~sumner/nixos-configuration

ref: f4eb6417bc48729411263dc754fbe8c63a65d5bf nixos-configuration/modules/services/matrix/heisenbridge.nix -rw-r--r-- 4.0 KiB
f4eb6417Sumner Evans standupbot: 0.4.1rc2 0.4.1rc3 8 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
{ config, lib, pkgs, ... }: with lib; let
  cfg = config.services.heisenbridge;
  heisenbridge = pkgs.callPackage ../../../pkgs/heisenbridge.nix { };

  heisenbridgeAppserviceConfig = {
    id = "heisenbridge";
    url = "http://${cfg.listenAddress}:${toString cfg.listenPort}";
    as_token = cfg.appServiceToken;
    hs_token = cfg.homeserverToken;
    rate_limited = false;
    sender_localpart = cfg.senderLocalpart;
    namespaces = {
      users = [{ regex = "@irc_.*"; exclusive = true; }];
      aliases = [ ];
      rooms = [ ];
    };
  };

  yamlFormat = pkgs.formats.yaml { };
  heisenbridgeConfigYaml = yamlFormat.generate "heisenbridge.yaml" heisenbridgeAppserviceConfig;
in
{
  options = {
    services.heisenbridge = {
      enable = mkEnableOption "heisenbridge, a bouncer-style Matrix IRC bridge.";
      identd.enable = mkEnableOption "identd for heisenbridge" // {
        default = true;
      };
      useLocalSynapse = mkOption {
        type = types.bool;
        default = true;
        description = "Whether or not to use the local synapse instance.";
      };
      homeserver = mkOption {
        type = types.str;
        default = "http://localhost:8008";
        description = "The URL of the Matrix homeserver.";
      };
      listenAddress = mkOption {
        type = types.str;
        default = "127.0.0.1";
        description = "The address for heisenbridge to listen on.";
      };
      listenPort = mkOption {
        type = types.int;
        default = 9898;
        description = "The port for heisenbridge to listen on.";
      };
      senderLocalpart = mkOption {
        type = types.str;
        default = "heisenbridge";
        description = "The localpart of the heisenbridge admin bot's username.";
      };
      ownerId = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = ''
          The owner MXID (for example, @user:homeserver) of the bridge. If
          unspecified, the first talking local user will claim the bridge.
        '';
      };
      appServiceToken = mkOption {
        type = types.str;
        description = ''
          This is the token that the app service should use as its access_token
          when using the Client-Server API. This can be anything you want.
        '';
      };
      homeserverToken = mkOption {
        type = types.str;
        description = ''
          This is the token that the homeserver will use when sending requests
          to the app service. This can be anything you want.
        '';
      };
    };
  };

  config = mkIf cfg.enable {
    meta.maintainers = [ maintainers.sumnerevans ];

    assertions = [{
      assertion = cfg.useLocalSynapse -> config.services.matrix-synapse-custom.enable;
      message = ''
        Heisenbridge must be running on the same server as Synapse if
        'useLocalSynapse' is enabled.
      '';
    }];

    services.matrix-synapse-custom.appServiceConfigFiles = mkIf cfg.useLocalSynapse [
      heisenbridgeConfigYaml
    ];

    # Create a user for heisenbridge.
    users.users.heisenbridge = {
      group = "heisenbridge";
      isSystemUser = true;
    };
    users.groups.heisenbridge = { };

    # Open ports for identd.
    networking.firewall.allowedTCPPorts = mkIf cfg.identd.enable [ 113 ];

    systemd.services.heisenbridge = {
      description = "Heisenbridge Matrix IRC bridge";
      after = optional cfg.useLocalSynapse "matrix-synapse.service";
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = ''
          ${heisenbridge}/bin/heisenbridge \
            --config ${heisenbridgeConfigYaml} \
            --verbose --verbose \
            --listen-address ${cfg.listenAddress} \
            --listen-port ${toString cfg.listenPort} \
            --uid heisenbridge \
            --gid heisenbridge \
            ${optionalString cfg.identd.enable "--identd"} \
            ${optionalString (cfg.ownerId != null) "--owner ${cfg.ownerId}"} \
            ${cfg.homeserver}
        '';
        Restart = "on-failure";
      };
    };
  };
}