diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix index 55a04059abe4..df12998ab156 100644 --- a/nixos/modules/services/matrix/appservice-irc.nix +++ b/nixos/modules/services/matrix/appservice-irc.nix @@ -137,6 +137,37 @@ in { type = submodule { freeformType = jsonType; }; description = "IRC servers to connect to"; }; + + mediaProxy = { + signingKeyPath = lib.mkOption { + type = path; + default = "/var/lib/matrix-appservice-irc/media-signingkey.jwk"; + description = '' + Path to the signing key file for authenticated media. + ''; + }; + ttlSeconds = lib.mkOption { + type = ints.positive; + default = 3600; + description = '' + Lifetime in seconds, that generated URLs stay valid. + ''; + }; + bindPort = lib.mkOption { + type = port; + default = 11111; + description = '' + Port that the media proxy binds to. + ''; + }; + publicUrl = lib.mkOption { + type = str; + example = "https://matrix.example.com/media"; + description = '' + URL under which the media proxy is publicly acccessible. + ''; + }; + }; }; }; }; @@ -144,6 +175,7 @@ in { }; }; }; + config = lib.mkIf cfg.enable { systemd.services.matrix-appservice-irc = { description = "Matrix-IRC bridge"; @@ -181,6 +213,9 @@ in { sed -i "s/^hs_token:.*$/$hs_token/g" ${registrationFile} sed -i "s/^as_token:.*$/$as_token/g" ${registrationFile} fi + if ! [ -f "${cfg.settings.ircService.mediaProxy.signingKeyPath}"]; then + ${lib.getExe pkgs.nodejs} ${pkg}/lib/generate-signing-key.js > "${cfg.settings.ircService.mediaProxy.signingKeyPath}" + fi # Allow synapse access to the registration if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then chgrp matrix-synapse ${registrationFile} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index a00291309b84..44ab2d445841 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -571,7 +571,7 @@ in { mate-wayland = handleTest ./mate-wayland.nix {}; matter-server = handleTest ./matter-server.nix {}; matomo = handleTest ./matomo.nix {}; - matrix-appservice-irc = handleTest ./matrix/appservice-irc.nix {}; + matrix-appservice-irc = runTest ./matrix/appservice-irc.nix; matrix-conduit = handleTest ./matrix/conduit.nix {}; matrix-synapse = handleTest ./matrix/synapse.nix {}; matrix-synapse-workers = handleTest ./matrix/synapse-workers.nix {}; diff --git a/nixos/tests/matrix/appservice-irc.nix b/nixos/tests/matrix/appservice-irc.nix index 78c53024ca6c..2c556ec37fc5 100644 --- a/nixos/tests/matrix/appservice-irc.nix +++ b/nixos/tests/matrix/appservice-irc.nix @@ -1,4 +1,4 @@ -import ../make-test-python.nix ({ pkgs, ... }: +{ pkgs, ... }: let homeserverUrl = "http://homeserver:8008"; in @@ -9,7 +9,7 @@ import ../make-test-python.nix ({ pkgs, ... }: }; nodes = { - homeserver = { pkgs, ... }: { + homeserver = { # We'll switch to this once the config is copied into place specialisation.running.configuration = { services.matrix-synapse = { @@ -46,7 +46,7 @@ import ../make-test-python.nix ({ pkgs, ... }: }; }; - ircd = { pkgs, ... }: { + ircd = { services.ngircd = { enable = true; config = '' @@ -75,13 +75,16 @@ import ../make-test-python.nix ({ pkgs, ... }: homeserver.url = homeserverUrl; homeserver.domain = "homeserver"; - ircService.servers."ircd" = { - name = "IRCd"; - port = 6667; - dynamicChannels = { - enabled = true; - aliasTemplate = "#irc_$CHANNEL"; + ircService = { + servers."ircd" = { + name = "IRCd"; + port = 6667; + dynamicChannels = { + enabled = true; + aliasTemplate = "#irc_$CHANNEL"; + }; }; + mediaProxy.publicUrl = "http://localhost:11111/media"; }; }; }; @@ -203,6 +206,8 @@ import ../make-test-python.nix ({ pkgs, ... }: with subtest("start the appservice"): appservice.wait_for_unit("matrix-appservice-irc.service") appservice.wait_for_open_port(8009) + appservice.wait_for_file("/var/lib/matrix-appservice-irc/media-signingkey.jwk") + appservice.wait_for_open_port(11111) with subtest("copy the registration file"): appservice.copy_from_vm("/var/lib/matrix-appservice-irc/registration.yml") @@ -222,4 +227,4 @@ import ../make-test-python.nix ({ pkgs, ... }: with subtest("ensure messages can be exchanged"): client.succeed("do_test ${homeserverUrl} >&2") ''; - }) + } diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix index 993fa909b1a8..86be2ddb41f8 100644 --- a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix +++ b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix @@ -13,19 +13,19 @@ let pname = "matrix-appservice-irc"; - version = "2.0.1"; + version = "3.0.0"; src = fetchFromGitHub { owner = "matrix-org"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-ue3fOkrEBRI/NRE+uKFR+NaqP8QvzVVeX3LUh4aZYJA="; + hash = "sha256-ZT8ugev+Tgu47KLuVVo5sFfiGtWLDc6JW5NZvsQ1mA8="; }; yarnOfflineCache = fetchYarnDeps { name = "${pname}-${version}-offline-cache"; yarnLock = "${src}/yarn.lock"; - hash = "sha256-hapEbdjvvzeZHfrpYRW9W3vXkQVNyGZ0qydO34+mQqQ="; + hash = "sha256-13OUcxZOlW1pp4uB1aRmqlzKf6rTgyP/nMnLmksXV3w="; }; in