misc fixes

server: add discord<->matrix bridge
2024-06-08 02:17:37 +07:00 · 2024-06-06 23:20:08 +07:00
9 changed files with 111 additions and 37 deletions
--- a/flake.lock
+++ b/flake.lock
@ -298,11 +298,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1712769857,
+        "lastModified": 1717670519,
-        "narHash": "sha256-YUyh+yfB15+2gvvvTvWBQbAUrD1x391QF1PRZUSt87k=",
+        "narHash": "sha256-4p8B6Iv55BUG+d4ZJRUBhx70yWnqYlJ2EGSxx3dk4nc=",
        "owner": "chayleaf",
        "repo": "nixpkgs",
-        "rev": "058c6a3724a1cc5ef010ce6f2163d959666e8a86",
+        "rev": "411826c44e54583b30f767d76489e37dabf1707c",
        "type": "github"
      },
      "original": {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -26,6 +26,28 @@ in
    stable = nixForNixPlugins;
    unstable = nixForNixPlugins;
  };
  matrix-appservice-discord = pkgs.matrix-appservice-discord.overrideAttrs (old: {
    doCheck = false;
    patches = (old.patches or []) ++ [
      (pkgs.fetchpatch {
        url = "https://github.com/matrix-org/matrix-appservice-discord/commit/eb989fa710e8db4ebc8f2ce36c6679ee6cbc1a44.patch";
        hash = "sha256-GPeFDw3XujqXHJveHSsBHwHuG51vad50p55FX1Esq58=";
      })
      (pkgs.fetchpatch {
        url = "https://github.com/matrix-org/matrix-appservice-discord/commit/a4cd5e3a6a2d544adac2a263e164671c8a9009d9.patch";
        hash = "sha256-qQJ4V6/Ns2Msu8+X8JoEycuQ2Jc90TXulsuLLmPecGU=";
      })
      (pkgs.fetchpatch {
        url = "https://github.com/matrix-org/matrix-appservice-discord/commit/fc850ba2473973e28858449ec4020380470d78b2.patch";
        hash = "sha256-Lq0FWmR08wLsoq4APRTokZzb7U2po98pgyxH4UR/9/M=";
      })
      (pkgs.fetchpatch {
        url = "https://github.com/matrix-org/matrix-appservice-discord/commit/7f3d41d86ebce057cfdc82ce3aaab64b533e8f0b.patch";
        hash = "sha256-HmQ1KASZS+a78fe5yOCVXAnXLRmJUglzc6OxNJazOSk=";
      })
      ./matrix-appservice-discord/disable-attachment-forwarding-to-matrix.patch
    ];
  });
  # Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
  /*nix-plugins = (pkgs.nix-plugins.override { nix = nixForNixPlugins; }).overrideAttrs (old: {
    version = "13.0.0";
--- a/pkgs/matrix-appservice-discord/disable-attachment-forwarding-to-matrix.patch
+++ b/pkgs/matrix-appservice-discord/disable-attachment-forwarding-to-matrix.patch
@ -0,0 +1,25 @@
 diff --git a/src/bot.ts b/src/bot.ts
 index fc575cd..b0b2624 100644
 --- a/src/bot.ts
 +++ b/src/bot.ts
@@ -1042,7 +1042,7 @@ export class DiscordBot {
         try {
             const intent = this.GetIntentFromDiscordMember(msg.author, msg.webhookID);
             // Check Attachements
 -            if (!editEventId) {
 +            if (false && !editEventId) {
                 // on discord you can't edit in images, you can only edit text
                 // so it is safe to only check image upload stuff if we don't have
                 // an edit
@@ -1093,6 +1093,11 @@ export class DiscordBot {
                     });
                 });
             }
 +            for (let attachment of msg.attachments.array()) {
 +                // this will be a temporary URL, which I don't care about, it's fine
 +                if (!msg.content) msg.content = "";
 +                msg.content += "\n" + attachment.url;
 +            }
             if (!msg.content && msg.embeds.length === 0) {
                 return;
             }
--- a/system/hosts/router/avahi-resolver-v2.py
+++ b/system/hosts/router/avahi-resolver-v2.py
@ -206,7 +206,7 @@ IF_UNSPEC = -1
 PROTO_UNSPEC = -1
-Domains = dict[str, dict]
+Domains = dict[str, "Domains | bool"]
 class NftQuery(TypedDict):
@ -591,15 +591,22 @@ def add_ips(set: str, ipv6: bool, ips: list[str], flush: bool = False):
            traceback.print_exc(file=f)
-def add_split_domain(domains: Domains, split_domain):
+def add_split_domain(domains: Domains, split_domain: list[str]):
-    domains1: dict = domains
+    if not split_domain:
-    while split_domain:
+        return
    split_domain = split_domain[:]
    while len(split_domain) > 1:
        key = split_domain[-1]
-        if key not in domains1.keys():
+        if key in domains.keys():
-            domains1[key] = {}
+            domains1 = domains[key]
-        domains = domains1[key]
+            if isinstance(domains1, bool):
-        split_domain = split_domain[:-1]
+                return
-    domains1["__IsTrue__"] = True
+        else:
            domains1 = {}
            domains[key] = domains1
        domains = domains1
        split_domain.pop()
    domains[split_domain[-1]] = True
 def build_domains(domains: list[str]) -> Domains:
@ -611,20 +618,14 @@ def build_domains(domains: list[str]) -> Domains:
 def lookup_domain(domains: Domains, domain: str) -> bool:
    split_domain: list[str] = domain.split(".")
    domains1: dict = domains
    while len(split_domain):
        key: str = split_domain[-1]
        split_domain = split_domain[:-1]
-        star: Optional[dict] = domains1.get("*", None)
+        domains1 = domains.get(key, False)
-        if star is not None and star.get("__IsTrue__", False):
+        if isinstance(domains1, bool):
-            return True
+            return domains1
-        domains1 = domains1.get(key, None)
+        domains = domains1
-        if domains1 is None:
+    return False
            return False
    star = domains.get("*", None)
    if star is not None and star.get("__IsTrue__", False):
        return True
    return bool(domains.get("__IsTrue__", False))
 class DpiInfo(TypedDict):
@ -682,7 +683,7 @@ def init(*args: Any, **kwargs: Any):
                with open(f"{base}/{k}_dpi.json", "rt", encoding="utf-8") as f:
                    dpi: list[DpiInfo] = json.load(f)
                for dpi_info in dpi:
-                    all_domains.extend(dpi_info.get("domains", []))
+                    all_domains.extend(dpi_info["domains"])
            except FileNotFoundError:
                pass
            except:
@ -827,7 +828,7 @@ def operate(id, event, qstate, qdata) -> bool:
                    n4 = n3.removesuffix(f".{k}")
                    qdomains = v["domains"]
                    if not lookup_domain(qdomains, n4):
-                        add_split_domain(qdomains, ["*"] + n4.split("."))
+                        add_split_domain(qdomains, n4.split("."))
                        old = []
                        if os.path.exists(f"/var/lib/unbound/{k}_domains.json"):
                            with open(f"/var/lib/unbound/{k}_domains.json", "rt") as f:
@ -836,7 +837,7 @@ def operate(id, event, qstate, qdata) -> bool:
                                f"/var/lib/unbound/{k}_domains.json",
                                f"/var/lib/unbound/{k}_domains.json.bak",
                            )
-                        old.append("*." + n4)
+                        old.append(n4)
                        with open(f"/var/lib/unbound/{k}_domains.json", "wt") as f:
                            json.dump(old, f)
        elif n2.endswith(f".tmp{NFT_TOKEN}"):
@ -846,7 +847,7 @@ def operate(id, event, qstate, qdata) -> bool:
                    n4 = n3.removesuffix(f".{k}")
                    qdomains = v["domains"]
                    if not lookup_domain(qdomains, n4):
-                        add_split_domain(qdomains, ["*"] + n4.split("."))
+                        add_split_domain(qdomains, n4.split("."))
        return True
    qnames: list[str] = []
    for k, v in NFT_QUERIES.items():
--- a/system/hosts/router/default.nix
+++ b/system/hosts/router/default.nix
@ -483,7 +483,7 @@ in {
      { ipv6 = true; extraArgs = [ "fwmark" wan_table "table" wan_table ]; }
      # below is dnat config
    ] ++ builtins.concatLists (map (rule: let
-      table = if rule.inVpn then 0 else wan_table;
+      table = if rule.inVpn then vpn_table else wan_table;
      forEachPort = func: port:
        if builtins.isInt port then [ (func port) ]
        else if port?set then builtins.concatLists (map (forEachPort func) port.set)
--- a/system/hosts/server/home.nix
+++ b/system/hosts/server/home.nix
@ -107,14 +107,11 @@ in {
  # make sure only hydra has access to this file
  # so normal nix evals don't have access to builtins
  nix.settings.extra-builtins-file = "/secrets/nixos/extra-builtins.nix";
  # required for hydra which uses restricted mode
  nix.settings.allowed-uris = [
-    # required for home-manager (no idea if it's required at this point)
+    "https://git.sr.ht/"
-    "https://git.sr.ht/~rycee/nmd/"
+    "https://api.github.com/repos/"
-    # ...for the rest of the home config
+    "https://github.com/"
    "https://api.github.com/repos/FAForever/"
    "https://github.com/nix-community/nix-index-database/releases/download/"
    # required for server (I suppose since nvfetcher uses fetchTarball here...)
    "https://github.com/searxng/searxng/"
    # for nginx CF-Connecting-IP config generation
    "https://www.cloudflare.com/ips-v4"
    "https://www.cloudflare.com/ips-v6"
@ -283,7 +280,7 @@ in {
        job_name = "local_medium_freq";
        scrape_interval = "15m";
        static_configs = [ {
-          targets = [ "127.0.0.1:9548" "127.0.0.1:9198" ];
+          targets = [ "127.0.0.1:9548" "127.0.0.1:9198" "127.0.0.1:9173" ];
          labels.machine = "server";
        } ];
      }
@ -359,6 +356,12 @@ in {
      }
    ];
  };
  # TODO: enable
  services.matrix-appservice-discord.settings.metrics = {
    enable = true;
    host = "127.0.0.1";
    port = 9173;
  };
  services.matrix-synapse.settings = {
    enable_metrics = true;
    federation_metrics_domains = [ "matrix.org" ];
--- a/system/hosts/server/keycloak.nix
+++ b/system/hosts/server/keycloak.nix
@ -36,7 +36,8 @@ in {
  # a crude way to make some python packages available for synapse
  services.matrix-synapse.plugins = with pkgs.python3.pkgs; [ authlib ];
-  services.matrix-synapse.settings.password_config.enabled = false;
+  # i'm managing this manually in a stateful way
  # services.matrix-synapse.settings.password_config.enabled = false;
  systemd.services.matrix-synapse.after = [ "keycloak.service" ];
  # See also https://meta.akkoma.dev/t/390
--- a/system/hosts/server/matrix.nix
+++ b/system/hosts/server/matrix.nix
@ -1,5 +1,6 @@
 { config
 , lib
 , pkgs
 , ... }:
 let
@ -51,12 +52,32 @@ in {
    homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/";
  };
  services.matrix-appservice-discord = {
    enable = true;
    environmentFile = "/secrets/discord-bridge-token";
    settings = {
      auth.usePrivilegedIntents = true;
      database.filename = "";
      bridge = {
        domain = "matrix.${cfg.domainName}";
        homeserverUrl = "https://matrix.${cfg.domainName}";
        enableSelfServiceBridging = true;
        disablePresence = true;
        disablePortalBridging = true;
        disableInviteNotifications = true;
        disableJoinLeaveNotifications = true;
        disableRoomTopicNotifications = true;
      };
    };
  };
  services.matrix-synapse = {
    enable = true;
    extraConfigFiles = [ "/var/lib/matrix-synapse/config.yaml" ];
    settings = {
      app_service_config_files = [
        "/var/lib/heisenbridge/registration.yml"
        "/var/lib/matrix-synapse/discord-registration.yaml"
      ];
      allow_guest_access = true;
      url_preview_enabled = true;
--- a/system/hosts/server/maubot.nix
+++ b/system/hosts/server/maubot.nix
@ -30,5 +30,6 @@ in {
  ];
  services.maubot.pythonPackages = with pkgs.python3.pkgs; [
    levenshtein
    pillow
  ];
 }
Author	SHA1	Message	Date
chayleaf	3ddc4e3eb5	misc fixes	2024-06-08 02:17:37 +07:00
chayleaf	105c3dd321	server: add discord<->matrix bridge	2024-06-06 23:20:08 +07:00