host/Rory-nginx/services/matrix/synapse/workers/module.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

{ config, lib, ... }:
let
  cfg = config.services.matrix-synapse;
  mkIntOption =
    description:
    lib.mkOption {
      type = lib.types.int;
      default = 0;
      description = description;
    };
in
{
  imports = [
    ./single/appservice.nix
    ./single/background.nix
    ./single/user-dir.nix

    ./auth.nix
    ./client-reader.nix
    ./event-creator.nix
    ./federation-inbound.nix
    ./federation-reader.nix
    ./federation-sender.nix
    ./media-repo.nix
    ./pusher.nix
    ./sync.nix

    ./stream-writers/account_data-stream-writer.nix
    ./stream-writers/event-stream-writer.nix
    ./stream-writers/presence-stream-writer.nix
    ./stream-writers/push_rule-stream-writer.nix
    ./stream-writers/receipt-stream-writer.nix
    ./stream-writers/to_device-stream-writer.nix
    ./stream-writers/typing-stream-writer.nix

    #    ./stream-writers/shared-stream-writer.nix
  ];
  options.services.matrix-synapse = {
    enableWorkers = lib.mkEnableOption "Enable dedicated workers";
    enableStreamWriters = lib.mkEnableOption "Enable stream writers";
    enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker";
    enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker";
    enableUserDirWorker = lib.mkEnableOption "Enable dedicated user directory worker";

    authWorkers = mkIntOption "Number of auth workers";
    clientReaders = mkIntOption "Number of client readers";
    eventCreators = mkIntOption "Number of auth workers";
    federationInboundWorkers = mkIntOption "Number of federation inbound workers";
    federationReaders = mkIntOption "Number of federation readers";
    federationSenders = mkIntOption "Number of federation senders";
    mediaRepoWorkers = mkIntOption "Number of media repo workers";
    pushers = mkIntOption "Number of pushers";
    syncWorkers = mkIntOption "Number of sync workers";

    #stream writers
    eventStreamWriters = mkIntOption "Number of event stream writers";
    typingStreamWriters = mkIntOption "Number of typing stream writers";
    toDeviceStreamWriters = mkIntOption "Number of to_device stream writers";
    accountDataStreamWriters = mkIntOption "Number of account data stream writers";
    receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
    presenceStreamWriters = mkIntOption "Number of presence stream writers";
    pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";

    sharedStreamWriters = mkIntOption "Number of shared stream writers";

    nginxVirtualHostName = lib.mkOption {
      type = lib.types.str;
      default = null;
      description = "The virtual host name for the nginx server";
    };

    allowedRemoteInviteOrigins = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "List of allowed remote invite origins";
    };
  };

  config = {
    assertions = [
      {
        assertion = cfg.enableWorkers -> cfg.nginxVirtualHostName != null;
        message = "nginxVirtualHostName must be set when enableWorkers is true";
      }

      # Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
      {
        assertion = cfg.typingStreamWriters <= 1;
        message = "Only one typing stream writer is supported";
      }
      {
        assertion = cfg.toDeviceStreamWriters <= 1;
        message = "Only one to_device stream writer is supported";
      }
      {
        assertion = cfg.accountDataStreamWriters <= 1;
        message = "Only one account data stream writer is supported";
      }
      # This may be outdated in the documentation...?
      #{
      #  assertion = cfg.receiptStreamWriters <= 1;
      #  message = "Only one receipt stream writer is supported";
      #}
      {
        assertion = cfg.presenceStreamWriters <= 1;
        message = "Only one presence stream writer is supported";
      }
      {
        assertion = cfg.pushRuleStreamWriters <= 1;
        message = "Only one push rule stream writer is supported";
      }

      {
        assertion = cfg.sharedStreamWriters <= 1;
        message = "Only one shared stream writer is supported";
      }
    ];

    # Matrix utility maps
    services.nginx.appendHttpConfig = ''
      # Map authorization header to origin name
      map $http_authorization $mx_origin_name {
        default "";
        "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
      }

      # Map origin name to whether it can invite
      map $mx_origin_name $mx_can_invite {
        default 0;
        ${lib.concatMapStringsSep "\n" (origin: "        \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
      }
    '';
  };
}