service/matrix-bot: init

2025-05-23 17:35:38 +02:00 · 2023-05-15 22:09:17 +02:00 · 2023-05-15 22:09:17 +02:00 · c1b4bff328
commit c1b4bff328
parent 496f8f39e0
4 changed files with 77 additions and 2 deletions
--- a/machines/newton/secrets.yaml
+++ b/machines/newton/secrets.yaml
@ -24,6 +24,8 @@ sso:
    felix:
        password-hash: ENC[AES256_GCM,data:4yOMOg3/RsijtXC7h73sIk3HDPq83xmSY7AaLeUbtPVZzjjZ/Qp+YiXpgL0fVsio1Pic3HyAzeVlWg0E,iv:23CdJQAhtpgrUZ1jVKiKYfgw5jQNVN6413Ew8ryJH6w=,tag:bds2Yd18gFtVDtgLkxMGkQ==,type:str]
        totp-secret: ENC[AES256_GCM,data:1fh22SICF19Svg6rLwUYs8oIBr0FV9dG30WWpPN751VbL104nQZcKnszbDox0hwuuotY7G8twYI=,iv:RrkNlJ9us8LDeQQUuexB1yvvYIbSElsB3VOm/4fBHzY=,tag:uv6Fwtk42atINufook7aAw==,type:str]
+matrix-bot:
+    password: ENC[AES256_GCM,data:LruowBkvNx2MgkChUvBFBl62zH39YzHyrNW6cfaUlzGr0DQ6WP5kFiju88VTVfje40jskhQsYqCabH5yrFaoQA==,iv:1fIRRVNNpLOGLQekACgmDdwyYRuryqjdTLOGGS+bVD8=,tag:CcFFw27rj7X9mtSvQj5pHw==,type:str]
 acme:
    inwx: ENC[AES256_GCM,data:tu3pdI2fAQPAwQNdIIk10Kkl0xBPBLx592UlYYEXxJX0YGddAhGMwDUqKTh/B5k9WW11cyoLoeTMnZPMzD15V1Qj,iv:UbbauJBjr3O4XnKRL9Pc3PdRGJqAhqO0PDNkvpyXH2o=,tag:YRVtRo8D0KLVCtWukW7GWw==,type:str]
 sops:
@ -50,8 +52,8 @@ sops:
            NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX
            s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-16T15:46:59Z"
-    mac: ENC[AES256_GCM,data:Kwi+5HbVO63/wROufE0FjnjSJCbnaqwIWR03ru0WAfm9eN9Sfd1bydYqxKMlYNRmfrEpJCOFeSP7inTYbrrC5EaqHog9MGIXti3m7Kk+iLfr/N4PBROivWZzmzyRNnNmTfHG09Ql/QS6vIkN+s027McN9tUAFRSPo/JNIPhYPPs=,iv:F70fsuT8vdQR1tHj3Z/MtFTS8sRSrhDrhGFNWXbrX+g=,tag:Y4kRAJXfzBTgczSHNPHx0Q==,type:str]
+    lastmodified: "2023-04-30T22:49:27Z"
+    mac: ENC[AES256_GCM,data:Ni820Zyct7EN9R1pkEyEoVP63uQlqpMuM8TY3lqAOtr3uiot8R6xgrlgMTXaXHyjNY/7WdHzaX2VoCxO2UoDpttqwBcGz+cNKQgeBvGU+52bO8QeqX6SImYZ1aAuYaXznEnTr9XP8sZGEDpQ/b6H4HIHpNhITNyx9qG5zVRJhnc=,iv:XJHFtAXvlIHvZmgz0KLH99Lanbk0yyeKi4P+W06Kvb8=,tag:8UjGPxn6ZeyvAV7SNAOa7Q==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/machines/newton/services.nix
+++ b/machines/newton/services.nix
@ -24,6 +24,9 @@ in
  sops.secrets."grafana/password" = {
    owner = config.users.users.grafana.name;
  };
+  sops.secrets."matrix-bot/password" = {
+    owner = config.systemd.services.go-neb.serviceConfig.User;
+  };

  # List services that you want to enable:
  my.services = {
@ -115,6 +118,10 @@ in
    alertmanager = {
      enable = true;
    };
+    matrix-bot = {
+      enable = true;
+      PasswortFile = secrets."matrix-bot/password".path;
+    };
    grafana = {
      enable = true;
      passwordFile = secrets."grafana/password".path;
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -16,6 +16,7 @@
    ./jellyfin
    ./loki
    ./minecraft-server
+    ./matrix-bot
    ./mumble-server
    ./navidrome
    ./nextcloud
--- a/modules/services/matrix-bot/default.nix
+++ b/modules/services/matrix-bot/default.nix
@ -0,0 +1,65 @@
+# adjusted from: https://github.com/NixOS/nixos-org-configurations/blob/master/delft/eris/alertmanager-matrix-forwarder.nix
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.matrix-bot;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.matrix-bot = with lib; {
+    enable = mkEnableOption "enable matrix forwarding bot";
+    Username = mkOption {
+      type = types.str;
+      description = lib.mdDoc "Matrix bot name.";
+      example = "@bot:matrix.org";
+      default = "@stunkymonkey-bot:matrix.org";
+    };
+    PasswortFile = mkOption {
+      type = types.path;
+      description = lib.mdDoc "Password for the bot.";
+      example = "/run/secrets/password";
+    };
+    RoomID = mkOption {
+      type = types.str;
+      description = lib.mdDoc "Matrix room id.";
+      example = "!abcdefghijklmnopqr:matrix.org";
+      default = "!ZWnKiKLuQNBkBGMPCl:matrix.org";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create user so that we can set the ownership of the key to
+    # it. DynamicUser will not take full effect as a result of this.
+    users.users.go-neb = {
+      isSystemUser = true;
+      group = "go-neb";
+    };
+    users.groups.go-neb = { };
+
+    services.go-neb = {
+      enable = true;
+      baseUrl = "http://localhost";
+      secretFile = cfg.PasswortFile;
+      config = {
+        clients = [
+          {
+            UserId = cfg.Username;
+            AccessToken = "$CHANGEME";
+            DeviceID = "KIYFUKBRRK";
+            HomeServerUrl = "https://matrix-client.matrix.org";
+            Sync = true;
+            AutoJoinRooms = true;
+            DisplayName = "Stunkymonkey-Bot";
+          }
+        ];
+        services = [
+          {
+            ID = "echo_service";
+            Type = "echo";
+            UserId = cfg.Username;
+            Config = { };
+          }
+        ];
+      };
+    };
+  };
+}