Add matrix module

2023-12-17 23:44:41 +00:00 · 2023-12-17 23:44:41 +00:00 · 28c41482c5
commit 28c41482c5
parent 697f5208f9
6 changed files with 85 additions and 32 deletions
--- a/hosts/iron/services/default.nix
+++ b/hosts/iron/services/default.nix
@ -6,7 +6,7 @@
    ./esphome
    ./jellyfin.nix
    ./mail.nix
-    ./matrix
+    ./matrix.nix
    ./navidrome.nix
    ./nginx.nix
    ./ntp.nix
--- a/hosts/iron/services/matrix.nix
+++ b/hosts/iron/services/matrix.nix
@ -0,0 +1,23 @@
+args@{ config, pkgs, custom-utils, ... }:
+
+let
+  ports = import ../ports.nix args;
+in
+{
+  sops.secrets = {
+    synapse-turn-shared-secret = {
+      owner = "matrix-synapse";
+      sopsFile = ../secrets.yaml;
+    };
+  };
+  jalr.matrix = {
+    enable = true;
+    fqdn = "matrix.jalr.de";
+    domain = "jalr.de";
+    synapse.port = ports.matrix-synapse.tcp;
+    turn = {
+      host = "turn.jalr.de";
+      sharedSecretFile = config.sops.secrets.synapse-turn-shared-secret.path;
+    };
+  };
+}
--- a/hosts/iron/services/matrix/default.nix
+++ b/hosts/iron/services/matrix/default.nix
@ -1,5 +0,0 @@
-{
-  imports = [
-    ./synapse.nix
-  ];
-}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -22,6 +22,7 @@
    ./libvirt.nix
    ./localization.nix
    ./mailserver
+    ./matrix
    ./mute-indicator.nix
    ./nix.nix
    ./obs.nix
--- a/modules/matrix/default.nix
+++ b/modules/matrix/default.nix
@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.jalr.matrix;
+in
+{
+  options.jalr.matrix = with lib; with lib.types; {
+    enable = mkEnableOption "simple matrix server";
+    synapse = {
+      port = mkOption {
+        description = "TCP port for synapse service.";
+        type = port;
+      };
+    };
+    fqdn = mkOption {
+      type = str;
+      description = ''
+        FQDN of the matrix server
+      '';
+      example = "matrix.example.com";
+    };
+    domain = mkOption {
+      type = str;
+      description = ''
+        Domain of the matrix server
+      '';
+      example = "example.com";
+    };
+    turn = {
+      host = mkOption {
+        type = str;
+        description = ''
+          Hostname of TURN service
+        '';
+        example = "turn.example.com";
+      };
+      sharedSecretFile = mkOption {
+        type = path;
+        description = "Location of the shared secret file for the TURN service";
+      };
+    };
+  };
+  imports = [
+    ./synapse.nix
+  ];
+}
--- a/hosts/iron/services/matrix/synapse.nix
+++ b/hosts/iron/services/matrix/synapse.nix
@ -1,31 +1,20 @@
-args@{ config, lib, pkgs, custom-utils, ... }:
+{ config, lib, pkgs, ... }:

 let
-  cfg = config.services.matrix-synapse.settings;
-  fqdn = "matrix.jalr.de";
-  domain = "jalr.de";
-  turnHost = "turn.jalr.de";
-  ports = import ../../ports.nix args;
+  cfg = config.jalr.matrix;
 in
-{
-  sops.secrets = {
-    synapse-turn-shared-secret = {
-      owner = "matrix-synapse";
-      sopsFile = ../../secrets.yaml;
-    };
-  };
-
+lib.mkIf cfg.enable {
  services.matrix-synapse = {
    enable = true;

    settings = {
-      server_name = domain;
-      public_baseurl = "https://${fqdn}";
+      server_name = cfg.domain;
+      public_baseurl = "https://${cfg.fqdn}";

      database.name = "sqlite3";

      listeners = lib.singleton {
-        port = ports.matrix-synapse.tcp;
+        port = cfg.synapse.port;
        bind_addresses = [ "127.0.0.1" "::1" ];
        type = "http";
        tls = false;
@ -37,10 +26,10 @@ in
      };

      turn_uris = [
-        "turns:${turnHost}:5349?transport=udp"
-        "turns:${turnHost}:5349?transport=tcp"
-        "turn:${turnHost}:3478?transport=udp"
-        "turn:${turnHost}:3478?transport=tcp"
+        "turns:${cfg.turn.host}:5349?transport=udp"
+        "turns:${cfg.turn.host}:5349?transport=tcp"
+        "turn:${cfg.turn.host}:3478?transport=udp"
+        "turn:${cfg.turn.host}:3478?transport=tcp"
      ];
      turn_user_lifetime = "1h";

@ -82,25 +71,25 @@ in
      experimental_features.msc2716_enabled = true;
    };

-    extraConfigFiles = with config.sops.secrets; [
-      synapse-turn-shared-secret.path
+    extraConfigFiles = [
+      cfg.turn.sharedSecretFile
    ];
  };

  services.nginx.virtualHosts = {
-    "${fqdn}" = {
+    "${cfg.fqdn}" = {
      enableACME = true;
      forceSSL = true;

      locations."/_matrix" =
        let
-          listenerCfg = (lib.elemAt cfg.listeners 0);
+          listenerCfg = (lib.elemAt config.services.matrix-synapse.settings.listeners 0);
        in
        {
          proxyPass = "http://${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";

          extraConfig = ''
-            client_max_body_size ${cfg.max_upload_size};
+            client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
          '';
        };
    };