2024-11-28 23:49:50 +01:00
|
|
|
{ pkgs, lib, config, ... }: {
|
2022-06-22 20:09:30 +02:00
|
|
|
imports = [
|
2023-07-12 01:55:42 +02:00
|
|
|
./bridges/matrix-appservice-irc.nix
|
2022-06-22 20:09:30 +02:00
|
|
|
|
2023-10-06 13:25:45 +02:00
|
|
|
./maunium-stickerpicker.nix
|
|
|
|
|
2022-06-22 20:09:30 +02:00
|
|
|
./postgres.nix
|
|
|
|
./coturn.nix
|
|
|
|
];
|
|
|
|
|
2024-11-28 23:49:50 +01:00
|
|
|
sops.secrets."matrix_synapse/registration_secret" = {
|
|
|
|
owner = "matrix-synapse";
|
|
|
|
group = "matrix-synapse";
|
|
|
|
mode = "0440";
|
|
|
|
};
|
|
|
|
|
2023-01-20 19:52:04 +01:00
|
|
|
services.matrix-synapse-next = {
|
2022-06-22 20:09:30 +02:00
|
|
|
enable = true;
|
2023-01-20 19:52:04 +01:00
|
|
|
enableNginx = true;
|
2024-01-23 05:24:47 +01:00
|
|
|
dataDir = "/var/lib/matrix";
|
2023-01-20 19:52:04 +01:00
|
|
|
|
|
|
|
workers = {
|
2024-01-23 05:46:06 +01:00
|
|
|
federationSenders = 2;
|
|
|
|
federationReceivers = 2;
|
2023-01-20 19:52:04 +01:00
|
|
|
initialSyncers = 1;
|
|
|
|
normalSyncers = 1;
|
|
|
|
eventPersisters = 1;
|
|
|
|
useUserDirectoryWorker = true;
|
|
|
|
};
|
|
|
|
|
2022-06-22 20:09:30 +02:00
|
|
|
settings = {
|
|
|
|
turn_uris = let
|
2024-11-15 10:20:32 +01:00
|
|
|
inherit (config.services.coturn) realm listening-port;
|
|
|
|
in [
|
|
|
|
"turn:${realm}:${toString listening-port}?transport=udp"
|
|
|
|
"turn:${realm}:${toString listening-port}?transport=tcp"
|
|
|
|
];
|
2022-06-22 20:09:30 +02:00
|
|
|
turn_shared_secret = config.services.coturn.static-auth-secret;
|
|
|
|
turn_user_lifetime = "1h";
|
|
|
|
|
2022-10-06 21:30:47 +02:00
|
|
|
trusted_key_servers = let
|
|
|
|
emptykey = server_name: {
|
|
|
|
inherit server_name;
|
|
|
|
verify_keys = {};
|
|
|
|
};
|
|
|
|
in [
|
|
|
|
{
|
|
|
|
server_name = "matrix.org";
|
2023-01-20 19:52:04 +01:00
|
|
|
verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
2022-10-06 21:30:47 +02:00
|
|
|
}
|
|
|
|
(emptykey "pvv.ntnu.no")
|
|
|
|
(emptykey "feal.no")
|
|
|
|
(emptykey "dodsorf.as")
|
|
|
|
];
|
|
|
|
|
2022-06-22 20:09:30 +02:00
|
|
|
server_name = "nani.wtf";
|
|
|
|
public_baseurl = "https://matrix.nani.wtf";
|
|
|
|
|
|
|
|
enable_metrics = true;
|
|
|
|
|
|
|
|
# NOTE: To register a new admin user, use a nix-shell with
|
|
|
|
# package 'matrix-synapse', and use the register_new_matrix_user command
|
|
|
|
# with the registration shared secret
|
|
|
|
enable_registration = false;
|
|
|
|
|
2024-11-28 23:49:50 +01:00
|
|
|
registration_shared_secret_path = config.sops.secrets."matrix_synapse/registration_secret".path;
|
2023-07-12 01:55:42 +02:00
|
|
|
allow_public_rooms_over_federation = true;
|
2022-06-22 20:09:30 +02:00
|
|
|
|
|
|
|
# password_config.enabled = lib.mkForce false;
|
|
|
|
|
2023-01-20 19:52:04 +01:00
|
|
|
database = {
|
|
|
|
name = "psycopg2";
|
|
|
|
args = {
|
|
|
|
user = "matrix-synapse";
|
|
|
|
database = "matrix-synapse";
|
2024-01-23 05:46:24 +01:00
|
|
|
host = "/var/run/postgresql";
|
2024-11-15 10:20:32 +01:00
|
|
|
port = config.services.postgresql.settings.port;
|
2023-01-20 19:52:04 +01:00
|
|
|
};
|
|
|
|
};
|
2022-06-22 20:09:30 +02:00
|
|
|
|
|
|
|
# redis.enabled = true;
|
|
|
|
max_upload_size = "100M";
|
2023-10-06 13:25:45 +02:00
|
|
|
dynamic_thumbnails = true;
|
2022-06-22 20:09:30 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-06-10 00:46:49 +02:00
|
|
|
systemd.slices.system-matrix-synapse = {
|
|
|
|
requires = [
|
|
|
|
"postgresql.service"
|
|
|
|
"redis.service"
|
|
|
|
"kanidm.service"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-01-20 19:52:04 +01:00
|
|
|
services.redis.servers."".enable = true;
|
2022-06-22 20:09:30 +02:00
|
|
|
}
|