From 8c05a809d70aeeb6c6e23d405ba693040ad00730 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sun, 16 Jan 2022 21:29:21 -0800 Subject: init the module, README, packages, and other stuff --- README.md | 108 + flake.lock | 77 + flake.nix | 40 + module/as-formats.nix | 160 + module/as-options.nix | 144 + module/default.nix | 182 ++ pkgs/default.nix | 10 + pkgs/mautrix-instagram/default.nix | 77 + pkgs/mautrix-twitter/default.nix | 77 + pkgs/mautrix-wsproxy/default.nix | 34 + pkgs/mx-puppet-groupme/default.nix | 46 + pkgs/mx-puppet-groupme/generate.sh | 16 + pkgs/mx-puppet-groupme/node-composition.nix | 17 + pkgs/mx-puppet-groupme/node-env.nix | 567 ++++ pkgs/mx-puppet-groupme/node-packages.nix | 3342 +++++++++++++++++++++ pkgs/mx-puppet-groupme/package-lock.json | 2527 ++++++++++++++++ pkgs/mx-puppet-groupme/package.json | 24 + pkgs/mx-puppet-slack/default.nix | 59 + pkgs/mx-puppet-slack/generate.sh | 24 + pkgs/mx-puppet-slack/node-composition.nix | 20 + pkgs/mx-puppet-slack/node-env.nix | 578 ++++ pkgs/mx-puppet-slack/node-packages.nix | 4217 +++++++++++++++++++++++++++ profile.nix | 73 + test.nix | 123 + 24 files changed, 12542 insertions(+) create mode 100644 README.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 module/as-formats.nix create mode 100644 module/as-options.nix create mode 100644 module/default.nix create mode 100644 pkgs/default.nix create mode 100644 pkgs/mautrix-instagram/default.nix create mode 100644 pkgs/mautrix-twitter/default.nix create mode 100644 pkgs/mautrix-wsproxy/default.nix create mode 100644 pkgs/mx-puppet-groupme/default.nix create mode 100755 pkgs/mx-puppet-groupme/generate.sh create mode 100644 pkgs/mx-puppet-groupme/node-composition.nix create mode 100644 pkgs/mx-puppet-groupme/node-env.nix create mode 100644 pkgs/mx-puppet-groupme/node-packages.nix create mode 100644 pkgs/mx-puppet-groupme/package-lock.json create mode 100644 pkgs/mx-puppet-groupme/package.json create mode 100644 pkgs/mx-puppet-slack/default.nix create mode 100755 pkgs/mx-puppet-slack/generate.sh create mode 100644 pkgs/mx-puppet-slack/node-composition.nix create mode 100644 pkgs/mx-puppet-slack/node-env.nix create mode 100644 pkgs/mx-puppet-slack/node-packages.nix create mode 100644 profile.nix create mode 100644 test.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..39e7294 --- /dev/null +++ b/README.md @@ -0,0 +1,108 @@ +# Universal NixOS module for Matrix appservices +Use this flake to easily setup matrix appservices on a nixos server. + +You no longer have to think about generating registration files or +configuring docker or systemd to run the appservices. + +This module can take care of the heavy lifting, so you only have to +think about the important settings that the appservice needs. + +## Usage +Once you have imported the module(see next section), you can spin +up most appservices with just a few lines of nixos configuration. + +For example, here is how you would setup mautrix-whatsapp: +``` +{ pkgs, ... }: +{ + services.matrix-appservices = { + whatsapp = { + port = 29183; + format = "mautrix-go"; + package = pkgs.mautrix-whatsapp; + }; + }; +} +``` + +There you go! Once you rebuild, mautrix-whatsapp will be running +as a systemd service named `matrix-as-whatsapp` and all its data will +be stored in `/var/lib/matrix-as-whatsapp`. + +If you would like the module to configure synapse or dendrite to +include all appservice registration files you can just set: +`services.matrix-appservices.addRegistrationFiles = true`. + +## Configuring +There are many options available to configure the way each appservice +is setup. But to consolidate similarities, there are three formats +available which set sane defaults for those options: `mautrix-go`, +`mautrix-python`, and `mx-puppet`. + +For the majority of appservices meant for personal use, you likely +will only have to set a `port`, `format`, and `package`. And if the +appservice is more complicated you can take advantage of the other +options to + +In the preStart script of each appservice, a registration file is automatically +generated with random strings for the important tokens and any data passed +to the `registrationData` option. This file will be available to your `settings` +and `startScript` as `$REGISTRATION_FILE`. + +After this, a configuration file is generated based on the `settings` passed +to the appservice. Environment variables are also substuted in with envsubst, +so the `environmentFile` option can be used to pass secrets for the appservice. + +### Environment Variables +These variables are available in your `startScript` and `settings`(substituted in): + - $REGISTRATION_FILE => The registration file generated automatically + - $SETTINGS_FILE => Settings file generated + - $DIR => Data directory of the appservice + - $AS_TOKEN => Appservice token(needs to be kept secret) + - $HS_TOKEN => Homeserver token(needs to be kept secret) + +## Importing the module +### With Flakes +Add this flake as an input, then import the `nixosModule` output in +your configuration. +``` +{ + inputs.nix-matrix-appservices.url = "gitlab:coffeetables/nix-matrix-appservices"; + + outputs = { self, nixpkgs, nix-matrix-appservices }: { + # change `yourhostname` to your actual hostname + nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem { + # change to your system: + system = "x86_64-linux"; + modules = [ + ./configuration.nix + nix-matrix-appservices.nixosModule + ]; + }; + }; +} +``` +Or if you use digga/devos or flake-utils-plus, you could pass the module +to the `hostDefaults.modules` argument, which is under the `nixos` category in digga. + +### Without Flakes(legacy) +In your `configuration.nix` or any other profile/module: +``` +{ pkgs, ... }: +let + nix-matrix-appservices = fetchTarball + "https://gitlab.com/coffeetables/nix-matrix-appservices/-/archive/master/myrdd-master.tar.gz"; +{ + imports = [ + "${nix-matrix-appservices}/module" + ]; +} +``` + +## TODO + - [ ] Generate docs for options + - [ ] Re-package matrix-appservices even ones in nixpkgs, so I can export packages + that I know work with the module + - [ ] Improve test to message the bot and check for a response to ensure registration was + done right + - [ ] Test more appservices(right now only discord is being tested) diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d3d2487 --- /dev/null +++ b/flake.lock @@ -0,0 +1,77 @@ +{ + "nodes": { + "devshell": { + "locked": { + "lastModified": 1642188268, + "narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=", + "owner": "numtide", + "repo": "devshell", + "rev": "696acc29668b644df1740b69e1601119bf6da83b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fup": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1638994888, + "narHash": "sha256-iz/ynGNZlvqKCOnFrEKqGA+BVKGQMG+g2JT+e3OOLN8=", + "owner": "divnix", + "repo": "flake-utils-plus", + "rev": "b4f9f517574cb7bd6ee3f19c72c19634c9f536e1", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1642388384, + "narHash": "sha256-ooGGteIJHxB0wIC6Hnn2Yn+rPPQR5yxO8GNu74OZoO0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc618794a5faac44e203b3a66002bd8d883019c4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "devshell": "devshell", + "fup": "fup", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b7319cf --- /dev/null +++ b/flake.nix @@ -0,0 +1,40 @@ +{ + inputs = { + fup.url = "github:divnix/flake-utils-plus"; + devshell.url = "github:numtide/devshell"; + nixpkgs.url = "github:NixOS/nixpkgs/release-21.11"; + }; + + outputs = inputs@{ self, nixpkgs, fup, devshell }: + fup.lib.mkFlake { + inherit self inputs; + + supportedSystems = [ "aarch64-linux" "x86_64-linux" ]; + + nixosModules.matrix-appservices = import ./module; + nixosModule = self.nixosModules.matrix-appservices; + + overlays.matrix-appservices = import ./pkgs; + overlay = self.overlays.matrix-appservices; + + sharedOverlays = [ + self.overlay + devshell.overlay + ]; + + channels.pkgs.input = nixpkgs; + + outputsBuilder = { pkgs }: { + packages = { + inherit (pkgs) + mx-puppet-groupme + mx-puppet-slack + + mautrix-twitter + mautrix-instagram + ; + }; + checks.matrix-appservices = import ./test.nix { inherit pkgs; }; + }; + }; +} diff --git a/module/as-formats.nix b/module/as-formats.nix new file mode 100644 index 0000000..fa7a4cf --- /dev/null +++ b/module/as-formats.nix @@ -0,0 +1,160 @@ +{ name, systemConfig, asConfig, lib, pkgs, ... }: + +with lib; +let + inherit (systemConfig.services.matrix-appservices) + homeserverURL + homeserverDomain; + package = asConfig.package; + pname = getName package; + command = "${package}/bin/${pname}"; + + mautrix = { + startupScript = '' + ${command} --config=$SETTINGS_FILE \ + --registration=$REGISTRATION_FILE + ''; + + settings = { + homeserver = { + address = homeserverURL; + domain = homeserverDomain; + }; + + appservice = with asConfig; { + address = "http://${host}:${toString port}"; + + hostname = host; + inherit port; + + state_store_path = "$DIR/mx-state.json"; + # mautrix stores the registration tokens in the config file + as_token = "$AS_TOKEN"; + hs_token = "$HS_TOKEN"; + }; + + bridge = { + username_template = "${name}_{userid}"; + permissions = { + ${homeserverDomain} = "user"; + }; + }; + }; + }; + +in +{ + other = { + description = '' + No defaults will be set. + ''; + }; + + matrix-appservice = { + startupScript = '' + ${command} \ + --config=$SETTINGS_FILE \ + --port=$(echo ${asConfig.listenAddress} | sed 's/.*://') \ + --file=$REGISTRATION_FILE + ''; + + description = '' + For bridges based on the matrix-appservice-bridge library. The settings for these + bridges are NOT configured automatically, because of the various differences + between them. + ''; + }; + + mx-puppet = { + startupScript = '' + ${command} \ + --config=$SETTINGS_FILE \ + --registration-file=$REGISTRATION_FILE + ''; + + registrationData = + let + # mx-puppet virtual users are always created based on the package name + botName = removePrefix "mx-puppet-" pname; + in + { + id = "${botName}-puppet"; + sender_localpart = "_${botName}puppet_bot"; + protocols = [ ]; + namespaces = { + rooms = [ ]; + users = [ + { + regex = "@_${botName}puppet_.*:${homeserverDomain}"; + exclusive = true; + } + ]; + aliases = [ + { + regex = "#_${botName}puppet_.*:${homeserverDomain}"; + exclusive = true; + } + ]; + }; + }; + + settings = { + bridge = { + inherit (asConfig) port; + bindAddress = asConfig.host; + domain = homeserverDomain; + homeserverUrl = homeserverURL; + }; + database.filename = "$DIR/database.db"; + provisioning.whitelist = [ "@.*:${homeserverDomain}" ]; + relay.whitelist = [ "@.*:${homeserverDomain}" ]; + selfService.whitelist = [ "@.*:${homeserverDomain}" ]; + logging = { + lineDateFormat = ""; + files = [ ]; + }; + }; + + serviceConfig.WorkingDirectory = + "${package}/lib/node_modules/${pname}"; + + description = '' + For bridges based on the mx-puppet-bridge library. The settings will be + configured to use a sqlite database. Make sure to override database.filename, + if you plan to use another database. + ''; + + }; + + mautrix-go = { + inherit (mautrix) startupScript; + + settings = recursiveUpdate mautrix.settings { + bridge.username_template = "${name}_{{.}}"; + appservice.database = { + type = "sqlite3"; + uri = "$DIR/database.db"; + }; + }; + + description = '' + The settings are configured to use a sqlite database. The startupScript will + create a new config file on every run to set the tokens, because mautrix + requires them to be in the config file. + ''; + }; + + mautrix-python = { + settings = recursiveUpdate mautrix.settings { + appservice.database = "sqlite:///$DIR/database.db"; + }; + + startupScript = optionalString (package ? alembic) + "${package.alembic}/bin/alembic -x config=$SETTINGS_FILE upgrade head\n" + + mautrix.startupScript; + description = '' + Same properties as mautrix-go. This will also upgrade the database on every run + ''; + }; + +} diff --git a/module/as-options.nix b/module/as-options.nix new file mode 100644 index 0000000..2afbbbf --- /dev/null +++ b/module/as-options.nix @@ -0,0 +1,144 @@ +{ systemConfig, lib, pkgs, ... }: +with lib; +types.submodule ({ config, name, ... }: + let + inherit (systemConfig.services.matrix-appservices) + homeserverDomain; + + asFormats = (import ./as-formats.nix) { + inherit name lib pkgs systemConfig; + asConfig = config; + }; + asFormat = asFormats.${config.format}; + settingsFormat = pkgs.formats.json { }; + in + { + options = rec { + + format = mkOption { + type = types.enum (mapAttrsToList (n: _: n) asFormats); + default = "other"; + description = '' + Format of the appservice, used to set option defaults for appservice. + This is usually determined by the library the appservice is based on. + + Below are descriptions for each format + + '' + (concatStringsSep "\n" (mapAttrsToList + (n: v: "${n}: ${v.description}") + asFormats)); + }; + + package = mkOption { + type = types.nullOr types.package; + default = null; + example = "pkgs.mautrix-whatsapp"; + description = '' + The package for the appservice. Used by formats except 'other'. + This is unecessary if startupScript is set. + ''; + }; + + settings = mkOption rec { + type = settingsFormat.type; + apply = recursiveUpdate default; + default = asFormat.settings or { }; + defaultText = "Format will attempt to configure database and allow homeserver users"; + example = literalExpression '' + { + bridge = { + domain = "public-domain.tld"; + homeserverUrl = "http://public-domain.tld:8008"; + }; + } + ''; + description = '' + Appservice configuration as a Nix attribute set. + All environment variables will be substituted. + Including: + - $DIR which refers to the appservice's data directory. + - $AS_TOKEN, $HS_TOKEN which refers to the Appservice and + Homeserver registration tokens. + + Secret tokens, should be specified in serviceConfig.EnvironmentFile + instead of this world-readable attribute set. + + Configuration options should match those described as per your appservice's settings + Check out the confg sample for this. + + ''; + }; + + registrationData = mkOption { + type = settingsFormat.type; + default = asFormat.registrationData or { + namespaces = { + users = [ + { + regex = "@${name}_.*:${homeserverDomain}"; + exclusive = true; + } + { + regex = "@${name}bot:${homeserverDomain}"; + exclusive = true; + } + ]; + }; + }; + defaultText = '' + Reserve usernames under the homeserver that start with + this appservice's name followed by an _ or "bot" + ''; + description = '' + Data to set in the registration file for the appservice. The default + set or the format should usually deal with this. + ''; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = '' + The host the appservice will listen on. + Will need to specified in config, but most formats will do it for you using + this option. + ''; + }; + + port = mkOption { + type = types.port; + description = '' + The port the appservice will listen on. + Will need to specified in config, but most formats will do it for you using + this option. + ''; + }; + + startupScript = mkOption { + type = types.str; + default = asFormat.startupScript or ""; + description = '' + Script that starts the appservice. + The settings file will be available as $SETTINGS_FILE + and the registration file as $REGISTRATION_FILE + ''; + }; + + serviceConfig = mkOption rec { + type = types.attrs; + apply = x: default // x; + default = asFormat.serviceConfig or { }; + description = '' + Overrides for settings in the service's serviceConfig + ''; + }; + + serviceDependencies = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Services started before this appservice + ''; + }; + }; + }) diff --git a/module/default.nix b/module/default.nix new file mode 100644 index 0000000..a368365 --- /dev/null +++ b/module/default.nix @@ -0,0 +1,182 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.matrix-appservices; + asOpts = import ./as-options.nix { + inherit lib pkgs; + systemConfig = config; + }; + mkService = name: opts: + with opts; + let + settingsFormat = pkgs.formats.json { }; + dataDir = "/var/lib/matrix-as-${name}"; + registrationFile = "${dataDir}/${name}-registration.yaml"; + # Replace all references to $DIR to the dat directory + settingsData = settingsFormat.generate "config.json" settings; + settingsFile = "${dataDir}/config.json"; + serviceDeps = [ "network-online.target" ] ++ serviceDependencies; + + registrationContent = { + id = name; + url = "http://${host}:${toString port}"; + as_token = "$AS_TOKEN"; + hs_token = "$HS_TOKEN"; + sender_localpart = "$SENDER_LOCALPART"; + rate_limited = false; + } // registrationData; + in + { + description = "A matrix appservice for ${name}."; + + wantedBy = [ "multi-user.target" ]; + wants = serviceDeps; + after = serviceDeps; + # Appservices don't need synapse up, but synapse exists if registration files are missing + before = mkIf (cfg.homeserver != null) [ "${cfg.homeserver}.service" ]; + + path = [ pkgs.yq ]; + environment = { + DIR = dataDir; + SETTINGS_FILE = settingsFile; + REGISTRATION_FILE = registrationFile; + }; + + preStart = '' + if [ ! -f ${registrationFile} ]; then + AS_TOKEN=$(cat /proc/sys/kernel/random/uuid) \ + HS_TOKEN=$(cat /proc/sys/kernel/random/uuid) \ + SENDER_LOCALPART=$(cat /proc/sys/kernel/random/uuid) \ + ${pkgs.envsubst}/bin/envsubst \ + -i ${settingsFormat.generate "config.json" registrationContent} \ + -o ${registrationFile} + + chmod 640 ${registrationFile} + fi + + AS_TOKEN=$(cat ${registrationFile} | yq .as_token | tr -d '"') \ + HS_TOKEN=$(cat ${registrationFile} | yq .hs_token | tr -d '"') \ + ${pkgs.envsubst}/bin/envsubst -i ${settingsData} -o ${settingsFile} + chmod 640 ${settingsFile} + ''; + + script = '' + ${startupScript} + ''; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + + ProtectSystem = "strict"; + PrivateTmp = true; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + + User = "matrix-as-${name}"; + Group = "matrix-as-${name}"; + WorkingDirectory = dataDir; + StateDirectory = "${baseNameOf dataDir}"; + StateDirectoryMode = "0750"; + UMask = 0027; + } // opts.serviceConfig; + }; + +in +{ + options = { + services.matrix-appservices = { + services = mkOption { + type = types.attrsOf asOpts; + default = { }; + example = literalExpression '' + whatsapp = { + format = "mautrix-go"; + package = pkgs.mautrix-whatsapp; + }; + ''; + description = '' + Appservices to setup. + Each appservice will be started as a systemd service with the prefix matrix-as. + And its data will be stored in /var/lib/matrix-as-name. + ''; + }; + + homeserver = mkOption { + type = types.enum [ "matrix-synapse" "dendrite" null ]; + default = "matrix-synapse"; + description = '' + The homeserver software the appservices connect to. This will ensure appservices + start after the homeserver and it will be used by the addRegistrationFiles option. + ''; + }; + + homeserverURL = mkOption { + type = types.str; + default = "https://${cfg.homeserverDomain}"; + description = '' + URL of the homeserver the apservices connect to + ''; + }; + + homeserverDomain = mkOption { + type = types.str; + default = if config.networking.domain != null then config.networking.domain else ""; + defaultText = "\${config.networking.domain}"; + description = '' + Domain of the homeserver the appservices connect to + ''; + }; + + addRegistrationFiles = mkOption { + type = types.bool; + default = false; + description = '' + Whether to add the application service registration files to the homeserver configuration. + It is recommended to verify appservice files, located in /var/lib/matrix-as-*, before adding them + ''; + }; + }; + }; + + config = mkIf (cfg.services != { }) { + + assertions = mapAttrsToList + (n: v: { + assertion = v.format == "other" || v.package != null; + message = "A package must be provided if a custom format is set"; + }) + cfg.services; + + users.users = mapAttrs' + (n: v: nameValuePair "matrix-as-${n}" { + group = "matrix-as-${n}"; + isSystemUser = true; + }) + cfg.services; + users.groups = mapAttrs' (n: v: nameValuePair "matrix-as-${n}" { }) cfg.services; + + # Create a service for each appservice + systemd.services = (mapAttrs' (n: v: nameValuePair "matrix-as-${n}" (mkService n v)) cfg.services) // { + # Add the matrix service to the groups of all appservices to give access to the registration file + matrix-synapse.serviceConfig.SupplementaryGroups = mapAttrsToList (n: v: "matrix-as-${n}") cfg.services; + dendrite.serviceConfig.SupplementaryGroups = mapAttrsToList (n: v: "matrix-as-${n}") cfg.services; + }; + + services = + let + registrationFiles = mapAttrsToList (n: _: "/var/lib/matrix-as-${n}/${n}-registration.yaml") + (filterAttrs (_: v: v.registrationData != { }) cfg.services); + in + mkIf cfg.addRegistrationFiles { + matrix-synapse.app_service_config_files = mkIf (cfg.homeserver == "matrix-synapse") registrationFiles; + dendrite.settings.app_service_api.config_files = mkIf (cfg.homeserver == "dendrite") registrationFiles; + }; + }; + + meta.maintainers = with maintainers; [ pacman99 Flakebi ]; + +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..7589f50 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,10 @@ +final: prev: { + mx-puppet-groupme = prev.callPackage ./mx-puppet-groupme { }; + mx-puppet-slack = prev.callPackage ./mx-puppet-slack { }; + + mautrix-twitter = prev.callPackage ./mautrix-twitter { }; + mautrix-instagram = prev.callPackage ./mautrix-instagram { }; + mautrix-wsproxy = prev.callPackage ./mautrix-wsproxy { }; + + matrix-emailbridge = prev.callPackage ./matrix-emailbridge { }; +} diff --git a/pkgs/mautrix-instagram/default.nix b/pkgs/mautrix-instagram/default.nix new file mode 100644 index 0000000..14cb1c6 --- /dev/null +++ b/pkgs/mautrix-instagram/default.nix @@ -0,0 +1,77 @@ +{ stdenv +, lib +, python3 +, makeWrapper +, fetchFromGitHub +}: + +with python3.pkgs; + +let + # officially supported database drivers + dbDrivers = [ + asyncpg + # sqlite driver is already shipped with python by default + ]; + +in + +buildPythonApplication rec { + pname = "mautrix-instagram"; + version = "unstable-2021-11-15"; + + src = fetchFromGitHub { + owner = "tulir"; + repo = pname; + rev = "13b6b157b6eaff5c34506a458aa761362aad8c64"; + sha256 = "1xkjcmh31pzli3dck2glg0a64x59n4x05zjmg2v65rcfz8snb1mw"; + }; + + postPatch = '' + sed -i -e '/alembic>/d' requirements.txt + ''; + postFixup = '' + makeWrapper ${python}/bin/python $out/bin/mautrix-instagram \ + --add-flags "-m mautrix_instagram" \ + --prefix PYTHONPATH : "$(toPythonPath ${mautrix}):$(toPythonPath $out):$PYTHONPATH" + ''; + + propagatedBuildInputs = [ + mautrix + yarl + aiohttp + aiosqlite + beautifulsoup4 + sqlalchemy + CommonMark + ruamel_yaml + paho-mqtt + python_magic + attrs + pillow + qrcode + phonenumbers + pycryptodome + python-olm + unpaddedbase64 + setuptools + ] ++ dbDrivers; + + checkInputs = [ + pytest + pytestrunner + pytest-mock + pytest-asyncio + ]; + + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/tulir/mautrix-instagram"; + description = "A Matrix-Instagram DM puppeting bridge"; + license = licenses.agpl3Plus; + platforms = platforms.linux; + }; + +} + diff --git a/pkgs/mautrix-twitter/default.nix b/pkgs/mautrix-twitter/default.nix new file mode 100644 index 0000000..be5385a --- /dev/null +++ b/pkgs/mautrix-twitter/default.nix @@ -0,0 +1,77 @@ +{ stdenv +, lib +, python3 +, makeWrapper +, fetchFromGitHub +}: + +with python3.pkgs; + +let + # officially supported database drivers + dbDrivers = [ + asyncpg + # sqlite driver is already shipped with python by default + ]; + +in + +buildPythonApplication rec { + pname = "mautrix-twitter"; + version = "unstable-2021-11-12"; + + src = fetchFromGitHub { + owner = "mautrix"; + repo = "twitter"; + rev = "deae0e10e6e376be2a0d02edcdc70965b46f05a7"; + sha256 = "sha256-tATiqZlOIi+w6GTBdssv6+pvyHacZh+bDVH5kOrr0Js="; + }; + + postPatch = '' + sed -i -e '/alembic>/d' requirements.txt + ''; + postFixup = '' + makeWrapper ${python}/bin/python $out/bin/mautrix-twitter \ + --add-flags "-m mautrix_twitter" \ + --prefix PYTHONPATH : "$(toPythonPath ${mautrix}):$(toPythonPath $out):$PYTHONPATH" + ''; + + propagatedBuildInputs = [ + mautrix + yarl + aiohttp + aiosqlite + beautifulsoup4 + sqlalchemy + CommonMark + ruamel_yaml + paho-mqtt + python_magic + attrs + pillow + qrcode + phonenumbers + pycryptodome + python-olm + unpaddedbase64 + setuptools + ] ++ dbDrivers; + + checkInputs = [ + pytest + pytestrunner + pytest-mock + pytest-asyncio + ]; + + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/tulir/mautrix-twitter"; + description = "A Matrix-Twitter DM puppeting bridge"; + license = licenses.agpl3Plus; + platforms = platforms.linux; + }; + +} + diff --git a/pkgs/mautrix-wsproxy/default.nix b/pkgs/mautrix-wsproxy/default.nix new file mode 100644 index 0000000..fb5d7d9 --- /dev/null +++ b/pkgs/mautrix-wsproxy/default.nix @@ -0,0 +1,34 @@ +{ lib, buildGoModule, fetchFromGitHub, olm }: + +buildGoModule rec { + pname = "mautrix-wsproxy-bin"; + version = "unstable-2021-09-07"; + + src = fetchFromGitHub { + owner = "mautrix"; + repo = "wsproxy"; + rev = "2f097e3f2b6d003b3c913933839f12a8cd9d2d41"; + sha256 = "0sy7ns60nzq58j500cswvj04q75ji18cnn01bacdrqwnklmh2g24"; + }; + + buildInputs = [ olm ]; + + vendorSha256 = "sha256-kJw3w14RQBAdMoFItjT/LmzuKaDTR09mW3H+7gNUS3s="; + + doCheck = false; + + runVend = true; + + postInstall = '' + mv $out/bin/mautrix-wsproxy $out/bin/mautrix-wsproxy-bin + + ''; + + meta = with lib; { + homepage = "https://github.com/mautrix/wsproxy"; + description = "A simple HTTP push -> websocket proxy for Matrix appservices."; + mainProgram = "mautrix-wsproxy-bin"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ pacman99 ]; + }; +} diff --git a/pkgs/mx-puppet-groupme/default.nix b/pkgs/mx-puppet-groupme/default.nix new file mode 100644 index 0000000..56971f9 --- /dev/null +++ b/pkgs/mx-puppet-groupme/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchFromGitLab, pkgs, lib, nodejs, nodePackages, pkg-config, libjpeg +, pixman, cairo, pango }: + +let + # No official version ever released + src = fetchFromGitLab { + owner = "robintown"; + repo = "mx-puppet-groupme"; + rev = "695f97c3ab834403489bb01517d433498118e482"; + sha256 = "sha256-GPCI1eELNmijBTCdSUi0tnW0XWDPsTCZhEQud5cMBII="; + }; + + myNodePackages = import ./node-composition.nix { + inherit pkgs nodejs; + inherit (stdenv.hostPlatform) system; + }; + +in myNodePackages.package.override { + pname = "mx-puppet-groupme"; + + inherit src; + nativeBuildInputs = [ nodePackages.node-pre-gyp pkg-config ]; + buildInputs = [ nodePackages.typescript libjpeg pixman cairo pango ]; + + postInstall = '' + # Patch shebangs in node_modules, otherwise the webpack build fails with interpreter problems + patchShebangs --build "$out/lib/node_modules/mx-puppet-groupme/node_modules/" + # compile Typescript sources + npm run build + # Make an executable to run the server + mkdir -p $out/bin + cat < $out/bin/mx-puppet-groupme + #!/bin/sh + exec ${nodejs}/bin/node $out/lib/node_modules/mx-puppet-groupme/build/index.js "\$@" + EOF + chmod +x $out/bin/mx-puppet-groupme + ''; + + meta = with lib; { + description = "A puppeting Matrix bridge for GroupMe built with mx-puppet-bridge"; + license = licenses.asl20; + homepage = "https://gitlab.com/robintown/mx-puppet-groupme"; + maintainers = with maintainers; [ pacman99 ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/mx-puppet-groupme/generate.sh b/pkgs/mx-puppet-groupme/generate.sh new file mode 100755 index 0000000..90f3ca8 --- /dev/null +++ b/pkgs/mx-puppet-groupme/generate.sh @@ -0,0 +1,16 @@ +#! nix-shell -i bash -p nodePackages.node2nix + +# No official release +rev="695f97c3ab834403489bb01517d433498118e482" +u="https://gitlab.com/robintown/mx-puppet-groupme/-/raw/$rev" +# Download package.json and package-lock.json +# curl -o package.json "$u/package.json?inline=false" +curl -o package-lock.json "$u/package-lock.json?inline=false" + +node2nix \ + --nodejs-12 \ + --node-env node-env.nix \ + --input package.json \ + --lock package-lock.json \ + --output node-packages.nix \ + --composition node-composition.nix diff --git a/pkgs/mx-puppet-groupme/node-composition.nix b/pkgs/mx-puppet-groupme/node-composition.nix new file mode 100644 index 0000000..64326c6 --- /dev/null +++ b/pkgs/mx-puppet-groupme/node-composition.nix @@ -0,0 +1,17 @@ +# This file has been generated by node2nix 1.9.0. Do not edit! + +{pkgs ? import { + inherit system; + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-12_x"}: + +let + nodeEnv = import ./node-env.nix { + inherit (pkgs) stdenv lib python2 runCommand writeTextFile; + inherit pkgs nodejs; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; + }; +in +import ./node-packages.nix { + inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit; + inherit nodeEnv; +} diff --git a/pkgs/mx-puppet-groupme/node-env.nix b/pkgs/mx-puppet-groupme/node-env.nix new file mode 100644 index 0000000..c2b7231 --- /dev/null +++ b/pkgs/mx-puppet-groupme/node-env.nix @@ -0,0 +1,567 @@ +# This file originates from node2nix + +{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile}: + +let + # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master + utillinux = if pkgs ? utillinux then pkgs.utillinux else pkgs.util-linux; + + python = if nodejs ? python then nodejs.python else python2; + + # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise + tarWrapper = runCommand "tarWrapper" {} '' + mkdir -p $out/bin + + cat > $out/bin/tar <> $out/nix-support/hydra-build-products + ''; + }; + + includeDependencies = {dependencies}: + lib.optionalString (dependencies != []) + (lib.concatMapStrings (dependency: + '' + # Bundle the dependencies of the package + mkdir -p node_modules + cd node_modules + + # Only include dependencies if they don't exist. They may also be bundled in the package. + if [ ! -e "${dependency.name}" ] + then + ${composePackage dependency} + fi + + cd .. + '' + ) dependencies); + + # Recursively composes the dependencies of a package + composePackage = { name, packageName, src, dependencies ? [], ... }@args: + builtins.addErrorContext "while evaluating node package '${packageName}'" '' + DIR=$(pwd) + cd $TMPDIR + + unpackFile ${src} + + # Make the base dir in which the target dependency resides first + mkdir -p "$(dirname "$DIR/${packageName}")" + + if [ -f "${src}" ] + then + # Figure out what directory has been unpacked + packageDir="$(find . -maxdepth 1 -type d | tail -1)" + + # Restore write permissions to make building work + find "$packageDir" -type d -exec chmod u+x {} \; + chmod -R u+w "$packageDir" + + # Move the extracted tarball into the output folder + mv "$packageDir" "$DIR/${packageName}" + elif [ -d "${src}" ] + then + # Get a stripped name (without hash) of the source directory. + # On old nixpkgs it's already set internally. + if [ -z "$strippedName" ] + then + strippedName="$(stripHash ${src})" + fi + + # Restore write permissions to make building work + chmod -R u+w "$strippedName" + + # Move the extracted directory into the output folder + mv "$strippedName" "$DIR/${packageName}" + fi + + # Unset the stripped name to not confuse the next unpack step + unset strippedName + + # Include the dependencies of the package + cd "$DIR/${packageName}" + ${includeDependencies { inherit dependencies; }} + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ''; + + pinpointDependencies = {dependencies, production}: + let + pinpointDependenciesFromPackageJSON = writeTextFile { + name = "pinpointDependencies.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function resolveDependencyVersion(location, name) { + if(location == process.env['NIX_STORE']) { + return null; + } else { + var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json"); + + if(fs.existsSync(dependencyPackageJSON)) { + var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON)); + + if(dependencyPackageObj.name == name) { + return dependencyPackageObj.version; + } + } else { + return resolveDependencyVersion(path.resolve(location, ".."), name); + } + } + } + + function replaceDependencies(dependencies) { + if(typeof dependencies == "object" && dependencies !== null) { + for(var dependency in dependencies) { + var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency); + + if(resolvedVersion === null) { + process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n"); + } else { + dependencies[dependency] = resolvedVersion; + } + } + } + } + + /* Read the package.json configuration */ + var packageObj = JSON.parse(fs.readFileSync('./package.json')); + + /* Pinpoint all dependencies */ + replaceDependencies(packageObj.dependencies); + if(process.argv[2] == "development") { + replaceDependencies(packageObj.devDependencies); + } + replaceDependencies(packageObj.optionalDependencies); + + /* Write the fixed package.json file */ + fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2)); + ''; + }; + in + '' + node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"} + + ${lib.optionalString (dependencies != []) + '' + if [ -d node_modules ] + then + cd node_modules + ${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies} + cd .. + fi + ''} + ''; + + # Recursively traverses all dependencies of a package and pinpoints all + # dependencies in the package.json file to the versions that are actually + # being used. + + pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args: + '' + if [ -d "${packageName}" ] + then + cd "${packageName}" + ${pinpointDependencies { inherit dependencies production; }} + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + fi + ''; + + # Extract the Node.js source code which is used to compile packages with + # native bindings + nodeSources = runCommand "node-sources" {} '' + tar --no-same-owner --no-same-permissions -xf ${nodejs.src} + mv node-* $out + ''; + + # Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty) + addIntegrityFieldsScript = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function augmentDependencies(baseDir, dependencies) { + for(var dependencyName in dependencies) { + var dependency = dependencies[dependencyName]; + + // Open package.json and augment metadata fields + var packageJSONDir = path.join(baseDir, "node_modules", dependencyName); + var packageJSONPath = path.join(packageJSONDir, "package.json"); + + if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored + console.log("Adding metadata fields to: "+packageJSONPath); + var packageObj = JSON.parse(fs.readFileSync(packageJSONPath)); + + if(dependency.integrity) { + packageObj["_integrity"] = dependency.integrity; + } else { + packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads. + } + + if(dependency.resolved) { + packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided + } else { + packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories. + } + + if(dependency.from !== undefined) { // Adopt from property if one has been provided + packageObj["_from"] = dependency.from; + } + + fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2)); + } + + // Augment transitive dependencies + if(dependency.dependencies !== undefined) { + augmentDependencies(packageJSONDir, dependency.dependencies); + } + } + } + + if(fs.existsSync("./package-lock.json")) { + var packageLock = JSON.parse(fs.readFileSync("./package-lock.json")); + + if(![1, 2].includes(packageLock.lockfileVersion)) { + process.stderr.write("Sorry, I only understand lock file versions 1 and 2!\n"); + process.exit(1); + } + + if(packageLock.dependencies !== undefined) { + augmentDependencies(".", packageLock.dependencies); + } + } + ''; + }; + + # Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes + reconstructPackageLock = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + var packageObj = JSON.parse(fs.readFileSync("package.json")); + + var lockObj = { + name: packageObj.name, + version: packageObj.version, + lockfileVersion: 1, + requires: true, + dependencies: {} + }; + + function augmentPackageJSON(filePath, dependencies) { + var packageJSON = path.join(filePath, "package.json"); + if(fs.existsSync(packageJSON)) { + var packageObj = JSON.parse(fs.readFileSync(packageJSON)); + dependencies[packageObj.name] = { + version: packageObj.version, + integrity: "sha1-000000000000000000000000000=", + dependencies: {} + }; + processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies); + } + } + + function processDependencies(dir, dependencies) { + if(fs.existsSync(dir)) { + var files = fs.readdirSync(dir); + + files.forEach(function(entry) { + var filePath = path.join(dir, entry); + var stats = fs.statSync(filePath); + + if(stats.isDirectory()) { + if(entry.substr(0, 1) == "@") { + // When we encounter a namespace folder, augment all packages belonging to the scope + var pkgFiles = fs.readdirSync(filePath); + + pkgFiles.forEach(function(entry) { + if(stats.isDirectory()) { + var pkgFilePath = path.join(filePath, entry); + augmentPackageJSON(pkgFilePath, dependencies); + } + }); + } else { + augmentPackageJSON(filePath, dependencies); + } + } + }); + } + } + + processDependencies("node_modules", lockObj.dependencies); + + fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2)); + ''; + }; + + prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}: + let + forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com"; + in + '' + # Pinpoint the versions of all dependencies to the ones that are actually being used + echo "pinpointing versions of dependencies..." + source $pinpointDependenciesScriptPath + + # Patch the shebangs of the bundled modules to prevent them from + # calling executables outside the Nix store as much as possible + patchShebangs . + + # Deploy the Node.js package by running npm install. Since the + # dependencies have been provided already by ourselves, it should not + # attempt to install them again, which is good, because we want to make + # it Nix's responsibility. If it needs to install any dependencies + # anyway (e.g. because the dependency parameters are + # incomplete/incorrect), it fails. + # + # The other responsibilities of NPM are kept -- version checks, build + # steps, postprocessing etc. + + export HOME=$TMPDIR + cd "${packageName}" + runHook preRebuild + + ${lib.optionalString bypassCache '' + ${lib.optionalString reconstructLock '' + if [ -f package-lock.json ] + then + echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!" + echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!" + rm package-lock.json + else + echo "No package-lock.json file found, reconstructing..." + fi + + node ${reconstructPackageLock} + ''} + + node ${addIntegrityFieldsScript} + ''} + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild + + if [ "''${dontNpmInstall-}" != "1" ] + then + # NPM tries to download packages even when they already exist if npm-shrinkwrap is used. + rm -f npm-shrinkwrap.json + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} install + fi + ''; + + # Builds and composes an NPM package including all its dependencies + buildNodePackage = + { name + , packageName + , version + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , preRebuild ? "" + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , ... }@args: + + let + extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" ]; + in + stdenv.mkDerivation ({ + name = "node_${name}-${version}"; + buildInputs = [ tarWrapper python nodejs ] + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool + ++ buildInputs; + + inherit nodejs; + + inherit dontStrip; # Stripping may fail a build for some package deployments + inherit dontNpmInstall preRebuild unpackPhase buildPhase; + + compositionScript = composePackage args; + pinpointDependenciesScript = pinpointDependenciesOfPackage args; + + passAsFile = [ "compositionScript" "pinpointDependenciesScript" ]; + + installPhase = '' + # Create and enter a root node_modules/ folder + mkdir -p $out/lib/node_modules + cd $out/lib/node_modules + + # Compose the package and all its dependencies + source $compositionScriptPath + + ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }} + + # Create symlink to the deployed executable folder, if applicable + if [ -d "$out/lib/node_modules/.bin" ] + then + ln -s $out/lib/node_modules/.bin $out/bin + fi + + # Create symlinks to the deployed manual page folders, if applicable + if [ -d "$out/lib/node_modules/${packageName}/man" ] + then + mkdir -p $out/share + for dir in "$out/lib/node_modules/${packageName}/man/"* + do + mkdir -p $out/share/man/$(basename "$dir") + for page in "$dir"/* + do + ln -s $page $out/share/man/$(basename "$dir") + done + done + fi + + # Run post install hook, if provided + runHook postInstall + ''; + } // extraArgs); + + # Builds a node environment (a node_modules folder and a set of binaries) + buildNodeDependencies = + { name + , packageName + , version + , src + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , ... }@args: + + let + extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ]; + in + stdenv.mkDerivation ({ + name = "node-dependencies-${name}-${version}"; + + buildInputs = [ tarWrapper python nodejs ] + ++ lib.optional (stdenv.isLinux) utillinux + ++ lib.optional (stdenv.isDarwin) libtool + ++ buildInputs; + + inherit dontStrip; # Stripping may fail a build for some package deployments + inherit dontNpmInstall unpackPhase buildPhase; + + includeScript = includeDependencies { inherit dependencies; }; + pinpointDependenciesScript = pinpointDependenciesOfPackage args; + + passAsFile = [ "includeScript" "pinpointDependenciesScript" ]; + + installPhase = '' + mkdir -p $out/${packageName} + cd $out/${packageName} + + source $includeScriptPath + + # Create fake package.json to make the npm commands work properly + cp ${src}/package.json . + chmod 644 package.json + ${lib.optionalString bypassCache '' + if [ -f ${src}/package-lock.json ] + then + cp ${src}/package-lock.json . + fi + ''} + + # Go to the parent folder to make sure that all packages are pinpointed + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + + ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }} + + # Expose the executables that were installed + cd .. + ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + + mv ${packageName} lib + ln -s $out/lib/node_modules/.bin $out/bin + ''; + } // extraArgs); + + # Builds a development shell + buildNodeShell = + { name + , packageName + , version + , src + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false + , dontStrip ? true + , unpackPhase ? "true" + , buildPhase ? "true" + , ... }@args: + + let + nodeDependencies = buildNodeDependencies args; + in + stdenv.mkDerivation { + name = "node-shell-${name}-${version}"; + + buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs; + buildCommand = '' + mkdir -p $out/bin + cat > $out/bin/shell <