WIP: Add matrix-hookshot #34
112
hosts/nachtigall/apps/matrix/matrix-hookshot.nix
Normal file
112
hosts/nachtigall/apps/matrix/matrix-hookshot.nix
Normal file
|
@ -0,0 +1,112 @@
|
|||
{ flake, pkgs, ...}:{
|
||||
|
||||
age.secrets."matrix-hookshot-registration.yaml" = {
|
||||
file = "${flake.self}/secrets/matrix-hookshot-registration.yaml.age";
|
||||
mode = "400";
|
||||
owner = "matrix-synapse";
|
||||
};
|
||||
|
||||
configFile = ''
|
||||
bot:
|
||||
avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
|
||||
displayname: Hookshot Bot
|
||||
bridge:
|
||||
bindAddress: 0.0.0.0
|
||||
domain: test.pub.solar
|
||||
mediaUrl: http://matrix-nginx-proxy:12080
|
||||
port: 9993
|
||||
url: http://matrix-nginx-proxy:12080
|
||||
feeds:
|
||||
enabled: true
|
||||
pollIntervalSeconds: 600
|
||||
pollTimeoutSeconds: 30
|
||||
generic:
|
||||
allowJsTransformationFunctions: true
|
||||
enableHttpGet: false
|
||||
enabled: true
|
||||
urlPrefix: https://matrix.test.pub.solar/hookshot/webhooks
|
||||
userIdPrefix: _webhooks_
|
||||
waitForComplete: false
|
||||
gitlab:
|
||||
instances:
|
||||
gitlab.com:
|
||||
url: https://gitlab.com
|
||||
webhook:
|
||||
secret: ""
|
||||
listeners:
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9000
|
||||
resources:
|
||||
- webhooks
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9002
|
||||
resources:
|
||||
- provisioning
|
||||
- bindAddress: 0.0.0.0
|
||||
port: 9003
|
||||
resources:
|
||||
- widgets
|
||||
logging:
|
||||
level: warn
|
||||
metrics:
|
||||
enabled: false
|
||||
passFile: /data/passkey.pem
|
||||
permissions:
|
||||
- actor: pub.solar
|
||||
services:
|
||||
- level: commands
|
||||
service: '*'
|
||||
- actor: '@axeman:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@b12f:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@hensoko:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
- actor: '@teutat3s:pub.solar'
|
||||
services:
|
||||
- level: admin
|
||||
service: '*'
|
||||
provisioning:
|
||||
secret: 1acb44197a5a6d52c6cff38ea07433bfbfe9a83313a6bade
|
||||
widgets:
|
||||
addToAdminRooms: false
|
||||
branding:
|
||||
widgetTitle: Hookshot Configuration
|
||||
publicUrl: https://matrix.pub.solar/hookshot/widgetapi/v1/static
|
||||
roomSetupWidget:
|
||||
addOnInvite: false
|
||||
'';
|
||||
|
||||
systemd.services.matrix-hookshot = {
|
||||
description = "Matrix-Hookshot, a bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. ";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
|
||||
DynamicUser = true;
|
||||
PrivateTmp = true;
|
||||
UMask = "0027";
|
||||
|
||||
ExecStart = ''
|
||||
${pkgs.matrix-hookshot}/bin/matrix-hookshot
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
BIN
secrets/matrix-hookshot-registration.yaml.age
Normal file
BIN
secrets/matrix-hookshot-registration.yaml.age
Normal file
Binary file not shown.
|
@ -44,6 +44,7 @@ in {
|
|||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"matrix-hookshot-registration.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
|
Loading…
Reference in a new issue