summary refs log tree commit diff
path: root/host/Rory-nginx/services/matrix
diff options
context:
space:
mode:
Diffstat (limited to 'host/Rory-nginx/services/matrix')
-rwxr-xr-xhost/Rory-nginx/services/matrix/root.nix2
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix (renamed from host/Rory-nginx/services/matrix/synapse.monolith.nix)0
-rw-r--r--host/Rory-nginx/services/matrix/synapse/caches.nix16
-rw-r--r--host/Rory-nginx/services/matrix/synapse/db.nix21
-rw-r--r--host/Rory-nginx/services/matrix/synapse/ratelimits.nix56
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse/synapse-main.nix (renamed from host/Rory-nginx/services/matrix/synapse.nix)179
6 files changed, 145 insertions, 129 deletions
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index be9386e..ac4f5ce 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -3,7 +3,7 @@
 {
   imports =
     [
-      ./synapse.nix
+      ./synapse/synapse-main.nix
       ./coturn.nix
       ./matrix-appservice-discord.nix
       ./draupnir.nix
diff --git a/host/Rory-nginx/services/matrix/synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix
index 26c61a1..26c61a1 100755
--- a/host/Rory-nginx/services/matrix/synapse.monolith.nix
+++ b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix
diff --git a/host/Rory-nginx/services/matrix/synapse/caches.nix b/host/Rory-nginx/services/matrix/synapse/caches.nix
new file mode 100644
index 0000000..d129076
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse/caches.nix
@@ -0,0 +1,16 @@
+{
+  gc_min_interval = ["5m" "30m" "60m"];
+  gc_thresholds = [1000 500 250];
+  event_cache_size = "12000K"; #defaults to 10K
+  caches = {
+    global_factor = 50000.0;
+    cache_entry_ttl = "24h";
+    expire_caches = true;
+    sync_response_cache_duration = "15s"; #6h
+    cache_autotuning = {
+      max_cache_memory_usage = "65536M";
+      target_cache_memory_usage = "32768M";
+      min_cache_ttl = "6h";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse/db.nix b/host/Rory-nginx/services/matrix/synapse/db.nix
new file mode 100644
index 0000000..c5edc51
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse/db.nix
@@ -0,0 +1,21 @@
+{ 
+  workerName ? null,
+  dbGroup ? null
+}: {
+  name = "psycopg2";
+  args = {
+    user = "matrix-synapse-rory-gay";
+    password = "somepassword";
+    database = "matrix-synapse-rory-gay";
+    host = "/run/postgresql";
+    application_name = "matrix-synapse (rory.gay) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+    cp_min = if dbGroup == "small" then 2
+      else if dbGroup == "medium" then 5
+      else if dbGroup == "large" then 10
+      else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+    cp_max = if dbGroup == "small" then 2
+      else if dbGroup == "medium" then 10
+      else if dbGroup == "large" then 10
+      else throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
new file mode 100644
index 0000000..8165fe4
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
@@ -0,0 +1,56 @@
+{
+  rc_message = {
+    per_second = 1000;
+    burst_count = 1000;
+  };
+  rc_login = {
+    address = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+    account = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+    failed_attempts = {
+      per_second = 0.1;
+      burst_count = 3;
+    };
+  };
+  rc_joins = {
+    local = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+    remote = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+  };
+  rc_joins_per_room = {
+    per_second = 1000;
+    burst_count = 1000;
+  };
+  rc_invites = {
+    per_room = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+    per_user = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+    per_issuer = {
+      per_second = 1000;
+      burst_count = 1000;
+    };
+  };
+  rc_federation = {
+    window_size = 10;
+    sleep_limit = 1000;
+    sleep_delay = 100;
+    reject_limit = 1000;
+    concurrent = 100;
+  };
+  federation_rr_transactions_per_room_per_second = 1;
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
index d49e70e..f6b8077 100755
--- a/host/Rory-nginx/services/matrix/synapse.nix
+++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
@@ -42,21 +42,6 @@ in
         max_long_retry_delay = "30s";
       };
 
-      gc_min_interval = ["5m" "30m" "60m"];
-      gc_thresholds = [1000 500 250];
-      event_cache_size = "12000K"; #defaults to 10K
-      caches = {
-        global_factor = 50000.0;
-        cache_entry_ttl = "24h";
-        expire_caches = true;
-        sync_response_cache_duration = "15s"; #6h
-        cache_autotuning = {
-          max_cache_memory_usage = "65536M";
-          target_cache_memory_usage = "32768M";
-          min_cache_ttl = "6h";
-        };
-      };
-
       # Alicia - figure this out later...
       #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
       registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
@@ -74,11 +59,7 @@ in
           } ];
         }
         { 
-          #port = 8009;
-          #bind_addresses = [ "127.0.0.1" ];
           type = "http";
-          #tls = false;
-          #x_forwarded = true;
           path = "/run/synapse/replication-listener.sock";
           resources = [ {
             names = [ "replication" ];
@@ -92,81 +73,27 @@ in
         update_interval = 60;
       };
       url_preview_enabled = true;
-      database = {
-        name = "psycopg2";
-        args = {
-          user = "matrix-synapse-rory-gay";
-          #passwordFile = "/run/secrets/matrix-synapse-password";
-          password = "somepassword";
-          database = "matrix-synapse-rory-gay";
-          #host = "127.0.0.1";
-          host = "/run/postgresql";
-          application_name = "matrix-synapse (rory.gay)";
-          cp_min = 5;
-          cp_max = 10;
-          #cp_reconnect_interval = "True";
-        };
-      };
+      database = (import ./db.nix { workerName = "main"; dbGroup = "medium"; });
+      #database = {
+      #  name = "psycopg2";
+      #  args = {
+      #    user = "matrix-synapse-rory-gay";
+      #    #passwordFile = "/run/secrets/matrix-synapse-password";
+      #    password = "somepassword";
+      #    database = "matrix-synapse-rory-gay";
+      #    #host = "127.0.0.1";
+      #    host = "/run/postgresql";
+      #    application_name = "matrix-synapse (rory.gay)";
+      #    cp_min = 5;
+      #    cp_max = 10;
+      #    #cp_reconnect_interval = "True";
+      #  };
+      #};
       app_service_config_files = [
         #"/etc/matrix-synapse/appservice-registration.yaml"
         "/var/lib/matrix-synapse/modas-registration.yaml"
       ];
 
-      rc_message = {
-        per_second = 1000;
-        burst_count = 1000;
-      };
-      rc_login = {
-        address = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        account = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        failed_attempts = {
-          per_second = 0.1;
-          burst_count = 3;
-        };
-      };
-      rc_joins = {
-        local = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        remote = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-      };
-      rc_joins_per_room = {
-        per_second = 1000;
-        burst_count = 1000;
-      };
-      rc_invites = {
-        per_room = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        per_user = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        per_issuer = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-      };
-      rc_federation = {
-        window_size = 10;
-        sleep_limit = 1000;
-        sleep_delay = 100;
-        reject_limit = 1000;
-        concurrent = 100;
-      };
-      federation_rr_transactions_per_room_per_second = 1;
-
       max_image_pixels = "100M";
 
       ui_auth = {
@@ -188,11 +115,18 @@ in
       };
 
       experimental_features = {
-        "org.matrix.msc3026.busy_presence" = true;
-        "fi.mau.msc2815" = true;
-        "org.matrix.msc3881" = true;
-        "org.matrix.msc3874" = true;
-        "org.matrix.msc3912" = true;
+        # These apparently arent valid...
+        #"org.matrix.msc3026.busy_presence" = true;
+        #"fi.mau.msc2815" = true;
+        #"org.matrix.msc3881" = true;
+        #"org.matrix.msc3874" = true;
+        #"org.matrix.msc3912" = true;
+
+        # These should be, looking at synapse's experimental.py
+        "msc2815_enabled" = true; # Redacted event content
+        "msc3026_enabled" = true; # Busy presence
+        "msc3266_enabled" = true; # Room summary API
+        "msc3916_authenticated_media_enabled" = true; # Authenticated media
       };
 
 
@@ -225,7 +159,9 @@ in
       send_federation = false;
       federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders;
 
-    };
+    }
+    // import ./ratelimits.nix
+    // import ./caches.nix;
 
     ## TODO: INVESTIGATE
     # worker_listeners:
@@ -255,44 +191,31 @@ in
       value = {
         worker_app = "synapse.app.generic_worker";
         worker_listeners = [ ];
-        database = {
-          name = "psycopg2";
-          args = {
-            user = "matrix-synapse-rory-gay";
-            password = "somepassword";
-            database = "matrix-synapse-rory-gay";
-            #host = "127.0.0.1";
-            host = "/run/postgresql";
-            application_name = "matrix-synapse (rory.gay) - federation sender ${toString port}";
-            cp_min = 2;
-            cp_max = 2;
-          };
-        };
+        database = (import ./db.nix { workerName = "federation sender ${toString port}"; dbGroup = "small"; });
       };
     }) federationSenders);
   };
 
-    systemd.services.matrix-synapse-reg-token = {
-      description = "Random registration token for Synapse.";
-      before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
-      wantedBy = ["multi-user.target"];
-      after = ["network.target"];
-
-      script = ''
-
-        if [ ! -f "registration_shared_secret.txt" ]
-        then
-          cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
-        else
-          echo Not generating key, key exists;
-        fi'';
-      serviceConfig = {
-        User = "matrix-synapse";
-        Group = "matrix-synapse";
-        WorkingDirectory = "/var/lib/matrix-synapse";
-      };
+  systemd.services.matrix-synapse-reg-token = {
+    description = "Random registration token for Synapse.";
+    before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
+    wantedBy = ["multi-user.target"];
+    after = ["network.target"];
+
+    script = ''
+
+      if [ ! -f "registration_shared_secret.txt" ]
+      then
+        cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
+      else
+        echo Not generating key, key exists;
+      fi'';
+    serviceConfig = {
+      User = "matrix-synapse";
+      Group = "matrix-synapse";
+      WorkingDirectory = "/var/lib/matrix-synapse";
     };
-
+  };
 
   services.redis = {
     package = pkgs.keydb;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-09 16:45:15 +0000