danio/nixos-matrix-modules
1
2
Fork 1
mirror of https://github.com/dali99/nixos-matrix-modules.git synced 2026-01-18 21:48:21 +01:00
Code Issues Releases Activity

Compare commits

base: danio:master
Branches Tags
danio:master danio:D4ndellion-patch-1 danio:nixos-25.05 danio:deprecate-proxy2 danio:deprecate-proxy danio:nixos-24.05 danio:add-support-for-unix-sockets danio:make-workers-use-path danio:out-of-your-element danio:time-to-break-our-workers danio:presence-stream-writer oysteikt:main oysteikt:master oysteikt:D4ndellion-patch-1 oysteikt:nixos-25.05 oysteikt:deprecate-proxy2 oysteikt:deprecate-proxy oysteikt:nixos-24.05 oysteikt:add-support-for-unix-sockets oysteikt:make-workers-use-path oysteikt:out-of-your-element oysteikt:time-to-break-our-workers oysteikt:presence-stream-writer
danio:v0.8.0 danio:v0.7.1 danio:0.7.0 danio:v0.6.1 danio:v0.6.0 danio:v0.5.0 danio:v0.4.0 danio:v0.3.0 oysteikt:v0.8.0 oysteikt:v0.7.1 oysteikt:0.7.0 oysteikt:v0.6.1 oysteikt:v0.6.0 oysteikt:v0.5.0 oysteikt:v0.4.0 oysteikt:v0.3.0
..
compare: oysteikt:make-workers-use-path
Branches Tags
oysteikt:main oysteikt:master oysteikt:D4ndellion-patch-1 oysteikt:nixos-25.05 oysteikt:deprecate-proxy2 oysteikt:deprecate-proxy oysteikt:nixos-24.05 oysteikt:add-support-for-unix-sockets oysteikt:make-workers-use-path oysteikt:out-of-your-element oysteikt:time-to-break-our-workers oysteikt:presence-stream-writer danio:master danio:D4ndellion-patch-1 danio:nixos-25.05 danio:deprecate-proxy2 danio:deprecate-proxy danio:nixos-24.05 danio:add-support-for-unix-sockets danio:make-workers-use-path danio:out-of-your-element danio:time-to-break-our-workers danio:presence-stream-writer
oysteikt:v0.8.0 oysteikt:v0.7.1 oysteikt:0.7.0 oysteikt:v0.6.1 oysteikt:v0.6.0 oysteikt:v0.5.0 oysteikt:v0.4.0 oysteikt:v0.3.0 danio:v0.8.0 danio:v0.7.1 danio:0.7.0 danio:v0.6.1 danio:v0.6.0 danio:v0.5.0 danio:v0.4.0 danio:v0.3.0

3 Commits
master ... make-worke

Author SHA1 Message Date
h7x4
f3fcbc2b40 WIP: create tests 2023-10-29 05:38:37 +01:00
h7x4
f5bb4ac8c2 WIP: make workers use path 2023-10-29 05:38:37 +01:00
h7x4
1f1475aec6 add gitignore 2023-10-29 05:38:35 +01:00
15 changed files with 415 additions and 429 deletions
Expand all files Collapse all files

17
MIGRATIONS.MD
View File

@@ -2,20 +2,9 @@
This is a best effort document descibing neccecary changes you might have to do when updating
## 0.8.0
## 0.5.0 UNRELEASED
The module has been renamed from `synapse` to `default`
`saml2` is no longer enabled, as it depends on vulnerable dependencies and isnt really built in nixpks anymore.
If you need to authenticate with saml, you should deploy some sort of saml to openid bridge, instead.
## 0.6.1
enableSlidingSync, and setting matrix-synapse.sliding-sync.environmentFile (or any other sliding-sync setting)
is no longer needed for a sliding-sync setup. Upgrading will force relogins for all users.
## 0.5.0
* The module has been renamed from `synapse` to `default`
* The synapse module now expects a wrapper-style package. This means the module is now incompatible with nixpkgs < 23.11.

18
README.MD
View File

@@ -1,5 +1,3 @@
For support and requests feel free to join [#nixos-matrix-modules:dodsorf.as](https://matrix.to/#/#nixos-matrix-modules:dodsorf.as), [uri](matrix:r/nixos-matrix-modules:dodsorf.as)
With matrix.YOURDOMAIN pointing at the server:
```
@@ -38,3 +36,19 @@ With matrix.YOURDOMAIN pointing at the server:
```
is ~enough to get a functional matrix-server running with some workers
## Sliding Sync (Element X)
Just add the following to your config and point `slidingsync.YOURDOMAIN` at the server
```
services.matrix-synapse-next = {
enableSlidingSync = true;
};
services.matrix-synapse.sliding-sync.environmentFile = "/some/file/containing/SYNCV3_SECRET=<some secret>";
```
If using [well-known delagation](https://matrix-org.github.io/synapse/v1.37/delegate.html) make sure `YOURDOMAIN/.well-known/matrix/client` matches
what's in `matrix.YOURDOMAIN/.well-known/matrix/client`

26
flake.lock generated
View File

@@ -2,22 +2,38 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1764983851,
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
"lastModified": 1690789960,
"narHash": "sha256-3K+2HuyGTiJUSZNJxXXvc0qj4xFx1FHC/ItYtEa7/Xs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
"rev": "fb942492b7accdee4e6d17f5447091c65897dde4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.11",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1673743903,
"narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"nixpkgs-lib": "nixpkgs-lib"
}
}
},

32
flake.nix
View File

@@ -2,31 +2,27 @@
description = "NixOS modules for matrix related services";
inputs = {
nixpkgs.url = "nixpkgs/nixos-25.11";
nixpkgs-lib.url = "github:nix-community/nixpkgs.lib";
nixpkgs.url = "nixpkgs/nixos-unstable";
};
outputs = { self, nixpkgs }: {
outputs = { self, nixpkgs, nixpkgs-lib }: {
nixosModules = {
default = import ./module.nix;
};
lib = import ./lib.nix { lib = nixpkgs.lib; };
lib = import ./lib.nix { lib = nixpkgs-lib.lib; };
checks = let
forAllSystems = f:
nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
] (system: f nixpkgs.legacyPackages.${system});
in forAllSystems (pkgs: let
tests = import ./tests {
inherit nixpkgs pkgs;
matrix-lib = self.lib;
};
packages = let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
inherit (tests) nginx-pipeline-eval;
});
${system}.tests = import ./tests {
inherit system;
inherit nixpkgs;
inherit pkgs;
nixosModule = self.outputs.nixosModules.synapse;
};
};
};
}

62
lib.nix
View File

@@ -4,7 +4,7 @@ rec {
isListenerType = type: l: lib.any (r: lib.any (n: n == type) r.names) l.resources;
# Get the first listener that includes the given resource from worker
firstListenerOfType = type: ls: lib.lists.findFirst (isListenerType type)
(throw "No listener with resource: ${type} configured")
(lib.throw "No listener with resource: ${type} configured")
ls;
# Get an attrset of the host and port from a listener
connectionInfo = l: {
@@ -17,64 +17,4 @@ rec {
l = firstListenerOfType r w.settings.worker_listeners;
in connectionInfo l;
mapWorkersToUpstreamsByType = workerInstances:
lib.pipe workerInstances [
lib.attrValues
# Index by worker type
(lib.foldl (acc: worker: acc // {
${worker.type} = (acc.${worker.type} or [ ]) ++ [ worker ];
}) { })
# Subindex by resource names, listener types, and convert to upstreams
(lib.mapAttrs (_: workers: lib.pipe workers [
(lib.concatMap (worker: [ (lib.lists.head worker.settings.worker_listeners) ]))
lib.flatten
mapListenersToUpstreamsByType
]))
];
mapListenersToUpstreamsByType = listenerInstances:
lib.pipe listenerInstances [
# Index by resource names
(lib.concatMap (listener: lib.pipe listener [
(listener: let
allResourceNames = lib.pipe listener.resources [
(map (resource: resource.names))
lib.flatten
lib.unique
];
in if allResourceNames == [ ]
then { "empty" = listener; }
else lib.genAttrs allResourceNames (_: listener))
lib.attrsToList
]))
(lib.foldl (acc: listener: acc // {
${listener.name} = (acc.${listener.name} or [ ]) ++ [ listener.value ];
}) { })
# Index by listener type
(lib.mapAttrs (_:
(lib.foldl (acc: listener: acc // {
${listener.type} = (acc.${listener.type} or [ ]) ++ [ listener ];
}) { })
))
# Convert listeners to upstream URIs
(lib.mapAttrs (_:
(lib.mapAttrs (_: listeners:
lib.pipe listeners [
(lib.concatMap (listener:
if listener.path != null
then [ "unix:${listener.path}" ]
else (map (addr: "${addr}:${toString listener.port}") listener.bind_addresses)
))
# NOTE: Adding ` = { }` to every upstream might seem unnecessary in isolation,
# but it makes it easier to set upstreams in the nginx module.
(uris: lib.genAttrs uris (_: { }))
]
))
))
];
}

10
module.nix
View File

@@ -1,14 +1,8 @@
{ lib, ... }:
{ ... }:
{
imports = [
./synapse-module
# TODO: Remove after 25.05
(lib.mkRemovedOptionModule [ "services" "matrix-synapse" "sliding-sync" ] ''
`services.matrix-synapse.sliding-sync` is no longer necessary to use sliding-sync with synapse.
As synapse now includes this in itself, if you have a manually managed `.well-known/matrix/client` file
remove the proxy url from it.
'')
./sliding-sync
];
}

37
pkgs/matrix-sliding-sync/default.nix Normal file
View File

@@ -0,0 +1,37 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "matrix-sliding-sync";
version = "0.99.11";
src = fetchFromGitHub {
owner = "matrix-org";
repo = "sliding-sync";
rev = "refs/tags/v${version}";
hash = "sha256-Wd/nnJhKg+BDyOIz42zEScjzQRrpEq6YG9/9Tk24hgg=";
};
vendorHash = "sha256-0QSyYhOht1j1tWNxHQh+NUZA/W1xy7ANu+29H/gusOE=";
subPackages = [ "cmd/syncv3" ];
ldflags = [
"-s"
"-w"
"-X main.GitCommit=${src.rev}"
];
# requires a running matrix-synapse
doCheck = false;
meta = with lib; {
description = "A sliding sync implementation of MSC3575 for matrix";
homepage = "https://github.com/matrix-org/sliding-sync";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ emilylange ];
mainProgram = "syncv3";
};
}

117
sliding-sync/default.nix Normal file
View File

@@ -0,0 +1,117 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.matrix-synapse.sliding-sync;
in
{
disabledModules = [ "services/matrix/matrix-sliding-sync.nix" ];
options.services.matrix-synapse.sliding-sync = {
enable = lib.mkEnableOption (lib.mdDoc "sliding sync");
package = lib.mkOption {
type = lib.types.package;
default = pkgs.callPackage ../pkgs/matrix-sliding-sync { };
description = "What package to use for the sliding-sync proxy.";
};
enableNginx = lib.mkEnableOption (lib.mdDoc "autogenerated nginx config");
publicBaseUrl = lib.mkOption {
type = lib.types.str;
description = "The domain where clients connect, only has an effect with enableNginx";
example = "slidingsync.matrix.org";
};
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = with lib.types; attrsOf str;
options = {
SYNCV3_SERVER = lib.mkOption {
type = lib.types.str;
description = lib.mdDoc ''
The destination homeserver to talk to not including `/_matrix/` e.g `https://matrix.example.org`.
'';
};
SYNCV3_DB = lib.mkOption {
type = lib.types.str;
default = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
description = lib.mdDoc ''
The postgres connection string.
Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>.
'';
};
SYNCV3_BINDADDR = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1:8009";
example = "[::]:8008";
description = lib.mdDoc "The interface and port to listen on.";
};
SYNCV3_LOG_LEVEL = lib.mkOption {
type = lib.types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
default = "info";
description = lib.mdDoc "The level of verbosity for messages logged.";
};
};
};
default = { };
description = ''
Freeform environment variables passed to the sliding sync proxy.
Refer to <https://github.com/matrix-org/sliding-sync#setup> for all supported values.
'';
};
createDatabase = lib.mkOption {
type = lib.types.bool;
default = true;
description = lib.mdDoc ''
Whether to enable and configure `services.postgres` to ensure that the database user `matrix-sliding-sync`
and the database `matrix-sliding-sync` exist.
'';
};
environmentFile = lib.mkOption {
type = lib.types.str;
description = lib.mdDoc ''
Environment file as defined in {manpage}`systemd.exec(5)`.
This must contain the {env}`SYNCV3_SECRET` variable which should
be generated with {command}`openssl rand -hex 32`.
'';
};
};
config = lib.mkIf cfg.enable {
services.postgresql = lib.optionalAttrs cfg.createDatabase {
enable = true;
ensureDatabases = [ "matrix-sliding-sync" ];
ensureUsers = [ rec {
name = "matrix-sliding-sync";
ensurePermissions."DATABASE \"${name}\"" = "ALL PRIVILEGES";
} ];
};
systemd.services.matrix-sliding-sync = {
after = lib.optional cfg.createDatabase "postgresql.service";
wantedBy = [ "multi-user.target" ];
environment = cfg.settings;
serviceConfig = {
DynamicUser = true;
EnvironmentFile = cfg.environmentFile;
ExecStart = lib.getExe cfg.package;
StateDirectory = "matrix-sliding-sync";
WorkingDirectory = "%S/matrix-sliding-sync";
};
};
services.nginx.virtualHosts.${cfg.publicBaseUrl} = lib.mkIf cfg.enableNginx {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = lib.replaceStrings [ "0.0.0.0" "::" ] [ "127.0.0.1" "::1" ] "http://${cfg.settings.SYNCV3_BINDADDR}";
};
};
};
}

107
synapse-module/default.nix
View File

@@ -10,23 +10,9 @@ let
wcfgText = "config.services.matrix-synapse-next.workers";
format = pkgs.formats.yaml {};
matrix-synapse-common-config = format.generate "matrix-synapse-common-config.yaml" (cfg.settings // {
listeners = map (lib.filterAttrsRecursive (_: v: v != null)) cfg.settings.listeners;
});
# TODO: Align better with the upstream module
wrapped = cfg.package.override {
inherit (cfg) plugins;
extras = [
"postgres"
"oidc"
"systemd"
"url-preview"
"sentry"
"jwt"
"redis"
"cache-memory"
];
matrix-synapse-common-config = format.generate "matrix-synapse-common-config.yaml" cfg.settings;
pluginsEnv = cfg.package.python.buildEnv.override {
extraLibs = cfg.plugins;
};
inherit (lib)
@@ -47,7 +33,7 @@ in
imports = [
./nginx.nix
(import ./workers.nix {
inherit matrix-lib throw' format matrix-synapse-common-config wrapped;
inherit matrix-lib throw' format matrix-synapse-common-config pluginsEnv;
})
];
@@ -79,15 +65,6 @@ in
'';
};
socketDir = mkOption {
type = types.path;
default = "/run/matrix-synapse";
description = ''
The directory where matrix-synapse by default stores the sockets of
all listeners that bind to UNIX sockets.
'';
};
enableNginx = mkEnableOption "The synapse module managing nginx";
public_baseurl = mkOption {
@@ -144,42 +121,14 @@ in
type = types.listOf (types.submodule {
options = {
port = mkOption {
type = with types; nullOr types.port;
default = null;
description = ''
The TCP port to bind to.
::: {.note}
This option will be ignored if {option}`path` is set to a non-null value.
:::
'';
type = types.port;
description = "The TCP port to bind to";
example = 8448;
};
path = mkOption {
type = with types; nullOr path;
default = null;
description = ''
The UNIX socket to bind to.
::: {.note}
This option will override {option}`bind_addresses` and {option}`port`
if set to a non-null value.
:::
'';
example = literalExpression ''''${${cfgText}.socketDir}/matrix-synapse.sock'';
};
bind_addresses = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
A list of local addresses to listen on.
::: {.note}
This option will be ignored if {option}`path` is set to a non-null value.
:::
'';
description = "A list of local addresses to listen on";
};
type = mkOption {
@@ -238,14 +187,16 @@ in
# TODO: add defaultText
default = [
{
path = "${cfg.socketDir}/matrix-synapse.sock";
port = 8008;
bind_addresses = [ "127.0.0.1" ];
resources = [
{ names = [ "client" ]; compress = true; }
{ names = [ "federation" ]; compress = false; }
];
}
(mkIf (wcfg.instances != { }) {
path = "${cfg.socketDir}/matrix-synapse-replication.sock";
port = 9093;
bind_addresses = [ "127.0.0.1" ];
resources = [
{ names = [ "replication" ]; }
];
@@ -387,15 +338,6 @@ in
};
config = mkIf cfg.enable {
assertions = [ ]
++ (map (l: {
assertion = l.path == null -> (l.bind_addresses != [ ] && l.port != null);
message = "Some listeners are missing either a socket path or a bind_address + port to listen on";
}) cfg.settings.listeners);
warnings = [ ] ++ lib.optional cfg.enableSlidingSync
"the option services.matrix-synapse-next.enableSlidingSync no longer has any effect (and is enabled by default)";
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
@@ -427,31 +369,46 @@ in
wantedBy = [ "matrix-synapse.target" ];
preStart = let
flags = lib.cli.toCommandLineShellGNU {} {
flags = lib.cli.toGNUCommandLineShell {} {
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir;
generate-keys = true;
};
in "${cfg.package}/bin/synapse_homeserver ${flags}";
environment.PYTHONPATH =
lib.makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
serviceConfig = {
Type = "notify";
User = "matrix-synapse";
Group = "matrix-synapse";
Slice = "system-matrix-synapse.slice";
WorkingDirectory = cfg.dataDir;
StateDirectory = "matrix-synapse";
RuntimeDirectory = "matrix-synapse";
ExecStart = let
flags = lib.cli.toCommandLineShellGNU {} {
flags = lib.cli.toGNUCommandLineShell {} {
config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir;
};
in "${wrapped}/bin/synapse_homeserver ${flags}";
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
in "${cfg.package}/bin/synapse_homeserver ${flags}";
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
};
};
};
services.matrix-synapse-next.settings.extra_well_known_client_content."org.matrix.msc3575.proxy" = mkIf cfg.enableSlidingSync {
url = "https://${config.services.matrix-synapse.sliding-sync.publicBaseUrl}";
};
services.matrix-synapse.sliding-sync = mkIf cfg.enableSlidingSync {
enable = true;
enableNginx = lib.mkDefault cfg.enableNginx;
publicBaseUrl = lib.mkDefault "slidingsync.${cfg.settings.server_name}";
settings = {
SYNCV3_SERVER = lib.mkDefault "https://${cfg.public_baseurl}";
SYNCV3_PROM = lib.mkIf cfg.settings.enable_metrics (lib.mkDefault "127.0.0.1:9001");
};
};
};
}

55
synapse-module/nginx.nix
View File

@@ -2,10 +2,13 @@
let
cfg = config.services.matrix-synapse-next;
matrix-lib = (import ../lib.nix { inherit lib; });
workerUpstreams = matrix-lib.mapWorkersToUpstreamsByType cfg.workers.instances;
listenerUpstreams = matrix-lib.mapListenersToUpstreamsByType cfg.settings.listeners;
getWorkersOfType = type: lib.filterAttrs (_: w: w.type == type) cfg.workers.instances;
isListenerType = type: listener: lib.lists.any (r: lib.lists.any (n: n == type) r.names) listener.resources;
firstListenerOfType = type: worker: lib.lists.findFirst (isListenerType type) (throw "No federation endpoint on receiver") worker.settings.worker_listeners;
wAddressOfType = type: w: lib.lists.findFirst (_: true) (throw "No address in receiver") (firstListenerOfType type w).bind_addresses;
wPortOfType = type: w: (firstListenerOfType type w).port;
wSocketAddressOfType = type: w: "${wAddressOfType type w}:${builtins.toString (wPortOfType type w)}";
generateSocketAddresses = type: workers: lib.mapAttrsToList (_: w: "${wSocketAddressOfType type w}") workers;
in
{
config = lib.mkIf cfg.enableNginx {
@@ -135,17 +138,24 @@ in
'';
services.nginx.upstreams.synapse_master.servers = let
mainListeners = builtins.intersectAttrs
(listenerUpstreams.client.http or { })
(listenerUpstreams.federation.http or { });
in
assert lib.assertMsg (mainListeners != { })
"No catch-all listener configured, or listener is not bound to an address";
mainListeners;
isMainListener = l: isListenerType "client" l && isListenerType "federation" l;
firstMainListener = lib.findFirst isMainListener
(throw "No catch-all listener configured") cfg.settings.listeners;
address = lib.findFirst (_: true) (throw "No address in main listener") firstMainListener.bind_addresses;
port = firstMainListener.port;
socketAddress = "${address}:${builtins.toString port}";
in {
"${socketAddress}" = { };
};
services.nginx.upstreams.synapse_worker_federation = {
servers = workerUpstreams.fed-receiver.federation.http or config.services.nginx.upstreams.synapse_master.servers;
servers = let
fedReceivers = getWorkersOfType "fed-receiver";
socketAddresses = generateSocketAddresses "federation" fedReceivers;
in if fedReceivers != { } then
lib.genAttrs socketAddresses (_: { })
else config.services.nginx.upstreams.synapse_master.servers;
extraConfig = ''
ip_hash;
'';
@@ -153,7 +163,12 @@ in
services.nginx.upstreams.synapse_worker_initial_sync = {
servers = workerUpstreams.initial-sync.client.http or config.services.nginx.upstreams.synapse_master.servers;
servers = let
initialSyncers = getWorkersOfType "initial-sync";
socketAddresses = generateSocketAddresses "client" initialSyncers;
in if initialSyncers != { } then
lib.genAttrs socketAddresses (_: { })
else config.services.nginx.upstreams.synapse_master.servers;
extraConfig = ''
hash $mxid_localpart consistent;
'';
@@ -161,7 +176,12 @@ in
services.nginx.upstreams.synapse_worker_normal_sync = {
servers = workerUpstreams.normal-sync.client.http or config.services.nginx.upstreams.synapse_master.servers;
servers = let
normalSyncers = getWorkersOfType "normal-sync";
socketAddresses = generateSocketAddresses "client" normalSyncers;
in if normalSyncers != { } then
lib.genAttrs socketAddresses (_: { })
else config.services.nginx.upstreams.synapse_master.servers;
extraConfig = ''
hash $mxid_localpart consistent;
'';
@@ -169,7 +189,12 @@ in
services.nginx.upstreams.synapse_worker_user-dir = {
servers = workerUpstreams.user-dir.client.http or config.services.nginx.upstreams.synapse_master.servers;
servers = let
workers = getWorkersOfType "user-dir";
socketAddresses = generateSocketAddresses "client" workers;
in if workers != { } then
lib.genAttrs socketAddresses (_: { })
else config.services.nginx.upstreams.synapse_master.servers;
};
services.nginx.virtualHosts."${cfg.public_baseurl}" = {

267
synapse-module/workers.nix
View File

@@ -1,6 +1,6 @@
{ matrix-synapse-common-config,
matrix-lib,
wrapped,
pluginsEnv,
throw',
format
}:
@@ -19,6 +19,7 @@
type = types.ints.unsigned;
description = "How many automatically configured ${workerType} workers to set up";
default = 0;
example = 1;
};
genAttrs' = items: f: g: builtins.listToAttrs (map (i: lib.nameValuePair (f i) (g i)) items);
@@ -33,11 +34,25 @@ in {
type = types.bool;
internal = true;
default = false;
description = ''
This is an internal flag that signals that this worker is part of the
workers generated by either of the following:
- federationSenders
- federationReceivers
- initialSyncers
- normalSyncers
- eventPersisters
- useUserDirectoryWorker
'';
};
index = mkOption {
internal = true;
type = types.ints.positive;
description = ''
This is an internal variable that indexes the worker of this type.
'';
};
# The custom string type here is mainly for the name to use
@@ -85,24 +100,25 @@ in {
default = "http";
};
port = mkOption {
type = with types; nullOr port;
default = null;
description = "The TCP port to bind to";
};
path = mkOption {
type = with types; nullOr path;
default = null;
description = "The UNIX socket to bind to";
type = types.path;
default = instanceCfg.name;
description = ''
A path and filename for a Unix socket.
'';
};
bind_addresses = mkOption {
type = with types; listOf str;
description = "A list of local addresses to listen on";
default = [ wcfg.defaultListenerAddress ];
defaultText = literalExpression "[ ${wcfgText}.defaultListenerAddress ]";
};
# port = mkOption {
# type = types.port;
# description = "The TCP port to bind to";
# };
# bind_addresses = mkOption {
# type = with types; listOf str;
# description = "A list of local addresses to listen on";
# default = [ wcfg.defaultListenerAddress ];
# defaultText = literalExpression "[ ${wcfgText}.defaultListenerAddress ]";
# };
tls = mkOption {
type = types.bool;
@@ -167,52 +183,6 @@ in {
};
};
in {
mainReplicationHost = mkOption {
type = with types; nullOr str;
default = let
host = (matrix-lib.connectionInfo mainReplicationListener).host;
in
# To avoid connecting to 0.0.0.0 and so on
if builtins.elem host [ "0.0.0.0" "::" ]
then "127.0.0.1"
else host;
# TODO: add defaultText
description = "Host of the main synapse instance's replication listener";
};
mainReplicationPort = mkOption {
type = with types; nullOr port;
default = mainReplicationListener.port;
# TODO: add defaultText
description = "Port for the main synapse instance's replication listener";
};
mainReplicationPath = mkOption {
type = with types; nullOr path;
default = mainReplicationListener.path;
# TODO: add defaultText
description = "Path to the UNIX socket of the main synapse instance's replication listener";
};
defaultListenerAddress = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The default listener address for the worker";
};
workersUsePath = mkOption {
type = types.bool;
description = "Whether to enable UNIX sockets for all automatically generated workers";
default = true;
example = false;
};
workerStartingPort = mkOption {
type = types.port;
description = "What port should the automatically configured workers start enumerating from";
default = 8083;
};
enableMetrics = mkOption {
type = types.bool;
default = cfg.settings.enable_metrics;
@@ -220,12 +190,6 @@ in {
# TODO: add description
};
metricsStartingPort = mkOption {
type = types.port;
default = 18083;
# TODO: add description
};
federationSenders = mkWorkerCountOption "federation-sender";
federationReceivers = mkWorkerCountOption "federation-reciever";
initialSyncers = mkWorkerCountOption "initial-syncer";
@@ -239,13 +203,14 @@ in {
default = { };
description = "Worker configuration";
example = {
"federation_sender1" = {
"federation-sender-1" = {
settings = {
worker_name = "federation_sender1";
worker_name = "federation-sender-1";
worker_app = "synapse.app.generic_worker";
worker_replication_host = "127.0.0.1";
worker_replication_http_port = 9093;
path = "/run/matrix-synapse/federation-sender-1.sock";
# worker_replication_host = "127.0.0.1";
# worker_replication_http_port = 9093;
worker_listeners = [ ];
};
};
@@ -253,135 +218,87 @@ in {
};
};
config = {
assertions = [ ]
++ (lib.concatMap (worker:
(map (l: {
assertion = l.path == null -> (l.bind_addresses != [ ] && l.port != null);
message = "At least one worker listener is missing either a socket path or a bind_address + port to listen on";
}) worker.settings.worker_listeners)
) (lib.attrValues wcfg.instances));
config = let
genList1 = f: builtins.genList (i: f (i + 1));
in {
services.matrix-synapse-next.settings = {
federation_sender_instances =
lib.genList (i: "auto-fed-sender${toString (i + 1)}") wcfg.federationSenders;
genList1 (i: "auto-fed-sender-${toString i}") wcfg.federationSenders;
instance_map = (lib.mkIf (cfg.workers.instances != { }) ({
main = if wcfg.mainReplicationPath != null then {
path = wcfg.mainReplicationPath;
} else {
host = wcfg.mainReplicationHost;
port = wcfg.mainReplicationPort;
};
} // genAttrs' (lib.lists.range 1 wcfg.eventPersisters)
(i: "auto-event-persist${toString i}")
(i: let
wRL = matrix-lib.firstListenerOfType "replication" wcfg.instances."auto-event-persist${toString i}".settings.worker_listeners;
in if wRL.path != null then {
inherit (wRL) path;
} else matrix-lib.connectionInfo wRL)));
instance_map = lib.mkIf (cfg.workers.instances != { }) ({
main.path = "/run/matrix-synapse/main-replication-worker.sock";
} // builtins.mapAttrs (n: v: {
inherit (builtins.head v.settings.worker_listeners) path;
}) wcfg.instances);
stream_writers.events =
mkIf (wcfg.eventPersisters > 0)
(lib.genList (i: "auto-event-persist${toString (i + 1)}") wcfg.eventPersisters);
(genList1 (i: "auto-event-persist-${toString i}") wcfg.eventPersisters);
update_user_directory_from_worker =
mkIf wcfg.useUserDirectoryWorker "auto-user-dir";
mkIf wcfg.useUserDirectoryWorker "auto-user-dir-1";
};
services.matrix-synapse-next.workers.instances = let
sum = lib.foldl lib.add 0;
workerListenersWithMetrics = portOffset: name:
[(if wcfg.workersUsePath
then {
path = "${cfg.socketDir}/matrix-synapse-worker-${name}.sock";
}
else {
port = wcfg.workerStartingPort + portOffset - 1;
}
)]
++ lib.optional wcfg.enableMetrics {
port = wcfg.metricsStartingPort + portOffset;
resources = [ { names = [ "metrics" ]; } ];
services.matrix-synapse-next.workers.instances =
let
workerInstances = {
"fed-sender" = wcfg.federationSenders;
"fed-receiver" = wcfg.federationReceivers;
"initial-sync" = wcfg.initialSyncers;
"normal-sync" = wcfg.normalSyncers;
"event-persist" = wcfg.eventPersisters;
"user-dir" = if wcfg.useUserDirectoryWorker then 1 else 0;
};
makeWorkerInstances = {
type,
numberOfWorkers,
portOffset ? 0,
nameFn ? i: "auto-${type}${toString i}",
workerListenerFn ? i: name: workerListenersWithMetrics (portOffset + i) name
}: genAttrs'
(lib.lists.range 1 numberOfWorkers)
nameFn
(i: {
isAuto = true;
inherit type;
index = i;
settings.worker_listeners = workerListenerFn i (nameFn i);
});
workerInstances = {
"fed-sender" = wcfg.federationSenders;
"fed-receiver" = wcfg.federationReceivers;
"initial-sync" = wcfg.initialSyncers;
"normal-sync" = wcfg.normalSyncers;
"event-persist" = wcfg.eventPersisters;
} // (lib.optionalAttrs wcfg.useUserDirectoryWorker {
"user-dir" = {
numberOfWorkers = 1;
nameFn = _: "auto-user-dir";
};
});
coerceWorker = { name, value }: if builtins.isInt value then {
type = name;
numberOfWorkers = value;
} else { type = name; } // value;
# Like foldl, but keeps all intermediate values
#
# (b -> a -> b) -> b -> [a] -> [b]
scanl = f: x1: list: let
x2 = lib.head list;
x1' = f x1 x2;
in if list == [] then [] else [x1'] ++ (scanl f x1' (lib.tail list));
f = { portOffset, numberOfWorkers, ... }: x: x // { portOffset = portOffset + numberOfWorkers; };
init = { portOffset = 0; numberOfWorkers = 0; };
in lib.pipe workerInstances [
(lib.mapAttrsToList lib.nameValuePair)
(map coerceWorker)
(scanl f init)
(map makeWorkerInstances)
mkMerge
];
in
lib.pipe workerInstances [
(lib.mapAttrsToList (type: count: { inherit type count; }))
(map ({ type, count }: genList1 (i: rec {
name = "auto-${type}-${toString i}";
value = {
inherit type;
isAuto = true;
index = i;
settings.worker_listeners =
[
{ path = "/run/matrix-synapse/${name}.sock"; }
] ++ lib.optionals wcfg.enableMetrics [{
path = "/run/matrix-synapse/${name}-metrics.sock";
resources = [{ names = [ "metrics" ]; }];
type = "metrics";
}];
};
}) count))
lib.flatten
builtins.listToAttrs
];
systemd.services = let
workerList = lib.mapAttrsToList lib.nameValuePair wcfg.instances;
workerConfig = worker:
format.generate "matrix-synapse-worker-${worker.name}-config.yaml"
(worker.value.settings // {
worker_name = worker.name;
worker_listeners =
map (lib.filterAttrsRecursive (_: v: v != null)) worker.value.settings.worker_listeners;
});
workerConfig = worker: format.generate "matrix-synapse-worker-${worker.name}-config.yaml"
(worker.value.settings // { worker_name = worker.name; });
in builtins.listToAttrs (lib.flip map workerList (worker: {
name = "matrix-synapse-worker-${worker.name}";
value = {
documentation = [ "https://github.com/matrix-org/synapse/blob/develop/docs/workers.md" ];
description = "Synapse Matrix Worker";
partOf = [ "matrix-synapse.target" ];
wantedBy = [ "matrix-synapse.target" ];
after = [ "matrix-synapse.service" ];
requires = [ "matrix-synapse.service" ];
restartTriggers = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
environment = {
PYTHONPATH = lib.makeSearchPathOutput "lib" cfg.package.python.sitePackages [
pluginsEnv
];
};
serviceConfig = {
Restart = "always";
Type = "notify";
User = "matrix-synapse";
Group = "matrix-synapse";
Slice = "system-matrix-synapse.slice";
WorkingDirectory = cfg.dataDir;
RuntimeDirectory = "matrix-synapse";
StateDirectory = "matrix-synapse";
RuntimeDirectory = [ "matrix-synapse" ];
ExecStartPre = pkgs.writers.writeBash "wait-for-synapse" ''
# From https://md.darmstadt.ccc.de/synapse-at-work
while ! systemctl is-active -q matrix-synapse.service; do
@@ -389,11 +306,11 @@ in {
done
'';
ExecStart = let
flags = lib.cli.toCommandLineShellGNU {} {
flags = lib.cli.toGNUCommandLineShell {} {
config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
keys-directory = cfg.dataDir;
};
in "${wrapped}/bin/synapse_worker ${flags}";
in "${cfg.package}/bin/synapse_worker ${flags}";
};
};
}));

18
tests/auto-workers-config.nix Normal file
View File

@@ -0,0 +1,18 @@
{ pkgs, lib, ... }:
{
services.matrix-synapse-next = {
enable = true;
settings.server_name = "matrix.example.com";
workers = {
enableMetrics = true;
federationSenders = 2;
federationReceivers = 2;
initialSyncers = 2;
normalSyncers = 2;
eventPersisters = 2;
useUserDirectoryWorker = true;
};
};
}

7
tests/base-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, lib, ... }:
{
services.matrix-synapse-next = {
enable = true;
settings.server_name = "matrix.example.com";
};
}

18
tests/default.nix
View File

@@ -1,4 +1,16 @@
{ nixpkgs, pkgs, matrix-lib, ... }:
{
nginx-pipeline-eval = pkgs.callPackage ./nginx-pipeline { inherit nixpkgs matrix-lib; };
{ nixpkgs, pkgs, system ? pkgs.system, nixosModule, ... }: let
buildSystemWithConfig = configPath: (nixpkgs.lib.nixosSystem {
inherit system;
modules = [
nixosModule
configPath
{
boot.isContainer = true;
}
];
}).config.system.build.toplevel;
in {
a = pkgs.writeText "hello-world" ''a'';
base-config = buildSystemWithConfig ./base-config.nix;
auto-workers-config = buildSystemWithConfig ./auto-workers-config.nix;
}

53
tests/nginx-pipeline/default.nix
View File

@@ -1,53 +0,0 @@
{ nixpkgs, lib, matrix-lib, writeText, ... }:
let
nixosConfig = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
../../module.nix
{
system.stateVersion = "25.11";
boot.isContainer = true;
services.matrix-synapse-next = {
enable = true;
enableNginx = true;
workers = {
enableMetrics = true;
federationSenders = 3;
federationReceivers = 3;
initialSyncers = 1;
normalSyncers = 1;
eventPersisters = 1;
useUserDirectoryWorker = true;
instances.auto-fed-receiver1.settings.worker_listeners = [
{
bind_addresses = [
"127.0.0.2"
];
port = 1337;
resources = [
{ compress = false;
names = [ "federation" ];
}
];
}
];
};
settings.server_name = "example.com";
};
}
];
};
inherit (nixosConfig.config.services.matrix-synapse-next.workers) instances;
in
writeText "matrix-synapse-next-nginx-pipeline-test.txt" ''
${(lib.generators.toPretty {}) instances}
====================================================
${(lib.generators.toPretty {}) (matrix-lib.mapWorkersToUpstreamsByType instances)}
''