I've been in the Matrix.org Ecosystem for a while and use some bridging software to roam:Illegally integrate other chat networks in to a single client which syncs between my phone and desktops and etc.
i am currently an etke.cc user and this is disabled! we'll see if that sticks since the Illegal homeserver bridges don't work as well from a datacenter IP address
Synapse on NixOS
This is an Arroyo NixOS module used in My Wobserver Configuration .
#+ARROYO_NIXOS_MODULE: nixos/matrix.nix #+ARROYO_SYSTEM_ROLE: server
nix source: :tangle ~/arroyo-nix/nixos/matrix.nix{ ... }: let useSSL = false; # for VM testing... should make this an option... clientConfig."m.homeserver".base_url = "https://matrix.fontkeming.fail/"; serverConfig."m.server" = "matrix.fontkeming.fail:443"; mkWellKnown = data: '' # add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; in { imports = [ ./mautrix-discord-svc.nix ./matrix-puppet-discord.nix ./heisenbridge.nix ./matrix-prometheus.nix ]; # if you're smart you'll name this database matrix-synapse services.postgresql.ensureDatabases = ["synapse"]; services.postgresql.ensureUsers = [ { name = "synapse"; ensureDBOwnership = true; } ]; # otherwise you have to set up a pg_ident entry services.postgresql.identMap = "synapse matrix-synapse synapse"; users.users.matrix-synapse = { isSystemUser = true; createHome = true; home = "/srv/matrix-synapse"; group = "matrix-synapse"; }; services.nginx.virtualHosts."matrix.fontkeming.fail" = { # useACMEHost = "files.fontkeming.fail"; # addSSL = true; listen = [ { addr = "0.0.0.0"; port = 8448; } { addr = "0.0.0.0"; port = 80; } ]; forceSSL = useSSL; locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; locations."/_matrix".extraConfig = '' client_max_body_size 16m; access_log off; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_connect_timeout 600s; proxy_read_timeout 600s; ''; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; services.matrix-synapse = { enable = true; dataDir = "/srv/matrix-synapse"; settings = { server_name = "kickass.systems"; public_baseurl = "https://matrix.fontkeming.fail"; enable_registration = false; enable_metrics = true; report_stats = true; url_preview_enabled = true; database.name = "psycopg2"; database.args.user = "matrix-synapse"; database.args.database = "synapse"; # god damnit ensureDatabases gives me a utf8 database.allow_unsafe_locale = true; secondary_directory_servers = [ "matrix.org" "cybre.space" ]; retention = { default_policy = { min_lifetime = "1d"; max_lifetime = "26w"; }; allowed_liftetime_min = "1d"; allowed_liftetime_max = "1y"; }; caches = { sync_response_cache_duration = "60m"; cache_autotuning.max_cache_memory_usage = "2048M"; cache_autotuning.target_cache_memory_usage = "1024M"; cache_autotuning.min_cache_ttl = "15m"; }; presence.enabled = false; thumbnail_sizes = [ { width = 24; height = 24; method = "crop"; } { width = 32; height = 32; method = "crop"; } { width = 96; height = 96; method = "crop"; } { width = 320; height = 240; method = "scale"; } { width = 640; height = 480; method = "scale"; } { width = 800; height = 600; method = "scale"; } ]; listeners = [ { bind_addresses = [ "127.0.0.1" ] ; port = 8008; resources = [ { compress = true; names = [ "client" "metrics" ]; } { compress = false; names = [ "federation" ]; } ]; tls = false; type = "http"; x_forwarded = true; } ]; }; }; }
CANCELLED mx-puppet-discord
mx-puppet-discord allows a savvy Discord user to log in to their discord guilds and chat in them through a Matrix client. Definitely don't do a crimes with it, I'm sure I'll be banned for this indiscretion some day but this bridging is the core value proposition of Matrix for me.
It's primarily operated via chat commands. I am mostly trusting the default nixpkgs configuration.
One thing I had to do to make this configuration work is to manually move that app_service_config_file from /var/lib/mx-puppet-discord/discord-registration.yaml. Since it's written by a SystemD DynamicUser, it's not clear to me how to write this file with a group ID that Synapse shares..
This isn't used any more, see below.
nix source:{ options, ... }: { services.mx-puppet-discord.enable = false; # services.matrix-synapse.extraConfig = '' # ''; # services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"]; # services.mx-puppet-discord.settings = { # bridge = { # port = 8091; # bindAddress = "0.0.0.0"; # domain = "kickass.systems"; # homeserverUrl = "http://127.0.0.1:8008"; # }; # provisioning.whitelist = ["@rrix:kickass\\.systems"]; # }; }
mautrix-discord
i'm using a different matrix-discord bridge now, the same one the beeper folks use. Still have to do the song-and-dance moving the registration file out of the private /var/lib state directory, but that's fine. Deploy this once, it'll fail to start but it'll write the /var/lib/mautrix-discord/discord-registration.yaml file which you'll just cp /var/lib/mautrix-discord/discord-registration.yaml /var/lib/matrix-synapse/or/whatever/discord-registration.yaml and make sure it makes the location below, and deploy again! Then just start a chat with @discordbot:example.com and set up the bridge.
nix source: :tangle ~/arroyo-nix/nixos/matrix-puppet-discord.nix{ options, ... }: { services.mx-puppet-discord.enable = false; services.mautrix-discord.enable = true; services.mautrix-discord.settings = options.services.mautrix-discord.settings.default // { homeserver.address = "http://localhost:8008"; homeserver.domain = "kickass.systems"; bridge.delivery_receipts = true; bridge.federate_rooms = false; bridge.permissions."*" = "relay"; bridge.permissions."kickass.systems" = "user"; bridge.permissions."@rrix:kickass.systems" = "admin"; }; services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"]; }
This NixOS Module
nix source: :tangle ~/arroyo-nix/nixos/mautrix-discord-svc.nix{ config, pkgs, lib, ... }: with lib; let cfg = config.services.mautrix-discord; dataDir = "/var/lib/mautrix-discord"; registrationFile = "${dataDir}/discord-registration.yaml"; settingsFormat = pkgs.formats.yaml { }; settingsFile = settingsFormat.generate "mautrix-discord-config.yaml" cfg.settings; runtimeSettingsFile = "${dataDir}/config.yaml"; in { options = { services.mautrix-discord = { enable = mkEnableOption (mdDoc "Matrix to Discord hybrid puppeting/relaybot bridge"); package = mkOption { type = types.package; default = pkgs.mautrix-discord; defaultText = literalExpression "pkgs.mautrix-discord"; description = mdDoc '' The mautrix-discord package to use. ''; }; settings = mkOption rec { apply = recursiveUpdate default; inherit (settingsFormat) type; default = { homeserver = { software = "standard"; }; appservice = rec { database = { type = "sqlite3"; uri = "file:${dataDir}/mautrix-discord.db"; }; port = 8080; address = "http://localhost:${toString port}"; }; bridge = { permissions."*" = "relay"; double_puppet_server_map = {}; login_shared_secret_map = {}; }; logging = { directory = ""; file_name_format = ""; # Disable file logging file_date_format = "2006-01-02"; file_mode = 384; timestamp_format = "Jan _2, 2006 15:04:05"; print_level = "warn"; print_json = false; file_json = false; }; }; description = mdDoc '' Bridge configuration as a Nix attribute set. Configuration options should match those described in [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml). ''; }; serviceDependencies = mkOption { type = with types; listOf str; default = optional config.services.matrix-synapse.enable "matrix-synapse.service"; defaultText = literalExpression '' optional config.services.matrix-synapse.enable "matrix-synapse.service" ''; description = mdDoc '' List of Systemd services to require and wait for when starting the application service. ''; }; }; }; config = mkIf cfg.enable { systemd.services.mautrix-discord = { description = "Matrix to Discord hybrid puppeting/relaybot bridge"; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ] ++ cfg.serviceDependencies; after = [ "network-online.target" ] ++ cfg.serviceDependencies; preStart = '' # Generate the appservice's registration file if absent if [ ! -f '${registrationFile}' ]; then ${cfg.package}/bin/mautrix-discord \ --config '${settingsFile}' \ --registration '${registrationFile}' \ --generate-registration fi old_umask=$(umask) umask 0177 # Extract the AS and HS tokens from the registration and add them to the settings file ${pkgs.yq}/bin/yq -y ".appservice.as_token = $(${pkgs.yq}/bin/yq .as_token ${registrationFile}) | .appservice.hs_token = $(${pkgs.yq}/bin/yq .hs_token ${registrationFile})" ${settingsFile} > ${runtimeSettingsFile} umask $old_umask ''; serviceConfig = { Type = "simple"; Restart = "always"; ProtectSystem = "strict"; ProtectHome = true; ProtectKernelTunables = true; ProtectKernelModules = true; ProtectControlGroups = true; DynamicUser = true; PrivateTmp = true; WorkingDirectory = cfg.package; StateDirectory = baseNameOf dataDir; UMask = "0027"; ExecStart = '' ${cfg.package}/bin/mautrix-discord \ --config ${runtimeSettingsFile} \ --no-update ''; }; }; }; meta.maintainers = with maintainers; [ robin ]; }
Heisenbridge
Heisenbridge is a Matrix app-service designed to be used as a single-user "bouncer" style IRC client rather than a "room mirror" like matrix-appservice-irc.
It's primarily operated via chat commands. I'm basically trusting the nixpkgs configuration.
nix source: :tangle ~/arroyo-nix/nixos/heisenbridge.nix{ ... }: { services.matrix-synapse.settings.app_service_config_files = ["/var/lib/heisenbridge/registration.yml"]; users.users.matrix-synapse.extraGroups = ["heisenbridge"]; # to access registration file services.heisenbridge = { enable = true; debug = true; homeserver = "http://localhost:8008"; owner = "@rrix:kickass.systems"; }; }
Synapse Prometheus Recording Rules
nix source: :tangle ~/arroyo-nix/nixos/matrix-prometheus.nix{ ... }: { services.prometheus.ruleFiles = [ <arroyo/files/synapse.rules> ]; }
yaml source: :tangle ~/arroyo-nix/files/synapse.rulesgroups: - name: synapse_federation_transaction_queue_pendingEdus:total rules: - record: synapse_federation_transaction_queue_pendingEdus:total expr: sum(synapse_federation_transaction_queue_pendingEdus or absent(synapse_federation_transaction_queue_pendingEdus)*0) - name: synapse_federation_transaction_queue_pendingPdus:total rules: - record: synapse_federation_transaction_queue_pendingPdus:total expr: sum(synapse_federation_transaction_queue_pendingPdus or absent(synapse_federation_transaction_queue_pendingPdus)*0) - name: synapse_http_server_requests:methodservlet rules: - record: synapse_http_server_requests:method expr: sum(synapse_http_server_requests) by (method) labels: servlet: "" - name: synapse_http_server_requests:servletmethod rules: - record: synapse_http_server_requests:servlet expr: sum(synapse_http_server_requests) by (servlet) labels: method: "" - name: synapse_http_server_requests:totalservlet rules: - record: synapse_http_server_requests:total expr: sum(synapse_http_server_requests:by_method) by (servlet) labels: servlet: "" - name: synapse_cache:hit_ratio_5m rules: - record: synapse_cache:hit_ratio_5m expr: rate(synapse_util_caches_cache:hits[5m]) / rate(synapse_util_caches_cache:total[5m]) - name: synapse_cache:hit_ratio_30s rules: - record: synapse_cache:hit_ratio_30s expr: rate(synapse_util_caches_cache:hits[30s]) / rate(synapse_util_caches_cache:total[30s]) - name: synapse_federation_client_senttypeEDU rules: - record: synapse_federation_client_sent expr: synapse_federation_client_sent_edus + 0 labels: type: EDU - name: synapse_federation_client_senttypePDU rules: - record: synapse_federation_client_sent expr: synapse_federation_client_sent_pdu_destinations:count + 0 labels: type: PDU - name: synapse_federation_client_senttypeQuery rules: - record: synapse_federation_client_sent expr: sum(synapse_federation_client_sent_queries) by (job) labels: type: Query - name: synapse_federation_server_receivedtypeEDU rules: - record: synapse_federation_server_received expr: synapse_federation_server_received_edus + 0 labels: type: EDU - name: synapse_federation_server_receivedtypePDU rules: - record: synapse_federation_server_received expr: synapse_federation_server_received_pdus + 0 labels: type: PDU - name: synapse_federation_server_receivedtypeQuery rules: - record: synapse_federation_server_received expr: sum(synapse_federation_server_received_queries) by (job) labels: type: Query - name: synapse_federation_transaction_queue_pendingtypeEDU rules: - record: synapse_federation_transaction_queue_pending expr: synapse_federation_transaction_queue_pending_edus + 0 labels: type: EDU - name: synapse_federation_transaction_queue_pendingtypePDU rules: - record: synapse_federation_transaction_queue_pending expr: synapse_federation_transaction_queue_pending_pdus + 0 labels: type: PDU
NEXT mautrix-signal
NEXT matrix-dimension
NEXT mx-puppet-slack
NEXT validate database setup
NEXT evaluate mautrix services?
NEXT evaluate matrix-homeserver
https://github.com/queezle42/matrix-homeserver
This seems nice maybe