From 8846b7c79b763364d96d1a6b8834a6de398c4306 Mon Sep 17 00:00:00 2001 From: coolneng Date: Tue, 2 Jun 2026 15:20:18 +0200 Subject: [PATCH] Replace dendrite with continuwuity --- configuration.nix | 17 ++--- flake.nix | 4 -- modules/communication.nix | 131 ++++++++++++++++++++-------------- scripts/motd.sh | 2 +- secrets/dendrite-postgres.age | Bin 351 -> 0 bytes secrets/dendrite.age | Bin 483 -> 0 bytes secrets/secrets.nix | 2 - 7 files changed, 84 insertions(+), 72 deletions(-) delete mode 100644 secrets/dendrite-postgres.age delete mode 100644 secrets/dendrite.age diff --git a/configuration.nix b/configuration.nix index 827c383..c01ecf5 100644 --- a/configuration.nix +++ b/configuration.nix @@ -173,18 +173,10 @@ with pkgs; group = "users"; }; # HACK The owner and group is set by systemd due to the use of DynamicUser - secrets.dendrite = { - file = secrets/dendrite.age; - owner = "63026"; - group = "63026"; - }; - secrets.dendrite-postgres = { - file = secrets/dendrite-postgres.age; - owner = "63026"; - group = "63026"; - }; secrets.telegram = { file = secrets/telegram.age; + owner = "mautrix-telegram"; + group = "mautrix-telegram"; }; secrets.mqtt-sender = { file = secrets/mqtt-sender.age; @@ -198,9 +190,14 @@ with pkgs; }; secrets.facebook = { file = secrets/facebook.age; + owner = "mautrix-meta-facebook"; + group = "mautrix-meta-facebook"; + }; secrets.signal = { file = secrets/signal.age; + owner = "mautrix-signal"; + group = "mautrix-signal"; }; secrets.inadyn-duckdns = { file = secrets/inadyn-duckdns.age; diff --git a/flake.nix b/flake.nix index 68f9f62..e6af469 100644 --- a/flake.nix +++ b/flake.nix @@ -16,10 +16,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nix-matrix-appservices = { - url = "gitlab:coffeetables/nix-matrix-appservices"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = diff --git a/modules/communication.nix b/modules/communication.nix index ea76c90..6e3daa6 100644 --- a/modules/communication.nix +++ b/modules/communication.nix @@ -7,71 +7,92 @@ with pkgs; -# NOTE Reference the environment variable set in the corresponding agenix secret -let - database = { - connection_string = "$DB_STRING"; - max_open_conns = 100; - max_idle_conns = 5; - conn_max_lifetime = -1; - }; - -in { # Matrix server configuration - services.dendrite = { + services.matrix-continuwuity = { enable = true; - httpPort = 8008; - environmentFile = config.age.secrets.dendrite-postgres.path; - loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ]; settings = { global = { - server_name = "coolneng.duckdns.org"; - private_key = config.age.secrets.dendrite.path; - inherit database; - dns_cache.enabled = true; - }; - # HACK Inherit postgres connection string for the rest of the DBs - app_service_api = { - inherit database; - }; - media_api = { - inherit database; - }; - room_server = { - inherit database; - }; - push_server = { - inherit database; - }; - mscs = { - inherit database; - mscs = [ - "msc2836" - "msc2946" - ]; - }; - sync_api = { - inherit database; - }; - key_server = { - inherit database; - }; - federation_api = { - inherit database; - }; - user_api = { - account_database = database; - device_database = database; + server_name = "psydnd.org"; + port = [ 8008 ]; + allow_encryption = true; + allow_federation = true; + well_known.client = "https://matrix.psydnd.org"; }; }; }; + ## Matrix bridges + # Facebook + services.mautrix-meta.instances.facebook = { + enable = true; + environmentFile = config.age.secrets.facebook.path; + settings = { + homeserver = { + address = "https://matrix.psysdnd.org"; + domain = "psydnd.org"; + }; + appservice = { + address = "http://localhost:8228"; + port = 8228; + database = "$DB_STRING"; + }; + bridge.permissions."@coolneng:psydnd.org" = "admin"; + }; + serviceDependencies = [ "continuwuity.service" ]; + }; + + # Enable voice messages for Facebook + systemd.services.matrix-as-facebook.path = [ ffmpeg ]; + + # Telegram + services.mautrix-telegram = { + enable = true; + environmentFile = config.age.secrets.telegram.path; + settings = { + homeserver = { + address = "https://matrix.psysdnd.org"; + domain = "psydnd.org"; + }; + appservice = { + address = "http://localhost:8118"; + port = 8118; + database = "$DB_STRING"; + }; + bridge.permissions."@coolneng:psydnd.org" = "admin"; + }; + serviceDependencies = [ "continuwuity.service" ]; + }; + + # Signal + services.mautrix-signal = { + enable = true; + environmentFile = config.age.secrets.signal.path; + settings = { + homeserver = { + address = "https://matrix.psysdnd.org"; + domain = "psydnd.org"; + }; + appservice = { + address = "http://localhost:8338"; + port = 8338; + database = "$DB_STRING"; + }; + bridge.permissions."@coolneng:psydnd.org" = "admin"; + }; + serviceDependencies = [ "continuwuity.service" ]; + }; + + # HACK Use libolm as there's no good alternative + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; + # Start dendrite after config files are mounted - systemd.services.dendrite.unitConfig.RequiresMountsFor = [ - /var/lib/matrix-as-facebook - /var/lib/matrix-as-signal - /var/lib/matrix-as-telegram + systemd.services.continuwuity.unitConfig.RequiresMountsFor = [ + /var/lib/mautrix-meta-facebook + /var/lib/mautrix-signal + /var/lib/mautrix-telegram ]; # MQTT configuration diff --git a/scripts/motd.sh b/scripts/motd.sh index 9e7cff7..aff368c 100755 --- a/scripts/motd.sh +++ b/scripts/motd.sh @@ -24,7 +24,7 @@ services=( "radicale.service" "miniflux.service" "gitea.service" - "dendrite.service" + "continuwuity.service" "nginx.service" "dnsmasq.service" "dnscrypt-proxy.service" diff --git a/secrets/dendrite-postgres.age b/secrets/dendrite-postgres.age deleted file mode 100644 index 3d9cc0bc76c4f89b28cdf061ed018a1e2665b1dd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 351 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73{4DjPgf|@_btw< zj0z75Hj9b~^@uR`4~Z(sC@RhOD+x(VO7b?!sLCvlED4S=qZAXrh~5l$uzast{F>rD+pn z9>rxC8lGrS;UAEcmTtH)1OVN%eCPlG diff --git a/secrets/dendrite.age b/secrets/dendrite.age deleted file mode 100644 index 697a05a3a1bf5074b77bec97ba9da30d3b7644fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 483 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73{4DjPge*|iEv5x zb4v=bG&OMw%`l2c2`<(*i*l_rG^_~83rs0Bt}JxQ_4Ba^w&1Er&iD4saIY*iGxscT zPmL@rH7oGT4s`PjPRR*$%gYGJPYy5iHY_d*4g}fe6=D&k=V_svUX+?xoT^ZzkYA;# zSE1mkP-RhW6_}>PWgg^bS&-?KYnl|L9TlPs{`b>}l-d@2*`MW)NT+U>Fh@6&hp_ z<>yx!5W%IZtE*sWnVIkGn3Gmm=<6O5Y!>9@6k!~Y?im!4?_z0SQ56{!X6EAP=$RX3 zX2O+~5p?6?EBS^KBITlCHu<+|=FQukQ1?=YbFssG`Gc3APtZJ*)4U>JEmLNu=$)Gp zdt9{V&#Kk9EMBYj=78z>7yV_E!kkogzDu~pz?zZ!mHo%`EQU+Rq_*g|{AWIvQu1(l za&Sn26Yr8~C%0ttbrmi))8#+gQk@{1lai>OE@8J$f3K~T`efC0<*iR|8r}cqWO{IR cjP8U-(Yk)KC*I1r-l}o*_as)q{H+JP0P)hZ+5i9m diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 70bd9ea..eb34164 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -8,8 +8,6 @@ in "gitea.age".publicKeys = [ zion ]; "miniflux.age".publicKeys = [ zion ]; "git.age".publicKeys = [ zion ]; - "dendrite.age".publicKeys = [ zion ]; - "dendrite-postgres.age".publicKeys = [ zion ]; "telegram.age".publicKeys = [ zion ]; "mqtt-sender.age".publicKeys = [ zion ]; "mqtt-receiver.age".publicKeys = [ zion ];