pvv-nixos-config/services/matrix/discord.nix

38 lines
1.3 KiB
Nix

{ config, lib, ... }:
let
cfg = config.services.mx-puppet-discord;
in
{
users.groups.keys-matrix-registrations = { };
sops.secrets."matrix/registrations/mx-puppet-discord" = {
owner = config.users.users.matrix-synapse.name;
group = config.users.groups.keys-matrix-registrations.name;
};
systemd.services.mx-puppet-discord = {
serviceConfig.SupplementaryGroups = [ config.users.groups.keys-matrix-registrations.name ];
};
services.mx-puppet-discord.enable = true;
services.mx-puppet-discord.settings = {
bridge = {
bindAddress = "localhost";
domain = "pvv.ntnu.no";
# systemd-resolved reads hosts and redirects matrix->jokum->127.0.0.2 which nginx doesnt listen to
# this line points the bridge at whatever the ip for the main synapse listener is
homeserverUrl = "http://${lib.head (lib.attrNames config.services.nginx.upstreams.synapse_master.servers)}";
};
provisioning.whitelist = [ "@dandellion:dodsorf\\.as" "@danio:pvv\\.ntnu\\.no"];
relay.whitelist = [ ".*" ];
selfService.whitelist = [ "@danio:pvv\\.ntnu\\.no" "@dandellion:dodsorf\\.as" ];
};
services.mx-puppet-discord.serviceDependencies = [ "matrix-synapse.target" "nginx.service" ];
services.matrix-synapse-next.settings.app_service_config_files = [ config.sops.secrets."matrix/registrations/mx-puppet-discord".path ];
}