alpine: mautrix-signal

flake.nix

@@ -69,6 +69,7 @@
         ./nixos/services/grafana.nix
         ./nixos/services/synapse.nix
         ./nixos/services/whatsapp.nix
+        ./nixos/services/signal.nix
         ./nixos/services/nextcloud.nix
       ] [];
 

nixos/services/signal.nix

@@ -0,0 +1,55 @@
+{config, ...}: let
+  inherit (config) sops;
+  inherit (sops) templates placeholder;
+
+  toAppRegistration = {
+    port,
+    id,
+    as_token,
+    hs_token,
+    sender_localpart,
+    rate_limited ? false,
+    ...
+  } @ conf:
+    builtins.toJSON ({
+        namespaces = {
+          users = [
+            {
+              exclusive = true;
+              regex = "^@${id}_.*:tristans.cloud$";
+            }
+            {
+              exclusive = true;
+              regex = "^@${id}bot:tristans.cloud$";
+            }
+          ];
+        };
+        url = "http://localhost:${toString port}";
+      }
+      // conf);
+  port = 29328;
+in {
+  sops.secrets = {
+    "mautrix-signal/as_token" = {};
+    "mautrix-signal/hs_token" = {};
+  };
+  sops.templates = {
+    "mautrix-signal/appservice.yaml" = {
+      owner = "matrix-synapse";
+      content = toAppRegistration {
+        id = "signal";
+        port = port;
+        as_token = placeholder."mautrix-signal/as_token";
+        hs_token = placeholder."mautrix-signal/hs_token";
+        sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV";
+        "de.sorunome.msc2409.push_ephemeral" = true;
+      };
+    };
+  };
+
+  # mautrix-signal server currently in ansible/podman
+
+  services.matrix-synapse.settings.app_service_config_files = [
+    templates."mautrix-signal/appservice.yaml".path
+  ];
+}

secrets/secrets.yaml

@@ -13,6 +13,9 @@ synapse:
 mautrix-whatsapp:
     as_token: ENC[AES256_GCM,data:x1iIfwaRdSzC7wo684FY5ZCytj+uQSS2k8UZ/Sm/0gy7jnjsb6Eyl0I5tdNf7mYk2gdTtfmc+dVThOP3aGIZXQ==,iv:hvVr1MZfpLewomTW5pUhOvrQ2fEkQy4LNnfqslkeFgQ=,tag:5eUZLn5Bd2D5GWyIx9xevw==,type:str]
     hs_token: ENC[AES256_GCM,data:y8q41zg1NFco0fs7Q/yZVIPCdrUsB8/CRiffBpAVWsH0vCCHQvBs6VUGZmZwJVySkxSfFqBdCc/TF38SPwhxCg==,iv:sJ0cldlCTpGRMYT0u9ZGFVI70m3VBCZqn/l4cwUDyAI=,tag:D0QE2TQxLNnEv6/ECCLnRw==,type:str]
+mautrix-signal:
+    as_token: ENC[AES256_GCM,data:wu9ohlIUn6dBYxa7jZzG9DRVRrBCnmXsc7txntF6U6eW6rpe/bvKWDR5/db1ZtMxAv/MZrTephJ81yqtr8aDsw==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:J6F3CP5OJbyPBr5iVWhg0w==,type:str]
+    hs_token: ENC[AES256_GCM,data:8OAHb5+k7uRW5EtjrNiTFjG1lf3txePHjpVYaDtJ1MfbtU8jN/T50PENPwFHR9iJSh2Zma7PGgFjwlWHGQEW8A==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:3y/K1iztmWrWR34/3vjopA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -28,8 +31,8 @@ sops:
             NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG
             A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-26T19:50:48Z"
+    lastmodified: "2024-03-21T14:39:41Z"
-    mac: ENC[AES256_GCM,data:ZmySnwEMEStfSWgKbw7eVULLkYdpH4d4RMV0mDlfE0dXdF8eOtjfBK/NyLCP84VMIWJWFzc/KihOuSWEpzjtoZVJAHi/c/sh87OpigjG4X3RFIJFV7IhKyielyhd5SInQV/yMa0IOPN5MnK40h59+ofRlVZ2371PdYkns6EVUoo=,iv:1PMwsRz78iMCs6QJfnfCUXCofOonEl+je/6e/4GZW+g=,tag:FOqWXMkWOf4C6VhV7ODwMg==,type:str]
+    mac: ENC[AES256_GCM,data:iLzMUM/1bttEAQwMWE7SoT/3vWRKTV2d+k/oPv42cD/4nB/SgZaYgrScK7/A9go7nWwumWmpOfOWl0fK3Fj/AcKUZtgIhpWqpbd+CHfh68gEjddK2QDSPZHJ83NtK9e+OpQ/pYlon36hGtxdjbEGV0wpJduzF5NHwcmqAUZ0DC8=,iv:U0MZsZ9IAGb0P5YbWCn8VJc/rX6RXimT347m+JYF5dY=,tag:YFXldsF5o6itzjcFMc0AKQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1