server: add discord<->matrix bridge

This commit is contained in:
chayleaf 2024-06-06 23:20:08 +07:00
parent beb834e04c
commit 105c3dd321
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
8 changed files with 60 additions and 14 deletions

View file

@ -298,11 +298,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1712769857,
"narHash": "sha256-YUyh+yfB15+2gvvvTvWBQbAUrD1x391QF1PRZUSt87k=",
"lastModified": 1717670519,
"narHash": "sha256-4p8B6Iv55BUG+d4ZJRUBhx70yWnqYlJ2EGSxx3dk4nc=",
"owner": "chayleaf",
"repo": "nixpkgs",
"rev": "058c6a3724a1cc5ef010ce6f2163d959666e8a86",
"rev": "411826c44e54583b30f767d76489e37dabf1707c",
"type": "github"
},
"original": {

View file

@ -26,6 +26,26 @@ in
stable = nixForNixPlugins;
unstable = nixForNixPlugins;
};
matrix-appservice-discord = pkgs.matrix-appservice-discord.overrideAttrs (old: {
patches = (old.patches or []) ++ [
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/eb989fa710e8db4ebc8f2ce36c6679ee6cbc1a44.patch";
hash = "sha256-GPeFDw3XujqXHJveHSsBHwHuG51vad50p55FX1Esq58=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/a4cd5e3a6a2d544adac2a263e164671c8a9009d9.patch";
hash = "sha256-qQJ4V6/Ns2Msu8+X8JoEycuQ2Jc90TXulsuLLmPecGU=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/fc850ba2473973e28858449ec4020380470d78b2.patch";
hash = "sha256-Lq0FWmR08wLsoq4APRTokZzb7U2po98pgyxH4UR/9/M=";
})
(pkgs.fetchpatch {
url = "https://github.com/matrix-org/matrix-appservice-discord/commit/7f3d41d86ebce057cfdc82ce3aaab64b533e8f0b.patch";
hash = "sha256-HmQ1KASZS+a78fe5yOCVXAnXLRmJUglzc6OxNJazOSk=";
})
];
});
# Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
/*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
version = "13.0.0";

View file

@ -682,7 +682,7 @@ def init(*args: Any, **kwargs: Any):
with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f:
dpi: list[DpiInfo] = json.load(f)
for dpi_info in dpi:
all_domains.extend(dpi_info.get("domains", []))
all_domains.extend(dpi_info["domains"])
except FileNotFoundError:
pass
except:

View file

@ -483,7 +483,7 @@ in {
{ ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; }
# below is dnat config
] ++ builtins.concatLists (map (rule: let
table = if rule.inVpn then 0 else wan_table;
table = if rule.inVpn then vpn_table else wan_table;
forEachPort = func: port:
if builtins.isInt port then [ (func port) ]
else if port?set then builtins.concatLists (map (forEachPort func) port.set)

View file

@ -107,14 +107,11 @@ in {
# make sure only hydra has access to this file
# so normal nix evals don't have access to builtins
nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix";
# required for hydra which uses restricted mode
nix.settings.allowed-uris = [
# required for home-manager (no idea if it's required at this point)
"https://git.sr.ht/~rycee/nmd/"
# ...for the rest of the home config
"https://api.github.com/repos/FAForever/"
"https://github.com/nix-community/nix-index-database/releases/download/"
# required for server (I suppose since nvfetcher uses fetchTarball here...)
"https://github.com/searxng/searxng/"
"https://git.sr.ht/"
"https://api.github.com/repos/"
"https://github.com/"
# for nginx CF-Connecting-IP config generation
"https://www.cloudflare.com/ips-v4"
"https://www.cloudflare.com/ips-v6"
@ -283,7 +280,7 @@ in {
job_name = "local_medium_freq";
scrape_interval = "15m";
static_configs = [ {
targets = [ "127.0.0.1:9548" "127.0.0.1:9198" ];
targets = [ "127.0.0.1:9548" "127.0.0.1:9198" "127.0.0.1:9173" ];
labels.machine = "server";
} ];
}
@ -359,6 +356,12 @@ in {
}
];
};
# TODO: enable
services.matrix-appservice-discord.settings.metrics = {
enable = true;
host = "127.0.0.1";
port = 9173;
};
services.matrix-synapse.settings = {
enable_metrics = true;
federation_metrics_domains = [ "matrix.org" ];

View file

@ -36,7 +36,8 @@ in {
# a crude way to make some python packages available for synapse
services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ];
services.matrix-synapse.settings.password_config.enabled = false;
# i'm managing this manually in a stateful way
# services.matrix-synapse.settings.password_config.enabled = false;
systemd.services.matrix-synapse.after = [ "keycloak.service" ];
# See also https://meta.akkoma.dev/t/390

View file

@ -1,5 +1,6 @@
{ config
, lib
, pkgs
, ... }:
let
@ -51,12 +52,32 @@ in {
homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
};
services.matrix-appservice-discord = {
enable = true;
environmentFile = "/secrets/discord-bridge-token";
settings = {
auth.usePrivilegedIntents = true;
database.filename = "";
bridge = {
domain = "matrix.${cfg.domainName}";
homeserverUrl = "https://matrix.${cfg.domainName}";
enableSelfServiceBridging = true;
disablePresence = true;
disablePortalBridging = true;
disableInviteNotifications = true;
disableJoinLeaveNotifications = true;
disableRoomTopicNotifications = true;
};
};
};
services.matrix-synapse = {
enable = true;
extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ];
settings = {
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
"/var/lib/matrix-synapse/discord-registration.yaml"
];
allow_guest_access = true;
url_preview_enabled = true;

View file

@ -30,5 +30,6 @@ in {
];
services.maubot.pythonPackages = with pkgs.python3.pkgs; [
levenshtein
pillow
];
}