Work on OOYE stuff

.idea/indexLayout.xml

@@ -3,6 +3,8 @@
   <component name="UserContentModel">
     <attachedFolders />
     <explicitIncludes />
-    <explicitExcludes />
+    <explicitExcludes>
+      <Path>result</Path>
+    </explicitExcludes>
   </component>
 </project>

.idea/vcs.xml

@@ -2,6 +2,7 @@
 <project version="4">
   <component name="VcsDirectoryMappings">
     <mapping directory="" vcs="Git" />
+    <mapping directory="$PROJECT_DIR$/modules/packages/ooye/packages" vcs="Git" />
     <mapping directory="$PROJECT_DIR$/modules/packages/ooye/packages/ooye-src" vcs="Git" />
   </component>
 </project>

flake.nix

@@ -34,6 +34,7 @@
             ./hardware-configuration.nix
 
             #./modules/packages/ooye/packages/module.nix
+            ./host/matrix/matrix/ooye.nix
             ./host/matrix/unstable-overlay.nix
 
             home-manager.nixosModules.home-manager
@@ -49,6 +50,16 @@
           ];
           specialArgs = inputs;
         };
+        
+        moduleDevEnv = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            ./host/module-dev-env/configuration.nix
+            home-manager.nixosModules.home-manager
+            (Rory-Open-Architecture + "/modules/users/Rory.nix")
+          ];
+          specialArgs = inputs;
+        };
       };
     };
 }

host/matrix/matrix/ooye.nix

@@ -0,0 +1,17 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  imports = [
+    ../../../modules/packages/ooye/packages/module.nix
+  ];
+  
+  services.matrix-ooye = {
+    enable = true;
+  };
+
+}

host/matrix/matrix/root.nix

@@ -2,7 +2,6 @@
   config,
   pkgs,
   lib,
-  botcore-v4,
   ...
 }:
 

host/module-dev-env/configuration.nix

@@ -0,0 +1,127 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  imports = [
+    ../../modules/base-server.nix
+    ../../modules/packages/ooye/packages/module.nix
+  ];
+  networking = {
+    hostName = "matrix";
+    interfaces.ens18.ipv4.addresses = [
+      {
+        address = "10.10.0.3";
+        prefixLength = 8;
+      }
+    ];
+    defaultGateway.interface = "ens18";
+  };
+
+  services = {
+    matrix-ooye = {
+      enable = true;
+      enableSynapseIntegration = true;
+    };
+
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_16;
+      enableTCPIP = true;
+      authentication = pkgs.lib.mkOverride 10 ''
+        # TYPE, DATABASE, USER, ADDRESS, METHOD
+        local all all trust
+        host all all 127.0.0.1/32 trust
+        host all all ::1/128 trust
+        host matrix-synapse matrix-synapse 127.0.0.1/32 trust
+        host all all 0.0.0.0/0 md5
+      '';
+      settings = {
+        max_connections = 250;
+        superuser_reserved_connections = 3;
+      };
+    };
+
+    matrix-synapse = {
+      enable = true;
+      withJemalloc = true;
+
+      # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+      settings = {
+        server_name = "localhost";
+
+        enable_registration = true;
+        registration_requires_token = false;
+
+        federation = {
+          client_timeout = "60s";
+          max_short_retries = 6;
+          max_short_retry_delay = "10s";
+          max_long_retries = 5;
+          max_long_retry_delay = "30s";
+        };
+        registration_shared_secret = "test";
+
+        #listeners = [
+        #  {
+        #    port = 8008;
+        #    bind_addresses = [ "127.0.0.1" ];
+        #    type = "http";
+        #    tls = false;
+        #    x_forwarded = true;
+        #    resources = [
+        #      {
+        #        names = [
+        #          "client"
+        #          "federation"
+        #        ];
+        #        compress = true;
+        #      }
+        #    ];
+        #  }
+        #  {
+        #    type = "http";
+        #    path = "/run/matrix-synapse/main-http.sock";
+        #    mode = "666";
+        #    resources = [
+        #      {
+        #        names = [
+        #          "client"
+        #          "federation"
+        #        ];
+        #        compress = false;
+        #      }
+        #    ];
+        #  }
+        #];
+        dynamic_thumbnails = true;
+        presence = {
+          enable = true;
+          update_interval = 60;
+        };
+        url_preview_enabled = true;
+        database = {
+          name = "psycopg2";
+          args = {
+            user = "matrix-synapse";
+            password = "somepassword";
+            database = "matrix-synapse";
+            host = "127.0.0.1";
+            application_name = "matrix-synapse (litenet.tel)";
+            cp_min = 5;
+            cp_max = 50;
+          };
+        };
+
+        max_image_pixels = "100M";
+
+        report_stats = false;
+      };
+    };
+  };
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}

modules/base.nix

@@ -142,15 +142,5 @@
     sudo.wheelNeedsPassword = false;
   };
 
-  virtualisation.vmVariant = {
-    users = {
-      mutableUsers = false;
-      users = {
-        root.password = "root";
-        Rory.password = "password";
-      };
-    };
-    
-    networking.useDHCP = lib.mkForce true;
-  };
+  virtualisation.vmVariant = import ./vm-overrides.nix;
 }

modules/packages/ooye/packages/.gitignore

@@ -0,0 +1,4 @@
+result
+registration.json
+registration.yaml
+ooye-src/

modules/packages/ooye/packages/default.nix

@@ -9,15 +9,12 @@
 buildNpmPackage rec {
   pname = "out-of-your-element";
   version = "0";
-    src = fetchgit {
-      url = "https://gitdab.com/cadence/out-of-your-element.git";
-      rev = "2c3b653b540e6eea37e130104aece48c1f094d71";
-      sha256 = "SU6Mt3JEgEnkQUzU7Nw/BbeIHocWHqxZFEAeLYoFB4g=";
-    };
-#  src = ./ooye-src;
-  npmDepsHash = "sha256-561i7rUw+Pkq3k44PE6pglm7Kd4t3AjkcKbIZchJ29M=";
-  # "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
-  makeCacheWritable = true; # Something tries to write there, idk why - Emma [it/its] @ Rory&
+  src = fetchgit {
+    url = "https://gitdab.com/cadence/out-of-your-element.git";
+    rev = "07d6eb3c1272c2526a4749724c07c4fd530893d4";
+    sha256 = "3Y6s9pNKKeqF6s4I2Rd4TpxXPCwqizXeil/sTDVnpr0=";
+  };
+  npmDepsHash = "sha256-1STam+Sjy2MQcK5TmRacoxmgErd2sNqw0yIFX2M+iZk=";
   dontNpmBuild = true;
 
   nativeBuildInputs = [ makeWrapper ];
@@ -39,8 +36,8 @@ buildNpmPackage rec {
     longDescription = ''
       Cool.
     '';
-    #license = licenses.agpl3;
+    license = licenses.gpl3;
     #maintainers = with maintainers; [ RorySys ];
-    mainProgram = "null";
+    mainProgram = "matrix-ooye";
   };
 }

modules/packages/ooye/packages/flake.nix

@@ -7,6 +7,6 @@
 
   outputs = { self, nixpkgs }: {
     packages.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./default.nix { };
-    
+    modules.default = import ./module.nix;
   };
 }

modules/packages/ooye/packages/module.nix

@@ -6,6 +6,12 @@
 }:
 let
   cfg = config.services.matrix-ooye;
+  mkStringOption =
+    name: default:
+    lib.mkOption {
+      type = lib.types.str;
+      default = default;
+    };
 in
 {
   options = {
@@ -15,31 +21,159 @@ in
         type = lib.types.package;
         default = pkgs.callPackage ./default.nix { };
       };
-      appserviceId = lib.mkOption {
-        type = lib.types.string;
-        description = "The appservice ID to use, will be used as the localpart for the bridge.";
-        default = "ooye";
-      };
-      homeserver = lib.mkOption {
-        type = lib.types.string;
-        description = "The homeserver to connect to.";
-        default = "http://localhost:8006";
+      appserviceId = mkStringOption "The ID of the appservice." "ooye";
+      homeserver = mkStringOption "The homeserver to connect to." "http://localhost:8006";
+      homeserverName = mkStringOption "The name of the homeserver to connect to." "localhost";
+      namespace = mkStringOption "The prefix to use for the MXIDs/aliases of bridged users/rooms. Should end with a _!" "_ooye_";
+      discordTokenPath = mkStringOption "The path to the discord token file." "/etc/ooye-discord-token";
+      socket = mkStringOption "The socket to listen on, can either be a port number or a unix socket path." "6693";
+
+      enableSynapseIntegration = lib.mkEnableOption "Enable Synapse integration";
+    };
+  };
+  config = lib.mkIf cfg.enable (
+    let
+      baseConfig = pkgs.writeText "matrix-ooye-config.json" (
+        builtins.toJSON {
+          id = cfg.appserviceId;
+          namespaces = {
+            users = [
+              {
+                exclusive = true;
+                regex = "@${cfg.namespace}.*:${cfg.homeserverName}";
+              }
+            ];
+            aliases = [
+              {
+                exclusive = true;
+                regex = "#${cfg.namespace}.*:${cfg.homeserverName}";
+              }
+            ];
+          };
+          protocols = [ "discord" ];
+          sender_localpart = "${cfg.namespace}bot";
+          rate_limited = false;
+          socket = cfg.socket; # Can either be a TCP port or a unix socket path
+          url = if (lib.hasPrefix "/" cfg.socket) then "unix:${cfg.socket}" else "http://localhost:${cfg.socket}";
+          ooye = {
+            server_name = cfg.homeserverName;
+            namespace_prefix = cfg.namespace;
+            max_file_size = 5000000;
+            content_length_workaround = false;
+            include_user_id_in_mxid = true;
+            server_origin = cfg.homeserver;
+          };
+        }
+      );
+
+script = pkgs.writeScript "matrix-ooye-pre-start.sh" ''
+  #!${lib.getExe pkgs.bash}
+  REGISTRATION_FILE=registration.yaml
+
+  id
+  echo "Before if statement"
+  stat ''${REGISTRATION_FILE}
+
+  if [[ ! -f ''${REGISTRATION_FILE} ]]; then
+    echo "No registration file found at '$REGISTRATION_FILE'"
+    cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
+  fi
+  
+  echo "After if statement"
+  stat ''${REGISTRATION_FILE}
+
+  AS_TOKEN=$(${lib.getExe pkgs.jq} -r .as_token ''${REGISTRATION_FILE})
+  HS_TOKEN=$(${lib.getExe pkgs.jq} -r .hs_token ''${REGISTRATION_FILE})
+  DISCORD_TOKEN=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)
+
+  if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then
+    AS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
+    echo "Generated new AS token: ''${AS_TOKEN}"
+  fi
+  if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then
+    HS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
+    echo "Generated new HS token: ''${HS_TOKEN}"
+  fi
+  if [[ -z "$DISCORD_TOKEN" ]]; then
+    echo "No Discord token found at '${cfg.discordTokenPath}'"
+    exit 1
+  fi
+
+  shred -u ''${REGISTRATION_FILE}
+  cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
+
+  ${lib.getExe pkgs.jq} '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'"' ''${REGISTRATION_FILE} > ''${REGISTRATION_FILE}.tmp
+
+  shred -u ''${REGISTRATION_FILE}
+  mv ''${REGISTRATION_FILE}.tmp ''${REGISTRATION_FILE}
+'';
+
+    in
+    {
+      warnings =
+        lib.optionals ((builtins.substring (lib.stringLength cfg.namespace - 1) 1 cfg.namespace) != "_") [
+          "OOYE namespace does not end with an underscore! This is recommended to have better ID formatting. Provided: '${cfg.namespace}'"
+        ]
+        ++ lib.optionals ((builtins.substring 0 1 cfg.namespace) != "_") [
+          "OOYE namespace does not start with an underscore! This is recommended to avoid conflicts with registered users. Provided: '${cfg.namespace}'"
+        ];
+
+      systemd.services."matrix-ooye-pre-start" = {
+        enable = true;
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          ExecStart = script;
+          WorkingDirectory = "/var/lib/matrix-ooye";
+          StateDirectory = "matrix-ooye";
+          DynamicUser = true;
+
+          LoadCredential = [
+            "discord_token:${cfg.discordTokenPath}"
+          ];
+        };
       };
 
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    systemd.services."matrix-ooye-pre-start.service" = {
-      enable = true;
-      script = ''
-      
-      '';
-    };
-    systemd.services."matrix-ooye.service" = {
-      enable = true;
-      serviceConfig = {
-        ExecStart = "${config.services.matrix-ooye.package}/bin/ooye";
+      systemd.services."matrix-ooye" = {
+        enable = true;
+        description = "Out of Your Element - a Discord bridge for Matrix.";
+
+        wants = [
+          "network-online.target"
+          "matrix-synapse.service"
+          "conduit.service"
+          "dendrite.service"
+        ];
+        after = [
+          "matrix-ooye-pre-start.service"
+          "network-online.target"
+        ];
+        wantedBy = [ "multi-user.target" ];
+        requires = [ "matrix-ooye-pre-start.service" ];
+
+        serviceConfig = {
+          ExecStart = lib.getExe config.services.matrix-ooye.package;
+          WorkingDirectory = "/var/lib/matrix-ooye";
+          StateDirectory = "matrix-ooye";
+          ProtectSystem = "strict";
+          ProtectHome = true;
+          PrivateTmp = true;
+          NoNewPrivileges = true;
+          PrivateDevices = true;
+          Restart = "on-failure";
+          DynamicUser = true;
+        };
       };
-    };
-  };
+      
+      systemd.services."matrix-synapse".serviceConfig = lib.mkIf cfg.enableSynapseIntegration {
+        LoadCredential = [
+          "matrix-ooye-registration:/var/lib/matrix-ooye/registration.yaml"
+        ];
+        ExecStartPre = "cp /run/credentials/matrix-synapse.service/registration.yaml ${config.services.matrix-synapse.dataDir}/ooye-registration.yaml";
+      };
+
+      services.matrix-synapse.settings.app_service_config_files = lib.mkIf cfg.enableSynapseIntegration [
+        "${config.services.matrix-synapse.dataDir}/ooye-registration.yaml"
+      ];
+    }
+  );
 }

modules/vm-overrides.nix

@@ -0,0 +1,104 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  nixpkgs.overlays = [
+    #(import ./vm-overrides/systemd-overlay.nix)
+    #(import ./vm-overrides/grub-overlay.nix)
+  ];
+  environment.systemPackages = with pkgs; [
+    (callPackage ./vm-overrides/resize.nix { })
+  ];
+
+  users = {
+    mutableUsers = false;
+    users = {
+      root.password = "root";
+      Rory = {
+        password = "password";
+      };
+    };
+  };
+  services.getty.autologinUser = "Rory";
+  services.getty.loginProgram = (
+    pkgs.writeShellScript "ephemeral-shell" ''
+      #!${lib.getExe pkgs.zsh}
+      ${pkgs.shadow.su}/bin/su -l -s ${lib.getExe pkgs.zsh} Rory; poweroff
+    ''
+  );
+  
+  #other imported stuff
+
+  networking.useDHCP = lib.mkForce true;
+
+  boot.supportedFilesystems = lib.mkForce [ ];
+  hardware.enableRedistributableFirmware = lib.mkForce false;
+  #environment.systemPackages = lib.mkForce [  ];
+  documentation.enable = lib.mkForce false;
+  documentation.nixos.enable = lib.mkForce false;
+  networking.wireless.enable = lib.mkForce false;
+  system.extraDependencies = lib.mkForce [ ];
+  boot = {
+    loader = {
+      grub.memtest86.enable = false;
+      #systemd-boot.enable = true;
+      grub.enable = lib.mkForce false;
+      timeout = lib.mkForce 1;
+    };
+
+    #kernelPackages = pkgs.linuxPackages_latest;
+    systemdExecutable = "${pkgs.systemd}/bin/init";
+
+    enableContainers = lib.mkForce false;
+  };
+  #system.switch.enable = lib.mkForce false;
+  programs.less.lessopen = lib.mkForce null;
+  programs.command-not-found.enable = lib.mkForce false;
+  environment.defaultPackages = lib.mkForce [ ];
+  documentation.info.enable = lib.mkForce false;
+  documentation.man.enable = false;
+  system = {
+    #activatable = false;
+    #copySystemConfiguration = false;
+    #includeBuildDependencies = false;
+    #disableInstallerTools = lib.mkForce true;
+    #build = {
+    #  separateActivationScript = true;
+    #};
+  };
+  #nix.enable = false;
+  networking.firewall.enable = false;
+  networking.networkmanager.enable = false;
+  systemd.coredump.enable = false;
+  services.timesyncd.enable = false;
+
+  services.nscd.enableNsncd = false;
+  networking.dhcpcd.enable = false;
+  services.udev.enable = true;
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [ ];
+
+  systemd.oomd.enable = false;
+  security = {
+    loginDefs = {
+      settings = {
+        ENCRYPT_METHOD = "MD5";
+      };
+    };
+  };
+  services.lvm.enable = lib.mkForce false;
+  boot.initrd.services.lvm.enable = lib.mkForce false;
+  boot.initrd.systemd.suppressedUnits = [
+    "systemd-hibernate-clear.service"
+  ];
+
+  systemd.suppressedSystemUnits = [
+    "systemd-hibernate-clear.service"
+    "systemd-bootctl@.service"
+    "systemd-bootctl.socket"
+  ];
+}

modules/vm-overrides/grub-overlay.nix

@@ -0,0 +1,20 @@
+final: prev: {
+  grub2 = (prev.grub2.override {
+    zfsSupport = false;
+    efiSupport = false;
+    xenSupport = false;
+  }).overrideAttrs (oldAttrs: {
+    doCheck = false;
+    doInstallCheck = false;
+    #remove --enable-grub-mount
+    configureFlags = oldAttrs.configureFlags ++ [ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont" ];
+    # remove unnecessary commands
+    # postInstall = oldAttrs.postInstall + ''
+      # rm -rf $out/share/locale
+      # '';
+  });
+
+  grub2_light = final.grub2;
+  grub2_efi = final.grub2;
+  grub2_xen = final.grub2;
+}

modules/vm-overrides/resize.nix

@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+
+derivation {
+  name = "resize";
+  version = "1.0";
+  builder = "${pkgs.bash}/bin/bash";
+  args = [ "-c" "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize" ];
+  system = pkgs.system;
+}

modules/vm-overrides/systemd-overlay.nix

@@ -0,0 +1,62 @@
+final: prev: {
+  systemd = prev.systemd.override {
+    #pname = "systemd-extra-minimal";
+    withSelinux = false;
+    withKexectools = false;
+    withLibseccomp = false;
+    withAcl = false;
+    withAudit = false;
+    withAnalyze = false;
+    withApparmor = false;
+    withBootloader = false;
+    withCompression = false;
+    withCoredump = false;
+    withCryptsetup = false;
+    withRepart = false;
+    withDocumentation = false;
+    withEfi = false;
+    withFido2 = false;
+    withHomed = false;
+    withHostnamed = false;
+    withHwdb = true; # required by nixos 
+    withImportd = false;
+    withIptables = false;
+    withKmod = true; # required by nixos
+    withLibBPF = false;
+    withLibidn2 = false;
+    withLocaled = false;
+    withLogind = true; # required by nixos
+    withMachined = false;
+    withNetworkd = false;
+    withNss = false;
+    withOomd = false;
+    withPam = true; # required by nixos
+    withPCRE2 = false;
+    withPolkit = false;
+    withPortabled = false;
+    withQrencode = false;
+    withRemote = false;
+    withResolved = false;
+    withShellCompletions = false;
+    withSysusers = false;
+    withSysupdate = false;
+    withTimedated = false;
+    withTimesyncd = false;
+    withTpm2Tss = false;
+    withUkify = false;
+    withUserDb = false;
+    withUtmp = false;
+    withVmspawn = false;
+    withKernelInstall = false;
+    withTests = false;
+    withLogTrace = false;
+  };
+
+  systemd-minimal = final.systemd;
+
+  openssh = prev.openssh.overrideAttrs (oldAttrs: {
+    # Disable PAM support
+    doCheck = false;
+    doInstallCheck = false;
+  });
+}