diff --git a/hosts/org/configuration.nix b/hosts/org/configuration.nix index 3d27d26..0f6dd94 100644 --- a/hosts/org/configuration.nix +++ b/hosts/org/configuration.nix @@ -14,6 +14,7 @@ ./webpass.nix ./nginx.nix ./dokuwiki.nix + ./matterbridge.nix ]; networking.hostName = "hackens-org"; # Define your hostname. @@ -21,7 +22,7 @@ # dokuwiki overlay nixpkgs.overlays = [ (self: super: { - dokuwiki = self.pkgs.callPackage ../../shared/dokuwiki.nix {}; + dokuwiki = self.pkgs.callPackage ../../shared/dokuwiki.nix { }; }) ]; diff --git a/hosts/org/matterbridge.nix b/hosts/org/matterbridge.nix new file mode 100644 index 0000000..b4e9237 --- /dev/null +++ b/hosts/org/matterbridge.nix @@ -0,0 +1,56 @@ +{ pkgs, lib, config, ... }: +let + port = 52187; + configFile = pkgs.writeText "metterbridge.toml" '' + [irc] + [irc.ulminfo] + Server="ulminfo.fr:6697" # Ou ens.wtf tu choisis. + Nick="roBOT" + UseTLS=true + Charset="utf8" + PrefixMessagesWithNick=true + RemoteNickFormat="<{NICK}> " + + [mattermost] + [mattermost.merle] + WebhookBindAddress="0.0.0.0:${builtins.toString port}" + PrefixMessagesWithNick=false + RemoteNickFormat="{NICK}" + + [[gateway]] + name="hackens" + enable=true + [[gateway.inout]] + account="irc.ulminfo" + channel="#hackens" + [[gateway.inout]] + account="mattermost.merle" + channel="town-square" + ''; +in +{ + systemd.services.matterbridge = { + description = "Matterbridge chat platform bridge"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + script = '' + ${pkgs.matterbridge}/bin/matterbridge -conf ${configFile} + ''; + + + serviceConfig = { + User = "matterbridge"; + Group = "matterbridge"; + Restart = "always"; + RestartSec = "10"; + EnvironmentFile = config.age.secrets."matterbridge-env".path; + }; + }; + users.users.matterbridge = { + isSystemUser = true; + group = "matterbridge"; + + }; + users.groups.matterbridge = { }; + networking.firewall.allowedTCPPorts = [ port ]; +} diff --git a/secrets/default.nix b/secrets/default.nix index e091eea..9853933 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,4 +1,11 @@ { ... }: { imports = [ ]; - age.secrets."wikiOpenID".file = ./wiki-openID.age; + age.secrets."wikiOpenID" = { + file = ./wiki-openID.age; + owner = "dokuwiki"; + }; + age.secrets."matterbridge-env" = { + file = ./matterbridge-env.age; + owner = "matterbridge"; + }; } diff --git a/secrets/matterbridge-env.age b/secrets/matterbridge-env.age new file mode 100644 index 0000000..58099a6 --- /dev/null +++ b/secrets/matterbridge-env.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-ed25519 JGx7Ng udxfs+mQbihD5fPzAn5ni8YEJVZpy4WWsJD6lCtRC1A +KZ5YX6e6z8SWnlDlx8vA4w0YUqtzBoYwInFKuqZz7d4 +-> ssh-ed25519 kXobKQ A6vHdLfZyEBJgYx41cinKBs0x0TaP331o5RMiARyeUw +BneTkDar5nxv6oZ9sCtIlrknPCNTN+/+/PF0IL+Sd48 +-> ssh-ed25519 7hZk0g Zb6uedun2Z3ZKxFefDyPbro7hiBf9I0MBT4JqBNVKVQ +iowidJUNNg/i8PJzr2QaQ1CtiGuhqLiMEgAZOnNhOpg +-> ssh-rsa krWCLQ +YTtOm6+MDPBNKQRhBZfhNqJV1qLJ5UDV5UdBnU0NzQz6k0IB2wowKcbgsmeoTPAo +y8Ngqaj73LsttzvBtFEQkGyfx/uN5YheUjyzpRvKSgYFAhz1MfRnJNMDSpcSQSrm +6zLZz0YP6DUPxolVhbmOMdTdcfFZj99RFDQXhuKnsKYRVm9sL5j3ucf/Ekk9PDoD +d6qvsE8Coujxhcraf80w/USnBtB1hHJWqJe+iljuZ6xXr+Piuc3Rm289NHiB5x+3 +56pvcQO6NAy4IvDnWD2KfOIgF4LNAVKNnZzUyBLYK+31N3Xq/FKZ1sreN9dy7F5Z +E6Lnak3W3E9/O3R8n7p9CA +-> ssh-ed25519 /vwQcQ d9HHwpCJKqUkEkJxcX4/diGPuopw0htz0FSdy6nJoQQ +Zrh2lQSPiFZi4aSum8PvgbY4hgSaFZGxDsjCTVkLcy8 +-> ssh-ed25519 0R97PA E3p80voKVJhW+lJa9BbYnmzYlCMlYdMZh9BJbwy2a0A +0FiTmlnAKlBD1/tTz1KeVgCbJ6BjEQhgdYRnnsdw9NQ +-> ssh-ed25519 cvTB5g rqR6oJ+SD2P8cE9Rv5y44OilufgL8TJ/wZVQDbzyAwU +SPF2XWcwsmq93RCBysKXejLUDdRtsDEI7NgueV4DmeQ +-> ssh-ed25519 Wu8JLQ pbLcWS1CB6FjR5bD/jcTC8yJAOEldPgI5tG2eYF0Onc +ghsz3bkN8vQplNXBCgRFq2lpbqs0DGeIF8IdlI93j8g +-> ssh-ed25519 EIt1vA lSqRBaPgoG8n67bNIsHFu1RK5RlXWZBPkC15L2dprEw ++jtJKYpFf9O9YJFx4y/JQ2kAEj0GP8PsPtn6gg80OMw +-> ssh-ed25519 X51wxg YyH0+riDtUnbeuwLE6tZyvg1WvenA7hHP2Yo5ULiRmg +QvwlfQd6VFZS/3VSbud/ApzkmjGtx2bzVWyQRMPOGeA +-> 4l{!l\L-grease {6Ig( Vc~QhIg \Q:# +mRy+uiK5/EjovQZu32MubNOIg/GHh0ixYiuA7DOt+enUvwGe5ABo2JAKlZUpbHD3 +gkvFvQSHMj94zoHmK7a7pnp73QZ5uwtqUuPpm3xclXIZFDkWJQ +--- dqYRV0DCgBAI4LSzwaka+j17Ov0J27IQLQzxEcygRZA + +YU\ÔÓû ÷8ÔÍ•/»à´0FS” +“΂xøëÝMZµfŒúY~C`迳$7ÌdÇšÊä7ŠBÀ÷Øž¤ÀkF~w®ÞX \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index df3cc0b..f9c06e8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,14 @@ let lib = (import { }).lib; - readPubkeys = user: + readpubkeys = user: builtins.filter (k: k != "") - (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys"))); -in { - "wiki-openID.age".publicKeys = (readPubkeys "sinavir") - ++ (readPubkeys "hackens-host") ++ (readPubkeys "raito") - ++ (readPubkeys "gdd") ++ (readPubkeys "backslash"); + (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys"))); +in +{ + "wiki-openid.age".publicKeys = (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); + "matterbridge-env.age".publicKeys = (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); }