From f56fd8dccc84ac5d53ecdb811a553610b4ddd723 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sun, 29 Oct 2023 13:45:51 +0100 Subject: [PATCH] WIP: Add matrix-hookshot --- .../apps/matrix/matrix-hookshot.nix | 112 ++++++++++++++++++ secrets/matrix-hookshot-registration.yaml.age | Bin 0 -> 1824 bytes secrets/secrets.nix | 1 + 3 files changed, 113 insertions(+) create mode 100644 hosts/nachtigall/apps/matrix/matrix-hookshot.nix create mode 100644 secrets/matrix-hookshot-registration.yaml.age diff --git a/hosts/nachtigall/apps/matrix/matrix-hookshot.nix b/hosts/nachtigall/apps/matrix/matrix-hookshot.nix new file mode 100644 index 0000000..d2b44c7 --- /dev/null +++ b/hosts/nachtigall/apps/matrix/matrix-hookshot.nix @@ -0,0 +1,112 @@ +{ flake, pkgs, ...}:{ + + age.secrets."matrix-hookshot-registration.yaml" = { + file = "${flake.self}/secrets/matrix-hookshot-registration.yaml.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + + configFile = '' + bot: + avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d + displayname: Hookshot Bot + bridge: + bindAddress: 0.0.0.0 + domain: test.pub.solar + mediaUrl: http://matrix-nginx-proxy:12080 + port: 9993 + url: http://matrix-nginx-proxy:12080 + feeds: + enabled: true + pollIntervalSeconds: 600 + pollTimeoutSeconds: 30 + generic: + allowJsTransformationFunctions: true + enableHttpGet: false + enabled: true + urlPrefix: https://matrix.test.pub.solar/hookshot/webhooks + userIdPrefix: _webhooks_ + waitForComplete: false + gitlab: + instances: + gitlab.com: + url: https://gitlab.com + webhook: + secret: "" + listeners: + - bindAddress: 0.0.0.0 + port: 9000 + resources: + - webhooks + - bindAddress: 0.0.0.0 + port: 9002 + resources: + - provisioning + - bindAddress: 0.0.0.0 + port: 9003 + resources: + - widgets + logging: + level: warn + metrics: + enabled: false + passFile: /data/passkey.pem + permissions: + - actor: pub.solar + services: + - level: commands + service: '*' + - actor: '@axeman:pub.solar' + services: + - level: admin + service: '*' + - actor: '@b12f:pub.solar' + services: + - level: admin + service: '*' + - actor: '@hensoko:pub.solar' + services: + - level: admin + service: '*' + - actor: '@teutat3s:pub.solar' + services: + - level: admin + service: '*' + provisioning: + secret: 1acb44197a5a6d52c6cff38ea07433bfbfe9a83313a6bade + widgets: + addToAdminRooms: false + branding: + widgetTitle: Hookshot Configuration + publicUrl: https://matrix.pub.solar/hookshot/widgetapi/v1/static + roomSetupWidget: + addOnInvite: false + ''; + + systemd.services.matrix-hookshot = { + description = "Matrix-Hookshot, a bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. "; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + + DynamicUser = true; + PrivateTmp = true; + UMask = "0027"; + + ExecStart = '' + ${pkgs.matrix-hookshot}/bin/matrix-hookshot + ''; + }; + }; +} diff --git a/secrets/matrix-hookshot-registration.yaml.age b/secrets/matrix-hookshot-registration.yaml.age new file mode 100644 index 0000000000000000000000000000000000000000..11189a2c3944f0f388fe50a15e49db68fb8aab1c GIT binary patch literal 1824 zcmZA0{qNia0mpF=G_2$6z=3liBh;crkk*NX4=0ZZ48XS9!U*`N_zw9q~ zC7*oWy46m$UBjPwV`u2zHS{egN&(3Yi6F3(Z8M$8r1A-;Sm{oz1g6Mr#6lrWP?H{M zXl1C<4eVf&mo-Dmk&e(7{gH_)RT~3_h|KrgZa*iE=x(S%)t2ALhGDP7$=PwY?iOVW z?Wv=>pj%gJp=K2MNrG@=N*Xt?F{{?7enB2my{y@H7_&qB>Qo1(rFN?b=Cfd(1E#$e z8qGSoXyoH|r>O}+rI)I}QGVpM2UBgBaqz)7Zg4t_U)KCUPxQ#54C4R~`(#ry;IivQ z)ocT_h`LHa_BIHz>1m13zf(Vh6;g^Mp>at6sh#fIY1C3Q5>U$*LTW_ znX6EBkg-6`>hx!*EcN3)tEC-3qm-MLfe5raoLMypB(-TVU7@^22Ox)Oi4)v-CMr=d zAXVJNsIDXVUI~c`r9O(~8v>ij+K5;3XbLS4piqxMHjl%|lx-+2pe&_IhKb<4*pC~Q zAvvX1RVG_~s2Jqha>X~fQocmL>7lj;n0yE9`XqrhZIvm8 zq7zF+14F5lr6ZMYsYx?bBT8|D(5VVm1+!|_pgrjD)`0Cd@{I@ravsR=I!Fa3tJL$v zwAG1vMVo?@q3WSH3Civ?N5^(dBSn$xFlpYNg`?Q>1(B=e`-})6qmD~!7BMUc9_tn~ zNEZ31SFIO02ti1X4S6>=;lyS2|b0nT?Ys7upLkxzDA;a&X$p! zO7fIf*H|JiWWy8=)xjy5qw+1(;;z()S};@ags%4xZ=hsEx6ZT0xX~7bfh*}WG3Z5N zzAm=nm|}giS(yw0xa^IqHHOLKtewp?V=}x{8rf1tb`XJetIyP+4C}}JMj8FTw#l0$ zEx)Y??L=L5M$O75Dxu#-txv3NOXXx@3kVRB4q5()<|nEL!k96Uxt7)vt3WcDO!UOz zj3dxkVzQ#rCSYG71&mbFbcAJSn2WUh*a{~qR~T5p`Twr})`4@6Z9UC2mrexxUflJR z|MaR2H=56F%ddM=xp>q#edn*%X>$u-%;qor^qzm5+`0eE7rrlkNPgS(CdmBN;< zZ%yxbEc_?XUUy`6-w)=Z=XcphU-+RMp>X1@ zdjjt4+TYl#-?v`B?exFm-6zTmhu*mL58qr^c>lA>kAAl5*tI)8eCX&W4=-+fa>J8n z;0OOx`0;bAm+yZ2OE0~~JhFfLjuV>}SD5)Vzx?2i=(=U<&aF3G_w?~rjVX{f&RK^G tE1sBNdS&I~bHC&F9@=xaMSpzPyPtpJz|u3n-@W;}_x^qLn}5L`_#g6Domv0@ literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7baeeae..0a4d589 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,6 +44,7 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + "matrix-hookshot-registration.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;