default.nix (4111B) - Raw
1 { 2 config, 3 lib, 4 pkgs, 5 ... 6 }: 7 { 8 options.mj.services.matrix-synapse = with lib.types; { 9 enable = lib.mkEnableOption "Enable matrix-synapse"; 10 signingKeyPath = lib.mkOption { type = path; }; 11 registrationSharedSecretPath = lib.mkOption { type = path; }; 12 macaroonSecretKeyPath = lib.mkOption { type = path; }; 13 }; 14 15 config = lib.mkIf config.mj.services.matrix-synapse.enable { 16 services.matrix-synapse = { 17 enable = true; 18 extraConfigFiles = [ "/run/matrix-synapse/secrets.yaml" ]; 19 settings = { 20 server_name = "jakstys.lt"; 21 admin_contact = "motiejus@jakstys.lt"; 22 enable_registration = false; 23 report_stats = true; 24 signing_key_path = "/run/matrix-synapse/jakstys_lt_signing_key"; 25 log_config = pkgs.writeText "log.config" '' 26 version: 1 27 formatters: 28 precise: 29 format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' 30 handlers: 31 console: 32 class: logging.StreamHandler 33 formatter: precise 34 loggers: 35 synapse.storage.SQL: 36 level: WARN 37 root: 38 level: ERROR 39 handlers: [console] 40 disable_existing_loggers: false 41 ''; 42 public_baseurl = "https://jakstys.lt/"; 43 database.name = "sqlite3"; 44 url_preview_enabled = false; 45 max_upload_size = "50M"; 46 rc_messages_per_second = 0.2; 47 rc_message_burst_count = 10.0; 48 federation_rc_window_size = 1000; 49 federation_rc_sleep_limit = 10; 50 federation_rc_sleep_delay = 500; 51 federation_rc_reject_limit = 50; 52 federation_rc_concurrent = 3; 53 allow_profile_lookup_over_federation = false; 54 thumbnail_sizes = [ 55 { 56 width = 32; 57 height = 32; 58 method = "crop"; 59 } 60 { 61 width = 96; 62 height = 96; 63 method = "crop"; 64 } 65 { 66 width = 320; 67 height = 240; 68 method = "scale"; 69 } 70 { 71 width = 640; 72 height = 480; 73 method = "scale"; 74 } 75 { 76 width = 800; 77 height = 600; 78 method = "scale"; 79 } 80 ]; 81 user_directory = { 82 enabled = true; 83 search_all_users = false; 84 prefer_local_users = true; 85 }; 86 allow_device_name_lookup_over_federation = false; 87 email = { 88 smtp_host = "127.0.0.1"; 89 smtp_port = 25; 90 notf_for_new_users = false; 91 notif_from = "Jakstys %(app)s homeserver <noreply@jakstys.lt>"; 92 }; 93 include_profile_data_on_invite = false; 94 password_config.enabled = true; 95 require_auth_for_profile_requests = true; 96 }; 97 }; 98 99 systemd.tmpfiles.rules = [ "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" ]; 100 101 systemd.services = { 102 matrix-synapse = 103 let 104 # I tried to move this to preStart, but it complains: 105 # Config is missing macaroon_secret_key 106 secretsScript = pkgs.writeShellScript "write-secrets" '' 107 set -xeuo pipefail 108 umask 077 109 ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys_lt_signing_key /run/matrix-synapse/jakstys_lt_signing_key 110 cat > /run/matrix-synapse/secrets.yaml <<EOF 111 registration_shared_secret: "$(cat ''${CREDENTIALS_DIRECTORY}/registration_shared_secret)" 112 macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)" 113 EOF 114 ''; 115 in 116 { 117 serviceConfig.ExecStartPre = [ 118 "" 119 secretsScript 120 ]; 121 serviceConfig.LoadCredential = with config.mj.services.matrix-synapse; [ 122 "jakstys_lt_signing_key:${signingKeyPath}" 123 "registration_shared_secret:${registrationSharedSecretPath}" 124 "macaroon_secret_key:${macaroonSecretKeyPath}" 125 ]; 126 }; 127 }; 128 }; 129 }