Compare commits
3 commits
main
...
feat/matri
Author | SHA1 | Date | |
---|---|---|---|
teutat3s | 977a9c0758 | ||
Benjamin Bädorf | 63041ec805 | ||
Akshay Mankar | f56fd8dccc |
112
hosts/nachtigall/apps/matrix/matrix-hookshot.nix
Normal file
112
hosts/nachtigall/apps/matrix/matrix-hookshot.nix
Normal file
|
@ -0,0 +1,112 @@
|
|||
{ flake, pkgs, ...}:{
|
||||
|
||||
age.secrets."matrix-hookshot-registration.yaml" = {
|
||||
file = "${flake.self}/secrets/matrix-hookshot-registration.yaml.age";
|
||||
mode = "400";
|
||||
owner = "matrix-synapse";
|
||||
};
|
||||
|
||||
configFile = ''
|
||||
bot:
|
||||
avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
|
||||
displayname: Hookshot Bot
|
||||
bridge:
|
||||
bindAddress: 0.0.0.0
|
||||
domain: test.pub.solar
|
||||
mediaUrl: http://matrix-nginx-proxy:12080
|
||||
port: 9993
|
||||
url: http://matrix-nginx-proxy:12080
|
||||
feeds:
|
||||
enabled: true
|
||||
pollIntervalSeconds: 600
|
||||
pollTimeoutSeconds: 30
|
||||
generic:
|
||||
allowJsTransformationFunctions: true
|
||||
enableHttpGet: false
|
||||
enabled: true
|
||||
urlPrefix: https://matrix.test.pub.solar/hookshot/webhooks
|
||||
userIdPrefix: _webhooks_
|
||||
waitForComplete: false
|
||||
gitlab:
|
||||
instances:
|
||||
gitlab.com:
|
||||
url: https://gitlab.com
|
||||
webhook:
|
||||
secret: ""
|
||||
listeners:
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9000
|
||||
resources:
|
||||
- webhooks
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9002
|
||||
resources:
|
||||
- provisioning
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9003
|
||||
resources:
|
||||
- widgets
|
||||
logging:
|
||||
level: warn
|
||||
metrics:
|
||||
enabled: false
|
||||
passFile: /data/passkey.pem
|
||||
permissions:
|
||||
- actor: pub.solar
|
||||
services:
|
||||
- level: commands
|
||||
service: '*'
|
||||
- actor: '@axeman:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@b12f:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@hensoko:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@teutat3s:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
provisioning:
|
||||
secret: 1acb44197a5a6d52c6cff38ea07433bfbfe9a83313a6bade
|
||||
widgets:
|
||||
addToAdminRooms: false
|
||||
branding:
|
||||
widgetTitle: Hookshot Configuration
|
||||
publicUrl: https://matrix.pub.solar/hookshot/widgetapi/v1/static
|
||||
roomSetupWidget:
|
||||
addOnInvite: false
|
||||
'';
|
||||
|
||||
systemd.services.matrix-hookshot = {
|
||||
description = "Matrix-Hookshot, a bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. ";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
|
||||
DynamicUser = true;
|
||||
PrivateTmp = true;
|
||||
UMask = "0027";
|
||||
|
||||
ExecStart = ''
|
||||
${pkgs.matrix-hookshot}/bin/matrix-hookshot
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,10 +6,10 @@ let
|
|||
add_header X-XSS-Protection "1; mode=block";
|
||||
'';
|
||||
clientConfig = import ./matrix/element-client-config.nix;
|
||||
wellKnownClient = {
|
||||
"m.homeserver".base_url = "https://matrix.pub.solar";
|
||||
"m.identity_server".base_url = "https://matrix.pub.solar";
|
||||
"org.matrix.msc3575.proxy".url = "https://matrix.pub.solar/sliding-sync";
|
||||
wellKnownClient = domain: {
|
||||
"m.homeserver".base_url = "https://matrix.${domain}";
|
||||
"m.identity_server".base_url = "https://matrix.${domain}";
|
||||
"org.matrix.msc3575.proxy".url = "https://matrix.${domain}/sliding-sync";
|
||||
"im.vector.riot.e2ee".default = true;
|
||||
"io.element.e2ee" = {
|
||||
default = true;
|
||||
|
@ -19,21 +19,21 @@ let
|
|||
"m.integrations" = {
|
||||
managers = [
|
||||
{
|
||||
api_url = "https://dimension.pub.solar/api/v1/scalar";
|
||||
ui_url = "https://dimension.pub.solar/element";
|
||||
api_url = "https://dimension.${domain}/api/v1/scalar";
|
||||
ui_url = "https://dimension.${domain}/element";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
wellKnownServer."m.server" = "matrix.pub.solar:8448";
|
||||
wellKnownServer = domain: { "m.server" = "${domain}:8448"; };
|
||||
mkWellKnown = data: ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
wellKnownLocations = {
|
||||
"= /.well-known/matrix/server".extraConfig = mkWellKnown wellKnownServer;
|
||||
"= /.well-known/matrix/client".extraConfig = mkWellKnown wellKnownClient;
|
||||
wellKnownLocations = domain: {
|
||||
"= /.well-known/matrix/server".extraConfig = mkWellKnown (wellKnownServer domain);
|
||||
"= /.well-known/matrix/client".extraConfig = mkWellKnown (wellKnownClient domain);
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -44,7 +44,7 @@ in
|
|||
#####################################
|
||||
|
||||
"pub.solar" = {
|
||||
locations = wellKnownLocations;
|
||||
locations = wellKnownLocations "pub.solar";
|
||||
};
|
||||
|
||||
#######################################
|
||||
|
@ -70,7 +70,7 @@ in
|
|||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
'';
|
||||
locations = wellKnownLocations // {
|
||||
locations = (wellKnownLocations "test.pub.solar") // {
|
||||
# TODO: Configure metrics
|
||||
# "/metrics" = {
|
||||
# };
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
./apps/postgresql.nix
|
||||
./apps/searx.nix
|
||||
|
||||
./apps/matrix/matrix-hookshot.nix
|
||||
./apps/matrix/mautrix-telegram.nix
|
||||
./apps/matrix/synapse.nix
|
||||
./apps/nginx-matrix.nix
|
||||
|
|
BIN
secrets/matrix-hookshot-registration.yaml.age
Normal file
BIN
secrets/matrix-hookshot-registration.yaml.age
Normal file
Binary file not shown.
|
@ -44,6 +44,7 @@ in {
|
|||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-hookshot-registration.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
|
Loading…
Reference in a new issue