alpine: refactor mautrix

flake.nix

@@ -68,8 +68,8 @@
         ./nixos/services/prometheus.nix
         ./nixos/services/grafana.nix
         ./nixos/services/synapse.nix
-        ./nixos/services/whatsapp.nix
-        ./nixos/services/signal.nix
+        ./nixos/services/mautrix/whatsapp.nix
+        ./nixos/services/mautrix/signal.nix
         ./nixos/services/nextcloud.nix
       ] [];
 

nixos/services/mautrix/instagram.nix

@@ -0,0 +1,29 @@
+{config, ...}: let
+  inherit (config) sops;
+  inherit (sops) templates placeholder;
+  inherit (import ./lib.nix) toAppRegistration;
+in {
+  sops.secrets = {
+    "mautrix-instagram/as_token" = {};
+    "mautrix-instagram/hs_token" = {};
+  };
+  sops.templates = {
+    "mautrix-instagram/appservice.yaml" = {
+      owner = "matrix-synapse";
+      content = toAppRegistration {
+        id = "instagram";
+        port = 29328;
+        as_token = placeholder."mautrix-instagram/as_token";
+        hs_token = placeholder."mautrix-instagram/hs_token";
+        sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";
+        "de.sorunome.msc2409.push_ephemeral" = true;
+      };
+    };
+  };
+
+  # mautrix-instagram server currently in ansible/podman
+
+  services.matrix-synapse.settings.app_service_config_files = [
+    templates."mautrix-instagram/appservice.yaml".path
+  ];
+}

nixos/services/mautrix/lib.nix

@@ -0,0 +1,27 @@
+{
+  toAppRegistration = {
+    port,
+    id,
+    as_token,
+    hs_token,
+    sender_localpart,
+    rate_limited ? false,
+    ...
+  } @ conf:
+    builtins.toJSON ({
+        namespaces = {
+          users = [
+            {
+              exclusive = true;
+              regex = "^@${id}_.*:tristans.cloud$";
+            }
+            {
+              exclusive = true;
+              regex = "^@${id}bot:tristans.cloud$";
+            }
+          ];
+        };
+        url = "http://localhost:${toString port}";
+      }
+      // conf);
+}

nixos/services/mautrix/signal.nix

@@ -1,33 +1,7 @@
 {config, ...}: let
   inherit (config) sops;
   inherit (sops) templates placeholder;
-
-  toAppRegistration = {
-    port,
-    id,
-    as_token,
-    hs_token,
-    sender_localpart,
-    rate_limited ? false,
-    ...
-  } @ conf:
-    builtins.toJSON ({
-        namespaces = {
-          users = [
-            {
-              exclusive = true;
-              regex = "^@${id}_.*:tristans.cloud$";
-            }
-            {
-              exclusive = true;
-              regex = "^@${id}bot:tristans.cloud$";
-            }
-          ];
-        };
-        url = "http://localhost:${toString port}";
-      }
-      // conf);
-  port = 29328;
+  inherit (import ./lib.nix) toAppRegistration;
 in {
   sops.secrets = {
     "mautrix-signal/as_token" = {};
@@ -38,7 +12,7 @@ in {
       owner = "matrix-synapse";
       content = toAppRegistration {
         id = "signal";
-        port = port;
+        port = 29328;
         as_token = placeholder."mautrix-signal/as_token";
         hs_token = placeholder."mautrix-signal/hs_token";
         sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";

nixos/services/mautrix/whatsapp.nix

@@ -1,32 +1,7 @@
 {config, ...}: let
   inherit (config) sops;
   inherit (sops) templates placeholder;
-
-  toAppRegistration = {
-    port,
-    id,
-    as_token,
-    hs_token,
-    sender_localpart,
-    rate_limited ? false,
-    ...
-  } @ conf:
-    builtins.toJSON ({
-        namespaces = {
-          users = [
-            {
-              exclusive = true;
-              regex = "^@${id}_.*:tristans.cloud$";
-            }
-            {
-              exclusive = true;
-              regex = "^@${id}bot:tristans.cloud$";
-            }
-          ];
-        };
-        url = "http://localhost:${toString port}";
-      }
-      // conf);
+  inherit (import ./lib.nix) toAppRegistration;
 in {
   sops.secrets = {
     "mautrix-whatsapp/as_token" = {};

secrets/secrets.yaml

@@ -16,6 +16,9 @@ mautrix-whatsapp:
 mautrix-signal:
     as_token: ENC[AES256_GCM,data:wu9ohlIUn6dBYxa7jZzG9DRVRrBCnmXsc7txntF6U6eW6rpe/bvKWDR5/db1ZtMxAv/MZrTephJ81yqtr8aDsw==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:J6F3CP5OJbyPBr5iVWhg0w==,type:str]
     hs_token: ENC[AES256_GCM,data:8OAHb5+k7uRW5EtjrNiTFjG1lf3txePHjpVYaDtJ1MfbtU8jN/T50PENPwFHR9iJSh2Zma7PGgFjwlWHGQEW8A==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:3y/K1iztmWrWR34/3vjopA==,type:str]
+mautrix-instagram:
+    as_token: ENC[AES256_GCM,data:pNO76BcGejQdCc5X4f/UvSsBIPU6QZCCQTJvwVIXRf3rnb9ewWNMEtYXlqj886yh3g5SgqQ4Uhqby/7vrMxREA==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:vJHOhwJBPlgUPu1SFqI4ew==,type:str]
+    hs_token: ENC[AES256_GCM,data:m1CK8Ae6QyJKgDZm904xMpZ1KgKxEUpmQ1jdKOkjexgwAWjjtYF+RVximtcXwxPg/0jkbK/LMlxA89ic+zajiA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:rRwhYn88ZZwm5sDI1etR2g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -31,8 +34,8 @@ sops:
             NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG
             A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-21T14:39:41Z"
-    mac: ENC[AES256_GCM,data:iLzMUM/1bttEAQwMWE7SoT/3vWRKTV2d+k/oPv42cD/4nB/SgZaYgrScK7/A9go7nWwumWmpOfOWl0fK3Fj/AcKUZtgIhpWqpbd+CHfh68gEjddK2QDSPZHJ83NtK9e+OpQ/pYlon36hGtxdjbEGV0wpJduzF5NHwcmqAUZ0DC8=,iv:U0MZsZ9IAGb0P5YbWCn8VJc/rX6RXimT347m+JYF5dY=,tag:YFXldsF5o6itzjcFMc0AKQ==,type:str]
+    lastmodified: "2024-03-23T23:24:16Z"
+    mac: ENC[AES256_GCM,data:bs8t7nH5BdIz4uQd33M2pt+AVhqfBEJy9l8AFl8p80GLAMg5zKlDWxtVCPrWk8viJvfMkhvwEovBizoy3m7gt8iWLf+dtznBjALtUXVAc/+dmACUS8E9JHHKcvOHxT/cYCuU3t6pDJWlbfnpBtKSSHH8Z/YblYMlkeoNeNOoAwU=,iv:9fKO44c5TNMBgHqcuV6Fu+GW8TjND+32KDEerawpZL4=,tag:Ps8kelq+8iY88mdqugRTMg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1