feat: media-browser for matrix

2026-05-23 11:46:58 +00:00
parent afd4970cf4
commit e38bf7582d
5 changed files with 680 additions and 0 deletions
--- a/nixos/module/hectic/service/media-browser.nix
+++ b/nixos/module/hectic/service/media-browser.nix
@@ -0,0 +1,99 @@
+{
+  inputs,
+  flake,
+  self,
+}: {
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.media-browser;
+
+  mediaBrowserApp = pkgs.hectic.media-browser;
+in {
+  options.hectic.services.media-browser = {
+    enable = lib.mkEnableOption "Matrix media browser web app";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 3000;
+      description = "Port to bind the media browser web server.";
+    };
+
+    mediaStorePath = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/matrix-synapse/media_store";
+      description = "Path to Synapse media store.";
+    };
+
+    s3CredentialsFile = lib.mkOption {
+      type = lib.types.path;
+      description = "Path to S3 credentials file (ACCESS_KEY_ID=..., SECRET_ACCESS_KEY=...).";
+    };
+
+    s3Bucket = lib.mkOption {
+      type = lib.types.str;
+      description = "S3 bucket name.";
+    };
+
+    s3Endpoint = lib.mkOption {
+      type = lib.types.str;
+      description = "S3 endpoint URL.";
+    };
+
+    s3Region = lib.mkOption {
+      type = lib.types.str;
+      default = "hel1";
+      description = "S3 region name.";
+    };
+
+    s3Prefix = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = "S3 object key prefix.";
+    };
+
+    dbName = lib.mkOption {
+      type = lib.types.str;
+      default = "matrix-synapse";
+      description = "PostgreSQL database name.";
+    };
+
+    dbUser = lib.mkOption {
+      type = lib.types.str;
+      default = "matrix-synapse";
+      description = "PostgreSQL database user.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.media-browser = {
+      description = "Matrix Media Browser";
+      after = [ "network.target" "postgresql.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "simple";
+        User = "matrix-synapse";
+        Group = "matrix-synapse";
+        ExecStart = "${mediaBrowserApp}/bin/media-browser-wrapped";
+        Restart = "on-failure";
+        RestartSec = 5;
+      };
+      environment = {
+        FLASK_ENV = "production";
+        PORT = toString cfg.port;
+        MEDIA_STORE_PATH = cfg.mediaStorePath;
+        S3_BUCKET = cfg.s3Bucket;
+        S3_ENDPOINT = cfg.s3Endpoint;
+        S3_REGION = cfg.s3Region;
+        S3_PREFIX = cfg.s3Prefix;
+        DB_NAME = cfg.dbName;
+        DB_USER = cfg.dbUser;
+        DB_HOST = "/run/postgresql";
+        DB_PORT = "5432";
+      };
+      serviceConfig.EnvironmentFile = cfg.s3CredentialsFile;
+    };
+  };
+}
--- a/nixos/system/hectic-lab/hectic-lab.nix
+++ b/nixos/system/hectic-lab/hectic-lab.nix
@@ -84,6 +84,15 @@ in {
      };
      inherit matrixDomain;
    };
+
+    services.media-browser = {
+      enable = true;
+      port = 3001;
+      s3Bucket = "matrix-hectic-lab";
+      s3Endpoint = "https://hel1.your-objectstorage.com";
+      s3Region = "hel1";
+      s3CredentialsFile = config.sops.secrets."matrix/object-storage/credentials".path;
+    };
  };

  # NOTE(yukkop): disk was provisioned by Hetzner rescue image, disko was never