{ pkgs, config, ... }: let mkWorker = name: tasks: import ../../../../modules/software-templates/synapse-workers/generic.nix { workerName = name; tasks = tasks; }; in { # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py # Documentation: https://github.com/element-hq/synapse/blob/develop/docs/workers.md imports = [ ../../../../modules/software-templates/synapse-workers/module.nix ./postgres.nix (mkWorker "sync" [ "sync" ]) ]; services.matrix-synapse = { enable = true; withJemalloc = true; nginxVirtualHostName = "matrix.rory.gay"; enableWorkers = true; federationSenders = 16; # 16 pushers = 1; mediaRepoWorkers = 2; # 4 clientReaders = 2; # 4 syncWorkers = 2; # 4 authWorkers = 0; eventCreators = 16; federationReaders = 8; # 8 federationInboundWorkers = 16; # 8 enableAppserviceWorker = true; enableBackgroundWorker = true; enableUserDirWorker = true; accountDataStreamWriters = 1; eventStreamWriters = 2; # 8 presenceStreamWriters = 1; pushRuleStreamWriters = 1; receiptStreamWriters = 1; toDeviceStreamWriters = 1; typingStreamWriters = 1; # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html settings = { server_name = "rory.gay"; dummy_devents_treshold = 2; cleanup_extremities_with_dummy_events = true; enable_registration = true; registration_requires_token = true; require_membership_for_aliases = false; redaction_retention_period = null; user_ips_max_age = null; allow_device_name_lookup_over_federation = true; federation = { client_timeout = "30s"; # default=60s max_short_retries = 12; max_short_retry_delay = "5s"; max_long_retries = 5; max_long_retry_delay = "30s"; # rapid retry, small increments destination_min_retry_interval = "5m"; # default=10m destination_max_retry_interval = "12h"; # default=7d destination_retry_multiplier = 1.2; # default=2 }; registration_shared_secret_path = pkgs.writeText "registration_shared_secret.txt" '' sometext ''; listeners = [ { port = 8008; bind_addresses = [ "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = false; } ]; } { type = "http"; path = "/run/matrix-synapse/main.sock"; resources = [ { names = [ "replication" ]; compress = false; } ]; } ]; presence = { enablee = true; update_interval = 60; }; database = { name = "psycopg2"; args = { user = "matrix-synapse-rory-gay"; password = "somepassword"; database = "matrix-synapse-rory-gay"; host = "/run/postgresql"; application_name = "matrix-synapse (rory.gay) - main"; cp_min = 2; cp_max = 5; # cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129 # cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation # check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set? }; # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56 # statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63 # allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99 # allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link # txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564 statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs txn_limit = 500; # maybe dropping old data from pg caches helps? }; ui_auth = { session_timeout = "1m"; }; login_via_existing_session = { enabled = true; require_ui_auth = true; token_timeout = "1y"; }; report_stats = false; user_directory = { enabled = true; search_all_users = true; prefer_local_users = true; }; # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py experimental_features = { "msc2815_enabled" = true; # Redacted event content "msc3026_enabled" = true; # Busy presence "msc3266_enabled" = true; # Room summary API "msc3916_authenticated_media_enabled" = true; # Authenticated media "msc3823_account_suspension" = true; # Account suspension "msc4151_enabled" = true; # Report room API (CS-API) }; redis = { enabled = true; path = "/run/redis-matrix-synapse/redis.sock"; }; instance_map = { main = { # replication listener path = "/run/matrix-synapse/main.sock"; }; }; }; # // import ./ratelimits.nix # // import ./caches.nix; }; services.redis = { package = pkgs.keydb; servers.matrix-synapse = { enable = true; user = "matrix-synapse"; }; }; services.postgresql = { initialScript = pkgs.writeText "synapse-init.sql" '' CREATE USER "${config.services.matrix-synapse.settings.database.args.user}" WITH PASSWORD '${config.services.matrix-synapse.settings.database.args.password}'; CREATE DATABASE "${config.services.matrix-synapse.settings.database.args.database}" OWNER '${config.services.matrix-synapse.settings.database.args.user}' LOCALE 'C' ENCODING 'UTF8' TEMPLATE "template0"; ''; }; systemd.tmpfiles.rules = [ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" ]; }