diff options
| author | Rory& <root@rory.gay> | 2024-06-27 15:02:25 +0200 |
|---|---|---|
| committer | Rory& <root@rory.gay> | 2024-07-04 14:45:02 +0200 |
| commit | e6813744cdedcd157c2c8835a9a5e0649579bcb8 (patch) | |
| tree | a074d44914cd962a1f1ecabf9dd34a58a29db2f1 | |
| parent | Use postgres sockets for synapse (diff) | |
| download | Rory-Open-Architecture-e6813744cdedcd157c2c8835a9a5e0649579bcb8.tar.xz | |
Split up synapse config
| -rw-r--r-- | flake.lock | 7 | ||||
| -rwxr-xr-x | flake.nix | 4 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/matrix/root.nix | 2 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix (renamed from host/Rory-nginx/services/matrix/synapse.monolith.nix) | 0 | ||||
| -rw-r--r-- | host/Rory-nginx/services/matrix/synapse/caches.nix | 16 | ||||
| -rw-r--r-- | host/Rory-nginx/services/matrix/synapse/db.nix | 21 | ||||
| -rw-r--r-- | host/Rory-nginx/services/matrix/synapse/ratelimits.nix | 56 | ||||
| -rwxr-xr-x | host/Rory-nginx/services/matrix/synapse/synapse-main.nix (renamed from host/Rory-nginx/services/matrix/synapse.nix) | 179 |
8 files changed, 150 insertions, 135 deletions
diff --git a/flake.lock b/flake.lock index 994325c..4ade66a 100644 --- a/flake.lock +++ b/flake.lock @@ -403,17 +403,16 @@ }, "locked": { "host": "gitlab.computer.surgery", - "lastModified": 1718689420, - "narHash": "sha256-3GudMEhlzJ7nzrJcgjjhl/9/bbEt0ZCvD4lppUEZu9Y=", + "lastModified": 1719418274, + "narHash": "sha256-S943xk6nnY8G+7BY/4XdLAewjSoWRk9kIF83CuDteZY=", "owner": "matrix", "repo": "grapevine-fork", - "rev": "9b38bd59401e7d8f79a4a5066de63cbdfcde5924", + "rev": "9c44aa877ca86dff72504cc14e0d34e946dd2a52", "type": "gitlab" }, "original": { "host": "gitlab.computer.surgery", "owner": "matrix", - "ref": "benjamin/debug-emma-kde-room", "repo": "grapevine-fork", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index f5fca4e..88cfab9 100755 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,7 @@ sops-nix.url = "github:Mic92/sops-nix"; # Packages - grapevine.url = "gitlab:matrix/grapevine-fork?host=gitlab.computer.surgery&ref=benjamin/debug-emma-kde-room"; + grapevine.url = "gitlab:matrix/grapevine-fork?host=gitlab.computer.surgery"; # &ref=benjamin/debug-emma-kde-room"; conduit.url = "gitlab:famedly/conduit/next"; nixos-wsl.url = "github:nix-community/NixOS-WSL"; @@ -33,7 +33,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # Sources... + # Packages built from git nhekoSrc = { url = "github:Nheko-reborn/nheko/master"; flake = false; diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix index be9386e..ac4f5ce 100755 --- a/host/Rory-nginx/services/matrix/root.nix +++ b/host/Rory-nginx/services/matrix/root.nix @@ -3,7 +3,7 @@ { imports = [ - ./synapse.nix + ./synapse/synapse-main.nix ./coturn.nix ./matrix-appservice-discord.nix ./draupnir.nix diff --git a/host/Rory-nginx/services/matrix/synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix index 26c61a1..26c61a1 100755 --- a/host/Rory-nginx/services/matrix/synapse.monolith.nix +++ b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix diff --git a/host/Rory-nginx/services/matrix/synapse/caches.nix b/host/Rory-nginx/services/matrix/synapse/caches.nix new file mode 100644 index 0000000..d129076 --- /dev/null +++ b/host/Rory-nginx/services/matrix/synapse/caches.nix @@ -0,0 +1,16 @@ +{ + gc_min_interval = ["5m" "30m" "60m"]; + gc_thresholds = [1000 500 250]; + event_cache_size = "12000K"; #defaults to 10K + caches = { + global_factor = 50000.0; + cache_entry_ttl = "24h"; + expire_caches = true; + sync_response_cache_duration = "15s"; #6h + cache_autotuning = { + max_cache_memory_usage = "65536M"; + target_cache_memory_usage = "32768M"; + min_cache_ttl = "6h"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/synapse/db.nix b/host/Rory-nginx/services/matrix/synapse/db.nix new file mode 100644 index 0000000..c5edc51 --- /dev/null +++ b/host/Rory-nginx/services/matrix/synapse/db.nix @@ -0,0 +1,21 @@ +{ + workerName ? null, + dbGroup ? null +}: { + name = "psycopg2"; + args = { + user = "matrix-synapse-rory-gay"; + password = "somepassword"; + database = "matrix-synapse-rory-gay"; + host = "/run/postgresql"; + application_name = "matrix-synapse (rory.gay) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}"; + cp_min = if dbGroup == "small" then 2 + else if dbGroup == "medium" then 5 + else if dbGroup == "large" then 10 + else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; + cp_max = if dbGroup == "small" then 2 + else if dbGroup == "medium" then 10 + else if dbGroup == "large" then 10 + else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}"; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix new file mode 100644 index 0000000..8165fe4 --- /dev/null +++ b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix @@ -0,0 +1,56 @@ +{ + rc_message = { + per_second = 1000; + burst_count = 1000; + }; + rc_login = { + address = { + per_second = 1000; + burst_count = 1000; + }; + account = { + per_second = 1000; + burst_count = 1000; + }; + failed_attempts = { + per_second = 0.1; + burst_count = 3; + }; + }; + rc_joins = { + local = { + per_second = 1000; + burst_count = 1000; + }; + remote = { + per_second = 1000; + burst_count = 1000; + }; + }; + rc_joins_per_room = { + per_second = 1000; + burst_count = 1000; + }; + rc_invites = { + per_room = { + per_second = 1000; + burst_count = 1000; + }; + per_user = { + per_second = 1000; + burst_count = 1000; + }; + per_issuer = { + per_second = 1000; + burst_count = 1000; + }; + }; + rc_federation = { + window_size = 10; + sleep_limit = 1000; + sleep_delay = 100; + reject_limit = 1000; + concurrent = 100; + }; + federation_rr_transactions_per_room_per_second = 1; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/synapse.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix index d49e70e..f6b8077 100755 --- a/host/Rory-nginx/services/matrix/synapse.nix +++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix @@ -42,21 +42,6 @@ in max_long_retry_delay = "30s"; }; - gc_min_interval = ["5m" "30m" "60m"]; - gc_thresholds = [1000 500 250]; - event_cache_size = "12000K"; #defaults to 10K - caches = { - global_factor = 50000.0; - cache_entry_ttl = "24h"; - expire_caches = true; - sync_response_cache_duration = "15s"; #6h - cache_autotuning = { - max_cache_memory_usage = "65536M"; - target_cache_memory_usage = "32768M"; - min_cache_ttl = "6h"; - }; - }; - # Alicia - figure this out later... #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; @@ -74,11 +59,7 @@ in } ]; } { - #port = 8009; - #bind_addresses = [ "127.0.0.1" ]; type = "http"; - #tls = false; - #x_forwarded = true; path = "/run/synapse/replication-listener.sock"; resources = [ { names = [ "replication" ]; @@ -92,81 +73,27 @@ in update_interval = 60; }; url_preview_enabled = true; - database = { - name = "psycopg2"; - args = { - user = "matrix-synapse-rory-gay"; - #passwordFile = "/run/secrets/matrix-synapse-password"; - password = "somepassword"; - database = "matrix-synapse-rory-gay"; - #host = "127.0.0.1"; - host = "/run/postgresql"; - application_name = "matrix-synapse (rory.gay)"; - cp_min = 5; - cp_max = 10; - #cp_reconnect_interval = "True"; - }; - }; + database = (import ./db.nix { workerName = "main"; dbGroup = "medium"; }); + #database = { + # name = "psycopg2"; + # args = { + # user = "matrix-synapse-rory-gay"; + # #passwordFile = "/run/secrets/matrix-synapse-password"; + # password = "somepassword"; + # database = "matrix-synapse-rory-gay"; + # #host = "127.0.0.1"; + # host = "/run/postgresql"; + # application_name = "matrix-synapse (rory.gay)"; + # cp_min = 5; + # cp_max = 10; + # #cp_reconnect_interval = "True"; + # }; + #}; app_service_config_files = [ #"/etc/matrix-synapse/appservice-registration.yaml" "/var/lib/matrix-synapse/modas-registration.yaml" ]; - rc_message = { - per_second = 1000; - burst_count = 1000; - }; - rc_login = { - address = { - per_second = 1000; - burst_count = 1000; - }; - account = { - per_second = 1000; - burst_count = 1000; - }; - failed_attempts = { - per_second = 0.1; - burst_count = 3; - }; - }; - rc_joins = { - local = { - per_second = 1000; - burst_count = 1000; - }; - remote = { - per_second = 1000; - burst_count = 1000; - }; - }; - rc_joins_per_room = { - per_second = 1000; - burst_count = 1000; - }; - rc_invites = { - per_room = { - per_second = 1000; - burst_count = 1000; - }; - per_user = { - per_second = 1000; - burst_count = 1000; - }; - per_issuer = { - per_second = 1000; - burst_count = 1000; - }; - }; - rc_federation = { - window_size = 10; - sleep_limit = 1000; - sleep_delay = 100; - reject_limit = 1000; - concurrent = 100; - }; - federation_rr_transactions_per_room_per_second = 1; - max_image_pixels = "100M"; ui_auth = { @@ -188,11 +115,18 @@ in }; experimental_features = { - "org.matrix.msc3026.busy_presence" = true; - "fi.mau.msc2815" = true; - "org.matrix.msc3881" = true; - "org.matrix.msc3874" = true; - "org.matrix.msc3912" = true; + # These apparently arent valid... + #"org.matrix.msc3026.busy_presence" = true; + #"fi.mau.msc2815" = true; + #"org.matrix.msc3881" = true; + #"org.matrix.msc3874" = true; + #"org.matrix.msc3912" = true; + + # These should be, looking at synapse's experimental.py + "msc2815_enabled" = true; # Redacted event content + "msc3026_enabled" = true; # Busy presence + "msc3266_enabled" = true; # Room summary API + "msc3916_authenticated_media_enabled" = true; # Authenticated media }; @@ -225,7 +159,9 @@ in send_federation = false; federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders; - }; + } + // import ./ratelimits.nix + // import ./caches.nix; ## TODO: INVESTIGATE # worker_listeners: @@ -255,44 +191,31 @@ in value = { worker_app = "synapse.app.generic_worker"; worker_listeners = [ ]; - database = { - name = "psycopg2"; - args = { - user = "matrix-synapse-rory-gay"; - password = "somepassword"; - database = "matrix-synapse-rory-gay"; - #host = "127.0.0.1"; - host = "/run/postgresql"; - application_name = "matrix-synapse (rory.gay) - federation sender ${toString port}"; - cp_min = 2; - cp_max = 2; - }; - }; + database = (import ./db.nix { workerName = "federation sender ${toString port}"; dbGroup = "small"; }); }; }) federationSenders); }; - systemd.services.matrix-synapse-reg-token = { - description = "Random registration token for Synapse."; - before = ["matrix-synapse.service"]; # So the registration can be used by Synapse - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - - script = '' - - if [ ! -f "registration_shared_secret.txt" ] - then - cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt - else - echo Not generating key, key exists; - fi''; - serviceConfig = { - User = "matrix-synapse"; - Group = "matrix-synapse"; - WorkingDirectory = "/var/lib/matrix-synapse"; - }; + systemd.services.matrix-synapse-reg-token = { + description = "Random registration token for Synapse."; + before = ["matrix-synapse.service"]; # So the registration can be used by Synapse + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + + script = '' + + if [ ! -f "registration_shared_secret.txt" ] + then + cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt + else + echo Not generating key, key exists; + fi''; + serviceConfig = { + User = "matrix-synapse"; + Group = "matrix-synapse"; + WorkingDirectory = "/var/lib/matrix-synapse"; }; - + }; services.redis = { package = pkgs.keydb; |