Work on OOYE stuff

2024-12-16 12:53:40 +01:00 · 2024-12-16 12:53:40 +01:00 · 70e5a561f2
parent 2bc72da5de
commit 70e5a561f2
16 changed files with 526 additions and 49 deletions
--- a/.idea/indexLayout.xml
+++ b/.idea/indexLayout.xml
@ -3,6 +3,8 @@
  <component name="UserContentModel">
    <attachedFolders />
    <explicitIncludes />
-    <explicitExcludes />
+    <explicitExcludes>
      <Path>result</Path>
    </explicitExcludes>
  </component>
 </project>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@ -2,6 +2,7 @@
 <project version="4">
  <component name="VcsDirectoryMappings">
    <mapping directory="" vcs="Git" />
    <mapping directory="$PROJECT_DIR$/modules/packages/ooye/packages" vcs="Git" />
    <mapping directory="$PROJECT_DIR$/modules/packages/ooye/packages/ooye-src" vcs="Git" />
  </component>
 </project>
--- a/flake.nix
+++ b/flake.nix
@ -34,6 +34,7 @@
            ./hardware-configuration.nix
            #./modules/packages/ooye/packages/module.nix
            ./host/matrix/matrix/ooye.nix
            ./host/matrix/unstable-overlay.nix
            home-manager.nixosModules.home-manager
@ -49,6 +50,16 @@
          ];
          specialArgs = inputs;
        };
        moduleDevEnv = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
            ./host/module-dev-env/configuration.nix
            home-manager.nixosModules.home-manager
            (Rory-Open-Architecture + "/modules/users/Rory.nix")
          ];
          specialArgs = inputs;
        };
      };
    };
 }
--- a/host/matrix/matrix/ooye.nix
+++ b/host/matrix/matrix/ooye.nix
@ -0,0 +1,17 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  imports = [
    ../../../modules/packages/ooye/packages/module.nix
  ];
  services.matrix-ooye = {
    enable = true;
  };
 }
--- a/host/matrix/matrix/root.nix
+++ b/host/matrix/matrix/root.nix
@ -2,7 +2,6 @@
  config,
  pkgs,
  lib,
  botcore-v4,
  ...
 }:
--- a/host/module-dev-env/configuration.nix
+++ b/host/module-dev-env/configuration.nix
@ -0,0 +1,127 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  imports = [
    ../../modules/base-server.nix
    ../../modules/packages/ooye/packages/module.nix
  ];
  networking = {
    hostName = "matrix";
    interfaces.ens18.ipv4.addresses = [
      {
        address = "10.10.0.3";
        prefixLength = 8;
      }
    ];
    defaultGateway.interface = "ens18";
  };
  services = {
    matrix-ooye = {
      enable = true;
      enableSynapseIntegration = true;
    };
    postgresql = {
      enable = true;
      package = pkgs.postgresql_16;
      enableTCPIP = true;
      authentication = pkgs.lib.mkOverride 10 ''
        # TYPE, DATABASE, USER, ADDRESS, METHOD
        local all all trust
        host all all 127.0.0.1/32 trust
        host all all ::1/128 trust
        host matrix-synapse matrix-synapse 127.0.0.1/32 trust
        host all all 0.0.0.0/0 md5
      '';
      settings = {
        max_connections = 250;
        superuser_reserved_connections = 3;
      };
    };
    matrix-synapse = {
      enable = true;
      withJemalloc = true;
      # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
      settings = {
        server_name = "localhost";
        enable_registration = true;
        registration_requires_token = false;
        federation = {
          client_timeout = "60s";
          max_short_retries = 6;
          max_short_retry_delay = "10s";
          max_long_retries = 5;
          max_long_retry_delay = "30s";
        };
        registration_shared_secret = "test";
        #listeners = [
        #  {
        #    port = 8008;
        #    bind_addresses = [ "127.0.0.1" ];
        #    type = "http";
        #    tls = false;
        #    x_forwarded = true;
        #    resources = [
        #      {
        #        names = [
        #          "client"
        #          "federation"
        #        ];
        #        compress = true;
        #      }
        #    ];
        #  }
        #  {
        #    type = "http";
        #    path = "/run/matrix-synapse/main-http.sock";
        #    mode = "666";
        #    resources = [
        #      {
        #        names = [
        #          "client"
        #          "federation"
        #        ];
        #        compress = false;
        #      }
        #    ];
        #  }
        #];
        dynamic_thumbnails = true;
        presence = {
          enable = true;
          update_interval = 60;
        };
        url_preview_enabled = true;
        database = {
          name = "psycopg2";
          args = {
            user = "matrix-synapse";
            password = "somepassword";
            database = "matrix-synapse";
            host = "127.0.0.1";
            application_name = "matrix-synapse (litenet.tel)";
            cp_min = 5;
            cp_max = 50;
          };
        };
        max_image_pixels = "100M";
        report_stats = false;
      };
    };
  };
  system.stateVersion = "22.11"; # DO NOT EDIT!
 }
--- a/modules/base.nix
+++ b/modules/base.nix
@ -142,15 +142,5 @@
    sudo.wheelNeedsPassword = false;
  };
-  virtualisation.vmVariant = {
+  virtualisation.vmVariant = import ./vm-overrides.nix;
    users = {
      mutableUsers = false;
      users = {
        root.password = "root";
        Rory.password = "password";
      };
    };
    networking.useDHCP = lib.mkForce true;
  };
 }
--- a/modules/packages/ooye/packages/.gitignore
+++ b/modules/packages/ooye/packages/.gitignore
@ -0,0 +1,4 @@
 result
 registration.json
 registration.yaml
 ooye-src/
--- a/modules/packages/ooye/packages/default.nix
+++ b/modules/packages/ooye/packages/default.nix
@ -11,13 +11,10 @@ buildNpmPackage rec {
  version = "0";
  src = fetchgit {
    url = "https://gitdab.com/cadence/out-of-your-element.git";
-      rev = "2c3b653b540e6eea37e130104aece48c1f094d71";
+    rev = "07d6eb3c1272c2526a4749724c07c4fd530893d4";
-      sha256 = "SU6Mt3JEgEnkQUzU7Nw/BbeIHocWHqxZFEAeLYoFB4g=";
+    sha256 = "3Y6s9pNKKeqF6s4I2Rd4TpxXPCwqizXeil/sTDVnpr0=";
  };
-#  src = ./ooye-src;
+  npmDepsHash = "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
  npmDepsHash = "sha256-561i7rUw+Pkq3k44PE6pglm7Kd4t3AjkcKbIZchJ29M=";
  # "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
  makeCacheWritable = true; # Something tries to write there, idk why - Emma [it/its] @ Rory&
  dontNpmBuild = true;
  nativeBuildInputs = [ makeWrapper ];
@ -39,8 +36,8 @@ buildNpmPackage rec {
    longDescription = ''
      Cool.
    '';
-    #license = licenses.agpl3;
+    license = licenses.gpl3;
    #maintainers = with maintainers; [ RorySys ];
-    mainProgram = "null";
+    mainProgram = "matrix-ooye";
  };
 }
--- a/modules/packages/ooye/packages/flake.lock
+++ b/modules/packages/ooye/packages/flake.lock
--- a/modules/packages/ooye/packages/flake.nix
+++ b/modules/packages/ooye/packages/flake.nix
@ -7,6 +7,6 @@
  outputs = { self, nixpkgs }: {
    packages.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./default.nix { };
-    
+    modules.default = import ./module.nix;
  };
 }
--- a/modules/packages/ooye/packages/module.nix
+++ b/modules/packages/ooye/packages/module.nix
@ -6,6 +6,12 @@
 }:
 let
  cfg = config.services.matrix-ooye;
  mkStringOption =
    name: default:
    lib.mkOption {
      type = lib.types.str;
      default = default;
    };
 in
 {
  options = {
@ -15,31 +21,159 @@ in
        type = lib.types.package;
        default = pkgs.callPackage ./default.nix { };
      };
-      appserviceId = lib.mkOption {
+      appserviceId = mkStringOption "The ID of the appservice." "ooye";
-        type = lib.types.string;
+      homeserver = mkStringOption "The homeserver to connect to." "http://localhost:8006";
-        description = "The appservice ID to use, will be used as the localpart for the bridge.";
+      homeserverName = mkStringOption "The name of the homeserver to connect to." "localhost";
-        default = "ooye";
+      namespace = mkStringOption "The prefix to use for the MXIDs/aliases of bridged users/rooms. Should end with a _!" "_ooye_";
-      };
+      discordTokenPath = mkStringOption "The path to the discord token file." "/etc/ooye-discord-token";
-      homeserver = lib.mkOption {
+      socket = mkStringOption "The socket to listen on, can either be a port number or a unix socket path." "6693";
        type = lib.types.string;
        description = "The homeserver to connect to.";
        default = "http://localhost:8006";
      };
      enableSynapseIntegration = lib.mkEnableOption "Enable Synapse integration";
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf cfg.enable (
-    systemd.services."matrix-ooye-pre-start.service" = {
+    let
-      enable = true;
+      baseConfig = pkgs.writeText "matrix-ooye-config.json" (
-      script = ''
+        builtins.toJSON {
          id = cfg.appserviceId;
          namespaces = {
            users = [
              {
                exclusive = true;
                regex = "@${cfg.namespace}.*:${cfg.homeserverName}";
              }
            ];
            aliases = [
              {
                exclusive = true;
                regex = "#${cfg.namespace}.*:${cfg.homeserverName}";
              }
            ];
          };
          protocols = [ "discord" ];
          sender_localpart = "${cfg.namespace}bot";
          rate_limited = false;
          socket = cfg.socket; # Can either be a TCP port or a unix socket path
          url = if (lib.hasPrefix "/" cfg.socket) then "unix:${cfg.socket}" else "http://localhost:${cfg.socket}";
          ooye = {
            server_name = cfg.homeserverName;
            namespace_prefix = cfg.namespace;
            max_file_size = 5000000;
            content_length_workaround = false;
            include_user_id_in_mxid = true;
            server_origin = cfg.homeserver;
          };
        }
      );
-      '';
+script = pkgs.writeScript "matrix-ooye-pre-start.sh" ''
-    };
+  #!${lib.getExe pkgs.bash}
-    systemd.services."matrix-ooye.service" = {
+  REGISTRATION_FILE=registration.yaml
  id
  echo "Before if statement"
  stat ''${REGISTRATION_FILE}
  if [[ ! -f ''${REGISTRATION_FILE} ]]; then
    echo "No registration file found at '$REGISTRATION_FILE'"
    cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
  fi
  echo "After if statement"
  stat ''${REGISTRATION_FILE}
  AS_TOKEN=$(${lib.getExe pkgs.jq} -r .as_token ''${REGISTRATION_FILE})
  HS_TOKEN=$(${lib.getExe pkgs.jq} -r .hs_token ''${REGISTRATION_FILE})
  DISCORD_TOKEN=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)
  if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then
    AS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
    echo "Generated new AS token: ''${AS_TOKEN}"
  fi
  if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then
    HS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
    echo "Generated new HS token: ''${HS_TOKEN}"
  fi
  if [[ -z "$DISCORD_TOKEN" ]]; then
    echo "No Discord token found at '${cfg.discordTokenPath}'"
    exit 1
  fi
  shred -u ''${REGISTRATION_FILE}
  cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
  ${lib.getExe pkgs.jq} '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'"' ''${REGISTRATION_FILE} > ''${REGISTRATION_FILE}.tmp
  shred -u ''${REGISTRATION_FILE}
  mv ''${REGISTRATION_FILE}.tmp ''${REGISTRATION_FILE}
 '';
    in
    {
      warnings =
        lib.optionals ((builtins.substring (lib.stringLength cfg.namespace - 1) 1 cfg.namespace) != "_") [
          "OOYE namespace does not end with an underscore! This is recommended to have better ID formatting. Provided: '${cfg.namespace}'"
        ]
        ++ lib.optionals ((builtins.substring 0 1 cfg.namespace) != "_") [
          "OOYE namespace does not start with an underscore! This is recommended to avoid conflicts with registered users. Provided: '${cfg.namespace}'"
        ];
      systemd.services."matrix-ooye-pre-start" = {
        enable = true;
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
-        ExecStart = "${config.services.matrix-ooye.package}/bin/ooye";
+          ExecStart = script;
          WorkingDirectory = "/var/lib/matrix-ooye";
          StateDirectory = "matrix-ooye";
          DynamicUser = true;
          LoadCredential = [
            "discord_token:${cfg.discordTokenPath}"
          ];
        };
      };
      systemd.services."matrix-ooye" = {
        enable = true;
        description = "Out of Your Element - a Discord bridge for Matrix.";
        wants = [
          "network-online.target"
          "matrix-synapse.service"
          "conduit.service"
          "dendrite.service"
        ];
        after = [
          "matrix-ooye-pre-start.service"
          "network-online.target"
        ];
        wantedBy = [ "multi-user.target" ];
        requires = [ "matrix-ooye-pre-start.service" ];
        serviceConfig = {
          ExecStart = lib.getExe config.services.matrix-ooye.package;
          WorkingDirectory = "/var/lib/matrix-ooye";
          StateDirectory = "matrix-ooye";
          ProtectSystem = "strict";
          ProtectHome = true;
          PrivateTmp = true;
          NoNewPrivileges = true;
          PrivateDevices = true;
          Restart = "on-failure";
          DynamicUser = true;
        };
      };
      systemd.services."matrix-synapse".serviceConfig = lib.mkIf cfg.enableSynapseIntegration {
        LoadCredential = [
          "matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
        ];
        ExecStartPre = "cp /run/credentials/matrix-synapse.service/registration.yaml ${config.services.matrix-synapse.dataDir}/ooye-registration.yaml";
      };
      services.matrix-synapse.settings.app_service_config_files = lib.mkIf cfg.enableSynapseIntegration [
        "${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
      ];
    }
  );
 }
--- a/modules/vm-overrides.nix
+++ b/modules/vm-overrides.nix
@ -0,0 +1,104 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  nixpkgs.overlays = [
    #(import ./vm-overrides/systemd-overlay.nix)
    #(import ./vm-overrides/grub-overlay.nix)
  ];
  environment.systemPackages = with pkgs; [
    (callPackage ./vm-overrides/resize.nix { })
  ];
  users = {
    mutableUsers = false;
    users = {
      root.password = "root";
      Rory = {
        password = "password";
      };
    };
  };
  services.getty.autologinUser = "Rory";
  services.getty.loginProgram = (
    pkgs.writeShellScript "ephemeral-shell" ''
      #!${lib.getExe pkgs.zsh}
      ${pkgs.shadow.su}/bin/su -l -s ${lib.getExe pkgs.zsh} Rory; poweroff
    ''
  );
  #other imported stuff
  networking.useDHCP = lib.mkForce true;
  boot.supportedFilesystems = lib.mkForce [ ];
  hardware.enableRedistributableFirmware = lib.mkForce false;
  #environment.systemPackages = lib.mkForce [  ];
  documentation.enable = lib.mkForce false;
  documentation.nixos.enable = lib.mkForce false;
  networking.wireless.enable = lib.mkForce false;
  system.extraDependencies = lib.mkForce [ ];
  boot = {
    loader = {
      grub.memtest86.enable = false;
      #systemd-boot.enable = true;
      grub.enable = lib.mkForce false;
      timeout = lib.mkForce 1;
    };
    #kernelPackages = pkgs.linuxPackages_latest;
    systemdExecutable = "${pkgs.systemd}/bin/init";
    enableContainers = lib.mkForce false;
  };
  #system.switch.enable = lib.mkForce false;
  programs.less.lessopen = lib.mkForce null;
  programs.command-not-found.enable = lib.mkForce false;
  environment.defaultPackages = lib.mkForce [ ];
  documentation.info.enable = lib.mkForce false;
  documentation.man.enable = false;
  system = {
    #activatable = false;
    #copySystemConfiguration = false;
    #includeBuildDependencies = false;
    #disableInstallerTools = lib.mkForce true;
    #build = {
    #  separateActivationScript = true;
    #};
  };
  #nix.enable = false;
  networking.firewall.enable = false;
  networking.networkmanager.enable = false;
  systemd.coredump.enable = false;
  services.timesyncd.enable = false;
  services.nscd.enableNsncd = false;
  networking.dhcpcd.enable = false;
  services.udev.enable = true;
  services.nscd.enable = false;
  system.nssModules = lib.mkForce [ ];
  systemd.oomd.enable = false;
  security = {
    loginDefs = {
      settings = {
        ENCRYPT_METHOD = "MD5";
      };
    };
  };
  services.lvm.enable = lib.mkForce false;
  boot.initrd.services.lvm.enable = lib.mkForce false;
  boot.initrd.systemd.suppressedUnits = [
    "systemd-hibernate-clear.service"
  ];
  systemd.suppressedSystemUnits = [
    "systemd-hibernate-clear.service"
    "systemd-bootctl@.service"
    "systemd-bootctl.socket"
  ];
 }
--- a/modules/vm-overrides/grub-overlay.nix
+++ b/modules/vm-overrides/grub-overlay.nix
@ -0,0 +1,20 @@
 final: prev: {
  grub2 = (prev.grub2.override {
    zfsSupport = false;
    efiSupport = false;
    xenSupport = false;
  }).overrideAttrs (oldAttrs: {
    doCheck = false;
    doInstallCheck = false;
    #remove --enable-grub-mount
    configureFlags = oldAttrs.configureFlags ++ [ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont" ];
    # remove unnecessary commands
    # postInstall = oldAttrs.postInstall + ''
      # rm -rf $out/share/locale
      # '';
  });
  grub2_light = final.grub2;
  grub2_efi = final.grub2;
  grub2_xen = final.grub2;
 }
--- a/modules/vm-overrides/resize.nix
+++ b/modules/vm-overrides/resize.nix
@ -0,0 +1,9 @@
 { lib, pkgs, ... }:
 derivation {
  name = "resize";
  version = "1.0";
  builder = "${pkgs.bash}/bin/bash";
  args = [ "-c" "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize" ];
  system = pkgs.system;
 }
--- a/modules/vm-overrides/systemd-overlay.nix
+++ b/modules/vm-overrides/systemd-overlay.nix
@ -0,0 +1,62 @@
 final: prev: {
  systemd = prev.systemd.override {
    #pname = "systemd-extra-minimal";
    withSelinux = false;
    withKexectools = false;
    withLibseccomp = false;
    withAcl = false;
    withAudit = false;
    withAnalyze = false;
    withApparmor = false;
    withBootloader = false;
    withCompression = false;
    withCoredump = false;
    withCryptsetup = false;
    withRepart = false;
    withDocumentation = false;
    withEfi = false;
    withFido2 = false;
    withHomed = false;
    withHostnamed = false;
    withHwdb = true; # required by nixos 
    withImportd = false;
    withIptables = false;
    withKmod = true; # required by nixos
    withLibBPF = false;
    withLibidn2 = false;
    withLocaled = false;
    withLogind = true; # required by nixos
    withMachined = false;
    withNetworkd = false;
    withNss = false;
    withOomd = false;
    withPam = true; # required by nixos
    withPCRE2 = false;
    withPolkit = false;
    withPortabled = false;
    withQrencode = false;
    withRemote = false;
    withResolved = false;
    withShellCompletions = false;
    withSysusers = false;
    withSysupdate = false;
    withTimedated = false;
    withTimesyncd = false;
    withTpm2Tss = false;
    withUkify = false;
    withUserDb = false;
    withUtmp = false;
    withVmspawn = false;
    withKernelInstall = false;
    withTests = false;
    withLogTrace = false;
  };
  systemd-minimal = final.systemd;
  openssh = prev.openssh.overrideAttrs (oldAttrs: {
    # Disable PAM support
    doCheck = false;
    doInstallCheck = false;
  });
 }