From 09ad6670ed1afbcaa89fbc25f8cb527a12f5ddd1 Mon Sep 17 00:00:00 2001
From: Julien Marquet <j@recursor.wf>
Date: Wed, 23 Feb 2022 01:42:26 +0100
Subject: [PATCH] feat: Matterbridge
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

je suis fatigué
---
 machines/core-services-01/configuration.nix   |  1 +
 machines/core-services-01/matterbridge.nix    | 50 +++++++++++++++++++
 machines/core-services-01/matterbridge.toml   | 23 +++++++++
 machines/core-services-01/secrets/default.nix |  1 +
 .../core-services-01/secrets/matterbridge.age | 28 +++++++++++
 machines/core-services-01/secrets/secrets.nix |  1 +
 6 files changed, 104 insertions(+)
 create mode 100644 machines/core-services-01/matterbridge.nix
 create mode 100644 machines/core-services-01/matterbridge.toml
 create mode 100644 machines/core-services-01/secrets/matterbridge.age

diff --git a/machines/core-services-01/configuration.nix b/machines/core-services-01/configuration.nix
index ebc4718..5b18334 100644
--- a/machines/core-services-01/configuration.nix
+++ b/machines/core-services-01/configuration.nix
@@ -22,6 +22,7 @@
       ./dex.nix
       ./oauth2_proxy.nix
       ./secrets
+      ./matterbridge.nix
       # TODO push to gitea
       # TODO ./gotify.nix
       # TODO(Raito): ./backups.nix
diff --git a/machines/core-services-01/matterbridge.nix b/machines/core-services-01/matterbridge.nix
new file mode 100644
index 0000000..7eefba1
--- /dev/null
+++ b/machines/core-services-01/matterbridge.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, ... }:
+let
+  manageSecrets = conf: secrets: output: keys:
+    /*
+    `secrets` are in the form "SECRET_1=secret\nSECRET_2=secre"
+    For each name in `keys` we search for a line `$NAME=<secret>`,
+    (`<secret>` is just everything up to the end of the line)
+    and we substitute `$NAME` by `<secret>` in `conf`, and we print
+    the result in `output`.
+    */
+    let
+      check = key: ''
+        if grep ${key} ${secrets} > /dev/null
+        then
+          true
+        else
+          echo "Missing ${key} from secrets"
+          exit 1
+        fi
+        '';
+      get = key: "$(grep '${key}=' ${secrets} | sed 's/^.*=//' | sed -e 's/[\\/&]/\\\\&/g')";
+      checks = pkgs.lib.concatMapStrings check;
+      replaces = pkgs.lib.concatMapStrings (key: "s/${key}/${get key}/;");
+    in pkgs.writeShellScriptBin "preStart" ''
+      ${checks keys}
+      sed "${replaces keys}" ${conf} > ${output}
+      '';
+  startScript = pkgs.writeShellScriptBin "start" ''
+    ${manageSecrets
+          ./matterbridge.toml "$CREDENTIALS_DIRECTORY/secrets" "$RUNTIME_DIRECTORY/conf.toml"
+          [ "SECRET_MATTERMOST_WEBHOOK" ]}/bin/preStart
+    ${pkgs.matterbridge}/bin/matterbridge -conf $RUNTIME_DIRECTORY/conf.toml
+    '';
+in {
+  networking.firewall.allowedTCPPorts = [ 52187 ];
+  systemd.services.matterbridge = {
+    description = "Chat platform bridge";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+
+    serviceConfig = {
+      DynamicUser = true;
+      LoadCredential = "secrets:${config.age.secrets.matterbridge.path}";
+      ExecStart = "${startScript}/bin/start";
+      Restart = "always";
+      RestartSec = "10";
+      RuntimeDirectory = "matterbridge";
+    };
+  };
+}
diff --git a/machines/core-services-01/matterbridge.toml b/machines/core-services-01/matterbridge.toml
new file mode 100644
index 0000000..d4b9ab8
--- /dev/null
+++ b/machines/core-services-01/matterbridge.toml
@@ -0,0 +1,23 @@
+[irc]
+    [irc.ulminfo]
+    Server="ens.wtf:6697"
+    Nick="botte"
+        UseTLS=true
+        Charset="utf8"
+        PrefixMessagesWithNick=true
+        RemoteNickFormat="<{NICK}> "
+[mattermost]
+    [mattermost.merle]
+        WebhookURL="SECRET_MATTERMOST_WEBHOOK"
+        WebhookBindAddress="0.0.0.0:52187"
+        PrefixMessagesWithNick=false
+        RemoteNickFormat="{NICK}"
+[[gateway]]
+name="réseau"
+enable=true
+    [[gateway.inout]]
+    account="irc.ulminfo"
+    channel="#réseau"
+    [[gateway.inout]]
+    account="mattermost.merle"
+    channel="town-square"
diff --git a/machines/core-services-01/secrets/default.nix b/machines/core-services-01/secrets/default.nix
index 3e4cb37..452d42e 100644
--- a/machines/core-services-01/secrets/default.nix
+++ b/machines/core-services-01/secrets/default.nix
@@ -4,4 +4,5 @@
   age.secrets.oauth2ProxyKeyFile.file = ./oauth2ProxyKeyFile.age;
   age.secrets.droneKeyFile.file = ./droneKeyFile.age;
   age.secrets.dexGiteaClientSecret.file = ./dexGiteaClientSecret.age;
+  age.secrets.matterbridge.file = ./matterbridge.age;
 }
diff --git a/machines/core-services-01/secrets/matterbridge.age b/machines/core-services-01/secrets/matterbridge.age
new file mode 100644
index 0000000..1071c43
--- /dev/null
+++ b/machines/core-services-01/secrets/matterbridge.age
@@ -0,0 +1,28 @@
+age-encryption.org/v1
+-> ssh-ed25519 lHr4YQ HJL96EuQl0qWnOeAR2lXroAQmAdlpqcQKseelyfExgA
+xWjYiQmkgz/jOOpWpHPn/3rt7ZJdmP88Gz43E3roa6I
+-> ssh-ed25519 h6AgbA 1GpBA4vLsVOUkX8J5YLQMi3Xfdhv+4u7yG7oI49u5wk
+oWR+SI4hyhbcEXSm0HMwi9JfC31C9eyXnco4LEknOUk
+-> ssh-ed25519 Wu8JLQ ZZB4XicZQfT7H+nKr6QJgJaKXt8QOlMBdNfuOsgtqUI
+sdmNC14ORCJDLcXqWDWwZZ6Eg/oR87unKhDgbdmfWek
+-> ssh-ed25519 cvTB5g 7+tI7ZXsHjInyRYKXh7Ib/GBlAggr+xmXKnbfMSiNjM
+R69O8e2vhIBznrX86Duxc3sYgeiFq0dOdLBvQHeP4F4
+-> ssh-ed25519 /vwQcQ N5wmtMG7kwHRIANNlsjcRDGgkDdBaqUyFAJALXASMRg
+oEU6zPMTi2e05G8TgyAq2iCZCwDDsFN1VZIbFvU4MP4
+-> ssh-ed25519 reTIKw ZqKi1btO33hUfCb4ZCX1h+ful/8safmcPwdBfh0+V3c
++agInPvfpuuQGuStNCX71dSlUJedHc7HjKDZiIh2VNk
+-> ssh-ed25519 85WiGg 8VoK1DXQdNX4bjC42jsZZc3RpAkua1o/zdhI5WkR72Q
+vzvCER9TOE+6NQWmtb/b9yybv7yKM2VMA/cHrsUN8jo
+-> ssh-rsa krWCLQ
+YyOhEu3NJ6JXqSfk1QbLm/HhOS8KFvX0extWp8djBYTx0DaqAFYW6gX8HReQsky4
+5MOVZ7NjkBuWteRD7Xw/H1Y4I0t9ciBP06Yv64TpciHYahE36GUA8kS6eYr9kAP+
+gf1/aExn8CJX1NES6rDgEDNmlBuuLMk611wYT1wwt44MhsATmOAEW35A9tbpuJeh
+Qc/aZX7XzeOkzpO/aYMn/SVREU5fWNdhAgA3vD7MUEAYzB4sS5BaOZ2PBGU/IohL
+MhbdTLA3EE3mfSMCJonNz/lF3qNRkCXFbXvhtvck/OAHnprGRhAbbHJPpqx147hc
+LvbEgEtQe9JM6uaKR0Qy1g
+-> gWo;S~-grease
+q68DoRepcege0soJFgobnMTxzSfPRXge3B5CEiCywztahSXsr3ft/JVSh6KBIJG0
+pMsIk2Q
+--- q1UjUMNNAe9WWCzomMsLxh7s+1USEVZsJNHrLsGVuks
+H9z�z
�ehJ�>#�������فi���
+�L�_c�G�y��CAx�	԰ˆ�:u��e4����C����$V���+4%���&��I���#]�)���V?r�4�wT�a@�4
\ No newline at end of file
diff --git a/machines/core-services-01/secrets/secrets.nix b/machines/core-services-01/secrets/secrets.nix
index 9fa8644..4d09d1e 100644
--- a/machines/core-services-01/secrets/secrets.nix
+++ b/machines/core-services-01/secrets/secrets.nix
@@ -11,5 +11,6 @@ in
     "oauth2ProxyKeyFile.age".publicKeys = superadmins ++ systems;
     "droneKeyFile.age".publicKeys = superadmins ++ systems;
     "dexGiteaClientSecret.age".publicKeys = superadmins ++ systems;
+    "matterbridge.age".publicKeys = superadmins ++ systems;
   }