Initial setup of matrix with mautrix-whatsapp

author: EuAndreh <eu@euandre.org> 2020-09-18 03:49:06 -0300
committer: EuAndreh <eu@euandre.org> 2020-09-18 14:02:03 -0300
commit: b54cc1dda4f7a1fe7aa7c98880ec99ded39126da (patch)
tree: 52387a187aa2126681302609536994d1b609b27f /vps-configuration.nix
parent: Disable pires-prod service (diff)
download: server-b54cc1dda4f7a1fe7aa7c98880ec99ded39126da.tar.gz
server-b54cc1dda4f7a1fe7aa7c98880ec99ded39126da.tar.xz
1 files changed, 93 insertions, 21 deletions
diff --git a/vps-configuration.nix b/vps-configuration.nix
index a6b2c9c..35694da 100644
--- a/vps-configuration.nix
+++ b/vps-configuration.nix
@@ -11,15 +11,14 @@ let
     TLD = envsubstConfiguration.TLD;
     nextcloudDomain = "cloud.${TLD}";
     gitDomain = "git.${TLD}";
-    prosodyDomain = "${TLD}";
+    prosodyDomain = "xmpp.${TLD}";
     bonecoDomain = "boneco.${TLD}";
     pdfsDomain = "pdfs-da-d-maria.${TLD}";
     ciLogsDomain = "ci.${TLD}";
     songbooksDocumentationDomain = "songbooks.${TLD}";
-    piresDocumentationDomain = "pires.${TLD}";
     mediatorDocumentationDomain = "mediator.${TLD}";
     cementDocumentationDomain = "cement.${TLD}";
-    piresProdDomain = "pires-prod.${TLD}";
+    piresProdDomain = "pires.${TLD}";
     piresProdPort = "1234";
     piresProdDir = "/home/andreh/pires-git/";
     nextcloudDatabaseUser = "nextcloud";
@@ -33,6 +32,12 @@ let
     prosodyHTTPPort = "5280";
     prosodyEnable = envsubstConfiguration.prosodyEnable == "true";
     openSSHPort = 23841;
+    elementDomain = "element.${TLD}";
+    matrixDomain = "matrix.${TLD}";
+    matrixServerJSON = { "m.server" = "${matrixDomain}:443"; };
+    matrixClientJSON = { "m.homeserver" = { "base_url" = "https://${TLD}"; }; };
+    matrixPort = 8008;
+    mautrixWappDir = "/home/${envsubstConfiguration.userName}/mautrix-wapp";
   };
   staticSiteFromRepo = repoName:
     pkgs.stdenv.mkDerivation {
@@ -49,19 +54,33 @@ let
   pkgsUnstable = import (builtins.fetchTarball {
     url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
   }) { };
-  piresProd = pkgs.writeShellScriptBin "run-pires.sh" ''
+  piresProd = (pkgs.writeShellScriptBin "run-pires.sh" ''
     export FLASK_CONFIG=production
 
     export PIRES_PROD_DIR="$"
     if [[ ! -d ${config.piresProdDir} ]]; then
-      ${pkgs.git}/bin/git clone https://gitlab.com/EuAndreh/pires.git ${config.piresProdDir}
+      git clone https://gitlab.com/EuAndreh/pires.git ${config.piresProdDir}
     fi
     pushd ${config.piresProdDir}
-    ${pkgs.git}/bin/git pull
-    ${pkgsUnstable.poetry}/bin/poetry install --no-dev --extras "waitress"
-    ${pkgsUnstable.poetry}/bin/poetry run flask inicializar-banco
-    ${pkgsUnstable.poetry}/bin/poetry run waitress-serve --host localhost --port ${config.piresProdPort} --call pires:create_app
-  '';
+    git pull
+    poetry install --no-dev --extras "waitress"
+    poetry run flask inicializar-banco
+    poetry run waitress-serve --host localhost --port ${config.piresProdPort} --call pires:create_app
+  '').overrideAttrs (baseAttrs: { buildInputs = with pkgs; [ git poetry ]; });
+  mautrix-wapp = (pkgs.writeShellScriptBin "run-mautrix-wapp.sh" ''
+    set -x
+    DIR=${config.mautrixWappDir}
+    if [[ ! -d "$DIR" ]]; then
+      git clone https://github.com/tulir/mautrix-whatsapp.git "$DIR"
+    fi
+    pushd "$DIR"
+    git pull
+    ./build.sh
+    cp ../config.yaml .
+    ./mautrix-whatsapp -g
+    cp registration.yaml /data/
+    ./mautrix-whatsapp
+  '').overrideAttrs (baseAttrs: { buildInputs = with pkgs; [ git olm go ]; });
 in {
   nix = {
     binaryCaches = [ "https://euandreh.cachix.org" ];
@@ -87,6 +106,8 @@ in {
     git
     gitAndTools.git-annex
     gotop
+    matrix-synapse
+    poetry
   ];
 
   networking.firewall.allowedTCPPorts = [
@@ -128,6 +149,36 @@ in {
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       virtualHosts = {
+        "${config.TLD}" = {
+          locations."= /.well-known/matrix/server".extraConfig = ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON config.matrixServerJSON}';
+          '';
+          locations."= /.well-known/matrix/client".extraConfig = ''
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '${builtins.toJSON config.matrixClientJSON}';
+          '';
+        };
+        "${config.matrixDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/_matrix" = {
+            proxyPass = "http://[::1]:${toString config.matrixPort}";
+          };
+        };
+        "${config.elementDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          root = pkgs.element-web.override {
+            conf = {
+              default_server_config."m.homeserver" = {
+                "base_url" = "https://${config.matrixDomain}";
+                "server_name" = "https://${config.matrixDomain}";
+              };
+            };
+          };
+        };
         "${config.nextcloudDomain}" = {
           forceSSL = true;
           enableACME = true;
@@ -189,11 +240,6 @@ in {
             root ${envsubstConfiguration.staticRoot}/songbooks/;
           '';
         };
-        "${config.piresDocumentationDomain}" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "${envsubstConfiguration.staticRoot}/pires/";
-        };
         "${config.piresProdDomain}" = {
           forceSSL = true;
           enableACME = true;
@@ -201,12 +247,6 @@ in {
             "/" = { proxyPass = "http://localhost:${config.piresProdPort}/"; };
           };
         };
-        # Generate and maintain TLS certificate with NGINX
-        # to be used by Prosody
-        "${config.prosodyDomain}" = {
-          forceSSL = true;
-          enableACME = true;
-        };
         "${config.prosodyConverseDomain}" = {
           forceSSL = true;
           enableACME = true;
@@ -341,6 +381,24 @@ in {
       #   }
       # '';
     };
+    matrix-synapse = {
+      enable = true;
+      server_name = config.matrixDomain;
+      # Created the new user by temporarily setting this to true
+      enable_registration = false;
+      listeners = [{
+        port = config.matrixPort;
+        bind_address = "::1";
+        type = "http";
+        tls = false;
+        x_forwarded = true;
+        resources = [{
+          names = [ "client" "federation" ];
+          compress = false;
+        }];
+      }];
+      app_service_config_files = [ "/data/registration.yaml" ];
+    };
   };
 
   systemd.services = {
@@ -392,6 +450,20 @@ in {
       # Install
       wantedBy = [ "multi-user.target" ];
     };
+    "mautrix-whatsapp" = {
+      enable = true;
+      # Unit
+      description = "mautrix-whatsapp systemd service";
+      after = [ "network.target" ];
+      # Service
+      serviceConfig = {
+        User = "${envsubstConfiguration.userName}";
+        ExecStart = "${mautrix-wapp}/bin/run-mautrix-wapp.sh";
+        Restart = "always";
+      };
+      # Install
+      wantedBy = [ "multi-user.target" ];
+    };
   };
 
   users = {
author	EuAndreh <eu@euandre.org>	2020-09-18 03:49:06 -0300
committer	EuAndreh <eu@euandre.org>	2020-09-18 14:02:03 -0300
commit	b54cc1dda4f7a1fe7aa7c98880ec99ded39126da (patch)
tree	52387a187aa2126681302609536994d1b609b27f /vps-configuration.nix
parent	Disable pires-prod service (diff)
download	server-b54cc1dda4f7a1fe7aa7c98880ec99ded39126da.tar.gz server-b54cc1dda4f7a1fe7aa7c98880ec99ded39126da.tar.xz