grimm-nixos-laptop/modules/matrix_legacy.nix

{
  lib,
  config,
  pkgs,
  ...
}:
let
  inherit (config.networking) domain;
  inherit (config.serverConfig) vhosts;

  fqdn = vhosts.matrix_host.host;
  base_url = "https://${fqdn}";

  clientConfig."m.homeserver" = {
    inherit base_url;
  }; # = "https://${vhosts.matrix_host.host}";
  serverConfig."m.server" = "${vhosts.matrix_host.host}:443";
  mkWellKnown = data: ''
    default_type application/json;
    add_header Access-Control-Allow-Origin *;
    return 200 '${builtins.toJSON data}';
  '';
  synapse_backend = "http://[::1]:8008";
in
{
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "synapse" ];
    ensureUsers = [
      {
        name = "synapse";
        passFile = config.age.secrets.synapse_db_pass.path;
        ensureDBOwnership = true;
      }
    ];
  };

  services.matrix-synapse = {
    enable = true;
    settings.server_name = domain;
    # The public base URL value must match the `base_url` value set in `clientConfig` above.
    # The default value here is based on `server_name`, so if your `server_name` is different
    # from the value of `fqdn` above, you will likely run into some mismatched domain names
    # in client applications.
    settings.public_baseurl = "https://${vhosts.matrix_host.host}";
    settings.listeners = [
      {
        port = 8008;
        bind_addresses = [ "::1" ];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          {
            names = [
              "client"
              "federation"
            ];
            compress = true;
          }
        ];
      }
    ];

    settings.database = {
      name = "psycopg2";
      args = {
        user = "synapse";
        database = "synapse";
        port = config.services.postgresql.settings.port;
        cp_max = 10;
        cp_min = 5;
        client_encoding = "auto";
        passfile = config.age.secrets.synapse_db_pass_prepared.path;
      };
    };
    settings.log_config = ./matrix_synapse_log_config.yaml;
    settings.enable_registration = true;
    services.matrix-synapse.settings.enable_metrics = false;
    settings.max_upload_size = "500M";
    
    configureRedisLocally = true;
    settings.redis.enabled = true;

    settings.app_service_config_files = [
      # The registration file is automatically generated after starting the
      # appservice for the first time.
      # cp /var/lib/mautrix-telegram/telegram-registration.yaml \
      #   /var/lib/matrix-synapse/
      # chown matrix-synapse:matrix-synapse \
      #   /var/lib/matrix-synapse/telegram-registration.yaml
      # "/var/lib/matrix-synapse/discord-registration.yaml"
    ];
  };
  services.redis.servers."".enable = true;

  age.secrets.synapse_db_pass = {
    file = ../secrets/synapse_db_pass.age;
    owner = "postgres";
    group = "postgres";
  };
  age.secrets.synapse_db_pass_prepared = {
    file = ../secrets/synapse_db_pass_prepared.age;
    owner = "matrix-synapse";
    group = "matrix-synapse";
    mode = "0600";
  };
  age.secrets.synapse_registration_shared_secret = {
    file = ../secrets/synapse_registration_shared_secret.age;
    owner = "matrix-synapse";
    group = "matrix-synapse";
    mode = "0600";
  };

  environment.systemPackages = with pkgs; [
    matrix-synapse-tools.synadm
    matrix-synapse
  ];

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    virtualHosts."${domain}" = {
      enableACME = true;
      forceSSL = true;
      # This section is not needed if the server_name of matrix-synapse is equal to
      # the domain (i.e. example.org from @foo:example.org) and the federation port
      # is 8448.
      # Further reference can be found in the docs about delegation under
      # https://element-hq.github.io/synapse/latest/delegate.html
      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
      # This is usually needed for homeserver discovery (from e.g. other Matrix clients).
      # Further reference can be found in the upstream docs at
      # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
    };

    virtualHosts."${fqdn}" = {
      enableACME = true;
      forceSSL = true;

      locations."/_matrix" = {
        proxyPass = synapse_backend;
        #extraConfig = ''
        #  add_header X-debug-backend ${synapse_backend};
        #  add_header X-debug-group $synapse_uri_group;
        #  client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
        #  proxy_read_timeout 10m;
        #'';
      };
      locations."/_synapse/client".proxyPass = synapse_backend;
    };
  };
}
server stuff 2024-09-28 22:09:24 +02:00			`{`
			`lib,`
			`config,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`inherit (config.networking) domain;`
			`inherit (config.serverConfig) vhosts;`

			`fqdn = vhosts.matrix_host.host;`
			`base_url = "https://${fqdn}";`

nixfmt 2024-11-26 19:20:10 +01:00			`clientConfig."m.homeserver" = {`
			`inherit base_url;`
			`}; # = "https://${vhosts.matrix_host.host}";`
server stuff 2024-09-28 22:09:24 +02:00			`serverConfig."m.server" = "${vhosts.matrix_host.host}:443";`
			`mkWellKnown = data: ''`
			`default_type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`return 200 '${builtins.toJSON data}';`
			`'';`
			`synapse_backend = "http://[::1]:8008";`
			`in`
			`{`
			`services.postgresql = {`
			`enable = true;`
			`ensureDatabases = [ "synapse" ];`
			`ensureUsers = [`
			`{`
			`name = "synapse";`
			`passFile = config.age.secrets.synapse_db_pass.path;`
			`ensureDBOwnership = true;`
			`}`
			`];`
			`};`

			`services.matrix-synapse = {`
			`enable = true;`
			`settings.server_name = domain;`
			# The public base URL value must match the `base_url` value set in `clientConfig` above.
			# The default value here is based on `server_name`, so if your `server_name` is different
			# from the value of `fqdn` above, you will likely run into some mismatched domain names
			`# in client applications.`
matrix update 2025-01-15 15:39:04 +01:00			`settings.public_baseurl = "https://${vhosts.matrix_host.host}";`
server stuff 2024-09-28 22:09:24 +02:00			`settings.listeners = [`
nixfmt 2024-11-26 19:20:10 +01:00			`{`
			`port = 8008;`
server stuff 2024-09-28 22:09:24 +02:00			`bind_addresses = [ "::1" ];`
			`type = "http";`
			`tls = false;`
			`x_forwarded = true;`
nixfmt 2024-11-26 19:20:10 +01:00			`resources = [`
			`{`
			`names = [`
			`"client"`
			`"federation"`
			`];`
			`compress = true;`
			`}`
			`];`
server stuff 2024-09-28 22:09:24 +02:00			`}`
			`];`

			`settings.database = {`
			`name = "psycopg2";`
nixfmt 2024-11-26 19:20:10 +01:00			`args = {`
			`user = "synapse";`
			`database = "synapse";`
fixes and qol 2025-01-26 21:43:23 +01:00			`port = config.services.postgresql.settings.port;`
			`cp_max = 10;`
			`cp_min = 5;`
			`client_encoding = "auto";`
			`passfile = config.age.secrets.synapse_db_pass_prepared.path;`
nixfmt 2024-11-26 19:20:10 +01:00			`};`
server stuff 2024-09-28 22:09:24 +02:00			`};`
			`settings.log_config = ./matrix_synapse_log_config.yaml;`
add new server 2025-02-05 11:41:17 +01:00			`settings.enable_registration = true;`
			`services.matrix-synapse.settings.enable_metrics = false;`
			`settings.max_upload_size = "500M";`

server stuff 2024-09-28 22:09:24 +02:00			`configureRedisLocally = true;`
			`settings.redis.enabled = true;`

			`settings.app_service_config_files = [`
			`# The registration file is automatically generated after starting the`
			`# appservice for the first time.`
			`# cp /var/lib/mautrix-telegram/telegram-registration.yaml \`
			`# /var/lib/matrix-synapse/`
			`# chown matrix-synapse:matrix-synapse \`
			`# /var/lib/matrix-synapse/telegram-registration.yaml`
			`# "/var/lib/matrix-synapse/discord-registration.yaml"`
			`];`
			`};`
			`services.redis.servers."".enable = true;`

			`age.secrets.synapse_db_pass = {`
			`file = ../secrets/synapse_db_pass.age;`
			`owner = "postgres";`
			`group = "postgres";`
			`};`
			`age.secrets.synapse_db_pass_prepared = {`
			`file = ../secrets/synapse_db_pass_prepared.age;`
			`owner = "matrix-synapse";`
			`group = "matrix-synapse";`
			`mode = "0600";`
			`};`
			`age.secrets.synapse_registration_shared_secret = {`
			`file = ../secrets/synapse_registration_shared_secret.age;`
			`owner = "matrix-synapse";`
			`group = "matrix-synapse";`
			`mode = "0600";`
			`};`

			`environment.systemPackages = with pkgs; [`
			`matrix-synapse-tools.synadm`
			`matrix-synapse`
			`];`

nixfmt 2024-11-26 19:20:10 +01:00			`services.nginx = {`
			`enable = true;`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`
server stuff 2024-09-28 22:09:24 +02:00
nixfmt 2024-11-26 19:20:10 +01:00			`virtualHosts."${domain}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`# This section is not needed if the server_name of matrix-synapse is equal to`
			`# the domain (i.e. example.org from @foo:example.org) and the federation port`
			`# is 8448.`
			`# Further reference can be found in the docs about delegation under`
			`# https://element-hq.github.io/synapse/latest/delegate.html`
			`locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;`
			`# This is usually needed for homeserver discovery (from e.g. other Matrix clients).`
			`# Further reference can be found in the upstream docs at`
			`# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient`
			`locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;`
			`};`
server stuff 2024-09-28 22:09:24 +02:00
nixfmt 2024-11-26 19:20:10 +01:00			`virtualHosts."${fqdn}" = {`
			`enableACME = true;`
			`forceSSL = true;`
server stuff 2024-09-28 22:09:24 +02:00
nixfmt 2024-11-26 19:20:10 +01:00			`locations."/_matrix" = {`
			`proxyPass = synapse_backend;`
			`#extraConfig = ''`
			`# add_header X-debug-backend ${synapse_backend};`
			`# add_header X-debug-group $synapse_uri_group;`
			`# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};`
			`# proxy_read_timeout 10m;`
			`#'';`
			`};`
			`locations."/_synapse/client".proxyPass = synapse_backend;`
server stuff 2024-09-28 22:09:24 +02:00			`};`
nixfmt 2024-11-26 19:20:10 +01:00			`};`
server stuff 2024-09-28 22:09:24 +02:00			`}`