diff --git a/.idea/indexLayout.xml b/.idea/indexLayout.xml
index 7b08163..05bc41e 100644
--- a/.idea/indexLayout.xml
+++ b/.idea/indexLayout.xml
@@ -3,6 +3,8 @@
-
+
+ result
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
index 2e05957..c379745 100644
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@@ -2,6 +2,7 @@
+
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index d2e7d6c..3401548 100755
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,7 @@
./hardware-configuration.nix
#./modules/packages/ooye/packages/module.nix
+ ./host/matrix/matrix/ooye.nix
./host/matrix/unstable-overlay.nix
home-manager.nixosModules.home-manager
@@ -49,6 +50,16 @@
];
specialArgs = inputs;
};
+
+ moduleDevEnv = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/module-dev-env/configuration.nix
+ home-manager.nixosModules.home-manager
+ (Rory-Open-Architecture + "/modules/users/Rory.nix")
+ ];
+ specialArgs = inputs;
+ };
};
};
}
diff --git a/host/matrix/matrix/ooye.nix b/host/matrix/matrix/ooye.nix
new file mode 100644
index 0000000..7675454
--- /dev/null
+++ b/host/matrix/matrix/ooye.nix
@@ -0,0 +1,17 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ imports = [
+ ../../../modules/packages/ooye/packages/module.nix
+ ];
+
+ services.matrix-ooye = {
+ enable = true;
+ };
+
+}
diff --git a/host/matrix/matrix/root.nix b/host/matrix/matrix/root.nix
index 2b91a91..769036d 100755
--- a/host/matrix/matrix/root.nix
+++ b/host/matrix/matrix/root.nix
@@ -2,7 +2,6 @@
config,
pkgs,
lib,
- botcore-v4,
...
}:
diff --git a/host/module-dev-env/configuration.nix b/host/module-dev-env/configuration.nix
new file mode 100644
index 0000000..7db12f9
--- /dev/null
+++ b/host/module-dev-env/configuration.nix
@@ -0,0 +1,127 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-server.nix
+ ../../modules/packages/ooye/packages/module.nix
+ ];
+ networking = {
+ hostName = "matrix";
+ interfaces.ens18.ipv4.addresses = [
+ {
+ address = "10.10.0.3";
+ prefixLength = 8;
+ }
+ ];
+ defaultGateway.interface = "ens18";
+ };
+
+ services = {
+ matrix-ooye = {
+ enable = true;
+ enableSynapseIntegration = true;
+ };
+
+ postgresql = {
+ enable = true;
+ package = pkgs.postgresql_16;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host matrix-synapse matrix-synapse 127.0.0.1/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ settings = {
+ max_connections = 250;
+ superuser_reserved_connections = 3;
+ };
+ };
+
+ matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+
+ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+ settings = {
+ server_name = "localhost";
+
+ enable_registration = true;
+ registration_requires_token = false;
+
+ federation = {
+ client_timeout = "60s";
+ max_short_retries = 6;
+ max_short_retry_delay = "10s";
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+ };
+ registration_shared_secret = "test";
+
+ #listeners = [
+ # {
+ # port = 8008;
+ # bind_addresses = [ "127.0.0.1" ];
+ # type = "http";
+ # tls = false;
+ # x_forwarded = true;
+ # resources = [
+ # {
+ # names = [
+ # "client"
+ # "federation"
+ # ];
+ # compress = true;
+ # }
+ # ];
+ # }
+ # {
+ # type = "http";
+ # path = "/run/matrix-synapse/main-http.sock";
+ # mode = "666";
+ # resources = [
+ # {
+ # names = [
+ # "client"
+ # "federation"
+ # ];
+ # compress = false;
+ # }
+ # ];
+ # }
+ #];
+ dynamic_thumbnails = true;
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ url_preview_enabled = true;
+ database = {
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse";
+ password = "somepassword";
+ database = "matrix-synapse";
+ host = "127.0.0.1";
+ application_name = "matrix-synapse (litenet.tel)";
+ cp_min = 5;
+ cp_max = 50;
+ };
+ };
+
+ max_image_pixels = "100M";
+
+ report_stats = false;
+ };
+ };
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/modules/base.nix b/modules/base.nix
index cab51fd..eee0f8d 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -142,15 +142,5 @@
sudo.wheelNeedsPassword = false;
};
- virtualisation.vmVariant = {
- users = {
- mutableUsers = false;
- users = {
- root.password = "root";
- Rory.password = "password";
- };
- };
-
- networking.useDHCP = lib.mkForce true;
- };
+ virtualisation.vmVariant = import ./vm-overrides.nix;
}
diff --git a/modules/packages/ooye/packages/.gitignore b/modules/packages/ooye/packages/.gitignore
new file mode 100644
index 0000000..da1cde0
--- /dev/null
+++ b/modules/packages/ooye/packages/.gitignore
@@ -0,0 +1,4 @@
+result
+registration.json
+registration.yaml
+ooye-src/
\ No newline at end of file
diff --git a/modules/packages/ooye/packages/default.nix b/modules/packages/ooye/packages/default.nix
index 1b080a5..d8ff76b 100644
--- a/modules/packages/ooye/packages/default.nix
+++ b/modules/packages/ooye/packages/default.nix
@@ -9,15 +9,12 @@
buildNpmPackage rec {
pname = "out-of-your-element";
version = "0";
- src = fetchgit {
- url = "https://gitdab.com/cadence/out-of-your-element.git";
- rev = "2c3b653b540e6eea37e130104aece48c1f094d71";
- sha256 = "SU6Mt3JEgEnkQUzU7Nw/BbeIHocWHqxZFEAeLYoFB4g=";
- };
-# src = ./ooye-src;
- npmDepsHash = "sha256-561i7rUw+Pkq3k44PE6pglm7Kd4t3AjkcKbIZchJ29M=";
- # "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
- makeCacheWritable = true; # Something tries to write there, idk why - Emma [it/its] @ Rory&
+ src = fetchgit {
+ url = "https://gitdab.com/cadence/out-of-your-element.git";
+ rev = "07d6eb3c1272c2526a4749724c07c4fd530893d4";
+ sha256 = "3Y6s9pNKKeqF6s4I2Rd4TpxXPCwqizXeil/sTDVnpr0=";
+ };
+ npmDepsHash = "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
dontNpmBuild = true;
nativeBuildInputs = [ makeWrapper ];
@@ -39,8 +36,8 @@ buildNpmPackage rec {
longDescription = ''
Cool.
'';
- #license = licenses.agpl3;
+ license = licenses.gpl3;
#maintainers = with maintainers; [ RorySys ];
- mainProgram = "null";
+ mainProgram = "matrix-ooye";
};
}
diff --git a/modules/packages/ooye/packages/flake.lock b/modules/packages/ooye/packages/flake.lock
index 7adbffd..050526c 100644
Binary files a/modules/packages/ooye/packages/flake.lock and b/modules/packages/ooye/packages/flake.lock differ
diff --git a/modules/packages/ooye/packages/flake.nix b/modules/packages/ooye/packages/flake.nix
index 36e621b..44c1366 100644
--- a/modules/packages/ooye/packages/flake.nix
+++ b/modules/packages/ooye/packages/flake.nix
@@ -7,6 +7,6 @@
outputs = { self, nixpkgs }: {
packages.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./default.nix { };
-
+ modules.default = import ./module.nix;
};
}
diff --git a/modules/packages/ooye/packages/module.nix b/modules/packages/ooye/packages/module.nix
index 2a363a5..82f6b0f 100644
--- a/modules/packages/ooye/packages/module.nix
+++ b/modules/packages/ooye/packages/module.nix
@@ -6,6 +6,12 @@
}:
let
cfg = config.services.matrix-ooye;
+ mkStringOption =
+ name: default:
+ lib.mkOption {
+ type = lib.types.str;
+ default = default;
+ };
in
{
options = {
@@ -15,31 +21,159 @@ in
type = lib.types.package;
default = pkgs.callPackage ./default.nix { };
};
- appserviceId = lib.mkOption {
- type = lib.types.string;
- description = "The appservice ID to use, will be used as the localpart for the bridge.";
- default = "ooye";
- };
- homeserver = lib.mkOption {
- type = lib.types.string;
- description = "The homeserver to connect to.";
- default = "http://localhost:8006";
+ appserviceId = mkStringOption "The ID of the appservice." "ooye";
+ homeserver = mkStringOption "The homeserver to connect to." "http://localhost:8006";
+ homeserverName = mkStringOption "The name of the homeserver to connect to." "localhost";
+ namespace = mkStringOption "The prefix to use for the MXIDs/aliases of bridged users/rooms. Should end with a _!" "_ooye_";
+ discordTokenPath = mkStringOption "The path to the discord token file." "/etc/ooye-discord-token";
+ socket = mkStringOption "The socket to listen on, can either be a port number or a unix socket path." "6693";
+
+ enableSynapseIntegration = lib.mkEnableOption "Enable Synapse integration";
+ };
+ };
+ config = lib.mkIf cfg.enable (
+ let
+ baseConfig = pkgs.writeText "matrix-ooye-config.json" (
+ builtins.toJSON {
+ id = cfg.appserviceId;
+ namespaces = {
+ users = [
+ {
+ exclusive = true;
+ regex = "@${cfg.namespace}.*:${cfg.homeserverName}";
+ }
+ ];
+ aliases = [
+ {
+ exclusive = true;
+ regex = "#${cfg.namespace}.*:${cfg.homeserverName}";
+ }
+ ];
+ };
+ protocols = [ "discord" ];
+ sender_localpart = "${cfg.namespace}bot";
+ rate_limited = false;
+ socket = cfg.socket; # Can either be a TCP port or a unix socket path
+ url = if (lib.hasPrefix "/" cfg.socket) then "unix:${cfg.socket}" else "http://localhost:${cfg.socket}";
+ ooye = {
+ server_name = cfg.homeserverName;
+ namespace_prefix = cfg.namespace;
+ max_file_size = 5000000;
+ content_length_workaround = false;
+ include_user_id_in_mxid = true;
+ server_origin = cfg.homeserver;
+ };
+ }
+ );
+
+script = pkgs.writeScript "matrix-ooye-pre-start.sh" ''
+ #!${lib.getExe pkgs.bash}
+ REGISTRATION_FILE=registration.yaml
+
+ id
+ echo "Before if statement"
+ stat ''${REGISTRATION_FILE}
+
+ if [[ ! -f ''${REGISTRATION_FILE} ]]; then
+ echo "No registration file found at '$REGISTRATION_FILE'"
+ cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
+ fi
+
+ echo "After if statement"
+ stat ''${REGISTRATION_FILE}
+
+ AS_TOKEN=$(${lib.getExe pkgs.jq} -r .as_token ''${REGISTRATION_FILE})
+ HS_TOKEN=$(${lib.getExe pkgs.jq} -r .hs_token ''${REGISTRATION_FILE})
+ DISCORD_TOKEN=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)
+
+ if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then
+ AS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
+ echo "Generated new AS token: ''${AS_TOKEN}"
+ fi
+ if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then
+ HS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
+ echo "Generated new HS token: ''${HS_TOKEN}"
+ fi
+ if [[ -z "$DISCORD_TOKEN" ]]; then
+ echo "No Discord token found at '${cfg.discordTokenPath}'"
+ exit 1
+ fi
+
+ shred -u ''${REGISTRATION_FILE}
+ cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
+
+ ${lib.getExe pkgs.jq} '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'"' ''${REGISTRATION_FILE} > ''${REGISTRATION_FILE}.tmp
+
+ shred -u ''${REGISTRATION_FILE}
+ mv ''${REGISTRATION_FILE}.tmp ''${REGISTRATION_FILE}
+'';
+
+ in
+ {
+ warnings =
+ lib.optionals ((builtins.substring (lib.stringLength cfg.namespace - 1) 1 cfg.namespace) != "_") [
+ "OOYE namespace does not end with an underscore! This is recommended to have better ID formatting. Provided: '${cfg.namespace}'"
+ ]
+ ++ lib.optionals ((builtins.substring 0 1 cfg.namespace) != "_") [
+ "OOYE namespace does not start with an underscore! This is recommended to avoid conflicts with registered users. Provided: '${cfg.namespace}'"
+ ];
+
+ systemd.services."matrix-ooye-pre-start" = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = script;
+ WorkingDirectory = "/var/lib/matrix-ooye";
+ StateDirectory = "matrix-ooye";
+ DynamicUser = true;
+
+ LoadCredential = [
+ "discord_token:${cfg.discordTokenPath}"
+ ];
+ };
};
- };
- };
- config = lib.mkIf cfg.enable {
- systemd.services."matrix-ooye-pre-start.service" = {
- enable = true;
- script = ''
-
- '';
- };
- systemd.services."matrix-ooye.service" = {
- enable = true;
- serviceConfig = {
- ExecStart = "${config.services.matrix-ooye.package}/bin/ooye";
+ systemd.services."matrix-ooye" = {
+ enable = true;
+ description = "Out of Your Element - a Discord bridge for Matrix.";
+
+ wants = [
+ "network-online.target"
+ "matrix-synapse.service"
+ "conduit.service"
+ "dendrite.service"
+ ];
+ after = [
+ "matrix-ooye-pre-start.service"
+ "network-online.target"
+ ];
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "matrix-ooye-pre-start.service" ];
+
+ serviceConfig = {
+ ExecStart = lib.getExe config.services.matrix-ooye.package;
+ WorkingDirectory = "/var/lib/matrix-ooye";
+ StateDirectory = "matrix-ooye";
+ ProtectSystem = "strict";
+ ProtectHome = true;
+ PrivateTmp = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ Restart = "on-failure";
+ DynamicUser = true;
+ };
};
- };
- };
+
+ systemd.services."matrix-synapse".serviceConfig = lib.mkIf cfg.enableSynapseIntegration {
+ LoadCredential = [
+ "matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
+ ];
+ ExecStartPre = "cp /run/credentials/matrix-synapse.service/registration.yaml ${config.services.matrix-synapse.dataDir}/ooye-registration.yaml";
+ };
+
+ services.matrix-synapse.settings.app_service_config_files = lib.mkIf cfg.enableSynapseIntegration [
+ "${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
+ ];
+ }
+ );
}
diff --git a/modules/vm-overrides.nix b/modules/vm-overrides.nix
new file mode 100644
index 0000000..1a7e638
--- /dev/null
+++ b/modules/vm-overrides.nix
@@ -0,0 +1,104 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ nixpkgs.overlays = [
+ #(import ./vm-overrides/systemd-overlay.nix)
+ #(import ./vm-overrides/grub-overlay.nix)
+ ];
+ environment.systemPackages = with pkgs; [
+ (callPackage ./vm-overrides/resize.nix { })
+ ];
+
+ users = {
+ mutableUsers = false;
+ users = {
+ root.password = "root";
+ Rory = {
+ password = "password";
+ };
+ };
+ };
+ services.getty.autologinUser = "Rory";
+ services.getty.loginProgram = (
+ pkgs.writeShellScript "ephemeral-shell" ''
+ #!${lib.getExe pkgs.zsh}
+ ${pkgs.shadow.su}/bin/su -l -s ${lib.getExe pkgs.zsh} Rory; poweroff
+ ''
+ );
+
+ #other imported stuff
+
+ networking.useDHCP = lib.mkForce true;
+
+ boot.supportedFilesystems = lib.mkForce [ ];
+ hardware.enableRedistributableFirmware = lib.mkForce false;
+ #environment.systemPackages = lib.mkForce [ ];
+ documentation.enable = lib.mkForce false;
+ documentation.nixos.enable = lib.mkForce false;
+ networking.wireless.enable = lib.mkForce false;
+ system.extraDependencies = lib.mkForce [ ];
+ boot = {
+ loader = {
+ grub.memtest86.enable = false;
+ #systemd-boot.enable = true;
+ grub.enable = lib.mkForce false;
+ timeout = lib.mkForce 1;
+ };
+
+ #kernelPackages = pkgs.linuxPackages_latest;
+ systemdExecutable = "${pkgs.systemd}/bin/init";
+
+ enableContainers = lib.mkForce false;
+ };
+ #system.switch.enable = lib.mkForce false;
+ programs.less.lessopen = lib.mkForce null;
+ programs.command-not-found.enable = lib.mkForce false;
+ environment.defaultPackages = lib.mkForce [ ];
+ documentation.info.enable = lib.mkForce false;
+ documentation.man.enable = false;
+ system = {
+ #activatable = false;
+ #copySystemConfiguration = false;
+ #includeBuildDependencies = false;
+ #disableInstallerTools = lib.mkForce true;
+ #build = {
+ # separateActivationScript = true;
+ #};
+ };
+ #nix.enable = false;
+ networking.firewall.enable = false;
+ networking.networkmanager.enable = false;
+ systemd.coredump.enable = false;
+ services.timesyncd.enable = false;
+
+ services.nscd.enableNsncd = false;
+ networking.dhcpcd.enable = false;
+ services.udev.enable = true;
+ services.nscd.enable = false;
+ system.nssModules = lib.mkForce [ ];
+
+ systemd.oomd.enable = false;
+ security = {
+ loginDefs = {
+ settings = {
+ ENCRYPT_METHOD = "MD5";
+ };
+ };
+ };
+ services.lvm.enable = lib.mkForce false;
+ boot.initrd.services.lvm.enable = lib.mkForce false;
+ boot.initrd.systemd.suppressedUnits = [
+ "systemd-hibernate-clear.service"
+ ];
+
+ systemd.suppressedSystemUnits = [
+ "systemd-hibernate-clear.service"
+ "systemd-bootctl@.service"
+ "systemd-bootctl.socket"
+ ];
+}
diff --git a/modules/vm-overrides/grub-overlay.nix b/modules/vm-overrides/grub-overlay.nix
new file mode 100644
index 0000000..abbed8e
--- /dev/null
+++ b/modules/vm-overrides/grub-overlay.nix
@@ -0,0 +1,20 @@
+final: prev: {
+ grub2 = (prev.grub2.override {
+ zfsSupport = false;
+ efiSupport = false;
+ xenSupport = false;
+ }).overrideAttrs (oldAttrs: {
+ doCheck = false;
+ doInstallCheck = false;
+ #remove --enable-grub-mount
+ configureFlags = oldAttrs.configureFlags ++ [ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont" ];
+ # remove unnecessary commands
+ # postInstall = oldAttrs.postInstall + ''
+ # rm -rf $out/share/locale
+ # '';
+ });
+
+ grub2_light = final.grub2;
+ grub2_efi = final.grub2;
+ grub2_xen = final.grub2;
+}
diff --git a/modules/vm-overrides/resize.nix b/modules/vm-overrides/resize.nix
new file mode 100644
index 0000000..09c959c
--- /dev/null
+++ b/modules/vm-overrides/resize.nix
@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+
+derivation {
+ name = "resize";
+ version = "1.0";
+ builder = "${pkgs.bash}/bin/bash";
+ args = [ "-c" "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize" ];
+ system = pkgs.system;
+}
\ No newline at end of file
diff --git a/modules/vm-overrides/systemd-overlay.nix b/modules/vm-overrides/systemd-overlay.nix
new file mode 100644
index 0000000..69a4d3f
--- /dev/null
+++ b/modules/vm-overrides/systemd-overlay.nix
@@ -0,0 +1,62 @@
+final: prev: {
+ systemd = prev.systemd.override {
+ #pname = "systemd-extra-minimal";
+ withSelinux = false;
+ withKexectools = false;
+ withLibseccomp = false;
+ withAcl = false;
+ withAudit = false;
+ withAnalyze = false;
+ withApparmor = false;
+ withBootloader = false;
+ withCompression = false;
+ withCoredump = false;
+ withCryptsetup = false;
+ withRepart = false;
+ withDocumentation = false;
+ withEfi = false;
+ withFido2 = false;
+ withHomed = false;
+ withHostnamed = false;
+ withHwdb = true; # required by nixos
+ withImportd = false;
+ withIptables = false;
+ withKmod = true; # required by nixos
+ withLibBPF = false;
+ withLibidn2 = false;
+ withLocaled = false;
+ withLogind = true; # required by nixos
+ withMachined = false;
+ withNetworkd = false;
+ withNss = false;
+ withOomd = false;
+ withPam = true; # required by nixos
+ withPCRE2 = false;
+ withPolkit = false;
+ withPortabled = false;
+ withQrencode = false;
+ withRemote = false;
+ withResolved = false;
+ withShellCompletions = false;
+ withSysusers = false;
+ withSysupdate = false;
+ withTimedated = false;
+ withTimesyncd = false;
+ withTpm2Tss = false;
+ withUkify = false;
+ withUserDb = false;
+ withUtmp = false;
+ withVmspawn = false;
+ withKernelInstall = false;
+ withTests = false;
+ withLogTrace = false;
+ };
+
+ systemd-minimal = final.systemd;
+
+ openssh = prev.openssh.overrideAttrs (oldAttrs: {
+ # Disable PAM support
+ doCheck = false;
+ doInstallCheck = false;
+ });
+}