diff --git a/flake.lock b/flake.lock
index b0dab21..b6b4e0c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,30 +1,11 @@
{
"nodes": {
- "MatrixMediaGate": {
- "inputs": {
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs"
- },
- "locked": {
- "lastModified": 1709199781,
- "narHash": "sha256-OH9OSnRNj9zHkKMBRwBaa0pMA0yOzibt3h6i3M4KIKw=",
- "ref": "refs/heads/master",
- "rev": "a3bce27ac19dfd940a34c4c148c0f617f513feed",
- "revCount": 18,
- "type": "git",
- "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/"
- },
- "original": {
- "type": "git",
- "url": "https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/"
- }
- },
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils_2",
- "nixpkgs": "nixpkgs_3",
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@@ -46,8 +27,8 @@
"inputs": {
"crane": "crane_3",
"flake-compat": "flake-compat_3",
- "flake-utils": "flake-utils_4",
- "nixpkgs": "nixpkgs_5",
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
@@ -67,7 +48,7 @@
},
"botcore-v4": {
"inputs": {
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1683656302,
@@ -108,9 +89,9 @@
"crane": "crane_2",
"fenix": "fenix",
"flake-compat": "flake-compat_2",
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils_2",
"nix-filter": "nix-filter",
- "nixpkgs": "nixpkgs_4",
+ "nixpkgs": "nixpkgs_3",
"rocksdb": "rocksdb"
},
"locked": {
@@ -134,9 +115,9 @@
"crane": "crane_4",
"fenix": "fenix_2",
"flake-compat": "flake-compat_4",
- "flake-utils": "flake-utils_5",
+ "flake-utils": "flake-utils_4",
"nix-filter": "nix-filter_2",
- "nixpkgs": "nixpkgs_6"
+ "nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1714631281,
@@ -367,24 +348,6 @@
}
},
"flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1705309234,
- "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -399,9 +362,9 @@
"type": "github"
}
},
- "flake-utils_3": {
+ "flake-utils_2": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems"
},
"locked": {
"lastModified": 1710146030,
@@ -418,7 +381,7 @@
"type": "github"
}
},
- "flake-utils_4": {
+ "flake-utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -433,9 +396,9 @@
"type": "github"
}
},
- "flake-utils_5": {
+ "flake-utils_4": {
"inputs": {
- "systems": "systems_3"
+ "systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
@@ -451,9 +414,9 @@
"type": "github"
}
},
- "flake-utils_6": {
+ "flake-utils_5": {
"inputs": {
- "systems": "systems_4"
+ "systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
@@ -471,7 +434,7 @@
},
"home-manager": {
"inputs": {
- "nixpkgs": "nixpkgs_7"
+ "nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1714515075,
@@ -556,8 +519,8 @@
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat_5",
- "flake-utils": "flake-utils_6",
- "nixpkgs": "nixpkgs_8"
+ "flake-utils": "flake-utils_5",
+ "nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1714355896,
@@ -575,11 +538,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1708807242,
- "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
+ "lastModified": 1683408522,
+ "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
+ "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
"type": "github"
},
"original": {
@@ -607,14 +570,18 @@
},
"nixpkgs-rory": {
"locked": {
- "lastModified": 0,
- "narHash": "sha256-0h4yzifkBwp7AtFBW62wtJmFrZW12Ge9SeyL6AWIV7M=",
- "path": "/Rory-Open-Architecture/nixpkgs",
- "type": "path"
+ "lastModified": 1714857654,
+ "narHash": "sha256-lHLhAap5HklB1yQhUldJNjnFX6AVuKpEsYHtaYin9nc=",
+ "owner": "TheArcaneBrony",
+ "repo": "nixpkgs",
+ "rev": "5f577ce369c55b5774fd7a766693d705a31391e4",
+ "type": "github"
},
"original": {
- "path": "/Rory-Open-Architecture/nixpkgs",
- "type": "path"
+ "owner": "TheArcaneBrony",
+ "ref": "master",
+ "repo": "nixpkgs",
+ "type": "github"
}
},
"nixpkgs-stable": {
@@ -651,22 +618,6 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1683408522,
- "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_3": {
- "locked": {
"lastModified": 1711401922,
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
"owner": "NixOS",
@@ -681,7 +632,7 @@
"type": "github"
}
},
- "nixpkgs_4": {
+ "nixpkgs_3": {
"locked": {
"lastModified": 1713537308,
"narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
@@ -697,7 +648,7 @@
"type": "github"
}
},
- "nixpkgs_5": {
+ "nixpkgs_4": {
"locked": {
"lastModified": 1702539185,
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
@@ -713,7 +664,7 @@
"type": "github"
}
},
- "nixpkgs_6": {
+ "nixpkgs_5": {
"locked": {
"lastModified": 1709479366,
"narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
@@ -729,7 +680,7 @@
"type": "github"
}
},
- "nixpkgs_7": {
+ "nixpkgs_6": {
"locked": {
"lastModified": 1714076141,
"narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
@@ -745,7 +696,7 @@
"type": "github"
}
},
- "nixpkgs_8": {
+ "nixpkgs_7": {
"locked": {
"lastModified": 1714272655,
"narHash": "sha256-3/ghIWCve93ngkx5eNPdHIKJP/pMzSr5Wc4rNKE1wOc=",
@@ -761,7 +712,7 @@
"type": "github"
}
},
- "nixpkgs_9": {
+ "nixpkgs_8": {
"locked": {
"lastModified": 1714253743,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@@ -796,7 +747,6 @@
},
"root": {
"inputs": {
- "MatrixMediaGate": "MatrixMediaGate",
"botcore-v4": "botcore-v4",
"conduit": "conduit",
"conduit-vanilla": "conduit-vanilla",
@@ -804,7 +754,7 @@
"mtxclientSrc": "mtxclientSrc",
"nhekoSrc": "nhekoSrc",
"nixos-wsl": "nixos-wsl",
- "nixpkgs": "nixpkgs_9",
+ "nixpkgs": "nixpkgs_8",
"nixpkgs-RoryNix": "nixpkgs-RoryNix",
"nixpkgs-rory": "nixpkgs-rory"
}
@@ -887,21 +837,6 @@
"repo": "default",
"type": "github"
}
- },
- "systems_4": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 02f2297..30f4826 100755
--- a/flake.nix
+++ b/flake.nix
@@ -7,8 +7,8 @@
#url="path:/Rory-Open-Architecture/nixpkgs";
};
nixpkgs-rory = {
- url = "path:/Rory-Open-Architecture/nixpkgs";
- #url = "github:TheArcaneBrony/nixpkgs/master";
+ #url = "path:/Rory-Open-Architecture/nixpkgs";
+ url = "github:TheArcaneBrony/nixpkgs/master";
};
nixpkgs-RoryNix = {
#url = "github:NixOS/nixpkgs/nixos-23.05";
@@ -39,9 +39,9 @@
url = "gitlab:BotCore-Devs/BotCore-v4/staging";
};
- MatrixMediaGate = {
- url = "git+https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/";
- };
+ #MatrixMediaGate = {
+ # url = "git+https://cgit.rory.gay/matrix/tools/MatrixMediaGate.git/";
+ #};
# Sources...
nhekoSrc = {
@@ -55,7 +55,7 @@
};
};
- outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, MatrixMediaGate, conduit, conduit-vanilla, nixos-wsl, ... }@inputs: {
+ outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, conduit, conduit-vanilla, nixos-wsl, ... }@inputs: {
nixosConfigurations = {
#NIXPKGS FORK
Rory-nginx = nixpkgs-rory.lib.nixosSystem {
@@ -70,7 +70,6 @@
inherit home-manager;
inherit conduit;
inherit conduit-vanilla;
- inherit MatrixMediaGate;
};
};
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index 2c0df53..be9386e 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -8,7 +8,7 @@
./matrix-appservice-discord.nix
./draupnir.nix
./conduit.nix
- ./matrix-media-gate.nix
+ #./matrix-media-gate.nix
];
}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse.monolith.nix
new file mode 100755
index 0000000..26c61a1
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/synapse.monolith.nix
@@ -0,0 +1,212 @@
+{ config, pkgs, lib, ... }:
+
+{
+ services.matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+
+ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+ settings = {
+ server_name = "rory.gay";
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "60s";
+ max_short_retries = 6;
+ max_short_retry_delay = "10s";
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+ };
+
+ event_cache_size = "1200K"; #defaults to 10K
+ caches = {
+ global_factor = 5000.0;
+ cache_entry_ttl = "12h";
+ expire_caches = true;
+ sync_response_cache_duration = "6h";
+ cache_autotuning = {
+ max_cache_memory_usage = "65536M";
+ target_cache_memory_usage = "32768M";
+ min_cache_ttl = "6h";
+ };
+ };
+
+ # Alicia - figure this out later...
+ #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
+ registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "192.168.1.2" "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [ {
+ names = [ "client" "federation" ];
+ compress = true;
+ } ];
+ }
+ ];
+ dynamic_thumbnails = true;
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ url_preview_enabled = true;
+ database = {
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse-rory-gay";
+ #passwordFile = "/run/secrets/matrix-synapse-password";
+ password = "somepassword";
+ database = "matrix-synapse-rory-gay";
+ host = "127.0.0.1";
+ application_name = "matrix-synapse (rory.gay)";
+ cp_min = 5;
+ cp_max = 50;
+ #cp_reconnect_interval = "True";
+ };
+ };
+ app_service_config_files = [
+ #"/etc/matrix-synapse/appservice-registration.yaml"
+ "/var/lib/matrix-synapse/modas-registration.yaml"
+ ];
+
+ rc_message = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ rc_login = {
+ address = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ account = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ failed_attempts = {
+ per_second = 0.1;
+ burst_count = 3;
+ };
+ };
+ rc_joins = {
+ local = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_joins_per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ rc_invites = {
+ per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_user = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_issuer = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_federation = {
+ window_size = 10;
+ sleep_limit = 1000;
+ sleep_delay = 100;
+ reject_limit = 1000;
+ concurrent = 100;
+ };
+ federation_rr_transactions_per_room_per_second = 1;
+
+ max_image_pixels = "100M";
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ #sentry = {
+ # dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
+ #};
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ experimental_features = {
+ "org.matrix.msc3026.busy_presence" = true;
+ "fi.mau.msc2815" = true;
+ "org.matrix.msc3881" = true;
+ "org.matrix.msc3874" = true;
+ "org.matrix.msc3912" = true;
+ };
+ };
+
+ plugins = with pkgs.matrix-synapse-plugins; [
+ # Alicia - need to port draupnir...
+ #matrix-synapse-mjolnir-antispam
+# matrix-synapse-pam
+ ];
+# extraConfigFiles = [
+# (pkgs.writeTextFile {
+# name = "matrix-synapse-extra-config.yml";
+# text = ''
+# modules:
+# - module: "pam_auth_provider.PAMAuthProvider"
+# config:
+# create_users: true
+# skip_user_check: false
+# '';
+# })
+# ];
+ };
+
+ systemd.services.matrix-synapse-reg-token = {
+ description = "Random registration token for Synapse.";
+ before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
+ wantedBy = ["multi-user.target"];
+ after = ["network.target"];
+
+ script = ''
+
+ if [ ! -f "registration_shared_secret.txt" ]
+ then
+ cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
+ else
+ echo Not generating key, key exists;
+ fi'';
+ serviceConfig = {
+ User = "matrix-synapse";
+ Group = "matrix-synapse";
+ WorkingDirectory = "/var/lib/matrix-synapse";
+ };
+ };
+
+}
+
diff --git a/host/Rory-nginx/services/matrix/synapse.nix b/host/Rory-nginx/services/matrix/synapse.nix
index 26c61a1..6e0f537 100755
--- a/host/Rory-nginx/services/matrix/synapse.nix
+++ b/host/Rory-nginx/services/matrix/synapse.nix
@@ -1,5 +1,12 @@
{ config, pkgs, lib, ... }:
+let
+ federationSenders = lib.range 0 31;
+ federationReceivers = lib.range 10000 10000;
+ initialSyncWorkers = lib.range 10100 10100;
+ syncWorkers = lib.range 10150 10150;
+ streamWriters = lib.range 10200 10200;
+in
{
services.matrix-synapse = {
enable = true;
@@ -51,7 +58,18 @@
x_forwarded = true;
resources = [ {
names = [ "client" "federation" ];
- compress = true;
+ compress = false;
+ } ];
+ }
+ {
+ port = 8009;
+ bind_addresses = [ "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [ {
+ names = [ "replication" ];
+ compress = false;
} ];
}
];
@@ -147,10 +165,6 @@
token_timeout = "1y";
};
- #sentry = {
- # dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
- #};
-
report_stats = false;
user_directory = {
@@ -166,25 +180,69 @@
"org.matrix.msc3874" = true;
"org.matrix.msc3912" = true;
};
+
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+
+ instance_map = {
+ main = {
+ host = "127.0.0.1";
+ port = 8009;
+ };
+ } // builtins.listToAttrs (map (port: {
+ name = "federation_sender-${toString port}";
+ value = {
+ path = "/run/synapse/federation_sender-${toString port}.sock";
+ };
+ }) federationSenders);
+ #} // builtins.listToAttrs (map (port: {
+ # name = "federation_receiver-${toString port}";
+ # value = {
+ # path = "/run/synapse/federation_receiver-${toString port}.sock";
+ # };
+ #}) federationReceivers);
+
+ # by type:
+
+ #map to list
+ federation_sender_instances = map (port: "federation_sender-${toString port}") federationSenders;
+
};
- plugins = with pkgs.matrix-synapse-plugins; [
- # Alicia - need to port draupnir...
- #matrix-synapse-mjolnir-antispam
-# matrix-synapse-pam
- ];
-# extraConfigFiles = [
-# (pkgs.writeTextFile {
-# name = "matrix-synapse-extra-config.yml";
-# text = ''
-# modules:
-# - module: "pam_auth_provider.PAMAuthProvider"
-# config:
-# create_users: true
-# skip_user_check: false
-# '';
-# })
-# ];
+ ## TODO: INVESTIGATE
+ # worker_listeners:
+ # - type: metrics
+ # bind_address: ''
+ # port: 9101
+
+ workers =
+ #builtins.listToAttrs (map (port: {
+ # name = "federation_receiver-${toString port}";
+ # value = {
+ # worker_app = "synapse.app.generic_worker";
+ # worker_listeners = [
+ # {
+ # port = port;
+ # type = "http";
+ # resources = [ {
+ # names = [ "federation" ];
+ # compress = false;
+ # } ];
+ # }
+ # ];
+ # };
+ #}) federationReceivers)
+ builtins.listToAttrs (map (port: {
+ name = "federation_sender-${toString port}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners = [ ];
+ };
+ }) federationSenders);
};
systemd.services.matrix-synapse-reg-token = {
@@ -208,5 +266,18 @@
};
};
+
+ services.redis = {
+ package = pkgs.keydb;
+ servers.matrix-synapse = {
+ enable = true;
+ user = "matrix-synapse";
+ };
+ };
+
+ systemd.tmpfiles.rules = [
+ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse"
+ ];
+
}
diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix
index 3545a31..7ac3619 100755
--- a/host/Rory-nginx/services/postgres.nix
+++ b/host/Rory-nginx/services/postgres.nix
@@ -5,7 +5,7 @@
services.postgresql = {
enable = true;
- package = pkgs.postgresql_14;
+ package = pkgs.postgresql_16;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
# TYPE, DATABASE, USER, ADDRESS, METHOD
|
