{ config, pkgs, lib, ... }: let #federationSenders = lib.range 0 31; #federationReceivers = lib.range 10000 10000; #initialSyncWorkers = lib.range 10100 10100; #syncWorkers = lib.range 10150 10150; #streamWriters = lib.range 10200 10200; in { # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py # Documentation: https://github.com/element-hq/synapse/blob/develop/docs/workers.md imports = [ ./workers/module.nix ]; services.matrix-synapse = { enable = true; withJemalloc = true; federationSenders = 8; pushers = 2; enableStreamWriters = false; enableAppserviceWorker = true; #eventStreamWriters = 8; # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html settings = { server_name = "rory.gay"; enable_registration = true; registration_requires_token = true; require_membership_for_aliases = false; redaction_retention_period = null; user_ips_max_age = null; allow_device_name_lookup_over_federation = true; federation = { client_timeout = "60s"; max_short_retries = 12; max_short_retry_delay = "5s"; max_long_retries = 5; max_long_retry_delay = "30s"; }; # Alicia - figure this out later... #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"]; registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt"; listeners = [ { port = 8008; bind_addresses = [ "192.168.1.2" "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = false; } ]; } { type = "http"; path = "/run/matrix-synapse/replication-listener.sock"; resources = [ { names = [ "replication" ]; compress = false; } ]; } ]; dynamic_thumbnails = true; presence = { enable = true; update_interval = 60; }; url_preview_enabled = true; database = (import ./db.nix { workerName = "main"; dbGroup = "medium"; }); #database = { # name = "psycopg2"; # args = { # user = "matrix-synapse-rory-gay"; # #passwordFile = "/run/secrets/matrix-synapse-password"; # password = "somepassword"; # database = "matrix-synapse-rory-gay"; # #host = "127.0.0.1"; # host = "/run/postgresql"; # application_name = "matrix-synapse (rory.gay)"; # cp_min = 5; # cp_max = 10; # #cp_reconnect_interval = "True"; # }; #}; app_service_config_files = [ #"/etc/matrix-synapse/appservice-registration.yaml" "/var/lib/matrix-synapse/modas-registration.yaml" ]; max_image_pixels = "100M"; ui_auth = { session_timeout = "1m"; }; login_via_existing_session = { enabled = true; require_ui_auth = true; token_timeout = "1y"; }; report_stats = false; user_directory = { enabled = true; search_all_users = true; prefer_local_users = true; }; experimental_features = { # These apparently arent valid... #"org.matrix.msc3026.busy_presence" = true; #"fi.mau.msc2815" = true; #"org.matrix.msc3881" = true; #"org.matrix.msc3874" = true; #"org.matrix.msc3912" = true; # These should be, looking at synapse's experimental.py "msc2815_enabled" = true; # Redacted event content "msc3026_enabled" = true; # Busy presence "msc3266_enabled" = true; # Room summary API "msc3916_authenticated_media_enabled" = true; # Authenticated media }; redis = { enabled = true; path = "/run/redis-matrix-synapse/redis.sock"; }; instance_map = { main = { # replication listener #host = "127.0.0.1"; #port = 8009; path = "/run/matrix-synapse/replication-listener.sock"; }; } ; ### // builtins.listToAttrs (map (port: { ### name = "federation_sender-${toString port}"; ### value = { ### path = "/run/matrix-synapse/federation_sender-${toString port}.sock"; ### }; ### }) federationSenders); #} // builtins.listToAttrs (map (port: { # name = "federation_receiver-${toString port}"; # value = { # path = "/run/matrix-synapse/federation_receiver-${toString port}.sock"; # }; #}) federationReceivers); # by type: #federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders; } // import ./ratelimits.nix // import ./caches.nix; ## TODO: INVESTIGATE # worker_listeners: # - type: metrics # bind_address: '' # port: 9101 #workers = #builtins.listToAttrs (map (port: { # name = "federation_receiver-${toString port}"; # value = { # worker_app = "synapse.app.generic_worker"; # worker_listeners = [ # { # port = port; # type = "http"; # resources = [ { # names = [ "federation" ]; # compress = false; # } ]; # } # ]; # }; #}) federationReceivers) ### builtins.listToAttrs (map (port: { ### name = "federation_sender-${toString port}"; ### value = { ### worker_app = "synapse.app.generic_worker"; ### worker_listeners = [ ]; ### database = (import ./db.nix { workerName = "federation sender ${toString port}"; dbGroup = "small"; }); ### }; ### }) federationSenders); }; systemd.services.matrix-synapse-reg-token = { description = "Random registration token for Synapse."; before = ["matrix-synapse.service"]; # So the registration can be used by Synapse wantedBy = ["multi-user.target"]; after = ["network.target"]; script = '' if [ ! -f "registration_shared_secret.txt" ] then cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt else echo Not generating key, key exists; fi''; serviceConfig = { User = "matrix-synapse"; Group = "matrix-synapse"; WorkingDirectory = "/var/lib/matrix-synapse"; }; }; services.redis = { package = pkgs.keydb; servers.matrix-synapse = { enable = true; user = "matrix-synapse"; }; }; systemd.tmpfiles.rules = [ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" ]; }