16 KiB
Matrix Synapse
- Synapse on NixOS
- CANCELLED mx-puppet-discord
mautrix-discord
- Heisenbridge
- Synapse Prometheus Recording Rules
- NEXT mautrix-signal
- NEXT matrix-dimension
- NEXT mx-puppet-slack
- NEXT validate database setup
- NEXT evaluate mautrix services?
- NEXT evaluate matrix-homeserver
I've been in the Matrix.org Ecosystem for a while and use some bridging software to roam:Illegally integrate other chat networks in to a single client which syncs between my phone and desktops and etc.
Synapse on NixOS
This is an Arroyo NixOS module used in My Wobserver Configuration.
{ ... }:
let useSSL = false; # for VM testing... should make this an option...
clientConfig."m.homeserver".base_url = "https://matrix.fontkeming.fail/";
serverConfig."m.server" = "matrix.fontkeming.fail:443";
mkWellKnown = data: ''
#
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
imports = [
./mautrix-discord-svc.nix
./matrix-puppet-discord.nix
./heisenbridge.nix
./matrix-prometheus.nix
];
services.postgresql.ensureDatabases = ["matrix-synapse"];
services.postgresql.ensureUsers = [
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE synapse" = "ALL PRIVILEGES";
};
}
];
users.users.matrix-synapse = {
isSystemUser = true;
createHome = true;
home = "/srv/matrix-synapse";
group = "matrix-synapse";
};
services.nginx.virtualHosts."matrix.fontkeming.fail" = {
listen = [
{ addr = "0.0.0.0"; port = 8448; }
{ addr = "0.0.0.0"; port = 80; }
];
forceSSL = useSSL;
locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
locations."/_matrix".extraConfig = ''
client_max_body_size 16m;
access_log off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_connect_timeout 600s;
proxy_read_timeout 600s;
'';
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
services.matrix-synapse = {
enable = true;
dataDir = "/srv/matrix-synapse";
settings = {
server_name = "kickass.systems";
public_baseurl = "https://matrix.fontkeming.fail";
enable_registration = false;
enable_metrics = true;
report_stats = true;
url_preview_enabled = true;
database.name = "psycopg2";
database.args.user = "matrix-synapse";
database.args.database = "synapse";
# god damnit ensureDatabases gives me a utf8
database.allow_unsafe_locale = true;
secondary_directory_servers = [
"matrix.org"
"cybre.space"
];
retention = {
default_policy = {
min_lifetime = "1d";
max_lifetime = "26w";
};
allowed_liftetime_min = "1d";
allowed_liftetime_max = "1y";
};
caches = {
sync_response_cache_duration = "60m";
cache_autotuning.max_cache_memory_usage = "2048M";
cache_autotuning.target_cache_memory_usage = "1024M";
cache_autotuning.min_cache_ttl = "15m";
};
presence.enabled = false;
thumbnail_sizes = [
{ width = 24;
height = 24;
method = "crop"; }
{ width = 32;
height = 32;
method = "crop"; }
{ width = 96;
height = 96;
method = "crop"; }
{ width = 320;
height = 240;
method = "scale"; }
{ width = 640;
height = 480;
method = "scale"; }
{ width = 800;
height = 600;
method = "scale"; }
];
listeners = [
{ bind_addresses = [ "127.0.0.1" ] ;
port = 8008;
resources = [
{ compress = true;
names = [ "client" "metrics" ]; }
{ compress = false;
names = [ "federation" ]; } ];
tls = false;
type = "http";
x_forwarded = true;
}
];
};
};
}
CANCELLED mx-puppet-discord
- State "CANCELLED" from [2024-01-11 Thu 16:15]
mx-puppet-discord
allows a savvy Discord user to log in to their discord guilds and chat in them through a Matrix client. Definitely don't do a crimes with it, I'm sure I'll be banned for this indiscretion some day but this bridging is the core value proposition of Matrix for me.
It's primarily operated via chat commands. I am mostly trusting the default nixpkgs configuration.
One thing I had to do to make this configuration work is to manually move that app_service_config_file
from /var/lib/mx-puppet-discord/discord-registration.yaml
. Since it's written by a DynamicUser">SystemD DynamicUser
, it's not clear to me how to write this file with a group ID that Synapse shares..
This isn't used any more, see below.
{ options, ... }:
{
services.mx-puppet-discord.enable = false;
# services.matrix-synapse.extraConfig = ''
# '';
# services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"];
# services.mx-puppet-discord.settings = {
# bridge = {
# port = 8091;
# bindAddress = "0.0.0.0";
# domain = "kickass.systems";
# homeserverUrl = "http://127.0.0.1:8008";
# };
# provisioning.whitelist = ["@rrix:kickass\\.systems"];
# };
}
mautrix-discord
i'm using a different matrix-discord bridge now, the same one the beeper folks use. Still have to do the song-and-dance moving the registration file out of the private /var/lib
state directory, but that's fine. Deploy this once, it'll fail to start but it'll write the /var/lib/mautrix-discord/discord-registration.yaml
file which you'll just cp /var/lib/mautrix-discord/discord-registration.yaml /var/lib/matrix-synapse/or/whatever/discord-registration.yaml
and make sure it makes the location below, and deploy again! Then just start a chat with @discordbot:example.com
and set up the bridge.
{ options, ... }:
{
services.mx-puppet-discord.enable = false;
services.mautrix-discord.enable = true;
services.mautrix-discord.settings = options.services.mautrix-discord.settings.default // {
homeserver.address = "http://localhost:8008";
homeserver.domain = "kickass.systems";
bridge.delivery_receipts = true;
bridge.federate_rooms = false;
bridge.permissions."*" = "relay";
bridge.permissions."kickass.systems" = "user";
bridge.permissions."@rrix:kickass.systems" = "admin";
};
services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"];
}
This NixOS Module
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.mautrix-discord;
dataDir = "/var/lib/mautrix-discord";
registrationFile = "${dataDir}/discord-registration.yaml";
settingsFormat = pkgs.formats.yaml { };
settingsFile = settingsFormat.generate "mautrix-discord-config.yaml" cfg.settings;
runtimeSettingsFile = "${dataDir}/config.yaml";
in {
options = {
services.mautrix-discord = {
enable = mkEnableOption (mdDoc "Matrix to Discord hybrid puppeting/relaybot bridge");
package = mkOption {
type = types.package;
default = pkgs.mautrix-discord;
defaultText = literalExpression "pkgs.mautrix-discord";
description = mdDoc ''
The mautrix-discord package to use.
'';
};
settings = mkOption rec {
apply = recursiveUpdate default;
inherit (settingsFormat) type;
default = {
homeserver = {
software = "standard";
};
appservice = rec {
database = {
type = "sqlite3";
uri = "file:${dataDir}/mautrix-discord.db";
};
port = 8080;
address = "http://localhost:${toString port}";
};
bridge = {
permissions."*" = "relay";
double_puppet_server_map = {};
login_shared_secret_map = {};
};
logging = {
directory = "";
file_name_format = ""; # Disable file logging
file_date_format = "2006-01-02";
file_mode = 384;
timestamp_format = "Jan _2, 2006 15:04:05";
print_level = "warn";
print_json = false;
file_json = false;
};
};
description = mdDoc ''
Bridge configuration as a Nix attribute set.
Configuration options should match those described in
[example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml).
'';
};
serviceDependencies = mkOption {
type = with types; listOf str;
default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
defaultText = literalExpression ''
optional config.services.matrix-synapse.enable "matrix-synapse.service"
'';
description = mdDoc ''
List of Systemd services to require and wait for when starting the application service.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.mautrix-discord = {
description = "Matrix to Discord hybrid puppeting/relaybot bridge";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
preStart = ''
# Generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${cfg.package}/bin/mautrix-discord \
--config '${settingsFile}' \
--registration '${registrationFile}' \
--generate-registration
fi
old_umask=$(umask)
umask 0177
# Extract the AS and HS tokens from the registration and add them to the settings file
${pkgs.yq}/bin/yq -y ".appservice.as_token = $(${pkgs.yq}/bin/yq .as_token ${registrationFile}) | .appservice.hs_token = $(${pkgs.yq}/bin/yq .hs_token ${registrationFile})" ${settingsFile} > ${runtimeSettingsFile}
umask $old_umask
'';
serviceConfig = {
Type = "simple";
Restart = "always";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
DynamicUser = true;
PrivateTmp = true;
WorkingDirectory = cfg.package;
StateDirectory = baseNameOf dataDir;
UMask = "0027";
ExecStart = ''
${cfg.package}/bin/mautrix-discord \
--config ${runtimeSettingsFile} \
--no-update
'';
};
};
};
meta.maintainers = with maintainers; [ robin ];
}
Heisenbridge
Heisenbridge is a Matrix app-service designed to be used as a single-user "bouncer" style IRC client rather than a "room mirror" like matrix-appservice-irc
.
It's primarily operated via chat commands. I'm basically trusting the nixpkgs configuration.
{ ... }:
{
services.matrix-synapse.settings.app_service_config_files = ["/var/lib/heisenbridge/registration.yml"];
users.users.matrix-synapse.extraGroups = ["heisenbridge"]; # to access registration file
services.heisenbridge = {
enable = true;
debug = true;
homeserver = "http://localhost:8008";
owner = "@rrix:kickass.systems";
};
}
Synapse Prometheus Recording Rules
{ ... }:
{
services.prometheus.ruleFiles = [
<arroyo/files/synapse.rules>
];
}
groups:
- name: synapse_federation_transaction_queue_pendingEdus:total
rules:
- record: synapse_federation_transaction_queue_pendingEdus:total
expr: sum(synapse_federation_transaction_queue_pendingEdus or absent(synapse_federation_transaction_queue_pendingEdus)*0)
- name: synapse_federation_transaction_queue_pendingPdus:total
rules:
- record: synapse_federation_transaction_queue_pendingPdus:total
expr: sum(synapse_federation_transaction_queue_pendingPdus or absent(synapse_federation_transaction_queue_pendingPdus)*0)
- name: synapse_http_server_requests:methodservlet
rules:
- record: synapse_http_server_requests:method
expr: sum(synapse_http_server_requests) by (method)
labels:
servlet: ""
- name: synapse_http_server_requests:servletmethod
rules:
- record: synapse_http_server_requests:servlet
expr: sum(synapse_http_server_requests) by (servlet)
labels:
method: ""
- name: synapse_http_server_requests:totalservlet
rules:
- record: synapse_http_server_requests:total
expr: sum(synapse_http_server_requests:by_method) by (servlet)
labels:
servlet: ""
- name: synapse_cache:hit_ratio_5m
rules:
- record: synapse_cache:hit_ratio_5m
expr: rate(synapse_util_caches_cache:hits[5m]) / rate(synapse_util_caches_cache:total[5m])
- name: synapse_cache:hit_ratio_30s
rules:
- record: synapse_cache:hit_ratio_30s
expr: rate(synapse_util_caches_cache:hits[30s]) / rate(synapse_util_caches_cache:total[30s])
- name: synapse_federation_client_senttypeEDU
rules:
- record: synapse_federation_client_sent
expr: synapse_federation_client_sent_edus + 0
labels:
type: EDU
- name: synapse_federation_client_senttypePDU
rules:
- record: synapse_federation_client_sent
expr: synapse_federation_client_sent_pdu_destinations:count + 0
labels:
type: PDU
- name: synapse_federation_client_senttypeQuery
rules:
- record: synapse_federation_client_sent
expr: sum(synapse_federation_client_sent_queries) by (job)
labels:
type: Query
- name: synapse_federation_server_receivedtypeEDU
rules:
- record: synapse_federation_server_received
expr: synapse_federation_server_received_edus + 0
labels:
type: EDU
- name: synapse_federation_server_receivedtypePDU
rules:
- record: synapse_federation_server_received
expr: synapse_federation_server_received_pdus + 0
labels:
type: PDU
- name: synapse_federation_server_receivedtypeQuery
rules:
- record: synapse_federation_server_received
expr: sum(synapse_federation_server_received_queries) by (job)
labels:
type: Query
- name: synapse_federation_transaction_queue_pendingtypeEDU
rules:
- record: synapse_federation_transaction_queue_pending
expr: synapse_federation_transaction_queue_pending_edus + 0
labels:
type: EDU
- name: synapse_federation_transaction_queue_pendingtypePDU
rules:
- record: synapse_federation_transaction_queue_pending
expr: synapse_federation_transaction_queue_pending_pdus + 0
labels:
type: PDU
NEXT mautrix-signal
NEXT matrix-dimension
NEXT mx-puppet-slack
NEXT validate database setup
NEXT evaluate mautrix services?
NEXT evaluate matrix-homeserver
https://github.com/queezle42/matrix-homeserver
This seems nice maybe