{ config, lib, ... }: let cfg = config.services.matrix-synapse; mkIntOption = description: lib.mkOption { type = lib.types.int; default = 0; description = description; }; in { imports = [ ]; options.services.matrix-synapse = { enableWorkers = lib.mkEnableOption "Enable dedicated workers"; enableStreamWriters = lib.mkEnableOption "Enable stream writers"; enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker"; enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker"; enableUserDirWorker = lib.mkEnableOption "Enable dedicated user directory worker"; authWorkers = mkIntOption "Number of auth workers"; clientReaders = mkIntOption "Number of client readers"; eventCreators = mkIntOption "Number of auth workers"; federationInboundWorkers = mkIntOption "Number of federation inbound workers"; federationReaders = mkIntOption "Number of federation readers"; federationSenders = mkIntOption "Number of federation senders"; mediaRepoWorkers = mkIntOption "Number of media repo workers"; pushers = mkIntOption "Number of pushers"; syncWorkers = mkIntOption "Number of sync workers"; #stream writers eventStreamWriters = mkIntOption "Number of event stream writers"; typingStreamWriters = mkIntOption "Number of typing stream writers"; toDeviceStreamWriters = mkIntOption "Number of to_device stream writers"; accountDataStreamWriters = mkIntOption "Number of account data stream writers"; receiptStreamWriters = mkIntOption "Number of read receipt stream writers"; presenceStreamWriters = mkIntOption "Number of presence stream writers"; pushRuleStreamWriters = mkIntOption "Number of push rule stream writers"; sharedStreamWriters = mkIntOption "Number of shared stream writers"; nginxVirtualHostName = lib.mkOption { type = lib.types.str; default = null; description = "The virtual host name for the nginx server"; }; allowedRemoteInviteOrigins = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; description = "List of allowed remote invite origins"; }; }; config = { assertions = [ { assertion = cfg.enableWorkers -> cfg.nginxVirtualHostName != null; message = "nginxVirtualHostName must be set when enableWorkers is true"; } ] ++ lib.optionals (cfg.settings ? stream_writers) [ # Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344 { assertion = cfg.settings.stream_writers ? typing -> lib.length cfg.settings.stream_writers.typing <= 1; message = "Only one typing stream writer is supported"; } { assertion = cfg.settings.stream_writers ? to_device -> lib.length cfg.settings.stream_writers.to_device <= 1; message = "Only one to_device stream writer is supported"; } { assertion = cfg.settings.stream_writers ? account_data -> lib.length cfg.settings.stream_writers.account_data <= 1; message = "Only one account data stream writer is supported"; } # This may be outdated in the documentation...? #{ # assertion = cfg.receiptStreamWriters <= 1; # message = "Only one receipt stream writer is supported"; #} { assertion = cfg.settings.stream_writers ? presence -> lib.length cfg.settings.stream_writers.presence <= 1; message = "Only one presence stream writer is supported"; } { assertion = cfg.settings.stream_writers ? push_rules -> lib.length cfg.settings.stream_writers.push_rules <= 1; message = "Only one push rule stream writer is supported"; } ]; # Matrix utility maps services.nginx.appendHttpConfig = '' # Map authorization header to origin name map $http_authorization $mx_origin_name { default ""; "~*X-Matrix origin=(?[^,]+)" $origin; } # Map origin name to whether it can invite map $mx_origin_name $mx_can_invite { default 0; ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins} } ''; }; }