From 4b0a194abb075f3b9ef1d588f3ae61a9f3423b69 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Tue, 14 May 2024 16:30:46 -0700 Subject: [PATCH] feat: matrix appservices and weechat setup --- .sops.yaml | 16 +- common/home.nix | 6 +- flake.lock | 144 ++++------ flake.nix | 8 - home/environments/xfce/packages.nix | 5 + home/profiles/common/sops.nix | 8 + home/profiles/common/xdg.nix | 8 + home/profiles/shell/ssh.nix | 4 + modules/nixos/mautrix-signal.nix | 205 -------------- modules/nixos/mautrix-slack.nix | 251 ++++++++++++++++++ nixos/common/access.nix | 3 + nixos/servers/matrix/discord.nix | 2 +- nixos/servers/matrix/restic.nix | 1 + nixos/servers/matrix/signal.nix | 17 +- nixos/servers/matrix/signal.yaml | 6 +- nixos/servers/matrix/slack.nix | 41 +++ nixos/servers/matrix/slack.yaml | 69 +++++ nixos/servers/matrix/synapse.nix | 1 - nixos/servers/matrix/whatsapp.nix | 6 + .../{web-irc-client => thelounge}/nginx.nix | 0 .../thelounge.nix | 0 nixos/servers/weechat/buflist.nix | 17 ++ nixos/servers/weechat/init.nix | 46 ++++ nixos/servers/weechat/irc.nix | 8 + nixos/servers/weechat/matrix.nix | 24 ++ nixos/servers/weechat/nginx.nix | 13 + nixos/servers/weechat/perl.nix | 25 ++ nixos/servers/weechat/python.nix | 70 +++++ nixos/servers/weechat/secrets.yaml | 72 +++++ nixos/servers/weechat/urlgrab.nix | 3 + nixos/servers/weechat/weechat.nix | 56 ++++ overlays.nix | 4 +- packages/mautrix-slack.nix | 29 ++ packages/synapse-cleanup/cleanup.sh | 10 +- systems/koishi.nix | 2 + systems/yukari.nix | 2 +- tree.nix | 2 + 37 files changed, 850 insertions(+), 334 deletions(-) create mode 100644 home/environments/xfce/packages.nix create mode 100644 home/profiles/common/sops.nix create mode 100644 home/profiles/common/xdg.nix delete mode 100644 modules/nixos/mautrix-signal.nix create mode 100644 modules/nixos/mautrix-slack.nix create mode 100644 nixos/servers/matrix/slack.nix create mode 100644 nixos/servers/matrix/slack.yaml rename nixos/servers/{web-irc-client => thelounge}/nginx.nix (100%) rename nixos/servers/{web-irc-client => thelounge}/thelounge.nix (100%) create mode 100644 nixos/servers/weechat/buflist.nix create mode 100644 nixos/servers/weechat/init.nix create mode 100644 nixos/servers/weechat/irc.nix create mode 100644 nixos/servers/weechat/matrix.nix create mode 100644 nixos/servers/weechat/nginx.nix create mode 100644 nixos/servers/weechat/perl.nix create mode 100644 nixos/servers/weechat/python.nix create mode 100644 nixos/servers/weechat/secrets.yaml create mode 100644 nixos/servers/weechat/urlgrab.nix create mode 100644 nixos/servers/weechat/weechat.nix create mode 100644 packages/mautrix-slack.nix diff --git a/.sops.yaml b/.sops.yaml index 1ec70114..dc999dfb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,9 @@ keys: - &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc - &mew 65BD3044771CB6FB - &yukari age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav +- &yukari_kat age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh - &koishi age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc +- &koishi_kat age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n creation_rules: - path_regex: terraform_secrets.yaml$ shamir_threshold: 1 @@ -14,25 +16,23 @@ creation_rules: key_groups: - pgp: - *kat - age: + - age: &age_common - *yukari + - *yukari_kat - *koishi -- path_regex: nixos/servers/[^/]+/.*\.yaml$ + - *koishi_kat +- path_regex: nixos/servers/[^/]+/.*\.yaml shamir_threshold: 1 key_groups: - pgp: - *kat - age: - - *yukari - - *koishi + age: *age_common - path_regex: systems/.*\.yaml$ shamir_threshold: 1 key_groups: - pgp: - *kat - age: - - *yukari - - *koishi + age: *age_common - path_regex: cluster/cluster.tfvars.sops$ shamir_threshold: 1 key_groups: diff --git a/common/home.nix b/common/home.nix index d882e209..5fa0d638 100644 --- a/common/home.nix +++ b/common/home.nix @@ -16,13 +16,13 @@ in { sharedModules = with tree; [ modules.home - inputs.hyprlock.homeManagerModules.default - inputs.hypridle.homeManagerModules.default + home.profiles.common + #inputs.hyprlock.homeManagerModules.default + #inputs.hypridle.homeManagerModules.default ] ++ list.optional (tree.${systemType} ? home) tree.${systemType}.home; users.kat.imports = with tree.home.profiles; [ - common ]; extraSpecialArgs = { diff --git a/flake.lock b/flake.lock index 0a5484e8..f36cd335 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1712091889, - "narHash": "sha256-u9zDQaf3n3D4O8xBbvLm1DzlFjrmUHkQ241oAjucx5I=", + "lastModified": 1715015942, + "narHash": "sha256-acSCdcggbwQdgGY/C29HY9KOBL9D2y2kP22GG6wWcL8=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "f2c2012ce5f2b8f5d3c123a0978a056809bb4734", + "rev": "1dfe8e22dffb4ee7110404b318caba16b7d7aaa8", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1713543876, - "narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=", + "lastModified": 1713946171, + "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed", + "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7", "type": "github" }, "original": { @@ -308,11 +308,11 @@ ] }, "locked": { - "lastModified": 1713713092, - "narHash": "sha256-rvyr6BBtn3cq5B/48rhJlbIOpxprwlO/71663sd9Gik=", + "lastModified": 1715380449, + "narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "2846d5230a3c3923618eabb367deaf8885df580f", + "rev": "d7682620185f213df384c363288093b486b2883f", "type": "github" }, "original": { @@ -351,38 +351,9 @@ "type": "github" } }, - "hypridle": { - "inputs": { - "hyprlang": [ - "hyprlang" - ], - "nixpkgs": [ - "nixpkgs" - ], - "systems": [ - "systems" - ] - }, - "locked": { - "lastModified": 1713472482, - "narHash": "sha256-7Ft5WZTMIjXOGgRCf31DZBwK6RK8xkeKlD5vFXz3gII=", - "owner": "hyprwm", - "repo": "hypridle", - "rev": "7cff4581a3753154fc5b41f39a098fad49b777b1", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hypridle", - "type": "github" - } - }, "hyprland": { "inputs": { "hyprcursor": "hyprcursor", - "hyprland-protocols": [ - "hyprland-protocols" - ], "hyprlang": [ "hyprlang" ], @@ -393,17 +364,16 @@ "systems": [ "systems" ], - "wlroots": "wlroots", "xdph": [ "xdph" ] }, "locked": { - "lastModified": 1713720783, - "narHash": "sha256-YBS7VaRsi2bAH5rR3RvchG2jm8SnqKHpJ1hPeXS0i/0=", + "lastModified": 1715468612, + "narHash": "sha256-AF5bXnJqS7sj9ioJ/X6g1vg91nM9rtpf4iMIdPLjrRc=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "75c87bde3cfa38105a8c882c790e235503dc46bd", + "rev": "33a7b7bb6b307d6e4a093f75ffdda0419cd7ffaf", "type": "github" }, "original": { @@ -422,11 +392,11 @@ ] }, "locked": { - "lastModified": 1691753796, - "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=", + "lastModified": 1714869498, + "narHash": "sha256-vbLVOWvQqo4n1yvkg/Q70VTlPbMmTiCQfNTgcWDCfJM=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03", + "rev": "e06482e0e611130cd1929f75e8c1cf679e57d161", "type": "github" }, "original": { @@ -471,11 +441,11 @@ ] }, "locked": { - "lastModified": 1713552491, - "narHash": "sha256-qsXB8swg2FkVRYx8FdD28iXQsz5Pyd0hxV8pnyI49aI=", + "lastModified": 1714843107, + "narHash": "sha256-89WxndRGO3CGuWE5XCaHKnsV3IKBRdOWqScp6o8enT4=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "307e473759d1268b50a087095cc005c941f3bb0d", + "rev": "c87af3aa1f6e6bd06cffaabcc400bd45e26d565a", "type": "github" }, "original": { @@ -520,11 +490,11 @@ ] }, "locked": { - "lastModified": 1713619586, - "narHash": "sha256-fIhNlYhPhG5AJ8DxX3LaitnccnQ+X2MCL39W2Abp7mM=", + "lastModified": 1715287423, + "narHash": "sha256-B7AJIjOyWgVMKhu7DlOnWa0VprdhywUVHuB/j+EwSxM=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "9e13e0915273959bfd98a10662f678c15ac71c77", + "rev": "e2fc1c0eb8b392110588f478cce644348ead7271", "type": "github" }, "original": { @@ -626,11 +596,11 @@ ] }, "locked": { - "lastModified": 1713662596, - "narHash": "sha256-R39U32sB61tp5XFx1GYzWBV1TrukgtoaM/cpZNm+oDU=", + "lastModified": 1715403153, + "narHash": "sha256-9s1TLgTG54WxEz2AnT/N5V7zEF9rRVsZT5I9AQnroAE=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "7dbbff1a72b3b0f0fa3788e20a2bfd8b5271387f", + "rev": "d9ca459b3b87d2639407cef26bb8e94a1314f40e", "type": "github" }, "original": { @@ -646,11 +616,11 @@ ] }, "locked": { - "lastModified": 1713668931, - "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=", + "lastModified": 1714878592, + "narHash": "sha256-E68C03sYRsYFsK7wiGHUIJm8IsyPRALOrFoTL0glXnI=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "07ece11b22217b8459df589f858e92212b74f1a1", + "rev": "a362555e9dbd4ecff3bb98969bbdb8f79fe87f10", "type": "github" }, "original": { @@ -661,11 +631,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1713521961, - "narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=", + "lastModified": 1715148395, + "narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2", + "rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a", "type": "github" }, "original": { @@ -676,11 +646,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713537308, - "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", + "lastModified": 1715266358, + "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", + "rev": "f1010e0469db743d14519a1efd37e23f8513d714", "type": "github" }, "original": { @@ -708,11 +678,11 @@ }, "nur": { "locked": { - "lastModified": 1713721479, - "narHash": "sha256-HfmkPAtMyU794rzBGsSS089qsv7MIwcTy/rrlST4Ta0=", + "lastModified": 1715463961, + "narHash": "sha256-FWGL+0DVOPdHnM+yWzHZW46bC+z0fpZrwvHiPV4RPe8=", "owner": "nix-community", "repo": "NUR", - "rev": "8b05bbd9f0ef32148e81a6dc7e794b977687125a", + "rev": "88bbe752f191c5b2ae376746c6e85ef951eed594", "type": "github" }, "original": { @@ -731,11 +701,11 @@ ] }, "locked": { - "lastModified": 1713552700, - "narHash": "sha256-R2+GRjHFEapDa08FnuJjweAiE+5W7VKnBxNo3tC/Yzo=", + "lastModified": 1714856962, + "narHash": "sha256-2te5GG8TVNBF44uMF4G0XFGW+Jt02i/ZkspSNFzjgT0=", "owner": "pjones", "repo": "plasma-manager", - "rev": "bd743369ef402d269885225af93064f22b640990", + "rev": "1554e19ede17de46106dd95820eeea05086a5720", "type": "github" }, "original": { @@ -803,7 +773,6 @@ "flakelib": "flakelib", "flakelibstd": "flakelibstd", "home-manager": "home-manager", - "hypridle": "hypridle", "hyprland": "hyprland", "hyprland-protocols": "hyprland-protocols", "hyprlang": "hyprlang", @@ -888,11 +857,11 @@ ] }, "locked": { - "lastModified": 1713668495, - "narHash": "sha256-4BvlfPfyUmB1U0r/oOF6jGEW/pG59c5yv6PJwgucTNM=", + "lastModified": 1715244550, + "narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "09f1bc8ba3277c0f052f7887ec92721501541938", + "rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f", "type": "github" }, "original": { @@ -998,23 +967,6 @@ "type": "github" } }, - "wlroots": { - "flake": false, - "locked": { - "lastModified": 1713699467, - "narHash": "sha256-wQ18I2j/lUEz6FELuSphPBgROHx1POz/R2fjLA+QP8A=", - "owner": "hyprwm", - "repo": "wlroots-hyprland", - "rev": "b9063af512a2326d5c519edc6a759da875deab21", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "wlroots-hyprland", - "rev": "b9063af512a2326d5c519edc6a759da875deab21", - "type": "github" - } - }, "wsl": { "inputs": { "flake-compat": [ @@ -1028,11 +980,11 @@ ] }, "locked": { - "lastModified": 1713528946, - "narHash": "sha256-IBQta+xrEaI2S5UmYrXcgV7Tu7rGLQu2V3TeJseLPSg=", + "lastModified": 1715237610, + "narHash": "sha256-/ZeWQ4mL3DfHsbTZYc80qMrL4vBfENP0RiGv2KrCrEo=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "63c1247e12f269396ed2df8cdec3aed1f0f3928c", + "rev": "61fe33f4194bbbc48c090a2e79f4eb61b47c9b75", "type": "github" }, "original": { @@ -1057,11 +1009,11 @@ ] }, "locked": { - "lastModified": 1713214484, - "narHash": "sha256-h1bSIsDuPk1FGgvTuSHJyiU2Glu7oAyoPMJutKZmLQ8=", + "lastModified": 1714662532, + "narHash": "sha256-Pj2xGSYhapYbXL7sk7TTlOtCZcTfPQoL3fPbZeg7L4Y=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "bb44921534a9cee9635304fdb876c1b3ec3a8f61", + "rev": "1f228ba2f1f254195c0b571302b37482861abee3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 482d5cda..d7a4d5ec 100644 --- a/flake.nix +++ b/flake.nix @@ -164,14 +164,6 @@ hyprlang.follows = "hyprlang"; }; }; - hypridle = { - url = "github:hyprwm/hypridle"; - inputs = { - nixpkgs.follows = "nixpkgs"; - systems.follows = "systems"; - hyprlang.follows = "hyprlang"; - }; - }; # nixified python environments mach-nix = { url = "mach-nix/3.5.0"; diff --git a/home/environments/xfce/packages.nix b/home/environments/xfce/packages.nix new file mode 100644 index 00000000..5dcabadd --- /dev/null +++ b/home/environments/xfce/packages.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: { + home.packages = with pkgs; [ + pavucontrol + ]; +} diff --git a/home/profiles/common/sops.nix b/home/profiles/common/sops.nix new file mode 100644 index 00000000..c8728717 --- /dev/null +++ b/home/profiles/common/sops.nix @@ -0,0 +1,8 @@ +{ parent, ... }: { + sops = { + age.sshKeyPaths = [ + "/home/kat/.ssh/id_ed25519" + ]; + defaultSopsFile = parent.sops.defaultSopsFile; + }; +} \ No newline at end of file diff --git a/home/profiles/common/xdg.nix b/home/profiles/common/xdg.nix new file mode 100644 index 00000000..4bc0013f --- /dev/null +++ b/home/profiles/common/xdg.nix @@ -0,0 +1,8 @@ +_: { + xdg = { + enable = true; + userDirs = { + enable = true; + }; + }; +} \ No newline at end of file diff --git a/home/profiles/shell/ssh.nix b/home/profiles/shell/ssh.nix index 9cba5804..e08c8aee 100644 --- a/home/profiles/shell/ssh.nix +++ b/home/profiles/shell/ssh.nix @@ -5,5 +5,9 @@ _: { controlPersist = "10m"; hashKnownHosts = true; compression = true; + forwardAgent = true; + /*extraConfig = '' + RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra + '';*/ }; } diff --git a/modules/nixos/mautrix-signal.nix b/modules/nixos/mautrix-signal.nix deleted file mode 100644 index 240cab90..00000000 --- a/modules/nixos/mautrix-signal.nix +++ /dev/null @@ -1,205 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - cfg = config.services.mautrix-signal; - dataDir = "/var/lib/mautrix-signal"; - registrationFile = "${dataDir}/signal-registration.yaml"; - settingsFile = "${dataDir}/config.json"; - settingsFileUnsubstituted = settingsFormat.generate "mautrix-signal-config-unsubstituted.json" cfg.settings; - settingsFormat = pkgs.formats.json {}; - appservicePort = 29328; - - mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); - defaultConfig = { - homeserver.address = "http://localhost:8448"; - appservice = { - hostname = "[::]"; - port = appservicePort; - database.type = "sqlite3"; - database.uri = "file:${dataDir}/mautrix-signal.db?_txlock=immediate"; - id = "signal"; - bot = { - username = "signalbot"; - displayname = "Signal Bridge Bot"; - }; - as_token = ""; - hs_token = ""; - }; - bridge = { - username_template = "signal_{{.}}"; - displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}}"; - double_puppet_server_map = {}; - login_shared_secret_map = {}; - command_prefix = "!signal"; - permissions."*" = "relay"; - relay.enabled = true; - }; - logging = { - min_level = "info"; - writers = lib.singleton { - type = "stdout"; - format = "pretty-colored"; - time_format = " "; - }; - }; - }; -in { - options.services.mautrix-signal = { - enable = lib.mkEnableOption (lib.mdDoc "mautrix-signal, a puppeting/relaybot bridge between Matrix and Signal."); - - settings = lib.mkOption { - type = settingsFormat.type; - default = defaultConfig; - description = lib.mdDoc '' - {file}`config.yaml` configuration as a Nix attribute set. - Configuration options should match those described in - [example-config.yaml](https://github.com/mautrix/signal/blob/master/example-config.yaml). - Secret tokens should be specified using {option}`environmentFile` - instead of this world-readable attribute set. - ''; - example = { - appservice = { - database = { - type = "postgres"; - uri = "postgresql:///mautrix_signal?host=/run/postgresql"; - }; - id = "signal"; - ephemeral_events = false; - }; - bridge = { - history_sync = { - request_full_sync = true; - }; - private_chat_portal_meta = true; - mute_bridging = true; - encryption = { - allow = true; - default = true; - require = true; - }; - provisioning = { - shared_secret = "disable"; - }; - permissions = { - "example.com" = "user"; - }; - }; - }; - }; - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = lib.mdDoc '' - File containing environment variables to be passed to the mautrix-signal service, - in which secret tokens can be specified securely by optionally defining a value for - `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET`. - ''; - }; - - serviceDependencies = lib.mkOption { - type = with lib.types; listOf str; - default = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit; - defaultText = lib.literalExpression '' - optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnits - ''; - description = lib.mdDoc '' - List of Systemd services to require and wait for when starting the application service. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - users.users.mautrix-signal = { - isSystemUser = true; - group = "mautrix-signal"; - home = dataDir; - description = "Mautrix-Signal bridge user"; - }; - - users.groups.mautrix-signal = {}; - - services.mautrix-signal.settings = lib.mkMerge (map mkDefaults [ - defaultConfig - # Note: this is defined here to avoid the docs depending on `config` - {homeserver.domain = config.services.matrix-synapse.settings.server_name;} - ]); - - systemd.services.mautrix-signal = { - description = "Mautrix-Signal Service - A Signal bridge for Matrix"; - - wantedBy = ["multi-user.target"]; - wants = ["network-online.target"] ++ cfg.serviceDependencies; - after = ["network-online.target"] ++ cfg.serviceDependencies; - - preStart = '' - # substitute the settings file by environment variables - # in this case read from EnvironmentFile - test -f '${settingsFile}' && rm -f '${settingsFile}' - old_umask=$(umask) - umask 0177 - ${pkgs.envsubst}/bin/envsubst \ - -o '${settingsFile}' \ - -i '${settingsFileUnsubstituted}' - umask $old_umask - - # generate the appservice's registration file if absent - if [ ! -f '${registrationFile}' ]; then - ${pkgs.mautrix-signal}/bin/mautrix-signal \ - --generate-registration \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - fi - chmod 640 ${registrationFile} - - umask 0177 - ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token - | .[0].appservice.hs_token = .[1].hs_token - | .[0]' '${settingsFile}' '${registrationFile}' \ - > '${settingsFile}.tmp' - mv '${settingsFile}.tmp' '${settingsFile}' - umask $old_umask - ''; - - serviceConfig = { - User = "mautrix-signal"; - Group = "mautrix-signal"; - EnvironmentFile = cfg.environmentFile; - StateDirectory = baseNameOf dataDir; - WorkingDirectory = dataDir; - ExecStart = '' - ${pkgs.mautrix-signal}/bin/mautrix-signal \ - --config='${settingsFile}' \ - --registration='${registrationFile}' - ''; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - Restart = "on-failure"; - RestartSec = "30s"; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallErrorNumber = "EPERM"; - SystemCallFilter = ["@system-service"]; - Type = "simple"; - UMask = 0027; - }; - restartTriggers = [settingsFileUnsubstituted]; - }; - }; - meta.maintainers = with lib.maintainers; [niklaskorz]; -} diff --git a/modules/nixos/mautrix-slack.nix b/modules/nixos/mautrix-slack.nix new file mode 100644 index 00000000..acd3c8b8 --- /dev/null +++ b/modules/nixos/mautrix-slack.nix @@ -0,0 +1,251 @@ +{ lib +, config +, pkgs +, ... +}: +let + cfg = config.services.mautrix-slack; + dataDir = "/var/lib/mautrix-slack"; + registrationFile = "${dataDir}/slack-registration.yaml"; + settingsFile = "${dataDir}/config.yaml"; + settingsFileUnsubstituted = settingsFormat.generate "mautrix-slack-config-unsubstituted.json" cfg.settings; + settingsFormat = pkgs.formats.json { }; + appservicePort = 29335; + + # to be used with a list of lib.mkIf values + optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null); + mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v); + defaultConfig = { + homeserver.address = "http://localhost:8448"; + appservice = { + hostname = "[::]"; + port = appservicePort; + database.type = "sqlite3"; + database.uri = "file:${dataDir}/mautrix-slack.db?_txlock=immediate"; + id = "slack"; + bot = { + username = "slackbot"; + displayname = "Slack Bridge Bot"; + }; + as_token = ""; + hs_token = ""; + }; + bridge = { + username_template = "slack_{{.}}"; + displayname_template = "{{.RealName}} (S)"; + bot_displayname_template = "{{.Name}} (bot)"; + channel_name_template = "#{{.Name}}"; + double_puppet_server_map = { }; + login_shared_secret_map = { }; + command_prefix = "!slack"; + permissions."*" = "relay"; + relay.enabled = true; + }; + logging = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + }; + +in +{ + options.services.mautrix-slack = { + enable = lib.mkEnableOption "mautrix-slack, a Matrix-Signal puppeting bridge."; + + settings = lib.mkOption { + apply = lib.recursiveUpdate defaultConfig; + type = settingsFormat.type; + default = defaultConfig; + description = '' + {file}`config.yaml` configuration as a Nix attribute set. + Configuration options should match those described in + [example-config.yaml](https://github.com/mautrix/slack/blob/master/example-config.yaml). + Secret tokens should be specified using {option}`environmentFile` + instead of this world-readable attribute set. + ''; + example = { + appservice = { + database = { + type = "postgres"; + uri = "postgresql:///mautrix_slack?host=/run/postgresql"; + }; + id = "slack"; + ephemeral_events = false; + }; + bridge = { + history_sync = { + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; + }; + permissions = { + "example.com" = "user"; + }; + }; + }; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + File containing environment variables to be passed to the mautrix-slack service. + If an environment variable `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET` is set, + then its value will be used in the configuration file for the option + `login_shared_secret_map` without leaking it to the store, using the configured + `homeserver.domain` as key. + See [here](https://github.com/mautrix/slack/blob/main/example-config.yaml) + for the documentation of `login_shared_secret_map`. + ''; + }; + + serviceDependencies = lib.mkOption { + type = with lib.types; listOf str; + default = (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + ++ (lib.optional config.services.matrix-conduit.enable "conduit.service"); + defaultText = lib.literalExpression '' + (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + ++ (optional config.services.matrix-conduit.enable "conduit.service") + ''; + description = '' + List of systemd units to require and wait for when starting the application service. + ''; + }; + + registerToSynapse = lib.mkOption { + type = lib.types.bool; + default = config.services.matrix-synapse.enable; + defaultText = lib.literalExpression '' + config.services.matrix-synapse.enable + ''; + description = '' + Whether to add the bridge's app service registration file to + `services.matrix-synapse.settings.app_service_config_files`. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + + users.users.mautrix-slack = { + isSystemUser = true; + group = "mautrix-slack"; + home = dataDir; + description = "Mautrix-Signal bridge user"; + }; + + users.groups.mautrix-slack = { }; + + services.matrix-synapse = lib.mkIf cfg.registerToSynapse { + settings.app_service_config_files = [ registrationFile ]; + }; + systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { + serviceConfig.SupplementaryGroups = [ "mautrix-slack" ]; + }; + + # Note: this is defined here to avoid the docs depending on `config` + services.mautrix-slack.settings.homeserver = optOneOf (with config.services; [ + (lib.mkIf matrix-synapse.enable (mkDefaults { + domain = matrix-synapse.settings.server_name; + })) + (lib.mkIf matrix-conduit.enable (mkDefaults { + domain = matrix-conduit.settings.global.server_name; + address = "http://localhost:${toString matrix-conduit.settings.global.port}"; + })) + ]); + + systemd.services.mautrix-slack = { + description = "mautrix-slack, a Matrix-Signal puppeting bridge."; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ] ++ cfg.serviceDependencies; + after = [ "network-online.target" ] ++ cfg.serviceDependencies; + # ffmpeg is required for conversion of voice messages + path = [ pkgs.ffmpeg-headless ]; + + preStart = '' + # substitute the settings file by environment variables + # in this case read from EnvironmentFile + test -f '${settingsFile}' && rm -f '${settingsFile}' + old_umask=$(umask) + umask 0177 + ${pkgs.envsubst}/bin/envsubst \ + -o '${settingsFile}' \ + -i '${settingsFileUnsubstituted}' + umask $old_umask + + # generate the appservice's registration file if absent + if [ ! -f '${registrationFile}' ]; then + ${pkgs.mautrix-slack}/bin/mautrix-slack \ + --generate-registration \ + --config='${settingsFile}' \ + --registration='${registrationFile}' + fi + chmod 640 ${registrationFile} + + umask 0177 + # 1. Overwrite registration tokens in config + # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET + # is set, set it as the login shared secret value for the configured + # homeserver domain. + ${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0] + | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .bridge.login_shared_secret_map.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \ + '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' + mv '${settingsFile}.tmp' '${settingsFile}' + umask $old_umask + ''; + + serviceConfig = { + User = "mautrix-slack"; + Group = "mautrix-slack"; + EnvironmentFile = cfg.environmentFile; + StateDirectory = baseNameOf dataDir; + WorkingDirectory = dataDir; + ExecStart = '' + ${pkgs.mautrix-slack}/bin/mautrix-slack \ + --config='${settingsFile}' \ + --registration='${registrationFile}' + ''; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + Restart = "on-failure"; + RestartSec = "30s"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = [ "@system-service" ]; + Type = "simple"; + UMask = 0027; + }; + restartTriggers = [ settingsFileUnsubstituted ]; + }; + }; + meta.maintainers = with lib.maintainers; [ niklaskorz ]; +} diff --git a/nixos/common/access.nix b/nixos/common/access.nix index 86a8e7fb..2f4ac053 100644 --- a/nixos/common/access.nix +++ b/nixos/common/access.nix @@ -13,6 +13,9 @@ config.users.users); }; in { + security.pam.enableSSHAgentAuth = true; + security.sudo.enable = true; + security.pam.services.sudo.sshAgentAuth = true; users.users = { root = commonUser; deploy = diff --git a/nixos/servers/matrix/discord.nix b/nixos/servers/matrix/discord.nix index 81538aab..982b4da5 100644 --- a/nixos/servers/matrix/discord.nix +++ b/nixos/servers/matrix/discord.nix @@ -7,7 +7,7 @@ domain = "kittywit.ch"; homeserverUrl = "https://yukari.gensokyo.zone"; }; - provisioning.whitelist = ["@kat:kittywit.ch"]; + provisioning.whitelist = ["@.*:kittywit.ch"]; relay.whitelist = ["@.*:kittywit.ch"]; }; }; diff --git a/nixos/servers/matrix/restic.nix b/nixos/servers/matrix/restic.nix index 37181fb4..a36e8094 100644 --- a/nixos/servers/matrix/restic.nix +++ b/nixos/servers/matrix/restic.nix @@ -10,6 +10,7 @@ "/var/lib/mautrix-whatsapp" "/var/lib/mautrix-signal" "/var/lib/mautrix-telegram" + "/var/lib/mautrix-slack" ]; exclude = [ ]; diff --git a/nixos/servers/matrix/signal.nix b/nixos/servers/matrix/signal.nix index 11f08fce..2053c38f 100644 --- a/nixos/servers/matrix/signal.nix +++ b/nixos/servers/matrix/signal.nix @@ -13,15 +13,30 @@ }; appservice = { port = 9048; + ephemeral_events = false; }; signal = { }; bridge = { + history_sync = { + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; + }; permissions = { "kittywit.ch" = "full"; "@kat:kittywit.ch" = "admin"; + "@signal:kittywit.ch" = "admin"; }; }; }; }; -} +} \ No newline at end of file diff --git a/nixos/servers/matrix/signal.yaml b/nixos/servers/matrix/signal.yaml index 038d66b3..dc3573b2 100644 --- a/nixos/servers/matrix/signal.yaml +++ b/nixos/servers/matrix/signal.yaml @@ -1,4 +1,4 @@ -mautrix-signal-environment: ENC[AES256_GCM,data:eoRyc9dHVRPWkZjq4XIsKYbo9qy9xmA2KAEUffZ7rrfAB6z2tFPuIQDLbLpils73V63/hu6hwVT1Jprn+++GaAR/NogG1UqBBmv5N/sEjUXvUQJoNRGDNbZa+s/ttB40gfElpHr2F5lWqoE4zfvGdTH03QaVZKEfJKz3+VvCbI8JB/zeEK7Ze+bzzm8gXhmrsShAkWX+7jbboVCwvyX8L0UCjpaMLioORODPEWX8f8n9JpkoLgavlyCPDde18HxpReO1HV0=,iv:D8u528qWlgPAzekv9ZmeLtrSq9Az/ldRWMIAvZqiUh8=,tag:pJ1iD6QEcbupZfvPcFWaMw==,type:str] +mautrix-signal-environment: ENC[AES256_GCM,data:BpCzruK8S1NBdszZaSalPKMkhSk+vpQKnLM+0USjo2j4awcjNnqsDSiV3rSsB3Zary3x456ZX5WCfYVCmFy6UmGP9LTw7OV7Y0nGpAsb6oKbAEMDcft4AbrNh4x2Z0Xc9fAlBE5UY4kmQW1HWTn8pxyV0+uwT7voNffzOujxss3YW6u6y7TlBZh4Y3uscR4Dm4yt9RBiAu1Tu8FJOPJW2VFQ16drQiQV4xfFusr8HIv1KiIJuNiyK+RWOPQGckiKz+aLAqdXShs=,iv:YP9Aw74CKfUsi/hSu3t+K7HHoEF6rXqpkqvr179l6sE=,tag:DDZxGvRiMgNYRU8C3wK60w==,type:str] sops: shamir_threshold: 1 kms: [] @@ -24,8 +24,8 @@ sops: SndnKzY3R0MzV3pqbmxyYjNXV2p6bkEKS27XLdXlFy28qy6HlKlebp2/sqP4WKf1 tCy/n4Dk8Gh+2Ss5+r+pqgoTHiZG/a6NqvJCpsxRsNxx+GZOpr6RcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-21T21:52:05Z" - mac: ENC[AES256_GCM,data:BkNzMwxzX+ny7/Xn9eHScJKPu+VzzqISk2q1hTMKC62vV5xQ65d6MqDE86ljqEInQktX1DB+vExF8m4UFd0blmK6V2aK6ybT8GQWaojuzl149QKnZslhDFhijvfJL7qBZX3r3ovyQn8pobUrNHItlBWdyhFP1lCpxFufuX6zR4s=,iv:cL2q0S63wbq0rbA/ul6qqz0caCDEz9G3ic/ib+xV+xY=,tag:X4iMblIurYWsto1cyHEmKw==,type:str] + lastmodified: "2024-05-14T03:15:49Z" + mac: ENC[AES256_GCM,data:YKuPtzHtVqPeFKmm5OsR1btshycWB/++TLOEvjoMvIvsiFCo/YaPqyWebpSUOtvg2h/AwJY/6hPX15DPzDe4B2HePHDiiu5ItkspW3XJUkT30Ul4aAhE4hP0wotBQlYJro7mF41dejctLVpVi8V3zqTkr3nHgcMUa6EblUtPIWo=,iv:WsmM7VQrT0QIJjqQUsxW25jO3xSeLuAJEW6kiMQviW8=,tag:B1O/YWlL39PPoaOJNkl9yg==,type:str] pgp: - created_at: "2024-04-21T21:50:24Z" enc: |- diff --git a/nixos/servers/matrix/slack.nix b/nixos/servers/matrix/slack.nix new file mode 100644 index 00000000..21c4c3a7 --- /dev/null +++ b/nixos/servers/matrix/slack.nix @@ -0,0 +1,41 @@ +{config, ...}: { + sops.secrets.mautrix-slack-environment = { + sopsFile = ./slack.yaml; + }; + services.mautrix-slack = { + enable = config.services.matrix-synapse.enable; + environmentFile = config.sops.secrets.mautrix-slack-environment.path; + settings = { + homeserver = { + domain = "kittywit.ch"; + address = "https://yukari.gensokyo.zone"; + software = "standard"; + }; + appservice = { + ephemeral_events = false; + }; + slack = { + }; + bridge = { + history_sync = { + request_full_sync = true; + }; + private_chat_portal_meta = true; + mute_bridging = true; + encryption = { + allow = true; + default = true; + require = true; + }; + provisioning = { + shared_secret = "disable"; + }; + permissions = { + "kittywit.ch" = "full"; + "@kat:kittywit.ch" = "admin"; + "@slack:kittywit.ch" = "admin"; + }; + }; + }; + }; +} diff --git a/nixos/servers/matrix/slack.yaml b/nixos/servers/matrix/slack.yaml new file mode 100644 index 00000000..0c59044c --- /dev/null +++ b/nixos/servers/matrix/slack.yaml @@ -0,0 +1,69 @@ +mautrix-slack-environment: ENC[AES256_GCM,data:20FOJ9LMLtSND6KXhZpSoOxxH8NYhZWXAaL42byftEsDzsZIpulsMRfU3XBh/1a5JEKRNYcdVfvn4xApbXv2w0xs2oKEsPWgI86B0LjqiWcLEIsVljaErnGC3nDU9/kY5PsDl1cj9WQHZ7O/8nV8GyD/5v/evO7sE+xN4JW/o8kTBBE43fpiTS/unfEkmJF5WhkR20ViGykG3+Z79wgtYVaTBkG1v0gPo8fc+JySClE+N8fz05bVGCH8g77/JtW3Vhdch9T5,iv:uYQXj9POBiX7qJNuovCdDo9lE7t1jRII7zU0YlPDeyg=,tag:jmlgy4S4HnV7vNmLTdxIxw==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQm9XUWR6MEV2S3JFNWNB + VkFuYTNjZEJYakFTYWI5T3ptRmJBb09oRzN3Cms3REZlOFBWQ3hzTVlKallOMjhS + bjVjYloxNDdRK2lWdjhIalYwajRBRk0KLS0tIGNmcy9ZRDMxQVdTaDM3WXFRUkdK + c1dieVNqS1Y0emM4aXliVTB6TVl5RFUKXoBohKU7Z2QZouD9OGWWloZ7DMoVfT7x + DglOnTdIvN6jI8cgRtIJQM31PEcGuEuEyXsyRPjGs5qoAspWQPgl+A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMVIxbE52UnFhVjlka2V5 + cHNLeVhsNWFXeVRPYWxvSHdGWEpCMEVvYUY0ClRwNlQ0T2phdkR3RkQ4MkdXYXkw + UHBDUitjTGdvSndpMVZGTUpoNHpWVDAKLS0tIHJGZkpWUGw5WmJWaWJxRmM0cUpi + Z2xOWkdoTDFoNnFybjc2d01ZTGhrV0kKNRJpTwsbHowfrr/oDb0Hzsx63m0Dk+ol + 2dlAHJyNgdnQAdssDb4NERkUzjZMmXexbUMWjqGHtmHGyPTRDSpGsQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZWo0TDZtZXh0VS9QSWtl + d3hLbVRVOGl4ZUdLN2hGVUpjcVJ2TGN5b2dBCmdWcmhmNlBJNFFDU2xnL2pSaTB1 + VW10MEhPZGo3WDFPNllwQlJOa3VGN0kKLS0tIC9lYXdmbHNZcWl6cjBWYmJNSWFR + QmZxMVVpd1FtbUg4bmlhaG9IdmxFbk0KPYOtCiD42R2uo2qzuIFPq70wlIOeWW1J + H1DBYQWqBnCF74cxsvbhClEBm/VSn32sDwxgfT4lj4OkdFmfOfxSbw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ256bDBlWjFybWMxS3Iw + NXZxaHZNTDJFN0J4aEZzdlpMYlFYY1JIVlY0CkQyTXQ2MjRYU01Qa3lob3dVeXEv + dE9ra0I1ODF2VURFclIwNFRVY2FxNkkKLS0tIEJNYlV6KzdsS1pNNXhzelMxekdW + dDVPR3QvQ3k4NVNpckVid0VQUEd4TTQKyztuaRZZbiuSN5aaQOz0CkqikpAQcyYw + EjXtMYn23+wp0JyaMpIUhCAGbwVOw+hg3ddV5vRbNZ8rZMSHXfTvhg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-14T21:01:48Z" + mac: ENC[AES256_GCM,data:s3zdz0zOXo9YPt0V9il2MVRKBuaMZ8iIR9267y23IrwH914P+YVYQ9i7tTDfEG5+R1TEbLjli8oNxvLpH/BEicGygR/lEBnrp17ccd3RqCcrKHgFyp/QihJ7cCuBtcDO/0kPKSLWsa51hz71heYJLXaFCcZjvWm6R/z0hh3dE9I=,iv:Dt05Fdgk9YYVAwZgrpvxv8A7I6VG+TRRnPjRx4GZqrc=,tag:G7bFoIVXAd84Eqf+qJRiAQ==,type:str] + pgp: + - created_at: "2024-05-14T20:57:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/7B7lozfjMMT+j/f2KGdegu0Jjctprhn1OCvQICo6JfMau + w7BzKYUsRQiTMPWW91K3SNKcSnYJ02hYQBBaWEk/SX/fhv4bqvuCKitxHdxNvBFN + zI3Syjg1Ztc/u/OxLzrPKe0BFn3tnIQ5U6c4ti9FV3SXf5q6N1GLTjfAhDoC/0Hc + QEFInSCYNFbtjnafEx2wbkadyzyRq4g4T0YRRzM6HYXzUVfBJSwtpanLdmpuo4+0 + moDM3Hu3XBLM61uajmHFN5sBlSuwA8QAZ0BBLCAumBQ5YfGSoowZBc7rJezDs3Gg + TQ2yogiB9v4edNAVWiBH8KVnHRlLqiIsZdLgbVd2dhEp/AdPWAbgX5ZBm6JK9+io + i7QrfLAvw+2ezhflpiOUx6OPUuQvZdgTveAuSesJoR20GW9bgtkkkeS8whMjgt3g + yhh89+7+zn4VBgFzful7Qed4Oy5GFPfDsflLv03bagHTwtbv+fQo153/7Po2HS/O + yHMa8fr82uUUA7Q8ZQUMtoAWMJwpwG8gHqybCbuem5ZshJKHCc8jow74n4Lc5HgQ + MsuDVf32nVWS2iAn+mJ5eTGW2BJ9XYNqX7ac1yWWtnR+9gTmGPuaq7xMMVtNindC + 5idSpuH7orG4z7HU80q3XWfGVciegNvlNx4RHvTXyc39FtAozc86s3lMjyyPgPzS + XAGIdjvxcJgpwzAA7u9oo/OnO+0eQ8upxieLPPICNfjZ9bXj4m3Z8UsoCE7aRKac + 3ybcy2emTybV/8+Jq1Os2b6cbwJMJSeln1+CvFTdKagMI8f41aXUfIhMnb7E + =NkQx + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/matrix/synapse.nix b/nixos/servers/matrix/synapse.nix index b02a9829..c286dfe6 100644 --- a/nixos/servers/matrix/synapse.nix +++ b/nixos/servers/matrix/synapse.nix @@ -28,7 +28,6 @@ in { "/var/lib/matrix-synapse/discord-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" ]; log_config = pkgs.writeText "nya.yaml" '' version: 1 diff --git a/nixos/servers/matrix/whatsapp.nix b/nixos/servers/matrix/whatsapp.nix index 8a508852..c8fb4f76 100644 --- a/nixos/servers/matrix/whatsapp.nix +++ b/nixos/servers/matrix/whatsapp.nix @@ -17,8 +17,14 @@ whatsapp = { }; bridge = { + encryption = { + allow = true; + default = true; + require = true; + }; permissions = { "kittywit.ch" = "full"; + "@whatsapp:kittywit.ch" = "admin"; "@kat:kittywit.ch" = "admin"; }; }; diff --git a/nixos/servers/web-irc-client/nginx.nix b/nixos/servers/thelounge/nginx.nix similarity index 100% rename from nixos/servers/web-irc-client/nginx.nix rename to nixos/servers/thelounge/nginx.nix diff --git a/nixos/servers/web-irc-client/thelounge.nix b/nixos/servers/thelounge/thelounge.nix similarity index 100% rename from nixos/servers/web-irc-client/thelounge.nix rename to nixos/servers/thelounge/thelounge.nix diff --git a/nixos/servers/weechat/buflist.nix b/nixos/servers/weechat/buflist.nix new file mode 100644 index 00000000..8fd49d6d --- /dev/null +++ b/nixos/servers/weechat/buflist.nix @@ -0,0 +1,17 @@ +{ config, std, inputs, ... }: let + inherit (std) list set; + in { + services.weechat.enable = true; + home-manager.users.kat.programs.weechat.config.buflist.format = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { + indent = "\${if:\${merged}?\${if:\${buffer.prev_buffer.number}!=\${buffer.number}?│┌:\${if:\${buffer.next_buffer.number}==\${buffer.number}?│├:\${if:\${buffer.next_buffer.name}=~^server||\${buffer.next_buffer.number}<0?└┴:├┴}}}:\${if:\${buffer.active}>0?\${if:\${buffer.next_buffer.name}=~^server?└:\${if:\${buffer.next_buffer.number}>0?├:└}}:\${if:\${buffer.next_buffer.name}=~^server? :│}}}─"; + buffer_current = "\${color:,${base0D}}\${format_buffer}"; + hotlist = " \${color:${base0B}}(\${hotlist}\${color:${base0B}})"; + hotlist_highlight = "\${color:${base08}}"; + hotlist_low = "\${color:${base06}}"; + hotlist_message = "\${color:${base0C}}"; + hotlist_none = "\${color:${base06}}"; + hotlist_private = "\${color:${base09}}"; + hotlist_separator = "\${color:${base04}},"; + number = "\${color:${base07}}\${number}\${if:\${number_displayed}?.: }"; + }; +} diff --git a/nixos/servers/weechat/init.nix b/nixos/servers/weechat/init.nix new file mode 100644 index 00000000..a47bdd0d --- /dev/null +++ b/nixos/servers/weechat/init.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: let + inherit (lib.modules) mkMerge mkBefore mkAfter; +in { + home-manager.users.kat = { config, ... }: { + sops.secrets = let + common = { + sopsFile = ./secrets.yaml; + }; + in { + weechat-secret = common; + liberachat-cert = common; + espernet-cert = common; + softnet-cert = common; + }; + + programs.weechat = { + init = mkMerge [ + (mkBefore '' + /matrix server add kittywitch yukari.gensokyo.zone + /matrix server add kittywitch-discord yukari.gensokyo.zone + /matrix server add kittywitch-telegram yukari.gensokyo.zone + /matrix server add kittywitch-whatsapp yukari.gensokyo.zone + /matrix server add kittywitch-signal yukari.gensokyo.zone + /matrix server add kittywitch-slack yukari.gensokyo.zone + /exec -sh -norc -oc cat ${config.sops.secrets.weechat-secret.path} + /set irc.server.liberachat.tls_cert ${config.sops.secrets.liberachat-cert.path} + /set irc.server.espernet.tls_cert ${config.sops.secrets.espernet-cert.path} + /set irc.server.softnet.tls_cert ${config.sops.secrets.softnet-cert.path} + /key bind meta-g /go + /key bind meta-v /input jump_last_buffer_displayed + /key bind meta-c /buffer close + /key bind meta-n /bar toggle nicklist + /key bind meta-b /bar toggle buflist + /relay add weechat 9000 + '') + (mkAfter '' + /matrix connect kittywitch + /matrix connect kittywitch-discord + /matrix connect kittywitch-telegram + /matrix connect kittywitch-whatsapp + /matrix connect kittywitch-signal + '') + ]; + }; + }; +} \ No newline at end of file diff --git a/nixos/servers/weechat/irc.nix b/nixos/servers/weechat/irc.nix new file mode 100644 index 00000000..4555034f --- /dev/null +++ b/nixos/servers/weechat/irc.nix @@ -0,0 +1,8 @@ +_: { + home-manager.users.kat.programs.weechat.config.irc = { + look = { + server_buffer = "independent"; + color_nicks_in_nicklist = true; + }; + }; +} diff --git a/nixos/servers/weechat/matrix.nix b/nixos/servers/weechat/matrix.nix new file mode 100644 index 00000000..f1cf74d0 --- /dev/null +++ b/nixos/servers/weechat/matrix.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: { + home-manager.users.kat.programs.weechat = { + scripts = with pkgs.weechatScripts; [ + weechat-matrix + ]; + plugins = { + python = { + packages = [ "weechat-matrix" ]; + }; + }; + config.matrix = { + network = { + max_backlog_sync_events = 30; + lazy_load_room_users = true; + autoreconnect_delay_max = 5; + lag_min-show = 1000; + }; + look = { + server_buffer = "independent"; + redactions = "notice"; + }; + }; + }; +} diff --git a/nixos/servers/weechat/nginx.nix b/nixos/servers/weechat/nginx.nix new file mode 100644 index 00000000..bc7d2881 --- /dev/null +++ b/nixos/servers/weechat/nginx.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + services.nginx.virtualHosts."irc.kittywit.ch" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { root = pkgs.glowing-bear; }; + "^~ /weechat" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/servers/weechat/perl.nix b/nixos/servers/weechat/perl.nix new file mode 100644 index 00000000..f36b21fd --- /dev/null +++ b/nixos/servers/weechat/perl.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, ... }: { + home-manager.users.kat.programs.weechat = { + plugins = { + perl = { + enable = true; + }; + }; + scripts = with pkgs.weechatScripts; [ + highmon + parse_relayed_msg + ]; + config.plugins.var.perl = { + highmon = { + short_names = "on"; + output = "buffer"; + merge_private = "on"; + alignment = "nchannel,nick"; + }; + parse_relayed_msg = { + servername = "espernet"; + supported_bot_names = "cord"; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/servers/weechat/python.nix b/nixos/servers/weechat/python.nix new file mode 100644 index 00000000..9dc65a26 --- /dev/null +++ b/nixos/servers/weechat/python.nix @@ -0,0 +1,70 @@ +{ config, pkgs, std, inputs, lib, ... }: let + inherit (builtins) toJSON; + inherit (std) list set; +in { + home-manager.users.kat.programs.weechat = { + plugins = { + python = { + enable = true; + }; + }; + scripts = with pkgs.weechatScripts; [ + colorize_nicks + title + weechat-go + weechat-notify-send + vimode-develop + auto_away + weechat-autosort + urlgrab + unread_buffer + ]; + config.plugins.var = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { + python = { + vimode = { + copy_clipboard_cmd = "wl-copy"; + paste_clipboard_cmd = "wl-paste --no-newline"; + imap_esc_timeout = "100"; + search_vim = true; + user_mappings = toJSON { + "," = "/buffer #{1}"; + "``" = "/input jump_last_buffer_displayed"; + "`n" = "/input jump_smart"; + "k" = "/input history_previous"; + "j" = "/input history_next"; + "p" = "a/input clipboard_paste"; + "P" = "/input clipboard_paste"; + #"u" = "/input undo"; + #"\\x01R" = "/input redo"; + "\\x01K" = "/buffer move -1"; + "\\x01J" = "/buffer move +1"; + }; + user_mappings_noremap = toJSON { + "\\x01P" = "p"; + "/" = "i/"; + }; + user_search_mapping = "?"; + mode_indicator_cmd_color_bg = base01; + mode_indicator_cmd_color = base04; + mode_indicator_insert_color_bg = base01; + mode_indicator_insert_color = base04; + mode_indicator_normal_color_bg = base01; + mode_indicator_normal_color = base04; + mode_indicator_replace_color_bg = base01; + mode_indicator_replace_color = base0E; + mode_indicator_search_color_bg = base0E; + mode_indicator_search_color = base04; + no_warn = true; + }; + title = { + title_prefix = "weechat - "; + show_hotlist = true; + current_buffer_suffix = " ["; + title_suffix = " ]"; + }; + notify_send.icon = ""; + go.short_name = true; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/servers/weechat/secrets.yaml b/nixos/servers/weechat/secrets.yaml new file mode 100644 index 00000000..00fbae07 --- /dev/null +++ b/nixos/servers/weechat/secrets.yaml @@ -0,0 +1,72 @@ +weechat-secret: ENC[AES256_GCM,data:nioUJ1t/qHdDpAy3vM2q1MMHPzbbGT/wPDRsUrEG2aqjX8Xpo3bQzW6k49oiiOpW8O+GX7jSbGp7qL1GSvnVnfIomZvgbXfdXbZEsB9tdmGKc9nWJ9irpyV/HpSyLaewf9PTmlVSdwD8maLrkzR52ZuNsu8TdKWFybbZy6qCh4mMB0GWlThlQ6lpXE9KXzhMuRgWQYtsWLa4x7v95GxZ5WvM/hhx85qoo+gRWjUuEIGlGwaK6ju7fHkuhhBJIYQn5ctkQMlegcw0TdVWeSuS1vC8Tv/+6oLSbPFE+5K83kv85LTlLE433esIHD0LZW55u2MqSukSu2drdlSgtfrIXk3KkS6dM5MWur1Off+Ii+w4mG62sKjqL2sg/Y1QFX4rOeDZY38SRpSP3mTK/xuwSbaz1r19nqyd7N6/+UZg9eVH1EeLph2scT3m223mTDVIPZ6efCn3HSx6Ej8e+UAM/Grnt/m5wzvadlocjIrVQ+FqIZnV0BZOKyHWFutYnpPMKfHEUWPrDAEdhlSPjD3GzsbjXCv+iW+EZ9d6CjqCLHW/bFAWs3N8TNYVBqy5Wd//NRZuu3XYrvtV7CCCaucXb3NVyvLKvA73Wt/rUg/ydcV//4iuL695q7o9g5sVKU/S8HxXCLoiZhDvFrrIXIWCFk3lWQ1/CkQHUJZpVf8+ybIa1T54lvbe25nfdbECs/niLaekeP+blLynAageJl8sRz1Yz7lqBEMsF2NmZMM+xkstbE+M6jbtBYbKf2LeOtR8IEjpvgCWncuW0BMesgvTCHGKHGC5cArdy91nFuCXThsqNs9n58LHxR7czbfesbqx40bTc4rg56W7GsatN6bTdk/bqjVQx7Pm9OK3+UczFlCIOe5MrZFm8JrUPZRtIbbbCz2PGfLfyvFdQVTvPQvg/ofJIFD8P92EKajZ4Aw7l5ERkgcuGLx4mWtDOozzKATtdJWzTa6kmU4k0+G12Ih9djXTwTDQGoL33Jr5Z9Z2oQflasXZ342EiCjVsjQQbhHrEzYt5CPtxOeNtIWesJbdP55SGgze5lE001E5NRc4lfuEAPzsRqbFcKhA0ad4iR9vqYNpNEgZIeIyen42bki/FIHPfSp9NipdCz4epKQWU8MIjXzlh2spQQXSk/uTNGafYGzdrRXsPnefQ1Qy0TvtxhOMKfsbGfUOabjeWUxgWueLcVPkT+S70TXxbaPbq7MDr5aLjwf+VVPt/ixqgENGrF5O11toGXDN0AN3+yyJHzz8KMm1dCnMtysW4qU71DK19lBeDdeke3obX/qpaZeh37+UE/AljdWWUOLBReh7vu2OWCUvjbcuAJJUEGSFA/2NrChxB51/XTGIbbQw+gx13F4LYjhxewTU1VBAHrnVSCaQfoj6hK42Qv2kSzLu,iv:Kd7Kt1ikOmUGqTHFOHQ0mWk7kXEFvy3Gzna7YbqRenY=,tag:OOzgjyRPgS+tsg2/KeMQbA==,type:str] +liberachat-cert: ENC[AES256_GCM,data:o/9UJHC20mmjdPf2Ip2RX7V09/LezOsm/D71BHXVOYxwxt0ij5x/vXyzOgw1cELYfh/572lH8PwAW/je2m3FEYKEyL7Dzmc3HDFfYdIxvnpMltW/tlGb/1VDAvVGByUxD5QZa5LHArkcL0NYq4Cb37MlPsBQxAgWj4KyYBcFF3vzggdgEmk2U5Ph7Zx1OaT/fganI8LlzCnQZ/5LH8ruUVv+eqTv9xIIJvkwmO7zzztLQyxfKVU74AuiYVgTQz4u0v+/ZMNeldfdne1tlY4OaQWK1eluL2C1UVRx8UDSTPnBEI8XR6RW8LctDX3rizM9BEXqu3b3yUZdHvR28mmHKvMZDm93WzH7/YOtv7KJut9QK91tG3viPBVe+l0v/n4rsYna5OUQHhbbuSMh0ruXRMthiBFEm3R00eiX0kzjVV81k+9/LOZYWmafNXwlAZ1+fW6r7fFNWsNgXe41JzpHoQEw1n+Br6MODhrxS/GwaZ/gmBh8dReU3mfevzD2RN7w8ESmGFlYeOppD7okprF8BKaEGNYr12Hcwl0EFPiosY3i8x3ZCP28ysFs6mBBpPCLw5icmrXcVuM4QaeYFoosoTIXlIQKcowl+MNw3toKlnV9AlncWn05XngXkOuS28/b/ts1mHSErD02YEFEc4M1VYN+Tc/I+l0WfOeIdmhL4GSwZfHNdPVz2wsnoYZdfmB9hpApxtNjAvKrjJcYhtoM6HbY+DVIZQ5nYyhnLwgBnYHMqP0m7Xb3/bPhEnZXJf7DIMV5c5XL0aOxPqi/jPQRKzc88zoaAA8izz2k69SrSr6DaUGie1W/qGyz/i1yT2SQZfYUfI00R5mcmCcC8ubfJ53ShkmH1x4n2Tyjt9ZwU/QymvZaDwN9C2yqnWV1VTGsN1JmXL5tAC4j1TOmRhdMnHOzEyNPcNVKXL3W39dlXnQKIRi+dgPewsu5/kFW5e9obP2+JkT8mfF2Sliev2dg0XnT/F/YoykmpKOwPQ57FQA9ubyMcbcAfSyc4vpWKGuLp0jJ5qZeQ6zOfXZf1o3Os2uNE/UK+PbY1/1SlvCtoGhNCGyQl4auSEoTqm7XNwo9kKoxODiEPM7dQfI+w2m1jxpm1K7JpaW38bOOwSZLrUW5s7G2kNDeAUUkCdGU3YZHvFyuMBobdGCQa2R2p0fT7BiwpdD1gq5QQYXHcumHH46hCpABfas3S8ZqxkCne0ZCmyZvbBoQvYt7liIxeWCnVVXaZyPWW4dMsvipEGyx5FNV3zda/Bj92Cq4jAfUjqWZmnpLc3lUtDR/hCD1KWGsaP+UFuYRdLWFzmypC2s1SjaHa5lq9mP8XG9uQUAsmk/YB0WIyhXOm+x31dIhcup0COxx3nddEeW++tG6fiPhcGRWkfYofYPGEn70U//j+vNrsII31HWXSbVEHUiT1f6FyHm1NQqZDP5M7sIL2CeMuo2FtG/fZGWfznUppCqkUbkpPTAGJ8oJrhQJwYoejQC10o4qp2QZHS8/SqtLyqboSIGUvVBXj40xIBp8U7WfwIZj71S27gGGbZEG6S+xJbosCYNvz7CdvZagunkP9aUZ9kzBbGkBw7WVqaUG4w1czkSztU5lEaJdXGxncC6qQ2lBlv+1boWQO9iekL7CAlhC0plGj3QNvVlfTxbodWEZ29hw/FCR1ddbvthpnDQi3hFGD+i5cx+drsu3fyXg0Kxi6ZVFuANfkN49+HC8qCe+vxQtMBgd0I51iBn3/2WF2Gl6QxDETtGkdONkIdyn+wpizmt1HQMMH0LHrPqaGAyKf0iz84X+5y9L8owgTRehRSon9jVGjgbH+s+DtSx8f2N+gHlpOIvEjDuIHW7Bvv42OAz/s2zBPytbMe9I9wFDbXpT87vUJlq5k0q83T580w9MlT2p7shDIR3GfKoNEOYR1YXvwgoR3vrAV/1c8qmHo/Qv1rqxzEDI2+5EkXIPrIy4I3gGwdu177ZPJELeKWAPUYCg+TZOxsp4+YAkoAyj7nLJdyHg1TZ21+hgH2/OyhjFjF45dkTykAW9vOofT2MrzG2ih7LXbsDb58MHfD6TBkpSH8gn+Xom8sfHIHVQPtbiMdkshEEeX/6HsL06dHF0QUHDmgBNaNVh9KBD09QE/YdtJOABCyyO4dMRZIRs10TPHH260wTpV9lHfIy7T0/iNQAZMkWsifE8oOyRJZMjRIJlDeQJKNC4Wtv9ruEZVN0QO58O6Y69AGQAnyIqHZAVthcoUunKkhuFBVc1AFz/zxS14FMnbF83cYU/piOtOayK6kk4uaclgEgPzOstPVpijh2tMfx243HxIFzwWvEr15PT1NU0KgV0/kOFMWu0vYu7QSmGXSEZNza/a6z8jPhn4IjYbDF08gbwQgFQs2TmYogee2xGFNnYWX8sFhnglgJoyB0a4mogM3foeNmHzx7iuCV2jKdqSWXY5pnAlaNtpIkVsycKrh5dFqtuO+BZBXmfu9eEaM5anzQGBz/XoO/z+0qY+yBurhaQeXDfYa+WiTdSZHFQiIVrE0sPyQlJ8dp3Qh99hHApKiZ9WN2Ab93V6PEMzVp4k5dmjmPd5GgpsjcWSh6uT60OcUMFs37XXSKjXT9+tHVX1CKy/TaXLGJ9hpOad5h+etvwWX1y0mr7tyqNTDxOTpcbk0aIl7wTnBqOT66tiMn04NcbY0t6bIcH983iEex8I4ES4pbjEHVox36dr924hs/P8wr/Gn3a0TnUzI8+KOZcBA4dIjS6uA7krWg+5ko4ya8qkTkiKJqAk4fZk7O4Jqqrf+dI4UiWGR/mDcapdCIjWkgEKK8Br8kpVFWq7I2dD3o4JMQ8JtsB5DgWrGiwewT0cJITG2qAB8hYCyPF6ZumT6iSk7dTCLfZxID66m+zSRW0LF6FV/kbnrfaWeZvijkHeH7/SN5y1OI1Oim/aXPGS/oQmJMjmV2xzMBmaHpCY6nF0Lx1LbavW0WJdFPbIj50Hufan/cyvG5c2ZB0Vg3gNg0Ruz+RtsH4iJtjonuDbQ37pwBSe3Opi36bq44rszHNLPwLgNAQiQwkxygys8ZS995ZdXEEAt/prh5Zh6eF+d3/rI0EWe9P80G0x4TkgLMM4A29ipT0ylidS0+AtFQr8eNk1rcRP+/aw3p1BIP4AgPHB2eA7AFCwMs/Cce/n1OGK++pS0H7kXIERMO40YIQXKhijExqyarS6D/Ob+DobrUq2AZIobO6M5iZgjy/Y76aPu5UTR6pF34Tu5di2HFLBMfCcQRsleN+gJUwqVDmRRuszXwBk4F6eVph6SKZVVkUVLferLIO83dboh8R56IKLasmg4WrXbcwBHZmOIoFWUvRwwxqC5wHgeG5dKK25XBFAmC8m9a1vbfZ00YA9pXyHEmpwYT3ePIfx8DvAgrmIED5E53qs5Gs0d9JUh6ja4TkN7/H9SRiLMN9slTmxPoQ1xhqzRUrQh+SD42qG7dpe2qlEsUfBuY1p4Pxvpn5kzZlmbRzlD0qPjL4YSuPQEEoCvPkYysOFwDtV82/FafPqBG2gQLF//3G7qNCT1UHPObboWCkTim2/IMA3rmLochbUoBM0KLrP7BQQubR8rv57lfjw15P1Z7ApppKnhZsMw1J/RvgH5OgK5X57rBe6SJl31RqX62FkO9GWQLG0rPgEsa93sd3zI4tiTTX/snU69uiW017xQ==,iv:DHnR0ZMEuZtY2Gx2xgomnEWH6F/qzkErJ9KwInGLlIM=,tag:Wx84gTr29eO/BvyRjnXC/A==,type:str] +espernet-cert: ENC[AES256_GCM,data:3N91QUBnRUDlK1ndxw0434TzEEkb0Y3qte5UpjH96RyyRN6oeImC8Z0rjGGWGSNTF8Xrd+TPMWj4WpYQQwuZVAANwd5u/Itbs84alQI8ltaM4uvTz9KxNRvwY6FTi7lWrjzVWi4Sc7/wax8gh1ra6B7Q0BhDqWa2Lvucgo0NPU0XMO26W3O+sVzKcveNb/wCuDIgbgH9bJcJkkJ7st/zeEkQhj3cI7FYBXqTixKcN3JVI/1FX72VA9rhMIYlUV4CcJb/sNxZOIMP0XzjH+IcPZJdFz6Kob/dA6BYIwW8e0uVWEeE8RRSrKq/8FhbuN03oSo0z9TgOcldH0qgXF82eC/tmfkI6G6bkyu9sMzOtrQbb9Nl19IhUXYq/BYKosWer/Dnc2q/tR1qsFBirZiA6Gi+9GZxUZrWAlyBYuWTKCWU6hiUk2tGBcKg1VbxGY2H4Md2i6SRedGOS6VA/HJLyEjh8YDej3XR9EYFP02OwLs6+4MNBcrdOEEWmkxW0EEuS5KF2SZ142hhsHZ8NIDnolKsSOwFqRuKhgnAMsB9+IQSzkSSak5MbVcnAsJsmkqhTKvf0idco2tFGaJeJjjXVi1Knr0NXJX0yku/mA1BWvb119KP9vHNxxc2QKaa2MJeqpXR92cB2XBrtR9pSAm8RVTLRyFWCQxtuvKumO+3cPJPfocfuIocK9FRE8SfwnFvHL0frwK9FI9MaJRcMJqOgUv20p/OTGBoEpoKUhHUPmPqaSWVyi+3jEE+Va3idB4HeOgKA9P/FeVhnZf7SP28fEEI3A0805gDVlhcbx7Y1ZPrrNJv8VXAfwG2//H1Z9/TV9oruRjSR2S0tNLqV2vQGpHBPt1ZPF14lZwybAM0pRldZk3DasWEdZuSv9n8bHHv6cGhHsmrZdVb55oGW5uGEksdUGyXB0aRlXVFDkAiM5nTuNqZN8+EWyu+P6xH/em6wSWpeQE5t1tlqLqpaDU5O2tkVuqHcsllSou9k5p8PmY/bf5K1eGSPUVFAt+9v7+gQoofIQ12TpYCadOSYY7uCiukoiEFMYFyAvzY5QIiSWw07MF+jsBmeb3gWPqRH3tCHUBakkpVCV5ICRhItQcnb2Ins7jmthz7tvhD3pvrXDk7/sj5MwqByzfAyn6RqWJVp5D+GymQqYDhigPPInRqln0XBpywpaXMsWRx0UsnmCOGGJn0tFKq/k4SpwVlqf2VhQB73KtyP/K01AXmiVlfd1mbiAMw2N5qu1OpAt7SrfgXgXBTnd9eztamBMwKpMuXsfWdmycjnbzNYvhkCiy76AvQ8vgAT5udQWiliXrxsXubA0uhRAfZ/UGgRjiGPcw5fuBFnh7aB0FCYFhjBaoMwptHx92uTOis2gPEhn4K8Ex2xFMGlWC68RqvKXR/e3PNgVThTeXFN0xo8OObL2/2rtsvt476Aj+hENrAEZwW4Btc4vDJELw9KddnCIH5xeMdiDW+sjIh4Adj+H5C5Nt2U252DQExrprNksNqSTvZ8Coe4qQLB/cjyh5kOjIfNbaeaMXpikfgAV51pfbAGUUHrz5J7Tf36u5GLGHbETt3bTmyeyO0fZfKvw2UqAZaWaLn7C95n3dgkpoq2Gn2dA2LasgqQ+5EBcn93Oa923FKBdxE65UB/MXJPQkCDXBOCBai4I56wXC0QHDXaRlshvl+PQy76fSacyXlcTwcgoRFn7AVUTtlm/jo/4yGCfBzMWvITh6ppEzg5ls8txnm02CWP7ihoJaY317TJdOkon0qvkG2EXSOmdcX5nAJkPDg4Z4s2wVyEBqtRUzPVAQaCaqZRPseUHsfJzBYjcZV85dV0iw+McFQm7uEqjS+yCDXul5fRzx2g4IdslDf11glwb5pA1AVsA57jT41ByiFOXgJszURjvV0ZxP0vLfsQixa4uhYiZsQu+XGkdgDiS+/ENaUhRw9t0YfO+o8kxFKWm5wUgMpv3w8+9BOjlehg5iWR1J65qpk3QwGZ0PNDboNA79VPDYzbDGTR1uELe4hhxBs9xMTPWpXsRPVg19KVJowNIz4IOSxG7qM2H4J/Q7lxxl/f8tJ4IlIvCNp2SdI8eNABSqJDBcl0N4z5h9OweFTZwmkSzoTtHRnJwu0MpSMQQeEcrjqQgdCPhuY06TI8g+F9b35OvCEzUjP04W5VQVdl/TmJiIePsFZEaKlMUbwV47PyTp9Yq+GmPwVco5oIYWlDBId3r6vNuY5TkAtvfblcIqy2D0PCXVd0AWfO4baBZzBxZKu8x/ma2zY0cUon8HsXDkekfhlY5h4UgVwvTXZoprOfBzgEui7a8Hyilb0eUv6H0Lr5K+lLpcF4sKWa2BzyGbKP1gmjjr5tR+Mz11xKIta+mj+sVTuK3DY9xEBxvZpGiBRFrh4A7g4oW3ED+E5+o1uVOCL1zAp6dba9fINHfrvtpjHL5zy6x0snaBy+Bqn18EJg33/Y4slFe1IYJXQGTQ9rLkq1lDB3rHT0UjYrDepDpm/PH1JGa9QV5jvHxSDJhSakOC2/PojrJWk0jUHgXxONqscg1N2USU37iVE595iU6M+YoPStLds/AxZK02Hl+zsypHcF6Yc4h60wmxmRLnOPxMychb/jVJ+DjnKlGgavIg1alOl7nsCPhJfr3DfbZd/RAz9crR5sXkUpJN7uoI6b/MB5BMLIZ7dNKt64tLP6bXfpfT/v4NcfG/yzVXVy0cldKG9CRPGm70vFYqzP2P2IQTXPw0gBxn2SwJ1h2JeVdBkvqcUmcNS67jQsfZIJu+gN1VFinY15JNBxeEbd65+BQFbKGfCcQ2kLo9Q28TRERmc3yJkE8C4Vrzgvm+TDyFU23Zenm+ys5nhT3AlOQ6umEw07xp9cGMoSE0H4K9yPRppa0+UvNeM8suo1MlfTdmAKRmz9NGYGXskhcjwav74XJyvGp9AoA/l0pgQoD+snp+pahjFFlq7Y6rzqjvWattVo/U4OoeItvl69ueys7jdl4egSyRjL1NAsr2k9m8ZEKDDNY8WGQ/8+UXQI89wMQEeQBFUOnEPfsX9u+Djjz78/AfIMxI2ny7aS+idDoPyIomdRQqkL+88ZMSdgfyyUuvR5qfa2ge0bAgp1HskHDBBjjG3bTpL7gZKALpeinIn0+mBmCMlp/XL8akGxqWTpwFckYWB4A0FJ7DHTunjgQpwr+ajgaI52Y1OiPay9YwzUZ1jUFymMX+hNOSfdbqiG9hUAxC6iwck1bqZLkEy/M31KrQFFKfgnQ2ks7LrRgrmgTpiP4RpTzCpKBniYcD/Xz5ERVMbMndzHMzAqYddcSZyI1NplH9lct7q8yU2fcQu+jRdkqTBe8XOPugrwA9a4UP9aGmDWZE4Kxp8NtSgYY3ZDEEsg7O9whSMr0i2fqceNKwt4cwbyo+lnCqF4/lB5yJ82vx7Vcl7YukOEiS168g1prB9RdpnD0dItRM7VHXhc63SLt8j53cqXpDql10z6Q55R6aVej6gGHyPrIVZiFmCSovz5r+/YAoqAKLqxBYGs3ipfW/ZIf6iLkpaHCeyOZ8s/2T/iuFRPQRIr7+DtGeSeBnt3uAjJrEQ/AKn9M3HxVcajTGQBWBG5AKfiiYG6lPHRRz2/KoRM24lSHlS6ASXOuBp3cyKbcDWtdRZ0k7b72Y+c8cuGyiIaMee4Pr5GQed0mWjWm7vj8kN3ng=,iv:QpBIeLDM16NRjI4Atq6PaDrlDm35B2r6kOl/gk1lc0U=,tag:PW1I7HL1QWW0jK8jSZ3sIg==,type:str] +softnet-cert: ENC[AES256_GCM,data:lwjtqw8WlR8WwFkV/ButRbXnUFirfhWeoG4utaob/XBOiyKfExz2GW+PKHM/h7kjD7oyeucav7+xVrc/7ycJveA2FLG2v9wRyTn62R2Dy9E5Mrl+R/Iq9H0Q5/X0HnnU+rzmRfBbIPDLfC196YeQNbb8kpQVY1qYW9DLAgba5gb0EwM1FOocEmpgraxBvYNww5xq3PomGHVaRBg3B0kqSULvBkxu1vd/Kti/gF4A7VmN4iWK5bsz6v9AAIOLnChXre2gja6WHzMT2VCc1B/no9MdzdXhC7PB2Z3jZgt8ADskdBogid0fDAKzh7CZGjI5T9Wtyn+tPlEtopv+WDqo2uNJHrMjwarbQQR4/Q4vpc1o7DASFZvhu10QxmnBC8Pr4Vvy2ZkI5xxEXpEDGt8HL9GnQKtTSI1RclmsRFxBIoWUuOMXAQGDtA6nG5WEwIRiSk73Xfxbgx0DDvyX8N9DSjoGLS877ltb9L17+Ywdy6xcVBOHxKKNTrSxftSVm7RLEhy47WfXo4FqK5KQkWV8d7E3/s47TT16kvfRdaqKHbAXHR1qrTBNTMchOqo3SuOV/RHucMw9t82/OUn/bBCR0lZ7hOQGSCWjW9CuQj5O/t7+1ZBiR80QPKY1ItdBmhdhSe44KAu6myae24hbMaclZyIJ4br8/wrMCrAFOM4MqQjEBrCHCbmv/q40XwuNTrNvAWx54bb8p2nrNfyzILwOcmyJJMbWJX9D74dEIBADsrfTlG8FC9WgcTjlzgiA3rhHI6RikKIMlOFjvzrPn8x+TEtdXTpvt1ULOJc1YIuTrqqojTgF9yL/JbHzZ5cqEI2sLSUhi86Smn21ESQs79eiaEC+LmQbjHTBNP4wv/3H1981z6D4H4Cqg6auLBrmBEKTuchbfHSZiJPoSxRpc7Wp1DkQ9i2kJ/EIZYd9k7PBYiVNMzalZv0WHx493hpKGMsD1lHYVvoZsnCFgpZP6MbcfBxD2oDMekLelFGVro4aUcjlo2GTuUBnNRqJ8QqeUmgY3BpehjqJiNF8sy9Dbf1kN5tFELxGbp8/BFZYs7KnX/O77KOxiaEBRwNgUzdBfw==,iv:s6Bu2OvqZ0EUFJ4H2q7nJrHdn9JkLWD1x5IiegyDqvU=,tag:U1TAvoq0/w52BZEfCPVNxA==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2aDJPeURXNmlReW8yQWRK + TWdWTlBFMDJXZlVUVFRmQWhEaWFnY0pYdVVNCnhYUGp6NjJ1bm1YNm10Mk9rWUkx + MjJnSFIxN2pkMEhZUGZmcnBsbUlWaXcKLS0tIDNyeTQxWTcwU0dGa0tpMW9NM0wz + eXhMMklrV0NzRXRlb3hBRjNIbjV3WWsKb0Lk1ALTqylYi2GVP7N7njHsQhxQksMG + oDvaHqcPX1FzF2i6MeZkf/IaargzIPBSkofB2AYAkpO28Eui0wl5HQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cnu37d5fqyahh9vvc4hj6z6k8ur9ksuefln7sr6g3emmn927eutqxdawuh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZlAvUWV0c1hXb205L3Vk + SHZ2VStIOWw2Qk9CWVB0Q0dxL3BSSFhxYUVVCnRUNFBDNlNTQ2NXYmZ5R2lNZ3Ux + bkxwSEZaVUVzUUhVVm1LbjRzT3dtbFUKLS0tIDdQMlZIOU5rSzhhaE54a1dTS2Vt + emF2M2ZLTUxXVXhDWC9oUHRMOHdMZDQKRJlZuztKP8Z5t0Vrv6ml1ttHQDwr8/uq + grXisFd6KYQDCFcHhuxr/BTvwkRCuf/ZgNst1+kGjvj147JXGR+WxQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTXozRnJxY2F4bDZmc2Y5 + VU5yT0JPZHV4T2NWdTY0KzN6T3BBN2pucTI0Cmc3alQwM0p4N3pkek91L0h2bjZM + THo3L0lWanBSMnlhOTI2NUZPb1MvZGcKLS0tIFNNS3FrRjBmelVwYzdtRjBFWVlQ + a2ZSUnNLUEhtejExZGdXRXQ2QXJ1U2MKKBA8+hAsthSbSxjfYzo/e2qwtFQRBFX2 + s1YQEd6/00PCo8GiJNzitv0Opip8seXy3GhqgnDXuWiiwPEw6aImsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age18hpxz0ghvswv9k30cle73prvnzrsuczqh87jjdk9fl50j3ddndmq9xae0n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMmtqbkRNYnFoWkJOQkNp + NTVPZ0ppRER3c2RCcEhaNWlLSkpMZTljUWl3CnZaQUo2dytRTHhrbm95UmlLUWRy + NmRTVDh2d1A4WXUvWDArNmtuMXJYU1UKLS0tIGFJOFoweUQ0OGhWTlZNcXpyYkZz + cDE0NlhaTTJjRHRwWFNVYTZlZVhWWVkKKLSGcTpffyMD6f/Kn/MhdB89GipwKJBS + HTQhBc9IE7AiFrHxgP5tIg4vEWNLJDumbpXVD+jXCtdyB72PGP9iKA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-14T21:02:59Z" + mac: ENC[AES256_GCM,data:wF1PLDaXQlhDN4C9CDj5hhLMEpw8jN3hjqbA1cY5pSQZ5487t8CBplz4+SpcnQg8vT1tEJPYzXOufeiKYtgMDUGT4j5PjrgAdTbfZZ/QEZZyko7C3xBNQ01OwR7ySMgoIgWM9UnbveKweQiXrVBNLC93zysfoKDdClFSnXDqUW0=,iv:+2WIMPIEwGjWtwaBBuzSSrxR1uOQk8FbcLD1oVQYfIk=,tag:B8wuSZTLpksgfhDUiox5Hw==,type:str] + pgp: + - created_at: "2024-05-13T17:25:37Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/8Dsn4X5ZUaTVKSOVt/bIVVXtoTGRq6tOoRHAlfH0moKP/ + oYFHBmYsapteWuewZvjYn1sYUlfSVWGzwBBEO05FU7RBXPG1TAfpN4oiT1YfS98n + lGYftHZgENVFy5UbvndWhoKKrQGQshhdkR+k4HdyGDYPbV+3PgPLrYRbx2MC7Dzv + sl8mB3oRAn4lN+JKfvsGkJK8+8gkJIma7TcUKT517CqloScSh9Kvu2aOG1Oj3Zv4 + j2RZODbAzPLcQobYMCUk/+O+GwMWcVI/oNU1zF0hrz3LVUSaiLLD+i3VhksEbpqG + 4XxF04H7QMhXz258qzuIzrnMqygSGEbJMO47Dn8WQ38zub+EUxa5Fy1DKEIYjr4N + csFA4Vt14kGyUYVbZfebSK3TW6F05H7vn7pwUfD6OTOcIYMUSJZjlEk5HuYR1pnQ + 0VsxS/HOUP/wcuhyJ0KEqu8NmcM/foiNxIHBaRFcKqcZ7mB3d4KCUH/STu0IsBSO + 2A2VQPANxGRlH03d0zxDeIl/dlZw8RF+30ZHrJFm/MasUb3B/ufo8Fpx1lKdqN/H + yN24kbPwNmt91cKAXU09DghVK4cBlclfTmIMSxqaCFpApg0yS5YpYPmc/HFQ2wRM + 936uzZNkAq8qXWdlnHok4DkH25f3Qex6DjjtNWJ68JQ5eQFLUfhnWrE1iM0ZCGTS + XgF/4cYnaJ4AyXBrr6ykGNu5vmOruMaBpKvnHdl6g8k0F792+ZJPVHK6EH5eGCvL + mIi/J5r7RNGWcS+4JBTPbu006M+TXsi5Yy+z3MKrvFWxjjSTB3Nu5NubHJBOnrI= + =LtFB + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/servers/weechat/urlgrab.nix b/nixos/servers/weechat/urlgrab.nix new file mode 100644 index 00000000..34bc8368 --- /dev/null +++ b/nixos/servers/weechat/urlgrab.nix @@ -0,0 +1,3 @@ +{ pkgs, ... }: { + home-manager.users.kat.programs.weechat.config.matrix.urlgrab.default.copycmd = "${pkgs.xclip}/bin/xclip -sel clipboard"; +} diff --git a/nixos/servers/weechat/weechat.nix b/nixos/servers/weechat/weechat.nix new file mode 100644 index 00000000..639768ba --- /dev/null +++ b/nixos/servers/weechat/weechat.nix @@ -0,0 +1,56 @@ +{ config, std, inputs, lib, ... }: let + inherit (std) list set; +in { + home-manager.users.kat = { + services.weechat.enable = true; + programs.weechat = { + enable = true; + config.weechat = with set.map (_: v: "colour${builtins.toString (list.unsafeHead v)}") inputs.base16.lib.base16.shell.mapping256; { + look = { + mouse = true; + separator_horizontal = ""; + read_marker_string = "─"; + prefix_same_nick = "↳"; + highlight_disable_regex = "signal|discord|telegram|whatsapp"; + highlight = "kat,kittywitch"; + }; + # color overrides + color = { + chat_nick_self = base0E; + separator = base06; + chat_read_marker = base0B; + chat_read_marker_bg = base03; + }; + # bars config + bar = { + buflist = { + size_max = 24; + color_delim = base0E; + }; + input = { + items = "[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]"; + color_delim = base0E; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + nicklist = { + size_max = 18; + color_delim = base0E; + }; + status = { + color_bg = base02; + color_fg = base06; + color_delim = base0E; + items = "[time],mode_indicator,[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+matrix_typing_notice+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion"; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + title = { + color_bg = base02; + color_fg = base06; + color_delim = base0E; + conditions = "\${window.buffer.full_name} != perl.highmon"; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/overlays.nix b/overlays.nix index 770f0576..6417eece 100644 --- a/overlays.nix +++ b/overlays.nix @@ -9,7 +9,7 @@ map (path: import "${path}/overlay.nix") [ ++ [ inputs.darwin.overlays.default inputs.deploy-rs.overlay - inputs.hypridle.overlays.default - inputs.hyprlock.overlays.default + #inputs.hypridle.overlays.default + #inputs.hyprlock.overlays.default (import tree.packages.default {inherit inputs tree;}) ] diff --git a/packages/mautrix-slack.nix b/packages/mautrix-slack.nix new file mode 100644 index 00000000..9d6c8ded --- /dev/null +++ b/packages/mautrix-slack.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }: + +buildGoModule rec { + pname = "mautrix-slack"; + version = "2024-05-01"; + + src = fetchFromGitHub { + owner = "mautrix"; + repo = "slack"; + rev = "75d2ffd88b6f1d097697fab363099ed7d37fff6f"; + hash = "sha256-l0pZPp11VJ7xP0uuctjOEZHCDnS4OAbxMRkcNQLbMzs="; + }; + + buildInputs = [ + olm + ]; + + vendorHash = "sha256-FL0wObZIvGV9V7pLmrxTILQ/TGEMSH8/2wFPlu6idcA="; + + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/mautrix/slack"; + description = "A Matrix-Slack puppeting bridge"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ kittywitch ]; + mainProgram = "mautrix-slack"; + }; +} diff --git a/packages/synapse-cleanup/cleanup.sh b/packages/synapse-cleanup/cleanup.sh index e61f7ffe..76d771d1 100644 --- a/packages/synapse-cleanup/cleanup.sh +++ b/packages/synapse-cleanup/cleanup.sh @@ -2,13 +2,14 @@ set -eu set -o pipefail -read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER -read -sp "Enter the admin user token required: " API_ID +# Provide $HOMESERVER and $API_ID into the program via environment, or uncomment the two below lines: +#read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER +#read -sp "Enter the admin user token required: " API_ID TEMPDIR=$(mktemp -d) echo -n "Starting synapse, just to make sure it is online for these requests" -systemctl start matrix-synaps +systemctl start matrix-synapse sleep 5 echo -n "Collecting required room data" @@ -36,11 +37,10 @@ for room_id in $rooms_to_clean; do curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": $ts }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/\${room_id}" don -sudo -u matrix-synapse synapse_auto_compressor -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/" -c 500 -n 100 - echo -n "Last optimization steps, database optimization, shutting down Synapse" systemctl stop matrix-synaps +sudo -u matrix-synapse synapse_auto_compressor -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/" -c 500 -n 100 sudo -u postgres psql matrix-synapse -c "REINDEX (VERBOSE) DATABASE \"matrix-synapse\";" sudo -u postgres psql -c "VACUUM FULL VERBOSE;" diff --git a/systems/koishi.nix b/systems/koishi.nix index cd7ddf41..88175274 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -43,6 +43,8 @@ _: let }; }; + services.printing.enable = true; + swapDevices = [ {device = "/dev/disk/by-uuid/04bd322e-dca0-43b8-b588-cc0ef1b1488e";} ]; diff --git a/systems/yukari.nix b/systems/yukari.nix index eeecdc97..1b980b2f 100644 --- a/systems/yukari.nix +++ b/systems/yukari.nix @@ -21,7 +21,7 @@ _: let vaultwarden grafana-stack public-directory - web-irc-client + weechat ]); boot = { diff --git a/tree.nix b/tree.nix index c8b37db6..566daeb9 100644 --- a/tree.nix +++ b/tree.nix @@ -96,9 +96,11 @@ nix-index-database.hmModules.nix-index plasma-manager.homeManagerModules.plasma-manager base16.homeModules.base16 + inputs.sops-nix.homeManagerModules.sops ] ++ (with (import (inputs.arcexprs + "/modules")).home-manager; [ i3gopher + weechat ]); }; };