dev.fron.io nixrc / 179ab75
containers(matrix): fix dendrite Tony Olagbaiye a month ago
5 changed file(s) with 91 addition(s) and 60 deletion(s). Raw diff Collapse all Expand all
33 hostAddress = "10.7.0.1";
44 localAddress = "10.7.0.2";
55 in {
6 services.postgresql = let
7 databases = [
8 "naffka"
9 "appservice"
10 "federationsender"
11 "keyserver"
12 "mediaapi"
13 "mscs"
14 "roomserver"
15 "signingkeyserver"
16 "syncapi"
17 "userapi-accounts"
18 "userapi-devices"
19 ];
20 in {
6 services.postgresql = {
217 enable = true;
22 ensureUsers = map (x: {
8 ensureUsers = [{
239 name = "dendrite";
24 ensurePermissions."DATABASE \"dendrite-${x}\"" = "ALL PRIVILEGES";
25 }) databases;
26 ensureDatabases = map (x: "dendrite-${x}") databases;
10 ensurePermissions."DATABASE \"dendrite\"" = "ALL PRIVILEGES";
11 }];
12 ensureDatabases = [ "dendrite" ];
2713 };
2814
2915 containers.matrix =
3925 {
4026 #environment.memoryAllocator.provider = "jemalloc";
4127
42 environment.systemPackages = with pkgs; [ screen ];
28 nixpkgs = { inherit pkgs; };
29
30 environment.systemPackages = with pkgs; [ screen jq vim ipfs ipfscat ];
31 environment.variables = {
32 IPFS_PATH = "/var/lib/ipfs";
33 };
34
4335 services.matrix-dendrite = rec {
4436 enable = true;
4537 generatePrivateKey = true;
4638 generateTls = false;
4739 httpPort = 8008;
40 httpsPort = 8448;
4841 settings = let
4942 mkDb = with {
50 authority = "dendrite";
43 login = "dendrite";
5144 hostname = hostAddress;
52 }; name: "postgresql://${authority}@${hostname}/dendrite-${name}?sslmode=disable";
45 database = "dendrite";
46 args = "sslmode=disable";
47 }; name: "postgresql://${login}@${hostname}/${database}?${args}";
5348 in {
5449 global.server_name = "${usr.secrets.domains.srvc}";
5550 global.disable_federation = false;
6358 mscs.database.connection_string = mkDb "mscs";
6459 room_server.database.connection_string = mkDb "roomserver";
6560 signing_key_server.database.connection_string = mkDb "signingkeyserver";
61 signing_key_server.prefer_direct_fetch = false;
62 signing_key_server.key_perspectives = [{
63 server_name = "matrix.org";
64 keys = [{
65 key_id = "ed25519:auto";
66 public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
67 } {
68 key_id = "ed25519:a_RXGa";
69 public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
70 }];
71 }];
6672 sync_api.database.connection_string = mkDb "syncapi";
73 sync_api.real_ip_header = "X-Real-IP";
6774 user_api.account_database.connection_string = mkDb "userapi-accounts";
6875 user_api.device_database.connection_string = mkDb "userapi-devices";
6976 client_api = {
7178 inherit (usr.secrets.matrix.synapse) registration_shared_secret;
7279 };
7380 mscs.mscs = [ "msc2946" ];
81 logging = [{
82 type = "file";
83 level = "debug";
84 params.path = "/var/lib/matrix-dendrite/log";
85 }];
7486 };
7587 tlsCert = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
7688 tlsKey = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
7991 services.nginx.enable = true;
8092 services.nginx.virtualHosts.wellknown-matrix = {
8193 locations = {
82 #"/.well-known/matrix/server".extraConfig = ''
83 # return 200 '{ "m.server": "${cfg.nginxVhost}:443" }';
84 #'';
85 #"/.well-known/matrix/client".extraConfig = ''
86 # return 200 '{ "m.homeserver": { "base_url": "https://${cfg.nginxVhost}" } }';
87 #'';
88 #"/_matrix".proxyPass = "http://localhost:8008";
8994 "/server".extraConfig = ''
90 return 200 '{ "m.server": "${usr.secrets.domains.srvc}:443" }';
95 return 200 '{ "m.server": "m.${usr.secrets.domains.srvc}:443" }';
9196 '';
9297 "/client".extraConfig = ''
9398 return 200 '{ "m.homeserver": { "base_url": "https://m.${usr.secrets.domains.srvc}" } }';
126131 hostPath = "/var/lib/acme";
127132 isReadOnly = true;
128133 };
134 "/var/lib/ipfs" = {
135 hostPath = "/var/lib/ipfs";
136 isReadOnly = true;
137 };
138 "/run/ipfs.sock" = {
139 hostPath = "/run/ipfs.sock";
140 isReadOnly = false;
141 };
129142 };
130143 };
131144 }
258258 "dendrite": {
259259 "flake": false,
260260 "locked": {
261 "lastModified": 1613643494,
262 "narHash": "sha256-CXkPJqiHcFVWUPAHU4S+8/qVDqI8awrNH8J+dfAX2UM=",
261 "lastModified": 1615227388,
262 "narHash": "sha256-96EurIxPgAdzDdccxy6HtHtjCKztHFw30Y9qKCjoGeg=",
263263 "owner": "matrix-org",
264264 "repo": "dendrite",
265 "rev": "3069079e37510dbda59b2b272ce133ef81832d7b",
265 "rev": "3c419be6af2938170d2c04f56d8616c0129ca673",
266266 "type": "github"
267267 },
268268 "original": {
143143 host all all 127.0.0.1/32 md5
144144 host all all ::1/128 md5
145145 host ${mastodon.name} ${mastodon.user} ${config.containers.mastodon.localAddress}/24 trust
146 host all dendrite ${config.containers.matrix.localAddress}/24 trust
146 host dendrite dendrite ${config.containers.matrix.localAddress}/24 trust
147147 '');
148148 services.openssh.enable = true;
149149 services.openssh.forwardX11 = true;
55
66 src = withSources.dendrite;
77
8 vendorSha256 = "NnSxqjY5HcSnxWbn9OAperNhysMZbpaOVlR5EHfzPNA=";
8 vendorSha256 = "CDCgp693pM+83ATPzmE35utYvQPb5sFal0xN5oasKSg=";
99
1010 passthru.config = "${src}/dendrite-config.yaml";
1111 }
100100 entryPoints = [ "https" ];
101101 tls.domains = [{ main = "tw.${domains.srvc}"; }];
102102 };
103 dendrite = {
104 entryPoints = [ "dendrite" ];
105 rule = "PathPrefix(`/_matrix`)";
103 dendrite-http = {
104 entryPoints = [ "http" ];
105 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/_matrix`)";
106106 service = "dendrite";
107 };
108 dendrite-http = dendrite // {
109 entryPoints = [ "http" ];
110 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/_matrix`)";
111107 };
112108 dendrite-https = dendrite-http // {
113109 entryPoints = [ "https" ];
116112 { main = "m.${domains.srvc}"; }
117113 ];
118114 };
119 dendrite-tls = dendrite // {
120 entryPoints = [ "dendrite-tls" ];
121 tls.domains = [{ main = "${domains.srvc}"; }];
122 };
123 dendrite-wellknown = dendrite // {
124 rule = "PathPrefix(`/.well-known/matrix`)";
115 dendrite-http-wellknown = dendrite-http // {
116 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`) || Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
125117 service = "dendrite-wellknown";
126118 middlewares = [ "matrix-wellknown" ];
127119 };
128 dendrite-http-wellknown = dendrite-http // {
129 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
120 dendrite-https-wellknown = dendrite-https // {
121 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`) || Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
130122 service = "dendrite-wellknown";
131123 middlewares = [ "matrix-wellknown" ];
132 };
133 dendrite-https-wellknown = dendrite-https // {
134 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
135 service = "dendrite-wellknown";
136 middlewares = [ "matrix-wellknown" ];
137 };
138 dendrite-tls-wellknown = dendrite-wellknown // {
139 entryPoints = [ "dendrite-tls" ];
140 tls.domains = [{ main = "${domains.srvc}"; }];
141124 };
142125 certauth = {
143126 entryPoints = [ "http" "https" ];
668651 rule = "HostSNI(`*`)";
669652 service = "klaus";
670653 };
654 dendrite = {
655 entryPoints = [ "dendrite" ];
656 rule = "HostSNI(`*`)";
657 service = "dendrite";
658 };
659 dendrite-tls = {
660 entryPoints = [ "dendrite-tls" ];
661 rule = "HostSNI(`*`)";
662 service = "dendrite-tls";
663 };
671664 transmission-dht-tcp = {
672665 entryPoints = [ "transmission-dht-tcp" ];
673666 rule = "HostSNI(`*`)";
713706 ];
714707 terminationDelay = 100;
715708 };
709 #dendrite.loadBalancer = {
710 # servers = [
711 # { address = "10.7.0.2:8008"; }
712 # ];
713 # terminationDelay = 100;
714 #};
715 #dendrite-tls.loadBalancer = {
716 # servers = [
717 # { address = "10.7.0.2:8448"; }
718 # ];
719 # terminationDelay = 100;
720 #};
716721 transmission-dht.loadBalancer = {
717722 servers = [
718723 { address = "10.11.0.2:51413"; }
922927 };
923928
924929 accessLog = {
925 filePath = "/var/log/access";
930 filePath = "/var/log/traefik/access.json";
926931 format = "json";
932 fields.headers.defaultMode = "keep";
927933 bufferingSize = 100;
928934 };
935 };
936 };
937
938 services.logrotate = {
939 enable = true;
940 paths.traefik = {
941 enable = true;
942 path = "/var/log/traefik/access.*";
943 user = config.systemd.services.traefik.serviceConfig.User;
944 group = config.systemd.services.traefik.serviceConfig.Group;
945 frequency = "daily";
946 keep = 16;
929947 };
930948 };
931949 }