wip: matrix moderation with draupnir #182

Draft
teutat3s wants to merge 1 commit from feat/matrix-moderation-draupnir into main
8 changed files with 73 additions and 1 deletions
Showing only changes of commit 7ca53774ce - Show all commits

View file

@ -360,6 +360,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-draupnir": {
"locked": {
"lastModified": 1720089221,
"narHash": "sha256-8abrPKFI9eqopZ/ewSeSPen4X9bs6xoyvFsfirvbJmk=",
"owner": "teutat3s",
"repo": "nixpkgs",
"rev": "078583b84242644a668ee29e995bce02192dbd16",
"type": "github"
},
"original": {
"owner": "teutat3s",
"ref": "draupnir-pr",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1717284937, "lastModified": 1717284937,
@ -386,6 +402,7 @@
"nixos-flake": "nixos-flake", "nixos-flake": "nixos-flake",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-2205": "nixpkgs-2205", "nixpkgs-2205": "nixpkgs-2205",
"nixpkgs-draupnir": "nixpkgs-draupnir",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"triton-vmtools": "triton-vmtools", "triton-vmtools": "triton-vmtools",
"unstable": "unstable" "unstable": "unstable"

View file

@ -5,6 +5,7 @@
unstable.url = "github:nixos/nixpkgs/nixos-unstable"; unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05"; nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-draupnir.url = "github:teutat3s/nixpkgs/draupnir-pr";
nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";

View file

@ -35,6 +35,7 @@
self.nixosModules.tmate self.nixosModules.tmate
self.nixosModules.obs-portal self.nixosModules.obs-portal
self.nixosModules.matrix self.nixosModules.matrix
self.nixosModules.matrix-draupnir
self.nixosModules.matrix-irc self.nixosModules.matrix-irc
self.nixosModules.matrix-telegram self.nixosModules.matrix-telegram
self.nixosModules.nginx-matrix self.nixosModules.nginx-matrix

View file

@ -0,0 +1,24 @@
{ config, flake, ... }:
{
imports = [ "${flake.inputs.nixpkgs-draupnir}/nixos/modules/services/matrix/draupnir.nix" ];
disabledModules = [ "services/matrix/draupnir.nix" ];
age.secrets."matrix-draupnir-access-token" = {
file = "${flake.self}/secrets/matrix-draupnir-access-token.age";
mode = "640";
owner = "root";
group = "draupnir";
};
services.draupnir = {
enable = true;
accessTokenFile = config.age.secrets.matrix-draupnir-access-token.path;
# https://github.com/the-draupnir-project/Draupnir/blob/main/config/default.yaml
settings = {
homeserverUrl = "http://localhost:8008";
managementRoom = "#moderators:pub.solar";
protectAllJoinedRooms = true;
};
};
}

View file

@ -248,6 +248,29 @@ in
# "/matrix-mautrix-signal-registration.yaml" # "/matrix-mautrix-signal-registration.yaml"
# "/matrix-mautrix-telegram-registration.yaml" # "/matrix-mautrix-telegram-registration.yaml"
]; ];
modules = [
{
module = "mjolnir.Module";
config = {
# Prevent servers/users in the ban lists from inviting users on this
# server to rooms. Default true.
block_invites = true;
# Flag messages sent by servers/users in the ban lists as spam. Currently
# this means that spammy messages will appear as empty to users. Default
# false.
block_messages = false;
# Remove users from the user directory search by filtering matrix IDs and
# display names by the entries in the user ban list. Default false.
block_usernames = false;
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
# this list cannot be room aliases or permalinks. This server is expected
# to already be joined to the room - Mjolnir will not automatically join
# these rooms.
ban_lists = [ "!roomid:example.org" ];
};
}
];
}; };
withJemalloc = true; withJemalloc = true;
@ -269,7 +292,10 @@ in
"redis" "redis"
]; ];
plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; plugins = with config.services.matrix-synapse.package.plugins; [
matrix-synapse-shared-secret-auth
matrix-synapse-mjolnir-antispam
];
}; };
services.matrix-sliding-sync = { services.matrix-sliding-sync = {

View file

@ -10,8 +10,10 @@
final: prev: final: prev:
let let
unstable = import inputs.unstable { system = prev.system; }; unstable = import inputs.unstable { system = prev.system; };
nixpkgs-draupnir = import inputs.nixpkgs-draupnir { system = prev.system; };
in in
{ {
draupnir = nixpkgs-draupnir.draupnir;
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; }; element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker; inherit (inputs) element-stickers maunium-stickerpicker;

Binary file not shown.

View file

@ -46,6 +46,7 @@ in
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-draupnir-access-token.age".publicKeys = nachtigallKeys ++ adminKeys;
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;