1 files changed, 194 insertions, 0 deletions

diff --git a/modules/matrix/mautrix-slack.nix b/modules/matrix/mautrix-slack.nix
new file mode 100644
index 0000000..d0324a1
--- /dev/null
+++ b/modules/matrix/mautrix-slack.nix
@@ -0,0 +1,194 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.mautrix-slack;
+  dataDir = "/var/lib/mautrix-slack";
+  registrationFile = "${dataDir}/slack-registration.yaml";
+  settingsFormat = pkgs.formats.json { };
+  settingsFile = settingsFormat.generate "mautrix-slack-config.json" cfg.settings;
+in
+{
+  options = {
+    services.mautrix-slack = {
+      enable = mkEnableOption (lib.mdDoc "Mautrix-Slack, a Matrix-Slack hybrid puppeting/relaybot bridge");
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.callPackage ./pkgs/mautrix-slack.nix { };
+        defaultText = "pkgs.mautrix-slack";
+        example = "pkgs.mautrix-slack.override { … = …; }";
+        description = lib.mdDoc ''
+          Package of the application to run, exposed for overriding purposes.
+        '';
+      };
+
+      settings = mkOption rec {
+        apply = recursiveUpdate default;
+        type = settingsFormat.type;
+        default = {
+          homeserver = {
+            software = "standard";
+          };
+
+          appservice = rec {
+            address = "http://${hostname}:${toString port}";
+            hostname = "localhost";
+            port = 29319;
+
+            database = {
+              type = "postgres";
+              uri = "postgres:///mautrix-slack?host=/run/postgresql&sslmode=disable";
+            };
+
+            id = "slack";
+            bot = {
+              username = "slackbot";
+            };
+
+            # backfill = {
+            #   enable = false;
+            #   conversations_count = 200;
+            #   unread_hours_threshold = 720;
+            #   immediate_messages = 10;
+            #   incremental = {
+            #     messages_per_batch = 100;
+            #     post_batch_delay = 20;
+            #     max_messages = {
+            #       channel = -1;
+            #       group_dm = -1;
+            #       dm = -1;
+            #     };
+            #   };
+            # };
+
+            # encryption = {
+            #   allow = false;
+            #   default = false;
+            #   appservice = false;
+            #   require = false;
+            #   allow_key_sharing = false;
+            #   verification_levels = {
+            #     receive = "unverified";
+            #     send = "unverified";
+            #     share = "cross-signed-tofu";
+            #   };
+            #   rotation = {
+            #     enable_custom = false;
+            #     milliseconds = 604800000;
+            #     messages = 100;
+            #   };
+            # };
+
+            # provisioning = {
+            #   prefix = "/_matrix/provision";
+            #   shared_secret = "generate";
+            # };
+          };
+
+          logging = {
+            directory = "/var/log/mautrix";
+            file_name_format = "slack-{{.Date}}-{{.Index}}.log";
+            file_date_format = "2006-01-02";
+            file_mode = 384;
+            timestamp_format = "Jan _2, 2006 15:04:05";
+            print_level = "debug";
+            print_json = false;
+            file_json = false;
+          };
+        };
+      };
+
+      environmentFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = lib.mdDoc ''
+          File containing environment variables to be passed to the mautrix-slack service.
+          Any config variable can be overridden by setting `MAUTRIX_SLACK_SOME_KEY` to override the `some.key` variable.
+        '';
+      };
+
+      configurePostgresql = mkOption {
+        type = types.bool;
+        default = true;
+        description = lib.mdDoc ''
+          Enable PostgreSQL and create a user and database for mautrix-slack. The default `settings` reference this database, if you disable this option you must provide a database URL.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.groups.mautrix-slack = { };
+
+    users.users.mautrix-slack = {
+      group = "mautrix-slack";
+      isSystemUser = true;
+    };
+
+    services.postgresql = mkIf cfg.configurePostgresql {
+      enable = true;
+      ensureDatabases = [ "mautrix-slack" ];
+      ensureUsers = [{
+        name = "mautrix-slack";
+        ensurePermissions = {
+          "DATABASE \"mautrix-slack\"" = "ALL PRIVILEGES";
+        };
+      }];
+    };
+
+    systemd.services.mautrix-slack = rec {
+      wantedBy = [ "multi-user.target" ];
+      wants = [
+        "network-online.target"
+      ] ++ optional config.services.matrix-synapse.enable "matrix-synapse.service"
+      ++ optional cfg.configurePostgresql "postgresql.service";
+      after = wants;
+
+      preStart = ''
+        # generate the appservice's registration file if absent
+        if [ ! -f '${registrationFile}' ]; then
+          ${cfg.package}/bin/mautrix-slack -g -c ${settingsFile} \
+          -r ${registrationFile}
+        fi
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+
+        User = "mautrix-slack";
+
+        NoNewPrivileges = true;
+        MemoryDenyWriteExecute = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectSystem = "strict";
+        ProtectControlGroups = true;
+        RestrictSUIDSGID = true;
+        RestrictRealtime = true;
+        LockPersonality = true;
+        ProtectKernelLogs = true;
+        ProtectKernelTunables = true;
+        ProtectHostname = true;
+        ProtectKernelModules = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        SystemCallArchitectures = "native";
+        SystemCallErrorNumber = "EPERM";
+        SystemCallFilter = "@system-service";
+
+        StateDirectory = baseNameOf dataDir;
+        LogsDirectory = "mautrix";
+        LogsDirectoryMode = "0750";
+        EnvironmentFile = cfg.environmentFile;
+
+        ExecStart = ''
+          ${cfg.package}/bin/mautrix-slack --no-update --config=${settingsFile} --registration=${registrationFile}
+        '';
+      };
+    };
+  };
+}