nixos/modules/services/matrix-appservice-irc.nix

{
  config,
  pkgs,
  lib,
  ...
}:

let
  cfg = config.services.matrix-appservice-irc;
  pkg = pkgs.matrix-appservice-irc;

  # Recopié de https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/matrix/appservice-irc.nix
  # Permet de ne pas avoir un secret dans le store
  matrix-appservice-irc-config-file =
    pkgs.runCommand "matrix-appservice-irc.yml"
      {
        nativeBuildInputs = [
          (pkgs.python3.withPackages (ps: [ ps.jsonschema ]))
          pkgs.remarshal
        ];
        preferLocalBuild = true;

        config = builtins.toJSON cfg.settings;
        passAsFile = [ "config" ];
      }
      ''
        remarshal --if yaml --of json -i ${pkg}/config.schema.yml -o config.schema.json
        # desactive le check sinon on a des probleme avec envsubst
        # python -m jsonschema config.schema.json -i $configPath
        cp "$configPath" "$out"
      '';

  configFile = "/var/lib/matrix-appservice-irc/config.yaml";
  registrationFile = "/var/lib/matrix-appservice-irc/registration.yml";
  bin = "${pkg}/bin/matrix-appservice-irc";
in

{
  services.matrix-appservice-irc = {
    enable = true;

    registrationUrl = "http://localhost:9999";
    port = 9999;

    settings = {
      homeserver = {
        url = "https://matrix.crans.org:443";
        domain = "crans.org";

        dropMatrixMessagesAfterSecs = 3000;
        enablePresence = true;
      };

      database = {
        engine = "postgres";
        connectionString = "$MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING";
      };

      ircService = {
        servers = {
          "irc.crans.org" = {
            name = "Crans";
            onlyAdditionalAddresses = false;
            networkId = "crans";
            port = 6697;
            ssl = true;
            sslselfsign = true;
            sasl = false;
            allowExpiredCerts = false;
            sendConnectionMessages = true;
            passwordEncryptionKeyPath = "/var/lib/matrix-appservice-irc/passkey.pem";

            modePowerMap = {
              o = 50;
              v = 1;
            };

            botConfig = {
              enabled = false;
              nick = "IrcBot";
              username = "ircbot";
              joinChannelsIfNoUsers = true;
            };

            privateMessages = {
              enabled = true;
              federate = true;
            };

            dynamicChannels = {
              enabled = true;
              createAlias = true;
              publish = true;
              useHomeserverDirectory = true;
              joinRule = "invite";
              aliasTemplate = "#irc_\$\$CHANNEL";
            };

            membershipLists = {
              enabled = true;
              floodDelayMs = 100;
              global = {
                ircToMatrix = {
                  initial = true;
                  incremental = true;
                  requireMatrixJoined = true;
                };
                matrixToIrc = {
                  initial = true;
                  incremental = true;
                };
              };

              ignoreIdleUsersOnStartup = {
                enabled = true;
                idleForHours = 720;
              };
            };

            matrixClients = {
              userTemplate = "@irc_\$\$NICK";
              displayName = "\$\$NICK[irc]";
            };

            ircClients = {
              nickTemplate = "\$\$DISPLAY[m]";
              allowNickChanges = true;
              maxClients = 300;
              ipv6.enabled = false;
              idleTimeout = 10800;
              realnameFormat = "mxid";
              kickOn = {
                channelJoinFailure = true;
                ircConnectionFailure = true;
                userQuit = true;
              };
            };
          };
        };

        bridgeInfoState = {
          enabled = false;
          initial = false;
        };

        logging = {
          level = "info";
          logging = "debug.log";
          errfile = "error.log";
          toConsole = true;
          maxFiles = 2;
        };

        metrics = {
          enabled = false;
        };

        matrixHandler = {
          eventCacheSize = 4096;
          shortReplyTemplate = "\$\$NICK: \$\$REPLY";
          longReplyTemplate = "<\$\$NICK> \"\$\$ORIGINAL\" <- \$\$REPLY";
          shortReplyTresholdSeconds = 300;
        };

        mediaProxy = {
          publicUrl = "https://matrix.crans.org/media";
        };

        permissions = {
          "@lzebulon:crans.org" = "admin";
          "@pigeonmoelleux:crans.org" = "admin";
        };
      };

      advanced = {
        maxHttpSockets = 1000;
        maxTxnSize = 10000000;
      };
    };
  };

  systemd.services = {
    matrix-appservice-irc = {
      path = [ pkgs.envsubst ];
      serviceConfig = {
        ExecStartPre = lib.mkForce "${lib.getExe pkgs.envsubst} -i ${matrix-appservice-irc-config-file} -o ${configFile}";
        ExecStart = lib.mkForce "${bin} --config ${configFile} --file ${registrationFile} --port ${toString config.services.matrix-appservice-irc.port}";

        EnvironmentFile = config.age.secrets.appservice_irc_db_env.path;
        WorkingDirectory = "/var/lib/matrix-appservice-irc";

        SystemCallFilter = lib.mkForce [ ];
      };
    };
  };
}