summary refs log tree commit diff
path: root/modules/software-templates/synapse-workers/module.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/software-templates/synapse-workers/module.nix')
-rw-r--r--modules/software-templates/synapse-workers/module.nix108
1 files changed, 108 insertions, 0 deletions
diff --git a/modules/software-templates/synapse-workers/module.nix b/modules/software-templates/synapse-workers/module.nix
new file mode 100644

index 0000000..b1d0ced
--- /dev/null
+++ b/modules/software-templates/synapse-workers/module.nix
@@ -0,0 +1,108 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.matrix-synapse;
+  mkIntOption =
+    description:
+    lib.mkOption {
+      type = lib.types.int;
+      default = 0;
+      description = description;
+    };
+in
+{
+  imports = [
+  ];
+  options.services.matrix-synapse = {
+    enableWorkers = lib.mkEnableOption "Enable dedicated workers";
+    enableStreamWriters = lib.mkEnableOption "Enable stream writers";
+    enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker";
+    enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker";
+    enableUserDirWorker = lib.mkEnableOption "Enable dedicated user directory worker";
+
+    authWorkers = mkIntOption "Number of auth workers";
+    clientReaders = mkIntOption "Number of client readers";
+    eventCreators = mkIntOption "Number of auth workers";
+    federationInboundWorkers = mkIntOption "Number of federation inbound workers";
+    federationReaders = mkIntOption "Number of federation readers";
+    federationSenders = mkIntOption "Number of federation senders";
+    mediaRepoWorkers = mkIntOption "Number of media repo workers";
+    pushers = mkIntOption "Number of pushers";
+    syncWorkers = mkIntOption "Number of sync workers";
+
+    #stream writers
+    eventStreamWriters = mkIntOption "Number of event stream writers";
+    typingStreamWriters = mkIntOption "Number of typing stream writers";
+    toDeviceStreamWriters = mkIntOption "Number of to_device stream writers";
+    accountDataStreamWriters = mkIntOption "Number of account data stream writers";
+    receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
+    presenceStreamWriters = mkIntOption "Number of presence stream writers";
+    pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";
+
+    sharedStreamWriters = mkIntOption "Number of shared stream writers";
+
+    nginxVirtualHostName = lib.mkOption {
+      type = lib.types.str;
+      default = null;
+      description = "The virtual host name for the nginx server";
+    };
+
+    allowedRemoteInviteOrigins = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "List of allowed remote invite origins";
+    };
+  };
+
+  config = {
+    assertions =
+      [
+        {
+          assertion = cfg.enableWorkers -> cfg.nginxVirtualHostName != null;
+          message = "nginxVirtualHostName must be set when enableWorkers is true";
+        }
+      ]
+      ++ lib.optionals (cfg.settings ? stream_writers) [
+        # Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
+        {
+          assertion = cfg.settings.stream_writers ? typing -> lib.length cfg.settings.stream_writers.typing <= 1;
+          message = "Only one typing stream writer is supported";
+        }
+        {
+          assertion = cfg.settings.stream_writers ? to_device -> lib.length cfg.settings.stream_writers.to_device <= 1;
+          message = "Only one to_device stream writer is supported";
+        }
+        {
+          assertion = cfg.settings.stream_writers ? account_data -> lib.length cfg.settings.stream_writers.account_data <= 1;
+          message = "Only one account data stream writer is supported";
+        }
+        # This may be outdated in the documentation...?
+        #{
+        #  assertion = cfg.receiptStreamWriters <= 1;
+        #  message = "Only one receipt stream writer is supported";
+        #}
+        {
+          assertion = cfg.settings.stream_writers ? presence -> lib.length cfg.settings.stream_writers.presence <= 1;
+          message = "Only one presence stream writer is supported";
+        }
+        {
+          assertion = cfg.settings.stream_writers ? push_rules -> lib.length cfg.settings.stream_writers.push_rules <= 1;
+          message = "Only one push rule stream writer is supported";
+        }
+      ];
+
+    # Matrix utility maps
+    services.nginx.appendHttpConfig = ''
+      # Map authorization header to origin name
+      map $http_authorization $mx_origin_name {
+        default "";
+        "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
+      }
+
+      # Map origin name to whether it can invite
+      map $mx_origin_name $mx_can_invite {
+        default 0;
+        ${lib.concatMapStringsSep "\n" (origin: "        \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
+      }
+    '';
+  };
+}
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-04 03:01:23 +0000