modules/software-templates/synapse-workers/module.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

{ config, lib, ... }:
let
  cfg = config.services.matrix-synapse;
  mkIntOption =
    description:
    lib.mkOption {
      type = lib.types.int;
      default = 0;
      description = description;
    };
in
{
  imports = [
  ];
  options.services.matrix-synapse = {
    enableWorkers = lib.mkEnableOption "Enable dedicated workers";
    enableStreamWriters = lib.mkEnableOption "Enable stream writers";
    enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker";
    enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker";
    enableUserDirWorker = lib.mkEnableOption "Enable dedicated user directory worker";

    authWorkers = mkIntOption "Number of auth workers";
    clientReaders = mkIntOption "Number of client readers";
    eventCreators = mkIntOption "Number of auth workers";
    federationInboundWorkers = mkIntOption "Number of federation inbound workers";
    federationReaders = mkIntOption "Number of federation readers";
    federationSenders = mkIntOption "Number of federation senders";
    mediaRepoWorkers = mkIntOption "Number of media repo workers";
    pushers = mkIntOption "Number of pushers";
    syncWorkers = mkIntOption "Number of sync workers";

    #stream writers
    eventStreamWriters = mkIntOption "Number of event stream writers";
    typingStreamWriters = mkIntOption "Number of typing stream writers";
    toDeviceStreamWriters = mkIntOption "Number of to_device stream writers";
    accountDataStreamWriters = mkIntOption "Number of account data stream writers";
    receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
    presenceStreamWriters = mkIntOption "Number of presence stream writers";
    pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";

    sharedStreamWriters = mkIntOption "Number of shared stream writers";

    nginxVirtualHostName = lib.mkOption {
      type = lib.types.str;
      default = null;
      description = "The virtual host name for the nginx server";
    };

    allowedRemoteInviteOrigins = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "List of allowed remote invite origins";
    };
  };

  config = {
    assertions =
      [
        {
          assertion = cfg.enableWorkers -> cfg.nginxVirtualHostName != null;
          message = "nginxVirtualHostName must be set when enableWorkers is true";
        }
      ]
      ++ lib.optionals (cfg.settings ? stream_writers) [
        # Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
        {
          assertion = cfg.settings.stream_writers ? typing -> lib.length cfg.settings.stream_writers.typing <= 1;
          message = "Only one typing stream writer is supported";
        }
        {
          assertion = cfg.settings.stream_writers ? to_device -> lib.length cfg.settings.stream_writers.to_device <= 1;
          message = "Only one to_device stream writer is supported";
        }
        {
          assertion = cfg.settings.stream_writers ? account_data -> lib.length cfg.settings.stream_writers.account_data <= 1;
          message = "Only one account data stream writer is supported";
        }
        # This may be outdated in the documentation...?
        #{
        #  assertion = cfg.receiptStreamWriters <= 1;
        #  message = "Only one receipt stream writer is supported";
        #}
        {
          assertion = cfg.settings.stream_writers ? presence -> lib.length cfg.settings.stream_writers.presence <= 1;
          message = "Only one presence stream writer is supported";
        }
        {
          assertion = cfg.settings.stream_writers ? push_rules -> lib.length cfg.settings.stream_writers.push_rules <= 1;
          message = "Only one push rule stream writer is supported";
        }
      ];

    # Matrix utility maps
    services.nginx.appendHttpConfig = ''
      # Map authorization header to origin name
      map $http_authorization $mx_origin_name {
        default "";
        "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
      }

      # Map origin name to whether it can invite
      map $mx_origin_name $mx_can_invite {
        default 0;
        ${lib.concatMapStringsSep "\n" (origin: "        \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
      }
    '';
  };
}