feat: Deploy matrix home server

nixos/configurations/Cape/default.nix

@@ -36,6 +36,10 @@
         };
       };
       juicity.server.enable = true;
+      matrix-tuwunel = {
+        enable = true;
+        serverName = "im.youthlic.social";
+      };
     };
   };
 

nixos/modules/programs/matrix-tuwunel.nix

@@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.youthlic.programs.matrix-tuwunel;
+in
+{
+  options = {
+    youthlic.programs.matrix-tuwunel = {
+      enable = lib.mkEnableOption "tuwunel";
+      serverName = lib.mkOption {
+        type = lib.types.nonEmptyStr;
+        example = "example.com";
+      };
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      sops.secrets."matrix-reg-token" = {
+        owner = "tuwunel";
+      };
+      systemd.services.tuwunel.serviceConfig = {
+        EnvironmentFile = "${config.sops.secrets.matrix-reg-token.path}";
+      };
+      services.matrix-tuwunel = {
+        enable = true;
+        settings = {
+          global = {
+            port = [ 8481 ];
+            address = [
+              "0.0.0.0"
+              "::"
+            ];
+            trusted_servers = [
+              "matrix.org"
+              "mozilla.org"
+              "nichi.co"
+            ];
+            allow_registration = true;
+            server_name = cfg.serverName;
+            new_user_displayname_suffix = "⚡";
+            database_backup_path = "/var/lib/tuwunel/db.back";
+            well_known = {
+              client = "https://${cfg.serverName}";
+              server = "${cfg.serverName}:443";
+            };
+          };
+        };
+      };
+    })
+    (lib.mkIf (cfg.enable && config.youthlic.programs.caddy.enable) {
+      services.caddy.virtualHosts = {
+        "${cfg.serverName}" = {
+          extraConfig = ''
+            reverse_proxy 127.0.0.1:8481
+          '';
+        };
+      };
+    })
+  ];
+}

nixos/modules/programs/mautrix-telegram.nix

@@ -13,12 +13,32 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = config.youthlic.programs.matrix-tuwunel.enable;
+        message = ''
+          The bridge bot needs to be registered as appservice for home server. So need enable tuwunel.
+        '';
+      }
+    ];
     sops.secrets.matrix-telegram-bot = { };
     services.mautrix-telegram = {
       enable = true;
       environmentFile = "${config.sops.secrets.matrix-telegram-bot.path}";
+      serviceDependencies = [ "tuwunel.service" ];
       settings = {
         bridge = {
+          displayname_template = "{displayname} | Telegram";
+          telegram_link_preview = true;
+          caption_in_message = true;
+          parallel_file_transfer = true;
+          animated_sticker = {
+            target = "gif";
+            convert_from_webm = false;
+          };
+          animated_emoji = {
+            target = "webp";
+          };
           permissions = {
             "*" = "relaybot";
           };
@@ -27,14 +47,14 @@ in
           address = "http://127.0.0.1:8482";
           hostname = "0.0.0.0";
           port = 8482;
-          database = "sqlite:////var/lib/mautrix-telegram/database.db";
-          bot_username = "matrix_tg_146bot";
-          bot_displayname = "matrix tg bridge";
+          bot_username = "telegram";
+          bot_displayname = "Telegram Bridge";
+        };
+        homeserver = {
+          address = "http://127.0.0.1:8481";
+          domain = config.youthlic.programs.matrix-tuwunel.serverName;
         };
       };
     };
-    nixpkgs.config.permittedInsecurePackages = [
-      "olm-3.2.16"
-    ];
   };
 }