pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.mautrix-facebook;
7 settingsFormat = pkgs.formats.json {};
8 settingsFile = settingsFormat.generate "mautrix-facebook-config.json" cfg.settings;
9
10 puppetRegex = concatStringsSep
11 ".*"
12 (map
13 escapeRegex
14 (splitString
15 "{userid}"
16 cfg.settings.bridge.username_template));
17in {
18 options = {
19 services.mautrix-facebook = {
20 enable = mkEnableOption "Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge";
21
22 settings = mkOption rec {
23 apply = recursiveUpdate default;
24 type = settingsFormat.type;
25 default = {
26 homeserver = {
27 address = "http://localhost:8008";
28 };
29
30 appservice = rec {
31 address = "http://${hostname}:${toString port}";
32 hostname = "localhost";
33 port = 29319;
34
35 database = "postgresql://";
36
37 bot_username = "facebookbot";
38 };
39
40 metrics.enabled = false;
41 manhole.enabled = false;
42
43 bridge = {
44 encryption = {
45 allow = true;
46 default = true;
47 };
48 username_template = "facebook_{userid}";
49 };
50
51 logging = {
52 version = 1;
53 formatters.journal_fmt.format = "%(name)s: %(message)s";
54 handlers.journal = {
55 class = "systemd.journal.JournalHandler";
56 formatter = "journal_fmt";
57 SYSLOG_IDENTIFIER = "mautrix-facebook";
58 };
59 root = {
60 level = "INFO";
61 handlers = ["journal"];
62 };
63 };
64 };
65 example = literalExpression ''
66 {
67 homeserver = {
68 address = "http://localhost:8008";
69 domain = "mydomain.example";
70 };
71
72 bridge.permissions = {
73 "@admin:mydomain.example" = "admin";
74 "mydomain.example" = "user";
75 };
76 }
77 '';
78 description = ''
79 <filename>config.yaml</filename> configuration as a Nix attribute set.
80 Configuration options should match those described in
81 <link xlink:href="https://github.com/mautrix/facebook/blob/master/mautrix_facebook/example-config.yaml">
82 example-config.yaml</link>.
83 </para>
84
85 <para>
86 Secret tokens should be specified using <option>environmentFile</option>
87 instead of this world-readable attribute set.
88 '';
89 };
90
91 environmentFile = mkOption {
92 type = types.nullOr types.path;
93 default = null;
94 description = ''
95 File containing environment variables to be passed to the mautrix-telegram service.
96
97 Any config variable can be overridden by setting <literal>MAUTRIX_FACEBOOK_SOME_KEY</literal> to override the <literal>some.key</literal> variable.
98 '';
99 };
100
101 configurePostgresql = mkOption {
102 type = types.bool;
103 default = true;
104 description = ''
105 Enable PostgreSQL and create a user and database for mautrix-facebook. The default <literal>settings</literal> reference this database, if you disable this option you must provide a database URL.
106 '';
107 };
108
109 registrationData = mkOption {
110 type = types.attrs;
111 default = {};
112 description = ''
113 Output data for appservice registration. Simply make any desired changes and serialize to JSON. Note that this data contains secrets so think twice before putting it into the nix store.
114
115 Currently <literal>as_token</literal> and <literal>hs_token</literal> need to be added as they are not known to this module.
116 '';
117 };
118 };
119 };
120
121 config = mkIf cfg.enable {
122 users.users.mautrix-facebook = {
123 group = "mautrix-facebook";
124 isSystemUser = true;
125 };
126
127 services.postgresql = mkIf cfg.configurePostgresql {
128 ensureDatabases = ["mautrix-facebook"];
129 ensureUsers = [{
130 name = "mautrix-facebook";
131 ensurePermissions = {
132 "DATABASE \"mautrix-facebook\"" = "ALL PRIVILEGES";
133 };
134 }];
135 };
136
137 systemd.services.mautrix-facebook = rec {
138 wantedBy = [ "multi-user.target" ];
139 wants = [
140 "network-online.target"
141 ] ++ optional config.services.matrix-synapse.enable "matrix-synapse.service"
142 ++ optional cfg.configurePostgresql "postgresql.service";
143 after = wants;
144
145 serviceConfig = {
146 Type = "simple";
147 Restart = "always";
148
149 User = "mautrix-facebook";
150
151 ProtectSystem = "strict";
152 ProtectHome = true;
153 ProtectKernelTunables = true;
154 ProtectKernelModules = true;
155 ProtectControlGroups = true;
156 PrivateTmp = true;
157
158 EnvironmentFile = cfg.environmentFile;
159
160 ExecStart = ''
161 ${pkgs.mautrix-facebook}/bin/mautrix-facebook --config=${settingsFile}
162 '';
163 };
164 };
165
166 services.mautrix-facebook = {
167 registrationData = {
168 id = "mautrix-facebook";
169
170 namespaces = {
171 users = [
172 {
173 exclusive = true;
174 regex = escapeRegex "@${cfg.settings.appservice.bot_username}:${cfg.settings.homeserver.domain}";
175 }
176 {
177 exclusive = true;
178 regex = "@${puppetRegex}:${escapeRegex cfg.settings.homeserver.domain}";
179 }
180 ];
181 aliases = [];
182 };
183
184 url = cfg.settings.appservice.address;
185 sender_localpart = "mautrix-facebook-sender";
186
187 rate_limited = false;
188 "de.sorunome.msc2409.push_ephemeral" = true;
189 push_ephemeral = true;
190 };
191 };
192 };
193
194 meta.maintainers = with maintainers; [ kevincox ];
195}