# Sources for this configuration:
# - https://github.com/matrix-org/mjolnir/blob/main/docs/setup.md
# - https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml

{ ... }:

{
  # Allow deprecated, apparently somewhat insecure libolm to be able to update
  # the moderation bot.
  # The security issues aren't real world exploitable apparently:
  # https://matrix.org/blog/2024/08/libolm-deprecation/
  nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
  services.mjolnir = {
    enable = true;
    homeserverUrl = "https://matrix.hamburg.ccc.de";
    managementRoom = "#moderation-management:hamburg.ccc.de";
    settings = {
      verboseLogging = false;
    };
    pantalaimon = {
      enable = true;
      username = "moderation";
      passwordFile = "/run/secrets/matrix_moderation_user_password";
      options = {
        ssl = true;
      };
    };
  };

  sops.secrets."matrix_moderation_user_password" = {
    mode = "0440";
    owner = "mjolnir";
    group = "mjolnir";
    restartUnits = [ "mjolnir.service" ];
  };
}