diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix index 6846d99..6b788b2 100644 --- a/configuration/services/conduit/matrix-hookshot.nix +++ b/configuration/services/conduit/matrix-hookshot.nix @@ -29,16 +29,29 @@ let }; # Encryption support - extraSettings = { - "de.sorunome.msc2409.push_ephemeral" = true; - push_ephemeral = true; - "org.matrix.msc3202" = true; - }; + # TODO(tlater): Enable when + # https://github.com/matrix-org/matrix-hookshot/issues/1060 is + # fixed + # extraSettings = { + # "de.sorunome.msc2409.push_ephemeral" = true; + # push_ephemeral = true; + # "org.matrix.msc3202" = true; + # }; runtimeRegistration = "${cfg.registrationFile}"; }; in { + # users = { + # users.matrix-hookshot = { + # home = "/run/matrix-hookshot"; + # group = "matrix-hookshot"; + # isSystemUser = true; + # }; + + # groups.matrix-hookshot = { }; + # }; + systemd.services.matrix-hookshot = { serviceConfig = { Type = lib.mkForce "exec"; @@ -49,6 +62,7 @@ in # Some library in matrix-hookshot wants a home directory Environment = [ "HOME=/run/matrix-hookshot" ]; + # User = "matrix-hookshot"; DynamicUser = true; StateDirectory = "matrix-hookshot"; RuntimeDirectory = "matrix-hookshot"; @@ -62,7 +76,11 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; + RestrictAddressFamilies = [ + # "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; LockPersonality = true; RestrictRealtime = true; ProtectProc = "invisible"; @@ -71,6 +89,11 @@ in }; }; + # services.redis.servers.matrix-hookshot = { + # enable = true; + # user = "matrix-hookshot"; + # }; + services.matrix-hookshot = { enable = true; @@ -89,6 +112,8 @@ in bot.displayname = "Hookshot"; + # cache.redisUri = "redis://${config.services.redis.servers.matrix-hookshot.unixSocket}"; + generic = { enabled = true; outbound = false; @@ -98,7 +123,10 @@ in allowJsTransformationFunctions = true; }; - encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore"; + # TODO(tlater): Enable when + # https://github.com/matrix-org/matrix-hookshot/issues/1060 is + # fixed + # encryption.storagePath = "/var/lib/matrix-hookshot/cryptostore"; permissions = [ {