nix-infra/config/hosts/matrix/matrix-synapse.nix

{ config, ... }:

{
  services.matrix-synapse = {
    enable = true;

    settings = {
      listeners = [
        {
          port = 8008;
          bind_addresses = [
            "::1"
            "127.0.0.1"
          ];
          type = "http";
          tls = false;
          x_forwarded = true;

          resources = [
            {
              compress = true;
              names = [ "client" ];
            }
            {
              compress = false;
              names = [ "federation" ];
            }
          ];
        }
      ];

      server_name = "hamburg.ccc.de";
      public_baseurl = "https://matrix.hamburg.ccc.de";

      database = {
        name = "psycopg2";
        args.password = "synapse";
      };

      media_store_path = "/mnt/data/synapse_media_store";
      max_upload_size = "500M";

      admin_contact = "mailto:yuri+ccchh@nekover.se";
    };

    extraConfigFiles = [
      "/run/secrets/matrix_registration_shared_secret"
    ];
  };

  systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];

  sops.secrets."matrix_registration_shared_secret" = {
    mode = "0440";
    owner = "matrix-synapse";
    group = "matrix-synapse";
    restartUnits = [ "matrix-synapse.service" ];
  };
}
Fix synapse systemd service by allowing access to the media store 2023-10-07 05:38:47 +02:00			`{ config, ... }:`
Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00
			`{`
			`services.matrix-synapse = {`
			`enable = true;`

			`settings = {`
			`listeners = [`
			`{`
			`port = 8008;`
			`bind_addresses = [`
			`"::1"`
			`"127.0.0.1"`
			`];`
			`type = "http";`
			`tls = false;`
			`x_forwarded = true;`

			`resources = [`
			`{`
			`compress = true;`
			`names = [ "client" ];`
			`}`
			`{`
			`compress = false;`
			`names = [ "federation" ];`
			`}`
			`];`
			`}`
			`];`

			`server_name = "hamburg.ccc.de";`
			`public_baseurl = "https://matrix.hamburg.ccc.de";`

			`database = {`
			`name = "psycopg2";`
			`args.password = "synapse";`
			`};`

			`media_store_path = "/mnt/data/synapse_media_store";`
			`max_upload_size = "500M";`
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00
Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00			`admin_contact = "mailto:yuri+ccchh@nekover.se";`
			`};`

			`extraConfigFiles = [`
Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 02:58:15 +02:00			`"/run/secrets/matrix_registration_shared_secret"`
Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00			`];`
			`};`

Fix synapse systemd service by allowing access to the media store 2023-10-07 05:38:47 +02:00			`systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];`

Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 02:58:15 +02:00			`sops.secrets."matrix_registration_shared_secret" = {`
			`mode = "0440";`
			`owner = "matrix-synapse";`
			`group = "matrix-synapse";`
			`restartUnits = [ "matrix-synapse.service" ];`
Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00			`};`
			`}`