Compare commits

...

3 commits

5 changed files with 126 additions and 12 deletions

View file

@ -0,0 +1,112 @@
{ flake, pkgs, ...}:{
age.secrets."matrix-hookshot-registration.yaml" = {
file = "${flake.self}/secrets/matrix-hookshot-registration.yaml.age";
mode = "400";
owner = "matrix-synapse";
};
configFile = ''
bot:
avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
displayname: Hookshot Bot
bridge:
bindAddress: 0.0.0.0
domain: test.pub.solar
mediaUrl: http://matrix-nginx-proxy:12080
port: 9993
url: http://matrix-nginx-proxy:12080
feeds:
enabled: true
pollIntervalSeconds: 600
pollTimeoutSeconds: 30
generic:
allowJsTransformationFunctions: true
enableHttpGet: false
enabled: true
urlPrefix: https://matrix.test.pub.solar/hookshot/webhooks
userIdPrefix: _webhooks_
waitForComplete: false
gitlab:
instances:
gitlab.com:
url: https://gitlab.com
webhook:
secret: ""
listeners:
- bindAddress: 0.0.0.0
port: 9000
resources:
- webhooks
- bindAddress: 0.0.0.0
port: 9002
resources:
- provisioning
- bindAddress: 0.0.0.0
port: 9003
resources:
- widgets
logging:
level: warn
metrics:
enabled: false
passFile: /data/passkey.pem
permissions:
- actor: pub.solar
services:
- level: commands
service: '*'
- actor: '@axeman:pub.solar'
services:
- level: admin
service: '*'
- actor: '@b12f:pub.solar'
services:
- level: admin
service: '*'
- actor: '@hensoko:pub.solar'
services:
- level: admin
service: '*'
- actor: '@teutat3s:pub.solar'
services:
- level: admin
service: '*'
provisioning:
secret: 1acb44197a5a6d52c6cff38ea07433bfbfe9a83313a6bade
widgets:
addToAdminRooms: false
branding:
widgetTitle: Hookshot Configuration
publicUrl: https://matrix.pub.solar/hookshot/widgetapi/v1/static
roomSetupWidget:
addOnInvite: false
'';
systemd.services.matrix-hookshot = {
description = "Matrix-Hookshot, a bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. ";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
DynamicUser = true;
PrivateTmp = true;
UMask = "0027";
ExecStart = ''
${pkgs.matrix-hookshot}/bin/matrix-hookshot
'';
};
};
}

View file

@ -6,10 +6,10 @@ let
add_header X-XSS-Protection "1; mode=block";
'';
clientConfig = import ./matrix/element-client-config.nix;
wellKnownClient = {
"m.homeserver".base_url = "https://matrix.pub.solar";
"m.identity_server".base_url = "https://matrix.pub.solar";
"org.matrix.msc3575.proxy".url = "https://matrix.pub.solar/sliding-sync";
wellKnownClient = domain: {
"m.homeserver".base_url = "https://matrix.${domain}";
"m.identity_server".base_url = "https://matrix.${domain}";
"org.matrix.msc3575.proxy".url = "https://matrix.${domain}/sliding-sync";
"im.vector.riot.e2ee".default = true;
"io.element.e2ee" = {
default = true;
@ -19,21 +19,21 @@ let
"m.integrations" = {
managers = [
{
api_url = "https://dimension.pub.solar/api/v1/scalar";
ui_url = "https://dimension.pub.solar/element";
api_url = "https://dimension.${domain}/api/v1/scalar";
ui_url = "https://dimension.${domain}/element";
}
];
};
};
wellKnownServer."m.server" = "matrix.pub.solar:8448";
wellKnownServer = domain: { "m.server" = "${domain}:8448"; };
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
wellKnownLocations = {
"= /.well-known/matrix/server".extraConfig = mkWellKnown wellKnownServer;
"= /.well-known/matrix/client".extraConfig = mkWellKnown wellKnownClient;
wellKnownLocations = domain: {
"= /.well-known/matrix/server".extraConfig = mkWellKnown (wellKnownServer domain);
"= /.well-known/matrix/client".extraConfig = mkWellKnown (wellKnownClient domain);
};
in
{
@ -44,7 +44,7 @@ in
#####################################
"pub.solar" = {
locations = wellKnownLocations;
locations = wellKnownLocations "pub.solar";
};
#######################################
@ -70,7 +70,7 @@ in
gzip on;
gzip_types text/plain application/json;
'';
locations = wellKnownLocations // {
locations = (wellKnownLocations "test.pub.solar") // {
# TODO: Configure metrics
# "/metrics" = {
# };

View file

@ -25,6 +25,7 @@
./apps/postgresql.nix
./apps/searx.nix
./apps/matrix/matrix-hookshot.nix
./apps/matrix/mautrix-telegram.nix
./apps/matrix/synapse.nix
./apps/nginx-matrix.nix

Binary file not shown.

View file

@ -44,6 +44,7 @@ in {
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
"matrix-hookshot-registration.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;