From 6974feb92c0ce213a9d4564167fe6f2c3f5946c6 Mon Sep 17 00:00:00 2001 From: Finn Landweber Date: Fri, 28 Jun 2024 19:01:51 +0200 Subject: [PATCH] nixos/matrix-hookshot: init module --- .../manual/release-notes/rl-2411.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/matrix/hookshot.nix | 127 ++++++++++++++++++ 3 files changed, 130 insertions(+) create mode 100644 nixos/modules/services/matrix/hookshot.nix diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 4ee99750198e..a8816f091d3d 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -87,6 +87,8 @@ - [HomeBox](https://github.com/sysadminsmedia/homebox): the inventory and organization system built for the Home User. Available as [services.homebox](#opt-services.homebox.enable). +- [matrix-hookshot](https://matrix-org.github.io/matrix-hookshot), a Matrix bot for connecting to external services. Available as [services.matrix-hookshot](#opt-services.matrix-hookshot.enable). + - [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable). - [Music Assistant](https://music-assistant.io/), a music library manager for your offline and online music sources which can easily stream your favourite music to a wide range of supported players. Available as [services.music-assistant](#opt-services.music-assistant.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 006cdeedcaf6..14a977c99e87 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -698,6 +698,7 @@ ./services/matrix/conduit.nix ./services/matrix/dendrite.nix ./services/matrix/hebbot.nix + ./services/matrix/hookshot.nix ./services/matrix/maubot.nix ./services/matrix/mautrix-facebook.nix ./services/matrix/mautrix-meta.nix diff --git a/nixos/modules/services/matrix/hookshot.nix b/nixos/modules/services/matrix/hookshot.nix new file mode 100644 index 000000000000..d6329e91459e --- /dev/null +++ b/nixos/modules/services/matrix/hookshot.nix @@ -0,0 +1,127 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.matrix-hookshot; + settingsFormat = pkgs.formats.yaml { }; + configFile = settingsFormat.generate "matrix-hookshot-config.yml" cfg.settings; +in +{ + options = { + services.matrix-hookshot = { + enable = lib.mkEnableOption "matrix-hookshot, a bridge between Matrix and project management services"; + + package = lib.mkPackageOption pkgs "matrix-hookshot" { }; + + registrationFile = lib.mkOption { + type = lib.types.path; + description = '' + Appservice registration file. + As it contains secret tokens, you may not want to add this to the publicly readable Nix store. + ''; + example = lib.literalExpression '' + pkgs.writeText "matrix-hookshot-registration" \'\' + id: matrix-hookshot + as_token: aaaaaaaaaa + hs_token: aaaaaaaaaa + namespaces: + rooms: [] + users: + - regex: "@_webhooks_.*:foobar" + exclusive: true + + sender_localpart: hookshot + url: "http://localhost:9993" + rate_limited: false + \'\' + ''; + }; + + settings = lib.mkOption { + description = '' + {file}`config.yml` configuration as a Nix attribute set. + + For details please see the [documentation](https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html). + ''; + example = { + bridge = { + domain = "example.com"; + url = "http://localhost:8008"; + mediaUrl = "https://example.com"; + port = 9993; + bindAddress = "127.0.0.1"; + }; + listeners = [ + { + port = 9000; + bindAddress = "0.0.0.0"; + resources = [ "webhooks" ]; + } + { + port = 9001; + bindAddress = "localhost"; + resources = [ + "metrics" + "provisioning" + ]; + } + ]; + }; + default = { }; + type = lib.types.submodule { + freeformType = settingsFormat.type; + options = { + passFile = lib.mkOption { + type = lib.types.path; + default = "/var/lib/matrix-hookshot/passkey.pem"; + description = '' + A passkey used to encrypt tokens stored inside the bridge. + File will be generated if not found. + ''; + }; + }; + }; + }; + + serviceDependencies = lib.mkOption { + type = with lib.types; listOf str; + default = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit; + defaultText = lib.literalExpression '' + lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit + ''; + description = '' + List of Systemd services to require and wait for when starting the application service, + such as the Matrix homeserver if it's running on the same host. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.matrix-hookshot = { + description = "a bridge between Matrix and multiple project management services"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ] ++ cfg.serviceDependencies; + after = [ "network-online.target" ] ++ cfg.serviceDependencies; + + preStart = '' + if [ ! -f '${cfg.settings.passFile}' ]; then + mkdir -p $(dirname '${cfg.settings.passFile}') + ${pkgs.openssl}/bin/openssl genpkey -out '${cfg.settings.passFile}' -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 + fi + ''; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStart = "${cfg.package}/bin/matrix-hookshot ${configFile} ${cfg.registrationFile}"; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ flandweber ]; +}