nix-dotfiles/hosts/tsuki/services/matrix/default.nix

97 lines
2.4 KiB
Nix
Raw Normal View History

{ pkgs, lib, config, ... }: {
2022-06-22 20:09:30 +02:00
imports = [
./bridges/matrix-appservice-irc.nix
2022-06-22 20:09:30 +02:00
./maunium-stickerpicker.nix
2022-06-22 20:09:30 +02:00
./postgres.nix
./coturn.nix
];
sops.secrets."matrix_synapse/registration_secret" = {
owner = "matrix-synapse";
group = "matrix-synapse";
mode = "0440";
};
services.matrix-synapse-next = {
2022-06-22 20:09:30 +02:00
enable = true;
enableNginx = true;
2024-01-23 05:24:47 +01:00
dataDir = "/var/lib/matrix";
workers = {
2024-01-23 05:46:06 +01:00
federationSenders = 2;
federationReceivers = 2;
initialSyncers = 1;
normalSyncers = 1;
eventPersisters = 1;
useUserDirectoryWorker = true;
};
2022-06-22 20:09:30 +02:00
settings = {
turn_uris = let
inherit (config.services.coturn) realm listening-port;
in [
"turn:${realm}:${toString listening-port}?transport=udp"
"turn:${realm}:${toString listening-port}?transport=tcp"
];
2022-06-22 20:09:30 +02:00
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_user_lifetime = "1h";
2022-10-06 21:30:47 +02:00
trusted_key_servers = let
emptykey = server_name: {
inherit server_name;
verify_keys = {};
};
in [
{
server_name = "matrix.org";
verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
2022-10-06 21:30:47 +02:00
}
(emptykey "pvv.ntnu.no")
(emptykey "feal.no")
(emptykey "dodsorf.as")
];
2022-06-22 20:09:30 +02:00
server_name = "nani.wtf";
public_baseurl = "https://matrix.nani.wtf";
enable_metrics = true;
# NOTE: To register a new admin user, use a nix-shell with
# package 'matrix-synapse', and use the register_new_matrix_user command
# with the registration shared secret
enable_registration = false;
registration_shared_secret_path = config.sops.secrets."matrix_synapse/registration_secret".path;
allow_public_rooms_over_federation = true;
2022-06-22 20:09:30 +02:00
# password_config.enabled = lib.mkForce false;
database = {
name = "psycopg2";
args = {
user = "matrix-synapse";
database = "matrix-synapse";
host = "/var/run/postgresql";
port = config.services.postgresql.settings.port;
};
};
2022-06-22 20:09:30 +02:00
# redis.enabled = true;
max_upload_size = "100M";
dynamic_thumbnails = true;
2022-06-22 20:09:30 +02:00
};
};
systemd.slices.system-matrix-synapse = {
requires = [
"postgresql.service"
"redis.service"
"kanidm.service"
];
};
services.redis.servers."".enable = true;
2022-06-22 20:09:30 +02:00
}