dev.fron.io rc / f7fe692
containers::matrix: add synapse back (ugh) Tony Olagbaiye 1 year, 29 days ago
2 changed file(s) with 84 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
33 hostAddress = "10.7.0.1";
44 localAddress = "10.7.0.2";
55 in {
6 services.postgresql.enable = true;
7 services.postgresql.ensureUsers = [
8 { name = "matrix-synapse"; ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; }
9 ];
10 services.postgresql.ensureDatabases = [ "matrix-synapse" ];
11
612 containers.matrix =
713 {
814 autoStart = true;
1925 ];
2026
2127 environment.memoryAllocator.provider = "jemalloc";
28
29 environment.systemPackages = with pkgs; [ matrix-construct screen ];
30 systemd.services.matrix-synapse.environment = {
31 SYNAPSE_CACHE_FACTOR = "4.0";
32 };
33 services.matrix-synapse = rec {
34 enable = true;
35 server_name = "sn.${domains.srvc}";
36 registration_shared_secret = "11e7c94e01a74ed4adbc5837b4b478d8";
37 public_baseurl = "https://matrix.${domains.srvc}/";
38 tls_certificate_path = "/var/lib/acme/${domains.srvc}/fullchain.pem";
39 tls_private_key_path = "/var/lib/acme/${domains.srvc}/key.pem";
40 database_type = "psycopg2";
41 database_args = {
42 user = "matrix-synapse";
43 database = "matrix-synapse";
44 host = hostAddress;
45 };
46 listeners = [
47 { # federation
48 bind_address = "";
49 port = 8448;
50 resources = [
51 { compress = true; names = [ "client" "webclient" ]; }
52 { compress = false; names = [ "federation" ]; }
53 ];
54 tls = true;
55 type = "http";
56 x_forwarded = false;
57 }
58 { # client
59 bind_address = "0.0.0.0";
60 port = 8008;
61 resources = [
62 { compress = true; names = [ "client" "webclient" ]; }
63 ];
64 tls = false;
65 type = "http";
66 x_forwarded = true;
67 }
68 ];
69 servers = {
70 "matrix.org" = { "ed25519:a_RXGa" = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; };
71 "privacytools.io" = { "ed25519:a_UqmI" = "NlVbHUvTMqHQmpXCQwEsSwJwzPju1o+xgzeCr92mc04"; };
72 "mozilla.org" = { "ed25519:0" = "RsDggkM9GntoPcYySc8AsjvGoD0LVz5Ru/B/o5hV9h4"; };
73 "disroot.org" = { "ed25519:a_ngBm" = "GhYGEZEw3s2DjbXThOhqmgntsRmgRYUFrw1i0BYDHJk"; };
74 "tchncs.de" = { "ed25519:a_rOPL" = "HZxh/ZZktCgLcsJgKw2tHS9lPcOo1kNBoEdeVtmkpeg"; };
75 };
76 extraConfig = ''
77 enable_group_creation: true
78 max_upload_size: "100M"
79 use_presence: false
80 '';
81 };
2282
2383 services.matrix-construct = {
2484 enable = true;
45105
46106 networking.firewall.enable = false;
47107
108 users.users.matrix-synapse.extraGroups = [
109 "keys"
110 ];
48111 #users.users.construct.extraGroups = [
49112 # "keys"
50113 #];
51114 };
52115 bindMounts = {
116 "/var/lib/matrix-synapse" = {
117 hostPath = "/var/lib/synapse";
118 isReadOnly = false;
119 };
53120 "/var/lib/construct" = {
54121 hostPath = "/var/lib/construct";
55122 isReadOnly = false;
8585 twitterpub-https = twitterpub-http // {
8686 entryPoints = [ "https" ];
8787 tls.domains = [{ main = "tw.${domains.srvc}"; }];
88 };
89 synapse-http = {
90 entryPoints = [ "http" ];
91 rule = "Host(`sn.${domains.srvc}`)";
92 service = "synapse";
93 };
94 synapse-https = synapse-http // {
95 entryPoints = [ "https" "synapse" ];
96 tls.domains = [{ main = "sn.${domains.srvc}"; }];
8897 };
8998 construct-http = {
9099 entryPoints = [ "http" ];
395404 { url = "https://10.6.0.2:443"; }
396405 ];
397406 };
407 synapse.loadBalancer = {
408 servers = [
409 { url = "https://10.7.0.2:8448"; }
410 ];
411 };
398412 construct.loadBalancer = {
399413 servers = [
400414 { url = "https://10.7.0.2:4004"; }
671685 ircs = {
672686 address = ":6697/tcp";
673687 };
688 synapse = {
689 address = ":8448/tcp";
690 };
674691 anki = {
675692 address = ":27701/tcp";
676693 };