summary refs log tree commit diff
path: root/host/Rory-nginx
diff options
context:
space:
mode:
Diffstat (limited to 'host/Rory-nginx')
-rwxr-xr-xhost/Rory-nginx/services/matrix/root.nix2
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse.monolith.nix212
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse.nix115
-rwxr-xr-xhost/Rory-nginx/services/postgres.nix2
4 files changed, 307 insertions, 24 deletions
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index 2c0df53..be9386e 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -8,7 +8,7 @@
       ./matrix-appservice-discord.nix
       ./draupnir.nix
       ./conduit.nix
-      ./matrix-media-gate.nix
+      #./matrix-media-gate.nix
     ];
 
 }
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse.monolith.nix
new file mode 100755
index 0000000..26c61a1
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse.monolith.nix
@@ -0,0 +1,212 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.matrix-synapse = {
+    enable = true;
+    withJemalloc = true;
+
+    # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+    settings = {
+      server_name = "rory.gay";
+
+      enable_registration = true;
+      registration_requires_token = true;
+
+      require_membership_for_aliases = false;
+      redaction_retention_period = null;
+      user_ips_max_age = null;
+      allow_device_name_lookup_over_federation = true;
+
+      federation = {
+        client_timeout = "60s";
+        max_short_retries = 6;
+        max_short_retry_delay = "10s";
+        max_long_retries = 5;
+        max_long_retry_delay = "30s";
+      };
+
+      event_cache_size = "1200K"; #defaults to 10K
+      caches = {
+        global_factor = 5000.0;
+        cache_entry_ttl = "12h";
+        expire_caches = true;
+        sync_response_cache_duration = "6h";
+        cache_autotuning = {
+          max_cache_memory_usage = "65536M";
+          target_cache_memory_usage = "32768M";
+          min_cache_ttl = "6h";
+        };
+      };
+
+      # Alicia - figure this out later...
+      #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
+      registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
+      
+      listeners = [
+        { 
+          port = 8008;
+          bind_addresses = [ "192.168.1.2" "127.0.0.1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [ {
+            names = [ "client" "federation" ];
+            compress = true;
+          } ];
+        }
+      ];
+      dynamic_thumbnails = true;
+      presence = {
+        enable = true;
+        update_interval = 60;
+      };
+      url_preview_enabled = true;
+      database = {
+        name = "psycopg2";
+        args = {
+          user = "matrix-synapse-rory-gay";
+          #passwordFile = "/run/secrets/matrix-synapse-password";
+          password = "somepassword";
+          database = "matrix-synapse-rory-gay";
+          host = "127.0.0.1";
+          application_name = "matrix-synapse (rory.gay)";
+          cp_min = 5;
+          cp_max = 50;
+          #cp_reconnect_interval = "True";
+        };
+      };
+      app_service_config_files = [
+        #"/etc/matrix-synapse/appservice-registration.yaml"
+        "/var/lib/matrix-synapse/modas-registration.yaml"
+      ];
+
+      rc_message = {
+        per_second = 1000;
+        burst_count = 1000;
+      };
+      rc_login = {
+        address = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        account = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        failed_attempts = {
+          per_second = 0.1;
+          burst_count = 3;
+        };
+      };
+      rc_joins = {
+        local = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        remote = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+      };
+      rc_joins_per_room = {
+        per_second = 1000;
+        burst_count = 1000;
+      };
+      rc_invites = {
+        per_room = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        per_user = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        per_issuer = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+      };
+      rc_federation = {
+        window_size = 10;
+        sleep_limit = 1000;
+        sleep_delay = 100;
+        reject_limit = 1000;
+        concurrent = 100;
+      };
+      federation_rr_transactions_per_room_per_second = 1;
+
+      max_image_pixels = "100M";
+
+      ui_auth = {
+        session_timeout = "1m";
+      };
+
+      login_via_existing_session = {
+        enabled = true;
+        require_ui_auth = true;
+        token_timeout = "1y";
+      };
+
+      #sentry = {
+      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
+      #};
+
+      report_stats = false;
+
+      user_directory = {
+        enabled = true;
+        search_all_users = true;
+        prefer_local_users = true;
+      };
+
+      experimental_features = {
+        "org.matrix.msc3026.busy_presence" = true;
+        "fi.mau.msc2815" = true;
+        "org.matrix.msc3881" = true;
+        "org.matrix.msc3874" = true;
+        "org.matrix.msc3912" = true;
+      };
+    };
+
+    plugins = with pkgs.matrix-synapse-plugins; [
+      # Alicia - need to port draupnir...
+      #matrix-synapse-mjolnir-antispam
+#      matrix-synapse-pam
+    ];
+#    extraConfigFiles = [
+#        (pkgs.writeTextFile {
+#          name = "matrix-synapse-extra-config.yml";
+#          text = ''
+#            modules:
+#              - module: "pam_auth_provider.PAMAuthProvider"
+#                config:
+#                  create_users: true
+#                  skip_user_check: false
+#          '';
+#        })
+#      ];
+  };
+
+    systemd.services.matrix-synapse-reg-token = {
+      description = "Random registration token for Synapse.";
+      before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
+      wantedBy = ["multi-user.target"];
+      after = ["network.target"];
+
+      script = ''
+
+        if [ ! -f "registration_shared_secret.txt" ]
+        then
+          cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
+        else
+          echo Not generating key, key exists;
+        fi'';
+      serviceConfig = {
+        User = "matrix-synapse";
+        Group = "matrix-synapse";
+        WorkingDirectory = "/var/lib/matrix-synapse";
+      };
+    };
+
+}
+
diff --git a/host/Rory-nginx/services/matrix/synapse.nix b/host/Rory-nginx/services/matrix/synapse.nix
index 26c61a1..6e0f537 100755
--- a/host/Rory-nginx/services/matrix/synapse.nix
+++ b/host/Rory-nginx/services/matrix/synapse.nix
@@ -1,5 +1,12 @@
 { config, pkgs, lib, ... }:
 
+let
+  federationSenders = lib.range 0 31;
+  federationReceivers = lib.range 10000 10000;
+  initialSyncWorkers = lib.range 10100 10100;
+  syncWorkers = lib.range 10150 10150;
+  streamWriters = lib.range 10200 10200;
+in
 {
   services.matrix-synapse = {
     enable = true;
@@ -51,7 +58,18 @@
           x_forwarded = true;
           resources = [ {
             names = [ "client" "federation" ];
-            compress = true;
+            compress = false;
+          } ];
+        }
+        { 
+          port = 8009;
+          bind_addresses = [ "127.0.0.1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [ {
+            names = [ "replication" ];
+            compress = false;
           } ];
         }
       ];
@@ -147,10 +165,6 @@
         token_timeout = "1y";
       };
 
-      #sentry = {
-      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
-      #};
-
       report_stats = false;
 
       user_directory = {
@@ -166,25 +180,69 @@
         "org.matrix.msc3874" = true;
         "org.matrix.msc3912" = true;
       };
+
+
+      redis = {
+        enabled = true;
+        path = "/run/redis-matrix-synapse/redis.sock";
+      };
+
+
+      instance_map = {
+        main = {
+          host = "127.0.0.1";
+          port = 8009;
+        };
+      } // builtins.listToAttrs (map (port: {
+        name = "federation_sender-${toString port}";
+        value = {
+          path = "/run/synapse/federation_sender-${toString port}.sock";
+        };
+      }) federationSenders);
+      #} // builtins.listToAttrs (map (port: {
+      #  name = "federation_receiver-${toString port}";
+      #  value = {
+      #    path = "/run/synapse/federation_receiver-${toString port}.sock";
+      #  };
+      #}) federationReceivers);
+
+      # by type:
+
+      #map to list
+      federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders;
+
     };
 
-    plugins = with pkgs.matrix-synapse-plugins; [
-      # Alicia - need to port draupnir...
-      #matrix-synapse-mjolnir-antispam
-#      matrix-synapse-pam
-    ];
-#    extraConfigFiles = [
-#        (pkgs.writeTextFile {
-#          name = "matrix-synapse-extra-config.yml";
-#          text = ''
-#            modules:
-#              - module: "pam_auth_provider.PAMAuthProvider"
-#                config:
-#                  create_users: true
-#                  skip_user_check: false
-#          '';
-#        })
-#      ];
+    ## TODO: INVESTIGATE
+    # worker_listeners:
+    # - type: metrics
+    #   bind_address: ''
+    #   port: 9101
+
+    workers = 
+    #builtins.listToAttrs (map (port: {
+    #  name = "federation_receiver-${toString port}";
+    #  value = {
+    #    worker_app = "synapse.app.generic_worker";
+    #    worker_listeners = [
+    #      { 
+    #        port = port;
+    #        type = "http";
+    #        resources = [ {
+    #          names = [ "federation" ];
+    #          compress = false;
+    #        } ];
+    #      }
+    #    ];
+    #  };
+    #}) federationReceivers)
+    builtins.listToAttrs (map (port: {
+      name = "federation_sender-${toString port}";
+      value = {
+        worker_app = "synapse.app.generic_worker";
+        worker_listeners = [ ];
+      };
+    }) federationSenders);
   };
 
     systemd.services.matrix-synapse-reg-token = {
@@ -208,5 +266,18 @@
       };
     };
 
+
+  services.redis = {
+    package = pkgs.keydb;
+    servers.matrix-synapse = {
+      enable = true;
+      user = "matrix-synapse";
+    };
+  };
+  
+  systemd.tmpfiles.rules = [
+    "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse"
+  ];
+
 }
 
diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix
index 3545a31..7ac3619 100755
--- a/host/Rory-nginx/services/postgres.nix
+++ b/host/Rory-nginx/services/postgres.nix
@@ -5,7 +5,7 @@
 
   services.postgresql = {
     enable = true;
-    package = pkgs.postgresql_14;
+    package = pkgs.postgresql_16;
     enableTCPIP = true;
     authentication = pkgs.lib.mkOverride 10 ''
       # TYPE, DATABASE, USER, ADDRESS, METHOD