Replace dendrite with continuwuity

configuration.nix

@@ -173,18 +173,10 @@ with pkgs;
       group = "users";
     };
     # HACK The owner and group is set by systemd due to the use of DynamicUser
-    secrets.dendrite = {
-      file = secrets/dendrite.age;
-      owner = "63026";
-      group = "63026";
-    };
-    secrets.dendrite-postgres = {
-      file = secrets/dendrite-postgres.age;
-      owner = "63026";
-      group = "63026";
-    };
     secrets.telegram = {
       file = secrets/telegram.age;
+      owner = "mautrix-telegram";
+      group = "mautrix-telegram";
     };
     secrets.mqtt-sender = {
       file = secrets/mqtt-sender.age;
@@ -198,9 +190,14 @@ with pkgs;
     };
     secrets.facebook = {
       file = secrets/facebook.age;
+      owner = "mautrix-meta-facebook";
+      group = "mautrix-meta-facebook";
+
     };
     secrets.signal = {
       file = secrets/signal.age;
+      owner = "mautrix-signal";
+      group = "mautrix-signal";
     };
     secrets.inadyn-duckdns = {
       file = secrets/inadyn-duckdns.age;

flake.nix

@@ -16,10 +16,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    nix-matrix-appservices = {
-      url = "gitlab:coffeetables/nix-matrix-appservices";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
   outputs =

modules/communication.nix

@@ -7,71 +7,92 @@
 
 with pkgs;
 
-# NOTE Reference the environment variable set in the corresponding agenix secret
-let
-  database = {
-    connection_string = "$DB_STRING";
-    max_open_conns = 100;
-    max_idle_conns = 5;
-    conn_max_lifetime = -1;
-  };
-
-in
 {
   # Matrix server configuration
-  services.dendrite = {
+  services.matrix-continuwuity = {
     enable = true;
-    httpPort = 8008;
-    environmentFile = config.age.secrets.dendrite-postgres.path;
-    loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
     settings = {
       global = {
-        server_name = "coolneng.duckdns.org";
-        private_key = config.age.secrets.dendrite.path;
-        inherit database;
-        dns_cache.enabled = true;
-      };
-      # HACK Inherit postgres connection string for the rest of the DBs
-      app_service_api = {
-        inherit database;
-      };
-      media_api = {
-        inherit database;
-      };
-      room_server = {
-        inherit database;
-      };
-      push_server = {
-        inherit database;
-      };
-      mscs = {
-        inherit database;
-        mscs = [
-          "msc2836"
-          "msc2946"
-        ];
-      };
-      sync_api = {
-        inherit database;
-      };
-      key_server = {
-        inherit database;
-      };
-      federation_api = {
-        inherit database;
-      };
-      user_api = {
-        account_database = database;
-        device_database = database;
+        server_name = "psydnd.org";
+        port = [ 8008 ];
+        allow_encryption = true;
+        allow_federation = true;
+        well_known.client = "https://matrix.psydnd.org";
       };
     };
   };
 
+  ## Matrix bridges
+  # Facebook
+  services.mautrix-meta.instances.facebook = {
+    enable = true;
+    environmentFile = config.age.secrets.facebook.path;
+    settings = {
+      homeserver = {
+        address = "https://matrix.psysdnd.org";
+        domain = "psydnd.org";
+      };
+      appservice = {
+        address = "http://localhost:8228";
+        port = 8228;
+        database = "$DB_STRING";
+      };
+      bridge.permissions."@coolneng:psydnd.org" = "admin";
+    };
+    serviceDependencies = [ "continuwuity.service" ];
+  };
+
+  # Enable voice messages for Facebook
+  systemd.services.matrix-as-facebook.path = [ ffmpeg ];
+
+  # Telegram
+  services.mautrix-telegram = {
+    enable = true;
+    environmentFile = config.age.secrets.telegram.path;
+    settings = {
+      homeserver = {
+        address = "https://matrix.psysdnd.org";
+        domain = "psydnd.org";
+      };
+      appservice = {
+        address = "http://localhost:8118";
+        port = 8118;
+        database = "$DB_STRING";
+      };
+      bridge.permissions."@coolneng:psydnd.org" = "admin";
+    };
+    serviceDependencies = [ "continuwuity.service" ];
+  };
+
+  # Signal
+  services.mautrix-signal = {
+    enable = true;
+    environmentFile = config.age.secrets.signal.path;
+    settings = {
+      homeserver = {
+        address = "https://matrix.psysdnd.org";
+        domain = "psydnd.org";
+      };
+      appservice = {
+        address = "http://localhost:8338";
+        port = 8338;
+        database = "$DB_STRING";
+      };
+      bridge.permissions."@coolneng:psydnd.org" = "admin";
+    };
+    serviceDependencies = [ "continuwuity.service" ];
+  };
+
+  # HACK Use libolm as there's no good alternative
+  nixpkgs.config.permittedInsecurePackages = [
+    "olm-3.2.16"
+  ];
+
   # Start dendrite after config files are mounted
-  systemd.services.dendrite.unitConfig.RequiresMountsFor = [
-    /var/lib/matrix-as-facebook
-    /var/lib/matrix-as-signal
-    /var/lib/matrix-as-telegram
+  systemd.services.continuwuity.unitConfig.RequiresMountsFor = [
+    /var/lib/mautrix-meta-facebook
+    /var/lib/mautrix-signal
+    /var/lib/mautrix-telegram
   ];
 
   # MQTT configuration

scripts/motd.sh

@@ -24,7 +24,7 @@ services=(
     "radicale.service"
     "miniflux.service"
     "gitea.service"
-    "dendrite.service"
+    "continuwuity.service"
     "nginx.service"
     "dnsmasq.service"
     "dnscrypt-proxy.service"

secrets/secrets.nix

@@ -8,8 +8,6 @@ in
   "gitea.age".publicKeys = [ zion ];
   "miniflux.age".publicKeys = [ zion ];
   "git.age".publicKeys = [ zion ];
-  "dendrite.age".publicKeys = [ zion ];
-  "dendrite-postgres.age".publicKeys = [ zion ];
   "telegram.age".publicKeys = [ zion ];
   "mqtt-sender.age".publicKeys = [ zion ];
   "mqtt-receiver.age".publicKeys = [ zion ];