infra/modules/matrix-telegram/default.nix
Benjamin Yule Bädorf 68278ad983
All checks were successful
Flake checks / Check (pull_request) Successful in 5m52s
refactor: use options for config parts
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00

212 lines
6.7 KiB
Nix

{ flake, lib, config, pkgs, ... }:
{
age.secrets."matrix-mautrix-telegram-env-file" = {
file = "${flake.self}/secrets/matrix-mautrix-telegram-env-file.age";
mode = "400";
owner = "matrix-synapse";
};
services.mautrix-telegram = {
enable = true;
environmentFile = "/run/agenix/matrix-mautrix-telegram-env-file";
settings = {
homeserver = {
# TODO: Use the port from synapse config
address = "http://127.0.0.1:8008";
domain = "${config.pub-solar-os.networking.domain}";
verify_ssl = true;
};
appservice = {
address = "http://127.0.0.1:8009";
bot_avatar = "mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX";
bot_displayname = "Telegram bridge bot";
bot_username = "telegrambot";
# TODO: See if we can use postgresql
database = "sqlite:////var/lib/mautrix-telegram/sqlite.db";
hostname = "0.0.0.0";
id = "telegram";
max_body_size = 1;
port = 8009;
provisioning = {
enabled = false;
prefix = "/_matrix/provision/v1";
shared_secret = "generate";
};
public = {
enabled = true;
external = "https://matrix.${config.pub-solar-os.networking.domain}/c3c3f34b-29fb-5feb-86e5-98c75ec8214b";
prefix = "/c3c3f34b-29fb-5feb-86e5-98c75ec8214b";
};
};
bridge = {
alias_template = "telegram_{groupname}";
allow_matrix_login = true;
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = {
args = {
background = "'020202'"; # only for gif, transparency not supported
fps = 30; # only for webm
height = 256;
width = 256;
};
target = "gif";
};
bot_messages_as_notices = true;
bridge_notices = {
default = false;
exceptions = [ ];
};
command_prefix = "!tg";
delivery_error_reports = true;
delivery_receipts = false;
displayname_max_length = 100;
displayname_preference = [
"full name"
"username"
"phone number"
];
displayname_template = "'{displayname} (Telegram)'";
emote_format = "'* $mention $formatted_body'";
encryption = {
allow = false;
database = "default";
default = false;
key_sharing = {
allow = false;
require_cross_signing = false;
require_verification = true;
};
};
federate_rooms = true;
filter = {
list = [ ];
mode = "blacklist";
};
image_as_file_size = 10;
initial_power_level_overrides = {
group = { };
user = { };
};
inline_images = false;
max_document_size = 100;
max_initial_member_sync = 10;
max_telegram_delete = 10;
message_formats = {
"m.audio" = "'<b>$sender_displayname</b> sent an audio file: $message'";
"m.emote" = "'* <b>$sender_displayname</b> $message'";
"m.file" = "'<b>$sender_displayname</b> sent a file: $message'";
"m.image" = "'<b>$sender_displayname</b> sent an image: $message'";
"m.location" = "'<b>$sender_displayname</b> sent a location: $message'";
"m.notice" = "'<b>$sender_displayname</b>: $message'";
"m.text" = "'<b>$sender_displayname</b>: $message'";
"m.video" = "'<b>$sender_displayname</b> sent a video: $message'";
};
parallel_file_transfer = false;
plaintext_highlights = false;
private_chat_portal_meta = false;
public_portals = true;
relaybot = {
authless_portals = true;
group_chat_invite = [ ];
ignore_own_incoming_events = true;
ignore_unbridged_group_chat = true;
private_chat = {
invite = [ ];
message = "This is a Matrix bridge relaybot and does not support direct chats";
state_changes = true;
};
whitelist = [ ];
whitelist_group_admins = true;
};
resend_bridge_info = false;
skip_deleted_members = true;
startup_sync = true;
state_event_formats = {
join = "<b>$displayname</b> joined the room.";
leave = "<b>$displayname</b> left the room.";
name_change = "<b>$prev_displayname</b> changed their name to <b>$displayname</b>";
};
sync_channel_members = false;
sync_dialog_limit = 30;
sync_direct_chats = false;
sync_matrix_state = true;
sync_with_custom_puppets = true;
telegram_link_preview = true;
username_template = "telegram_{userid}";
permissions = {
"${config.pub-solar-os.networking.domain}" = "full";
};
};
logging = {
formatters = {
precise = {
format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";
};
};
handlers = {
console = {
class = "logging.StreamHandler";
formatter = "precise";
};
};
loggers = {
aiohttp.level = "WARNING";
mau.level = "WARNING";
telethon.level = "WARNING";
};
root = {
handlers = [ "console" ];
level = "WARNING";
};
version = 1;
};
telegram = {
connection = {
flood_sleep_threshold = 60;
request_retries = 5;
retries = 5;
retry_delay = 1;
timeout = 120;
};
device_info = {
app_version = "auto";
device_model = "auto";
lang_code = "en";
system_lang_code = "en";
system_version = "auto";
};
proxy = {
address = "127.0.0.1";
password = "''";
port = 1080;
rdns = true;
type = "disabled";
username = "''";
};
server = {
dc = 2;
enabled = false;
ip = "149.154.167.40";
port = 80;
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
systemd.services.mautrix-telegram.serviceConfig = {
User = "matrix-synapse";
};
}