forked from CCCHH/nix-infra
63 lines
1.4 KiB
Nix
63 lines
1.4 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
listeners = [
|
|
{
|
|
port = 8008;
|
|
bind_addresses = [
|
|
"::1"
|
|
"127.0.0.1"
|
|
];
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
|
|
resources = [
|
|
{
|
|
compress = true;
|
|
names = [ "client" ];
|
|
}
|
|
{
|
|
compress = false;
|
|
names = [ "federation" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
server_name = "hamburg.ccc.de";
|
|
public_baseurl = "https://matrix.hamburg.ccc.de";
|
|
|
|
database = {
|
|
name = "psycopg2";
|
|
args.password = "synapse";
|
|
};
|
|
|
|
media_store_path = "/mnt/data/synapse_media_store";
|
|
max_upload_size = "500M";
|
|
|
|
admin_contact = "mailto:yuri+ccchh@nekover.se";
|
|
};
|
|
|
|
extraConfigFiles = [
|
|
"/secrets/matrix-registration-shared-secret.secret"
|
|
];
|
|
};
|
|
|
|
systemd.services.matrix-synapse.serviceConfig.ReadWritePaths = [ config.services.matrix-synapse.settings.media_store_path ];
|
|
|
|
deployment.keys = {
|
|
"matrix-registration-shared-secret.secret" = {
|
|
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/matrix/registration-shared-secret" ];
|
|
destDir = "/secrets";
|
|
user = "matrix-synapse";
|
|
group = "matrix-synapse";
|
|
permissions = "0640";
|
|
uploadAt = "pre-activation";
|
|
};
|
|
};
|
|
}
|