60 lines
1.6 KiB
Nix
60 lines
1.6 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
inherit (config.networking) ports;
|
|
signalPhoneNumber = "+4915566437153";
|
|
signalUser = "jalr";
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
synapse-turn-shared-secret = {
|
|
owner = "matrix-synapse";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
};
|
|
jalr.matrix = {
|
|
enable = true;
|
|
fqdn = "matrix.jalr.de";
|
|
domain = "jalr.de";
|
|
synapse.port = ports.matrix-synapse.tcp;
|
|
turn = {
|
|
host = "turn.jalr.de";
|
|
sharedSecretFile = config.sops.secrets.synapse-turn-shared-secret.path;
|
|
};
|
|
mautrix-signal = {
|
|
enable = true;
|
|
port = ports.mautrix-signal.tcp;
|
|
settings.bridge = {
|
|
permissions = {
|
|
"@jalr:jalr.de" = "admin";
|
|
"jalr.de" = "user";
|
|
};
|
|
default_bridge_presence = false;
|
|
send_presence_on_typing = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.signal-cli-receive = {
|
|
description = "Run signal-cli to receive messages";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = signalUser;
|
|
CapabilityBoundingSet = null;
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
SystemCallFilter = "@system-service";
|
|
};
|
|
script = "${pkgs.signal-cli}/bin/signal-cli -u ${signalPhoneNumber} receive";
|
|
};
|
|
systemd.timers.signal-cli-receive = {
|
|
description = "Run signal-cli to receive messages";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
Persistent = true;
|
|
OnCalendar = "*-*-* *:00:00";
|
|
Unit = config.systemd.services.signal-cli-receive.name;
|
|
};
|
|
};
|
|
}
|