||
|
protectAllJoinedRooms = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -248,6 +248,29 @@ in
|
||||||
# "/matrix-mautrix-signal-registration.yaml"
|
# "/matrix-mautrix-signal-registration.yaml"
|
||||||
# "/matrix-mautrix-telegram-registration.yaml"
|
# "/matrix-mautrix-telegram-registration.yaml"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
modules = [
|
||||||
|
{
|
||||||
|
module = "mjolnir.Module";
|
||||||
|
config = {
|
||||||
|
# Prevent servers/users in the ban lists from inviting users on this
|
||||||
|
# server to rooms. Default true.
|
||||||
|
block_invites = true;
|
||||||
|
# Flag messages sent by servers/users in the ban lists as spam. Currently
|
||||||
|
# this means that spammy messages will appear as empty to users. Default
|
||||||
|
# false.
|
||||||
|
block_messages = false;
|
||||||
|
# Remove users from the user directory search by filtering matrix IDs and
|
||||||
|
# display names by the entries in the user ban list. Default false.
|
||||||
|
block_usernames = false;
|
||||||
|
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
|
||||||
|
# this list cannot be room aliases or permalinks. This server is expected
|
||||||
|
# to already be joined to the room - Mjolnir will not automatically join
|
||||||
|
# these rooms.
|
||||||
|
ban_lists = [ "!roomid:example.org" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
withJemalloc = true;
|
withJemalloc = true;
|
||||||
|
@ -269,7 +292,10 @@ in
|
||||||
"redis"
|
"redis"
|
||||||
];
|
];
|
||||||
|
|
||||||
plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ];
|
plugins = with config.services.matrix-synapse.package.plugins; [
|
||||||
|
matrix-synapse-shared-secret-auth
|
||||||
|
matrix-synapse-mjolnir-antispam
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-sliding-sync = {
|
services.matrix-sliding-sync = {
|
||||||
|
|
|
@ -10,8 +10,10 @@
|
||||||
final: prev:
|
final: prev:
|
||||||
let
|
let
|
||||||
unstable = import inputs.unstable { system = prev.system; };
|
unstable = import inputs.unstable { system = prev.system; };
|
||||||
|
nixpkgs-draupnir = import inputs.nixpkgs-draupnir { system = prev.system; };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
draupnir = nixpkgs-draupnir.draupnir;
|
||||||
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
||||||
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
||||||
inherit (inputs) element-stickers maunium-stickerpicker;
|
inherit (inputs) element-stickers maunium-stickerpicker;
|
||||||
|
|
BIN
secrets/matrix-draupnir-access-token.age
Normal file
BIN
secrets/matrix-draupnir-access-token.age
Normal file
Binary file not shown.
|
@ -46,6 +46,7 @@ in
|
||||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"matrix-draupnir-access-token.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue