From 08490883849f5d77fd1daf1fb0225c9616d468fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sat, 29 Jul 2023 21:41:11 +0200
Subject: [PATCH] feat(matrix): add appservices with signal config

---
 flake.lock                      | 72 ++++++++++++++++++++++++++++++++-
 flake.nix                       |  6 +++
 services/matrix/appservices.nix | 45 +++++++++++++++++++++
 services/matrix/default.nix     |  2 +-
 4 files changed, 123 insertions(+), 2 deletions(-)
 create mode 100644 services/matrix/appservices.nix

diff --git a/flake.lock b/flake.lock
index 74c4251..77d5f46 100644
--- a/flake.lock
+++ b/flake.lock
@@ -120,6 +120,21 @@
         "type": "github"
       }
     },
+    "devshell": {
+      "locked": {
+        "lastModified": 1642188268,
+        "narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "696acc29668b644df1740b69e1601119bf6da83b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
     "fenix": {
       "inputs": {
         "nixpkgs": [
@@ -175,6 +190,22 @@
       }
     },
     "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1641205782,
+        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_4": {
       "flake": false,
       "locked": {
         "lastModified": 1673956053,
@@ -291,6 +322,44 @@
         "type": "github"
       }
     },
+    "matrix-appservices": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-compat": "flake-compat_3",
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1683490239,
+        "narHash": "sha256-QKzpvl2XrqbobWq/I/smDa9hEniwctjJybXPVILHP0w=",
+        "owner": "coffeetables",
+        "repo": "nix-matrix-appservices",
+        "rev": "e795d2fbc61da45d49802bb3e8f8d0c70ddc1e68",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "coffeetables",
+        "repo": "nix-matrix-appservices",
+        "type": "gitlab"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1643502816,
+        "narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1690200740,
@@ -373,7 +442,7 @@
     },
     "pre-commit-hooks": {
       "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
         "flake-utils": [
           "flake-utils"
         ],
@@ -407,6 +476,7 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager_2",
+        "matrix-appservices": "matrix-appservices",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
diff --git a/flake.nix b/flake.nix
index 4461c83..0829e2c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,11 @@
       inputs.flake-utils.follows = "flake-utils";
     };
 
+    matrix-appservices = {
+      url = "gitlab:coffeetables/nix-matrix-appservices";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     nvim-kitty-navigator = {
       url = "github:hermitmaster/nvim-kitty-navigator";
       flake = false;
@@ -68,6 +73,7 @@
               imports = [
                 nixosModules.flakeDefaults
                 agenix.nixosModules.default
+                inputs.matrix-appservices.nixosModule
                 hardwareConfig
                 config
               ];
diff --git a/services/matrix/appservices.nix b/services/matrix/appservices.nix
new file mode 100644
index 0000000..ceea9a5
--- /dev/null
+++ b/services/matrix/appservices.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+
+let inherit (config.services.matrix-conduit.settings.global) server_name;
+in {
+  # Mautrix-signal settings
+  services.signald.enable = true;
+  systemd.services.matrix-as-signal = {
+    requires = [ "signald.service" ];
+    after = [ "signald.service" ];
+    path = [
+      pkgs.ffmpeg # voice messages need `ffmpeg`
+    ];
+  };
+
+  services.matrix-appservices = {
+    addRegistrationFiles = false;
+    homeserverDomain = server_name;
+    homeserverURL = "https://matrix.${server_name}";
+    services = {
+      signal = {
+        port = 29184;
+        format = "mautrix-python";
+        package = pkgs.unstable.mautrix-signal;
+        serviceConfig = {
+          StateDirectory = [ "matrix-as-signal" ];
+          SupplementaryGroups = [ "signald" ];
+        };
+        settings.signal = {
+          socket_path = config.services.signald.socketPath;
+          outgoing_attachment_dir = "/var/lib/signald/tmp";
+        };
+        settings.bridge.permissions = {
+          "@felschr:${server_name}" = "admin";
+          "@felschr:matrix.org" = "admin";
+        };
+        settings.bridge.encryption = {
+          allow = true;
+          default = true;
+          key_sharing.allow = true;
+          delete_keys.delete_outdated_inbound = false;
+        };
+      };
+    };
+  };
+}
diff --git a/services/matrix/default.nix b/services/matrix/default.nix
index 4dcebab..a0f59b9 100644
--- a/services/matrix/default.nix
+++ b/services/matrix/default.nix
@@ -1,5 +1,5 @@
 { ... }:
 
 {
-  imports = [ ./conduit.nix ./element.nix ];
+  imports = [ ./conduit.nix ./element.nix ./appservices.nix ];
 }