From d26df1fafa49ed9b271ad7bfdfb4c20227cb39a3 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 18 Jun 2025 03:24:50 +0800 Subject: [PATCH] feat(mattermost): add matterbridge integration to mattermost module --- .../server/web-apps/mattermost/default.nix | 33 +++++++++++++++++++ secrets/secrets.yaml | 6 ++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/modules/nixos/server/web-apps/mattermost/default.nix b/modules/nixos/server/web-apps/mattermost/default.nix index e695440..5467f5f 100644 --- a/modules/nixos/server/web-apps/mattermost/default.nix +++ b/modules/nixos/server/web-apps/mattermost/default.nix @@ -21,6 +21,7 @@ mkWebApp { (mkDir cfg.dataDir) ]; extraOptions = { + teamName = mkStrOption; configDir = mkStrOption // { default = "/etc/mattermost"; }; @@ -49,6 +50,38 @@ mkWebApp { host = "0.0.0.0"; siteUrl = "https://${cfg.domain}"; }; + services.matterbridge = { + enable = true; + inherit (upstreamCfg) user group; + configPath = config.sops.templates."matterbridge-conf".path; + }; + sops.secrets."matterbridge/mattermost-password" = { }; + sops.templates."matterbridge-conf" = { + owner = upstreamCfg.user; + content = # toml + '' + [[gateway]] + name="gateway1" + enable=true + + [[gateway.inout]] + account="mattermost.${config.hostname}" + channel="matterbridge" + + [mattermost.${config.hostname}] + Server="${cfg.domain}" + Team="${cfg.teamName}" + Login="matterbridge" + Password="${config.sops.placeholder."matterbridge/mattermost-password"}" + RemoteNickFormat="[{PROTOCOL}] <{NICK}> " + PrefixMessagesWithNick=true + PreserveThreading=true + ''; + }; + services.nginx.virtualHosts.${cfg.domain}.locations."~ /api/v[0-9]+/(users/)?websocket$" = { + proxyPass = "http://${config.hostname}:${toString cfg.port}"; + proxyWebsockets = true; + }; services.postgresql = { ensureDatabases = singleton upstreamCfg.database.name; ensureUsers = singleton { diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 59f8da2..7854d39 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -17,6 +17,8 @@ librechat: creds_iv: ENC[AES256_GCM,data:fbBD9RsuEHwDETwiYtAS9kBxgTy6zubrxHWpcuoEsR0=,iv:uZcwIfDPPn4XUf8IZkI29VH9CiKvEOlWuUaWgSjl1Kc=,tag:qbgiQU7bWSFjoGEwoptCpg==,type:str] jwt_secret: ENC[AES256_GCM,data:ZhDNIXrCaRWWfrlPxpBfnmeUluW0z72KGpQv9mGyf1kCCnfx3V2lPMm6QS6biajC+4oPVfgwqcXc4Lvs8OqU9g==,iv:1Ecj8fh+M5kw8cmVD96U6QgE7fNy9cbQV9v2Q305puc=,tag:U1ZglGWdTH1TGfcIIORMHQ==,type:str] jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str] +matterbridge: + mattermost-password: ENC[AES256_GCM,data:sMk4M2gADl1iPA7XEH1/D3sw,iv:YnTYTo0NVJVLtS/uhaodoCuyDqJf6IKCojKFljKSFCE=,tag:8vEK0RyxopiPUcML6hwqpg==,type:str] sops: age: - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6 @@ -28,7 +30,7 @@ sops: WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-17T02:15:21Z" - mac: ENC[AES256_GCM,data:rFjFrXeRo5sMGQBR1UjLhJOGs0K/GVhKjhrbnyDq5JiUZRKnDns5JJfhBTwCZXcFXg8shDgj6P+vox+4Tl8PhadWV+s9OZVulvGGahZF39Msb7au7p+S77xVFw35QSB/d9LLEncO2WRyIm8tds18eJ8z3PBvGoad3DGcuLkYdlU=,iv:lUItY1Drr2e1rWLUw8JwdA42UVF1KZL+YMXZRSBIWtU=,tag:esr6v/lkHPcSkY/CP4g88Q==,type:str] + lastmodified: "2025-06-17T19:11:07Z" + mac: ENC[AES256_GCM,data:EVDPzk2P284ULwMx/hCQeP4eehIiqx5OxhNDc17KhjRv19iPUjzhX7/SQy+r34ZfiKSFnB2W3zmhl6JtGqme10v4xZDT+D5wBLrYU7h4ylht65iDo0Eaw38TNLXPNqfNlKWqTcpgvMpez26CdL/7v3bUKU0aLYX0HkVxl2CQt5g=,iv:gujsDVgpH7RajOliQxL7Unkm24Xqp7BEeYtUMyXq2oc=,tag:KdKXPJ4cF2myFe4vJ1/YnQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2