movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-09 12:05:50 +03:00
Code Activity

nixos/matrix-appservice-irc: media proxying support

Browse source 
Adds required options for serving authenticated media and the key
generation logic.
This commit is contained in:
Martin Weinelt 2024-09-04 20:35:02 +02:00
parent e80cd707c4
commit d3df411913
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 46 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

35
nixos/modules/services/matrix/appservice-irc.nix
View file

@ -137,6 +137,37 @@ in {
type = submodule { freeformType = jsonType; }; type = submodule { freeformType = jsonType; };
description = "IRC servers to connect to"; description = "IRC servers to connect to";
}; };
mediaProxy = {
signingKeyPath = lib.mkOption {
type = path;
default = "/var/lib/matrix-appservice-irc/media-signingkey.jwk";
description = ''
Path to the signing key file for authenticated media.
'';
};
ttlSeconds = lib.mkOption {
type = ints.positive;
default = 3600;
description = ''
Lifetime in seconds, that generated URLs stay valid.
'';
};
bindPort = lib.mkOption {
type = port;
default = 11111;
description = ''
Port that the media proxy binds to.
'';
};
publicUrl = lib.mkOption {
type = str;
example = "https://matrix.example.com/media";
description = ''
URL under which the media proxy is publicly acccessible.
'';
};
};
}; };
}; };
}; };
@ -144,6 +175,7 @@ in {
}; };
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.matrix-appservice-irc = { systemd.services.matrix-appservice-irc = {
description = "Matrix-IRC bridge"; description = "Matrix-IRC bridge";
@ -181,6 +213,9 @@ in {
sed -i "s/^hs_token:.*$/$hs_token/g" ${registrationFile} sed -i "s/^hs_token:.*$/$hs_token/g" ${registrationFile}
sed -i "s/^as_token:.*$/$as_token/g" ${registrationFile} sed -i "s/^as_token:.*$/$as_token/g" ${registrationFile}
fi fi
if ! [ -f "${cfg.settings.ircService.mediaProxy.signingKeyPath}"]; then
${lib.getExe pkgs.nodejs} ${pkg}/lib/generate-signing-key.js > "${cfg.settings.ircService.mediaProxy.signingKeyPath}"
fi
# Allow synapse access to the registration # Allow synapse access to the registration
if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then
chgrp matrix-synapse ${registrationFile} chgrp matrix-synapse ${registrationFile}

17
nixos/tests/matrix/appservice-irc.nix
View file

@ -75,13 +75,16 @@ import ../make-test-python.nix ({ pkgs, ... }:
homeserver.url = homeserverUrl; homeserver.url = homeserverUrl;
homeserver.domain = "homeserver"; homeserver.domain = "homeserver";
ircService.servers."ircd" = { ircService = {
name = "IRCd"; servers."ircd" = {
port = 6667; name = "IRCd";
dynamicChannels = { port = 6667;
enabled = true; dynamicChannels = {
aliasTemplate = "#irc_$CHANNEL"; enabled = true;
aliasTemplate = "#irc_$CHANNEL";
};
}; };
mediaProxy.publicUrl = "http://localhost:11111/media";
}; };
}; };
}; };
@ -203,6 +206,8 @@ import ../make-test-python.nix ({ pkgs, ... }:
with subtest("start the appservice"): with subtest("start the appservice"):
appservice.wait_for_unit("matrix-appservice-irc.service") appservice.wait_for_unit("matrix-appservice-irc.service")
appservice.wait_for_open_port(8009) appservice.wait_for_open_port(8009)
appservice.wait_for_file("/var/lib/matrix-appservice-irc/media-signingkey.jwk")
appservice.wait_for_open_port(11111)
with subtest("copy the registration file"): with subtest("copy the registration file"):
appservice.copy_from_vm("/var/lib/matrix-appservice-irc/registration.yml") appservice.copy_from_vm("/var/lib/matrix-appservice-irc/registration.yml")