nix-infra/config/hosts/matrix/matrix-synapse.nix

{ config, ... }:

{
  services.matrix-synapse = {
    enable = true;

    settings = {
      listeners = [
        {
          port = 8008;
          bind_addresses = [
            "::1"
            "127.0.0.1"
          ];
          type = "http";
          tls = false;
          x_forwarded = true;

          resources = [
            {
              compress = true;
              names = [ "client" ];
            }
            {
              compress = false;
              names = [ "federation" ];
            }
          ];
        }
      ];

      server_name = "hamburg.ccc.de";
      public_baseurl = "https://matrix.hamburg.ccc.de";

      database = {
        name = "psycopg2";
        args.password = "synapse";
      };

      media_store_path = "/mnt/data/synapse_media_store";
      max_upload_size = "500M";
      
      admin_contact = "mailto:yuri+ccchh@nekover.se";
    };

    extraConfigFiles = [
      "/secrets/matrix-registration-shared-secret.secret"
    ];
  };

  systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];

  deployment.keys = {
    "matrix-registration-shared-secret.secret" = {
      keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/matrix/registration-shared-secret" ];
      destDir = "/secrets";
      user = "matrix-synapse";
      group = "matrix-synapse";
      permissions = "0640";
      uploadAt = "pre-activation";
    };
  };
}
Fix synapse systemd service by allowing access to the media store 2023-10-07 05:38:47 +02:00			`{ config, ... }:`
Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00
			`{`
			`services.matrix-synapse = {`
			`enable = true;`

			`settings = {`
			`listeners = [`
			`{`
			`port = 8008;`
			`bind_addresses = [`
			`"::1"`
			`"127.0.0.1"`
			`];`
			`type = "http";`
			`tls = false;`
			`x_forwarded = true;`

			`resources = [`
			`{`
			`compress = true;`
			`names = [ "client" ];`
			`}`
			`{`
			`compress = false;`
			`names = [ "federation" ];`
			`}`
			`];`
			`}`
			`];`

			`server_name = "hamburg.ccc.de";`
			`public_baseurl = "https://matrix.hamburg.ccc.de";`

			`database = {`
			`name = "psycopg2";`
			`args.password = "synapse";`
			`};`

			`media_store_path = "/mnt/data/synapse_media_store";`
			`max_upload_size = "500M";`

			`admin_contact = "mailto:yuri+ccchh@nekover.se";`
			`};`

			`extraConfigFiles = [`
			`"/secrets/matrix-registration-shared-secret.secret"`
			`];`
			`};`

Fix synapse systemd service by allowing access to the media store 2023-10-07 05:38:47 +02:00			`systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];`

Configure Matrix host Co-authored-by: julian <julian@jsts.xyz> 2023-10-06 05:33:28 +02:00			`deployment.keys = {`
			`"matrix-registration-shared-secret.secret" = {`
			`keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/matrix/registration-shared-secret" ];`
			`destDir = "/secrets";`
			`user = "matrix-synapse";`
			`group = "matrix-synapse";`
			`permissions = "0640";`
			`uploadAt = "pre-activation";`
			`};`
			`};`
			`}`