jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-configuration/modules/matrix/synapse.nix
Jakob Lechner eaf6f0d54a Use postgresql as database
2025-04-16 22:54:29 +02:00

149 lines
4.1 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, lib, pkgs, ... }:
let
cfg = config.jalr.matrix;
in
lib.mkIf cfg.enable {
services = {
matrix-synapse = {
enable = true;
settings = {
server_name = cfg.domain;
public_baseurl = "https://${cfg.fqdn}";
database = {
name = "psycopg2";
args.user = "matrix-synapse";
args.database = "matrix-synapse";
};
listeners = lib.singleton {
inherit (cfg.synapse) port;
bind_addresses = [ "127.0.0.1" "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = lib.singleton {
names = [ "client" "federation" "metrics" ];
compress = false;
};
};
turn_uris = [
"turns:${cfg.turn.host}:5349?transport=udp"
"turns:${cfg.turn.host}:5349?transport=tcp"
"turn:${cfg.turn.host}:3478?transport=udp"
"turn:${cfg.turn.host}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
enable_metrics = true;
# adapted from https://github.com/NixOS/nixpkgs/blob/7e10bf4327491a6ebccbe1aaa8e6c6c0aca4663a/nixos/modules/services/misc/matrix-synapse-log_config.yaml
# - set root.level to WARNING instead of INFO
log_config = pkgs.writeText "log_config.yaml" (builtins.toJSON {
version = 1;
formatters.journal_fmt.format = "%(name)s: [%(request)s] %(message)s";
filters.context = {
"()" = "synapse.util.logcontext.LoggingContextFilter";
request = "";
};
handlers.journal = {
class = "systemd.journal.JournalHandler";
formatter = "journal_fmt";
filters = [ "context" ];
SYSLOG_IDENTIFIER = "synapse";
};
root = {
level = "WARNING";
handlers = [ "journal" ];
};
disable_existing_loggers = false;
});
max_upload_size = "50M";
# Im okay with using matrix.org as trusted key server
suppress_key_server_warning = true;
# For mautrix-whatsapp backfilling
experimental_features.msc2716_enabled = true;
};
extraConfigFiles = [
cfg.turn.sharedSecretFile
];
};
matrix-synapse.settings.app_service_config_files = lib.attrsets.mapAttrsToList
(
name: _:
"/run/matrix-synapse/app_service_config/${name}.yaml"
)
cfg.synapse.app_service_config;
nginx.virtualHosts = {
"${cfg.fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/_matrix" =
let
listenerCfg = lib.elemAt config.services.matrix-synapse.settings.listeners 0;
in
{
proxyPass = "http://${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";
extraConfig = ''
client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
'';
};
};
};
postgresql = {
enable = true;
ensureDatabases = [
config.services.matrix-synapse.settings.database.args.database
];
ensureUsers = [{
name = config.services.matrix-synapse.settings.database.args.user;
ensureDBOwnership = true;
}];
};
};
systemd.services.matrix-synapse = {
restartTriggers = lib.attrsets.mapAttrsToList
(
_: value: "${value}"
)
cfg.synapse.app_service_config;
serviceConfig = {
RuntimeDirectory = lib.mkForce [
"matrix-synapse"
"matrix-synapse/app_service_config"
];
RuntimeDirectoryPreserve = lib.mkForce false;
ExecStartPre = lib.attrsets.mapAttrsToList
(name: value:
let
script = pkgs.writeShellScript "app_service_config-${name}"
''
cp "${value}" "/run/matrix-synapse/app_service_config/${name}.yaml"
chown matrix-synapse: "/run/matrix-synapse/app_service_config/${name}.yaml"
'';
in
"+${script}"
)
cfg.synapse.app_service_config;
};
};
}
Reference in a new issue View git blame Copy permalink