From b54cc1dda4f7a1fe7aa7c98880ec99ded39126da Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Fri, 18 Sep 2020 03:49:06 -0300 Subject: Initial setup of matrix with mautrix-whatsapp --- vps-configuration.nix | 114 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 93 insertions(+), 21 deletions(-) (limited to 'vps-configuration.nix') diff --git a/vps-configuration.nix b/vps-configuration.nix index a6b2c9c..35694da 100644 --- a/vps-configuration.nix +++ b/vps-configuration.nix @@ -11,15 +11,14 @@ let TLD = envsubstConfiguration.TLD; nextcloudDomain = "cloud.${TLD}"; gitDomain = "git.${TLD}"; - prosodyDomain = "${TLD}"; + prosodyDomain = "xmpp.${TLD}"; bonecoDomain = "boneco.${TLD}"; pdfsDomain = "pdfs-da-d-maria.${TLD}"; ciLogsDomain = "ci.${TLD}"; songbooksDocumentationDomain = "songbooks.${TLD}"; - piresDocumentationDomain = "pires.${TLD}"; mediatorDocumentationDomain = "mediator.${TLD}"; cementDocumentationDomain = "cement.${TLD}"; - piresProdDomain = "pires-prod.${TLD}"; + piresProdDomain = "pires.${TLD}"; piresProdPort = "1234"; piresProdDir = "/home/andreh/pires-git/"; nextcloudDatabaseUser = "nextcloud"; @@ -33,6 +32,12 @@ let prosodyHTTPPort = "5280"; prosodyEnable = envsubstConfiguration.prosodyEnable == "true"; openSSHPort = 23841; + elementDomain = "element.${TLD}"; + matrixDomain = "matrix.${TLD}"; + matrixServerJSON = { "m.server" = "${matrixDomain}:443"; }; + matrixClientJSON = { "m.homeserver" = { "base_url" = "https://${TLD}"; }; }; + matrixPort = 8008; + mautrixWappDir = "/home/${envsubstConfiguration.userName}/mautrix-wapp"; }; staticSiteFromRepo = repoName: pkgs.stdenv.mkDerivation { @@ -49,19 +54,33 @@ let pkgsUnstable = import (builtins.fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; }) { }; - piresProd = pkgs.writeShellScriptBin "run-pires.sh" '' + piresProd = (pkgs.writeShellScriptBin "run-pires.sh" '' export FLASK_CONFIG=production export PIRES_PROD_DIR="$" if [[ ! -d ${config.piresProdDir} ]]; then - ${pkgs.git}/bin/git clone https://gitlab.com/EuAndreh/pires.git ${config.piresProdDir} + git clone https://gitlab.com/EuAndreh/pires.git ${config.piresProdDir} fi pushd ${config.piresProdDir} - ${pkgs.git}/bin/git pull - ${pkgsUnstable.poetry}/bin/poetry install --no-dev --extras "waitress" - ${pkgsUnstable.poetry}/bin/poetry run flask inicializar-banco - ${pkgsUnstable.poetry}/bin/poetry run waitress-serve --host localhost --port ${config.piresProdPort} --call pires:create_app - ''; + git pull + poetry install --no-dev --extras "waitress" + poetry run flask inicializar-banco + poetry run waitress-serve --host localhost --port ${config.piresProdPort} --call pires:create_app + '').overrideAttrs (baseAttrs: { buildInputs = with pkgs; [ git poetry ]; }); + mautrix-wapp = (pkgs.writeShellScriptBin "run-mautrix-wapp.sh" '' + set -x + DIR=${config.mautrixWappDir} + if [[ ! -d "$DIR" ]]; then + git clone https://github.com/tulir/mautrix-whatsapp.git "$DIR" + fi + pushd "$DIR" + git pull + ./build.sh + cp ../config.yaml . + ./mautrix-whatsapp -g + cp registration.yaml /data/ + ./mautrix-whatsapp + '').overrideAttrs (baseAttrs: { buildInputs = with pkgs; [ git olm go ]; }); in { nix = { binaryCaches = [ "https://euandreh.cachix.org" ]; @@ -87,6 +106,8 @@ in { git gitAndTools.git-annex gotop + matrix-synapse + poetry ]; networking.firewall.allowedTCPPorts = [ @@ -128,6 +149,36 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { + "${config.TLD}" = { + locations."= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON config.matrixServerJSON}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON config.matrixClientJSON}'; + ''; + }; + "${config.matrixDomain}" = { + enableACME = true; + forceSSL = true; + locations."/_matrix" = { + proxyPass = "http://[::1]:${toString config.matrixPort}"; + }; + }; + "${config.elementDomain}" = { + enableACME = true; + forceSSL = true; + root = pkgs.element-web.override { + conf = { + default_server_config."m.homeserver" = { + "base_url" = "https://${config.matrixDomain}"; + "server_name" = "https://${config.matrixDomain}"; + }; + }; + }; + }; "${config.nextcloudDomain}" = { forceSSL = true; enableACME = true; @@ -189,11 +240,6 @@ in { root ${envsubstConfiguration.staticRoot}/songbooks/; ''; }; - "${config.piresDocumentationDomain}" = { - forceSSL = true; - enableACME = true; - root = "${envsubstConfiguration.staticRoot}/pires/"; - }; "${config.piresProdDomain}" = { forceSSL = true; enableACME = true; @@ -201,12 +247,6 @@ in { "/" = { proxyPass = "http://localhost:${config.piresProdPort}/"; }; }; }; - # Generate and maintain TLS certificate with NGINX - # to be used by Prosody - "${config.prosodyDomain}" = { - forceSSL = true; - enableACME = true; - }; "${config.prosodyConverseDomain}" = { forceSSL = true; enableACME = true; @@ -341,6 +381,24 @@ in { # } # ''; }; + matrix-synapse = { + enable = true; + server_name = config.matrixDomain; + # Created the new user by temporarily setting this to true + enable_registration = false; + listeners = [{ + port = config.matrixPort; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + names = [ "client" "federation" ]; + compress = false; + }]; + }]; + app_service_config_files = [ "/data/registration.yaml" ]; + }; }; systemd.services = { @@ -392,6 +450,20 @@ in { # Install wantedBy = [ "multi-user.target" ]; }; + "mautrix-whatsapp" = { + enable = true; + # Unit + description = "mautrix-whatsapp systemd service"; + after = [ "network.target" ]; + # Service + serviceConfig = { + User = "${envsubstConfiguration.userName}"; + ExecStart = "${mautrix-wapp}/bin/run-mautrix-wapp.sh"; + Restart = "always"; + }; + # Install + wantedBy = [ "multi-user.target" ]; + }; }; users = { -- cgit v1.2.3