diff --git a/host/Rory-nginx/services/matrix/synapse/workers/auth.nix b/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
index 3c8d1e9..6e97c15 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
@@ -97,6 +97,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
index 9a0aafa..0d039c0 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
@@ -28,6 +28,8 @@ let
# unstable
"~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
+ "~ ^/_matrix/client/v3/keys/query$"
+ "~ ^/_matrix/client/v3/room_keys/keys/"
]
++ lib.optionals (cfg.authWorkers == 0) [
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$"
@@ -112,14 +114,16 @@ in
name = "${workerName}-${type}";
value = {
extraConfig = ''
- keepalive 32;
- least_conn;
+ keepalive 32;
+ # least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
index 2be7a5b..0966573 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
@@ -13,6 +13,7 @@ let
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/"
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/"
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
+ "~ ^/_synapse/admin/v1/rooms" # We have a lot of them, so let's do a bunch of jobs at once!
];
federation = [ ];
media = [ ];
@@ -85,14 +86,16 @@ in
name = "${workerName}-${type}";
value = {
extraConfig = ''
- keepalive 32;
- least_conn;
+ keepalive 32;
+ # least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
index effaa69..bdaf456 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
@@ -86,6 +86,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
index 5b3d4bf..c5852d3 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
@@ -21,14 +21,16 @@ let
"~ ^/_matrix/federation/(v1|v2)/send_leave/"
"~ ^/_matrix/federation/v1/make_knock/"
"~ ^/_matrix/federation/v1/send_knock/"
- "~ ^/_matrix/federation/(v1|v2)/invite/"
+ "~ ^/_matrix/federation/(v1|v2)/invite/" # Needs special handling, define manually
"~ ^/_matrix/federation/(v1|v2)/query_auth/"
"~ ^/_matrix/federation/(v1|v2)/event_auth/"
"~ ^/_matrix/federation/v1/timestamp_to_event/"
"~ ^/_matrix/federation/(v1|v2)/exchange_third_party_invite/"
"~ ^/_matrix/federation/(v1|v2)/user/devices/"
"~ ^/_matrix/federation/(v1|v2)/get_groups_publicised$"
+ "~ ^/_matrix/federation/v1/hierarchy/"
"~ ^/_matrix/key/v2/query"
+ "~ ^/_matrix/federation/v1/user/keys/query$"
# extra
"~ ^/_matrix/key/v2/server$"
];
@@ -110,6 +112,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
@@ -134,6 +137,14 @@ in
)
)
);
+
+ #virtualHosts."${cfg.nginxVirtualHostName}".locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
+ # proxyPass = "http://${workerName}-federation";
+ # extraConfig = ''
+ # proxy_http_version 1.1;
+ # proxy_set_header Connection "";
+ # '';
+ #};
};
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
index 468916e..c2622be 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
@@ -88,6 +88,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
index e52010c..25271a5 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
@@ -14,6 +14,7 @@ let
"~ ^/_synapse/admin/v1/purge_media_cache$"
"~ ^/_synapse/admin/v1/room/.*/media.*$"
"~ ^/_synapse/admin/v1/user/.*/media.*$"
+ "~ ^/_synapse/admin/v1/users/.*/media$"
"~ ^/_synapse/admin/v1/media/.*$"
"~ ^/_synapse/admin/v1/quarantine_media/.*$"
"~ ^/_matrix/media/"
@@ -106,6 +107,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
index 32f2095..3b6456b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
@@ -33,7 +33,7 @@ in
./stream-writers/to_device-stream-writer.nix
./stream-writers/typing-stream-writer.nix
-# ./stream-writers/shared-stream-writer.nix
+ # ./stream-writers/shared-stream-writer.nix
];
options.services.matrix-synapse = {
enableWorkers = lib.mkEnableOption "Enable dedicated workers";
@@ -60,7 +60,7 @@ in
receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
presenceStreamWriters = mkIntOption "Number of presence stream writers";
pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";
-
+
sharedStreamWriters = mkIntOption "Number of shared stream writers";
nginxVirtualHostName = lib.mkOption {
@@ -68,6 +68,12 @@ in
default = null;
description = "The virtual host name for the nginx server";
};
+
+ allowedRemoteInviteOrigins = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ description = "List of allowed remote invite origins";
+ };
};
config = {
@@ -77,7 +83,6 @@ in
message = "nginxVirtualHostName must be set when enableWorkers is true";
}
-
# Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
{
assertion = cfg.typingStreamWriters <= 1;
@@ -104,11 +109,26 @@ in
assertion = cfg.pushRuleStreamWriters <= 1;
message = "Only one push rule stream writer is supported";
}
-
+
{
assertion = cfg.sharedStreamWriters <= 1;
message = "Only one shared stream writer is supported";
}
];
+
+ # Matrix utility maps
+ services.nginx.appendHttpConfig = ''
+ # Map authorization header to origin name
+ map $http_authorization $mx_origin_name {
+ default "";
+ "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
+ }
+
+ # Map origin name to whether it can invite
+ map $mx_origin_name $mx_can_invite {
+ default 0;
+ ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
+ }
+ '';
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
index edf1632..05f8c1a 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
@@ -87,6 +87,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
index 48649f6..ee9e8c9 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
@@ -92,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
index 5395aea..2772e0f 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
index e6487ca..e496715 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
index 4a4af04..4c44de5 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
index 54c31b4..ce7f028 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
@@ -92,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
index 5fd0bd0..1170613 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
@@ -95,6 +95,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
index 2b487d6..689805b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
index 5bff505..a046ca6 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
index 67b63dd..fbdb73e 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
@@ -11,6 +11,7 @@ let
"~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$"
"~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$"
"~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
+ "~ ^/_matrix/client/unstable/org.matrix.simplified_msc3575/sync$"
];
federation = [ ];
media = [ ];
@@ -91,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
|
