summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-05-06 15:51:18 +0200
committerRory& <root@rory.gay>2024-07-04 14:45:02 +0200
commit1b32e71dc721c7d0951f7bafc9f44235e11f7232 (patch)
tree12fc97ad4df8c4693fd1582d4f6d504d2c83c048
parentServer updates (diff)
downloadRory-Open-Architecture-1b32e71dc721c7d0951f7bafc9f44235e11f7232.tar.xz
Synapse senders
-rw-r--r--flake.lock143
-rwxr-xr-xflake.nix13
-rwxr-xr-xhost/Rory-nginx/services/matrix/root.nix2
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse.monolith.nix212
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse.nix115
-rwxr-xr-xhost/Rory-nginx/services/postgres.nix2
6 files changed, 352 insertions, 135 deletions
diff --git a/flake.lock b/flake.lock
index b0dab21..b6b4e0c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,30 +1,11 @@
 {
   "nodes": {
-    "MatrixMediaGate": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1709199781,
-        "narHash": "sha256-OH9OSnRNj9zHkKMBRwBaa0pMA0yOzibt3h6i3M4KIKw=",
-        "ref": "refs/heads/master",
-        "rev": "a3bce27ac19dfd940a34c4c148c0f617f513feed",
-        "revCount": 18,
-        "type": "git",
-        "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/"
-      }
-    },
     "attic": {
       "inputs": {
         "crane": "crane",
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_3",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2",
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
@@ -46,8 +27,8 @@
       "inputs": {
         "crane": "crane_3",
         "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_4",
-        "nixpkgs": "nixpkgs_5",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": "nixpkgs_4",
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
@@ -67,7 +48,7 @@
     },
     "botcore-v4": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
       },
       "locked": {
         "lastModified": 1683656302,
@@ -108,9 +89,9 @@
         "crane": "crane_2",
         "fenix": "fenix",
         "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
         "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_3",
         "rocksdb": "rocksdb"
       },
       "locked": {
@@ -134,9 +115,9 @@
         "crane": "crane_4",
         "fenix": "fenix_2",
         "flake-compat": "flake-compat_4",
-        "flake-utils": "flake-utils_5",
+        "flake-utils": "flake-utils_4",
         "nix-filter": "nix-filter_2",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
       },
       "locked": {
         "lastModified": 1714631281,
@@ -367,24 +348,6 @@
       }
     },
     "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
       "locked": {
         "lastModified": 1667395993,
         "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -399,9 +362,9 @@
         "type": "github"
       }
     },
-    "flake-utils_3": {
+    "flake-utils_2": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -418,7 +381,7 @@
         "type": "github"
       }
     },
-    "flake-utils_4": {
+    "flake-utils_3": {
       "locked": {
         "lastModified": 1667395993,
         "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -433,9 +396,9 @@
         "type": "github"
       }
     },
-    "flake-utils_5": {
+    "flake-utils_4": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1709126324,
@@ -451,9 +414,9 @@
         "type": "github"
       }
     },
-    "flake-utils_6": {
+    "flake-utils_5": {
       "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -471,7 +434,7 @@
     },
     "home-manager": {
       "inputs": {
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_6"
       },
       "locked": {
         "lastModified": 1714515075,
@@ -556,8 +519,8 @@
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat_5",
-        "flake-utils": "flake-utils_6",
-        "nixpkgs": "nixpkgs_8"
+        "flake-utils": "flake-utils_5",
+        "nixpkgs": "nixpkgs_7"
       },
       "locked": {
         "lastModified": 1714355896,
@@ -575,11 +538,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1708807242,
-        "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
+        "lastModified": 1683408522,
+        "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
+        "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
         "type": "github"
       },
       "original": {
@@ -607,14 +570,18 @@
     },
     "nixpkgs-rory": {
       "locked": {
-        "lastModified": 0,
-        "narHash": "sha256-0h4yzifkBwp7AtFBW62wtJmFrZW12Ge9SeyL6AWIV7M=",
-        "path": "/Rory-Open-Architecture/nixpkgs",
-        "type": "path"
+        "lastModified": 1714857654,
+        "narHash": "sha256-lHLhAap5HklB1yQhUldJNjnFX6AVuKpEsYHtaYin9nc=",
+        "owner": "TheArcaneBrony",
+        "repo": "nixpkgs",
+        "rev": "5f577ce369c55b5774fd7a766693d705a31391e4",
+        "type": "github"
       },
       "original": {
-        "path": "/Rory-Open-Architecture/nixpkgs",
-        "type": "path"
+        "owner": "TheArcaneBrony",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs-stable": {
@@ -651,22 +618,6 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1683408522,
-        "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
         "lastModified": 1711401922,
         "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
         "owner": "NixOS",
@@ -681,7 +632,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1713537308,
         "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
@@ -697,7 +648,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1702539185,
         "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
@@ -713,7 +664,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1709479366,
         "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
@@ -729,7 +680,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1714076141,
         "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
@@ -745,7 +696,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
       "locked": {
         "lastModified": 1714272655,
         "narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=",
@@ -761,7 +712,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_9": {
+    "nixpkgs_8": {
       "locked": {
         "lastModified": 1714253743,
         "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@@ -796,7 +747,6 @@
     },
     "root": {
       "inputs": {
-        "MatrixMediaGate": "MatrixMediaGate",
         "botcore-v4": "botcore-v4",
         "conduit": "conduit",
         "conduit-vanilla": "conduit-vanilla",
@@ -804,7 +754,7 @@
         "mtxclientSrc": "mtxclientSrc",
         "nhekoSrc": "nhekoSrc",
         "nixos-wsl": "nixos-wsl",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_8",
         "nixpkgs-RoryNix": "nixpkgs-RoryNix",
         "nixpkgs-rory": "nixpkgs-rory"
       }
@@ -887,21 +837,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 02f2297..30f4826 100755
--- a/flake.nix
+++ b/flake.nix
@@ -7,8 +7,8 @@
       #url="path:/Rory-Open-Architecture/nixpkgs";
     };
     nixpkgs-rory = {
-      url = "path:/Rory-Open-Architecture/nixpkgs";
-      #url = "github:TheArcaneBrony/nixpkgs/master";
+      #url = "path:/Rory-Open-Architecture/nixpkgs";
+      url = "github:TheArcaneBrony/nixpkgs/master";
     };
     nixpkgs-RoryNix = {
       #url = "github:NixOS/nixpkgs/nixos-23.05";
@@ -39,9 +39,9 @@
       url = "gitlab:BotCore-Devs/BotCore-v4/staging";
     };
 
-    MatrixMediaGate = {
-      url = "git+https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/";
-    };
+    #MatrixMediaGate = {
+    #  url = "git+https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/";
+    #};
 
     # Sources...
     nhekoSrc = {
@@ -55,7 +55,7 @@
     };
   };
 
-  outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, MatrixMediaGate, conduit, conduit-vanilla, nixos-wsl, ... }@inputs: {
+  outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, conduit, conduit-vanilla, nixos-wsl, ... }@inputs: {
     nixosConfigurations = {
       #NIXPKGS FORK
       Rory-nginx = nixpkgs-rory.lib.nixosSystem {
@@ -70,7 +70,6 @@
           inherit home-manager;
           inherit conduit;
           inherit conduit-vanilla;
-          inherit MatrixMediaGate;
         };
       };
 
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index 2c0df53..be9386e 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -8,7 +8,7 @@
       ./matrix-appservice-discord.nix
       ./draupnir.nix
       ./conduit.nix
-      ./matrix-media-gate.nix
+      #./matrix-media-gate.nix
     ];
 
 }
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse.monolith.nix
new file mode 100755
index 0000000..26c61a1
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse.monolith.nix
@@ -0,0 +1,212 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.matrix-synapse = {
+    enable = true;
+    withJemalloc = true;
+
+    # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+    settings = {
+      server_name = "rory.gay";
+
+      enable_registration = true;
+      registration_requires_token = true;
+
+      require_membership_for_aliases = false;
+      redaction_retention_period = null;
+      user_ips_max_age = null;
+      allow_device_name_lookup_over_federation = true;
+
+      federation = {
+        client_timeout = "60s";
+        max_short_retries = 6;
+        max_short_retry_delay = "10s";
+        max_long_retries = 5;
+        max_long_retry_delay = "30s";
+      };
+
+      event_cache_size = "1200K"; #defaults to 10K
+      caches = {
+        global_factor = 5000.0;
+        cache_entry_ttl = "12h";
+        expire_caches = true;
+        sync_response_cache_duration = "6h";
+        cache_autotuning = {
+          max_cache_memory_usage = "65536M";
+          target_cache_memory_usage = "32768M";
+          min_cache_ttl = "6h";
+        };
+      };
+
+      # Alicia - figure this out later...
+      #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
+      registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
+      
+      listeners = [
+        { 
+          port = 8008;
+          bind_addresses = [ "192.168.1.2" "127.0.0.1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [ {
+            names = [ "client" "federation" ];
+            compress = true;
+          } ];
+        }
+      ];
+      dynamic_thumbnails = true;
+      presence = {
+        enable = true;
+        update_interval = 60;
+      };
+      url_preview_enabled = true;
+      database = {
+        name = "psycopg2";
+        args = {
+          user = "matrix-synapse-rory-gay";
+          #passwordFile = "/run/secrets/matrix-synapse-password";
+          password = "somepassword";
+          database = "matrix-synapse-rory-gay";
+          host = "127.0.0.1";
+          application_name = "matrix-synapse (rory.gay)";
+          cp_min = 5;
+          cp_max = 50;
+          #cp_reconnect_interval = "True";
+        };
+      };
+      app_service_config_files = [
+        #"/etc/matrix-synapse/appservice-registration.yaml"
+        "/var/lib/matrix-synapse/modas-registration.yaml"
+      ];
+
+      rc_message = {
+        per_second = 1000;
+        burst_count = 1000;
+      };
+      rc_login = {
+        address = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        account = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        failed_attempts = {
+          per_second = 0.1;
+          burst_count = 3;
+        };
+      };
+      rc_joins = {
+        local = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        remote = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+      };
+      rc_joins_per_room = {
+        per_second = 1000;
+        burst_count = 1000;
+      };
+      rc_invites = {
+        per_room = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        per_user = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+        per_issuer = {
+          per_second = 1000;
+          burst_count = 1000;
+        };
+      };
+      rc_federation = {
+        window_size = 10;
+        sleep_limit = 1000;
+        sleep_delay = 100;
+        reject_limit = 1000;
+        concurrent = 100;
+      };
+      federation_rr_transactions_per_room_per_second = 1;
+
+      max_image_pixels = "100M";
+
+      ui_auth = {
+        session_timeout = "1m";
+      };
+
+      login_via_existing_session = {
+        enabled = true;
+        require_ui_auth = true;
+        token_timeout = "1y";
+      };
+
+      #sentry = {
+      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
+      #};
+
+      report_stats = false;
+
+      user_directory = {
+        enabled = true;
+        search_all_users = true;
+        prefer_local_users = true;
+      };
+
+      experimental_features = {
+        "org.matrix.msc3026.busy_presence" = true;
+        "fi.mau.msc2815" = true;
+        "org.matrix.msc3881" = true;
+        "org.matrix.msc3874" = true;
+        "org.matrix.msc3912" = true;
+      };
+    };
+
+    plugins = with pkgs.matrix-synapse-plugins; [
+      # Alicia - need to port draupnir...
+      #matrix-synapse-mjolnir-antispam
+#      matrix-synapse-pam
+    ];
+#    extraConfigFiles = [
+#        (pkgs.writeTextFile {
+#          name = "matrix-synapse-extra-config.yml";
+#          text = ''
+#            modules:
+#              - module: "pam_auth_provider.PAMAuthProvider"
+#                config:
+#                  create_users: true
+#                  skip_user_check: false
+#          '';
+#        })
+#      ];
+  };
+
+    systemd.services.matrix-synapse-reg-token = {
+      description = "Random registration token for Synapse.";
+      before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
+      wantedBy = ["multi-user.target"];
+      after = ["network.target"];
+
+      script = ''
+
+        if [ ! -f "registration_shared_secret.txt" ]
+        then
+          cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
+        else
+          echo Not generating key, key exists;
+        fi'';
+      serviceConfig = {
+        User = "matrix-synapse";
+        Group = "matrix-synapse";
+        WorkingDirectory = "/var/lib/matrix-synapse";
+      };
+    };
+
+}
+
diff --git a/host/Rory-nginx/services/matrix/synapse.nix b/host/Rory-nginx/services/matrix/synapse.nix
index 26c61a1..6e0f537 100755
--- a/host/Rory-nginx/services/matrix/synapse.nix
+++ b/host/Rory-nginx/services/matrix/synapse.nix
@@ -1,5 +1,12 @@
 { config, pkgs, lib, ... }:
 
+let
+  federationSenders = lib.range 0 31;
+  federationReceivers = lib.range 10000 10000;
+  initialSyncWorkers = lib.range 10100 10100;
+  syncWorkers = lib.range 10150 10150;
+  streamWriters = lib.range 10200 10200;
+in
 {
   services.matrix-synapse = {
     enable = true;
@@ -51,7 +58,18 @@
           x_forwarded = true;
           resources = [ {
             names = [ "client" "federation" ];
-            compress = true;
+            compress = false;
+          } ];
+        }
+        { 
+          port = 8009;
+          bind_addresses = [ "127.0.0.1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [ {
+            names = [ "replication" ];
+            compress = false;
           } ];
         }
       ];
@@ -147,10 +165,6 @@
         token_timeout = "1y";
       };
 
-      #sentry = {
-      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
-      #};
-
       report_stats = false;
 
       user_directory = {
@@ -166,25 +180,69 @@
         "org.matrix.msc3874" = true;
         "org.matrix.msc3912" = true;
       };
+
+
+      redis = {
+        enabled = true;
+        path = "/run/redis-matrix-synapse/redis.sock";
+      };
+
+
+      instance_map = {
+        main = {
+          host = "127.0.0.1";
+          port = 8009;
+        };
+      } // builtins.listToAttrs (map (port: {
+        name = "federation_sender-${toString port}";
+        value = {
+          path = "/run/synapse/federation_sender-${toString port}.sock";
+        };
+      }) federationSenders);
+      #} // builtins.listToAttrs (map (port: {
+      #  name = "federation_receiver-${toString port}";
+      #  value = {
+      #    path = "/run/synapse/federation_receiver-${toString port}.sock";
+      #  };
+      #}) federationReceivers);
+
+      # by type:
+
+      #map to list
+      federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders;
+
     };
 
-    plugins = with pkgs.matrix-synapse-plugins; [
-      # Alicia - need to port draupnir...
-      #matrix-synapse-mjolnir-antispam
-#      matrix-synapse-pam
-    ];
-#    extraConfigFiles = [
-#        (pkgs.writeTextFile {
-#          name = "matrix-synapse-extra-config.yml";
-#          text = ''
-#            modules:
-#              - module: "pam_auth_provider.PAMAuthProvider"
-#                config:
-#                  create_users: true
-#                  skip_user_check: false
-#          '';
-#        })
-#      ];
+    ## TODO: INVESTIGATE
+    # worker_listeners:
+    # - type: metrics
+    #   bind_address: ''
+    #   port: 9101
+
+    workers = 
+    #builtins.listToAttrs (map (port: {
+    #  name = "federation_receiver-${toString port}";
+    #  value = {
+    #    worker_app = "synapse.app.generic_worker";
+    #    worker_listeners = [
+    #      { 
+    #        port = port;
+    #        type = "http";
+    #        resources = [ {
+    #          names = [ "federation" ];
+    #          compress = false;
+    #        } ];
+    #      }
+    #    ];
+    #  };
+    #}) federationReceivers)
+    builtins.listToAttrs (map (port: {
+      name = "federation_sender-${toString port}";
+      value = {
+        worker_app = "synapse.app.generic_worker";
+        worker_listeners = [ ];
+      };
+    }) federationSenders);
   };
 
     systemd.services.matrix-synapse-reg-token = {
@@ -208,5 +266,18 @@
       };
     };
 
+
+  services.redis = {
+    package = pkgs.keydb;
+    servers.matrix-synapse = {
+      enable = true;
+      user = "matrix-synapse";
+    };
+  };
+  
+  systemd.tmpfiles.rules = [
+    "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse"
+  ];
+
 }
 
diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix
index 3545a31..7ac3619 100755
--- a/host/Rory-nginx/services/postgres.nix
+++ b/host/Rory-nginx/services/postgres.nix
@@ -5,7 +5,7 @@
 
   services.postgresql = {
     enable = true;
-    package = pkgs.postgresql_14;
+    package = pkgs.postgresql_16;
     enableTCPIP = true;
     authentication = pkgs.lib.mkOverride 10 ''
       # TYPE, DATABASE, USER, ADDRESS, METHOD