half-finished migration to synapse
All checks were successful
checks / test (pull_request) Successful in 30s
All checks were successful
checks / test (pull_request) Successful in 30s
This commit is contained in:
parent
a4a8d1c523
commit
d4204578be
53
flake.lock
53
flake.lock
|
@ -18,15 +18,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712517122,
|
"lastModified": 1712910239,
|
||||||
"narHash": "sha256-ynjRTeXDICFXYbcMdZfl9t7TD0d9RoNzMIq14WmZl0E=",
|
"narHash": "sha256-0Iu86fs3QqmDTEBZ2kJFYeNQc59L0ncW22CnJItDIuE=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "synapse",
|
||||||
"rev": "d89edef9a1943cbf0150fd70cde25015161410a7",
|
"rev": "e22501799b2409b9c1db340a25acadc5ff730e4c",
|
||||||
"revCount": 2433,
|
"revCount": 2473,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.clan.lol/clan/clan-core"
|
"url": "https://git.clan.lol/clan/clan-core"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
"ref": "synapse",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.clan.lol/clan/clan-core"
|
"url": "https://git.clan.lol/clan/clan-core"
|
||||||
}
|
}
|
||||||
|
@ -39,11 +40,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711588700,
|
"lastModified": 1712356478,
|
||||||
"narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=",
|
"narHash": "sha256-kTcEtrQIRnexu5lAbLsmUcfR2CrmsACF1s3ZFw1NEVA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "502241afa3de2a24865ddcbe4c122f4546e32092",
|
"rev": "0a17298c0d96190ef3be729d594ba202b9c53beb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -59,11 +60,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712356478,
|
"lastModified": 1712798444,
|
||||||
"narHash": "sha256-kTcEtrQIRnexu5lAbLsmUcfR2CrmsACF1s3ZFw1NEVA=",
|
"narHash": "sha256-aAksVB7zMfBQTz0q2Lw3o78HM3Bg2FRziX2D6qnh+sk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "0a17298c0d96190ef3be729d594ba202b9c53beb",
|
"rev": "a297cb1cb0337ee10a7a0f9517954501d8f6f74d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -94,11 +95,11 @@
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711241261,
|
"lastModified": 1711846064,
|
||||||
"narHash": "sha256-knrTvpl81yGFHIpm1SsLDApe0thFkw1cl3ISAMPmP/0=",
|
"narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "b2a1eeef8c185f6bd27432b053ff09d773244cbc",
|
"rev": "90b1a963ff84dc532db92f678296ff2499a60a87",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -116,11 +117,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711626141,
|
"lastModified": 1712191720,
|
||||||
"narHash": "sha256-0qV1pHeIyUZ18cp8ijQnMf7uV+Uk4+UqTCC6yGSGWvk=",
|
"narHash": "sha256-xXtSSnVHURHsxLQO30dzCKW5NJVGV/umdQPmFjPFMVA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "63194fceafbfe583a9eb7d16ab499adc0a6c0bc2",
|
"rev": "0c15e76bed5432d7775a22e8d22059511f59d23a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -131,11 +132,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712482522,
|
"lastModified": 1712849433,
|
||||||
"narHash": "sha256-Ai/xNgZpbwGcw0TSXwEPwwbPi8Iu906sB9M9z3o6UgA=",
|
"narHash": "sha256-flQtf/ZPJgkLY/So3Fd+dGilw2DKIsiwgMEn7BbBHL0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "efe8ce06ca261f370d672def5b1e0be300c726e1",
|
"rev": "f173d0881eff3b21ebb29a2ef8bedbc106c86ea5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -164,11 +165,11 @@
|
||||||
"nixpkgs-stable": []
|
"nixpkgs-stable": []
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712458908,
|
"lastModified": 1712617241,
|
||||||
"narHash": "sha256-DMgBS+jNHDg8z3g9GkwqL8xTKXCRQ/0FGsAyrniVonc=",
|
"narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "39191e8e6265b106c9a2ba0cfd3a4dafe98a31c6",
|
"rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -184,11 +185,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712191870,
|
"lastModified": 1712882618,
|
||||||
"narHash": "sha256-+MzSZ4IuZNT4QJS8b+gM48thfWkrJ7vL4NV5zG8Lqx8=",
|
"narHash": "sha256-TnVDEMpOrOEKhgVMQmkamKVRkQWz3Q4lYgtTnD8G0CQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"rev": "ddafe2fd3547f63e6bf75b6e1a99ecfa61c59687",
|
"rev": "4f89af165fde1454cb917a5f23e1f82d32541d38",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -1,10 +1,10 @@
|
||||||
{
|
{
|
||||||
description = "Dependencies to deploy a clan";
|
description = "Dependencies to deploy a clan";
|
||||||
|
|
||||||
nixConfig = {
|
#nixConfig = {
|
||||||
extra-substituters = [ "https://cache.clan.lol" ];
|
# extra-substituters = [ "https://cache.clan.lol" ];
|
||||||
extra-trusted-public-keys = [ "cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28=" ];
|
# extra-trusted-public-keys = [ "cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28=" ];
|
||||||
};
|
#};
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
# Use the version of nixpkgs that has been tested to work with SrvOS
|
# Use the version of nixpkgs that has been tested to work with SrvOS
|
||||||
srvos.inputs.nixpkgs.follows = "nixpkgs";
|
srvos.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
|
clan-core.url = "git+https://git.clan.lol/clan/clan-core?ref=synapse";
|
||||||
clan-core.inputs.flake-parts.follows = "flake-parts";
|
clan-core.inputs.flake-parts.follows = "flake-parts";
|
||||||
clan-core.inputs.nixpkgs.follows = "nixpkgs";
|
clan-core.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
clan-core.inputs.treefmt-nix.follows = "treefmt-nix";
|
clan-core.inputs.treefmt-nix.follows = "treefmt-nix";
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
imports = [
|
imports = [
|
||||||
./borgbackup.nix
|
./borgbackup.nix
|
||||||
./clan-merge.nix
|
./clan-merge.nix
|
||||||
./dendrite.nix
|
|
||||||
./gitea
|
./gitea
|
||||||
./harmonia.nix
|
./harmonia.nix
|
||||||
./homepage.nix
|
./homepage.nix
|
||||||
./postfix.nix
|
./postfix.nix
|
||||||
./jobs.nix
|
./jobs.nix
|
||||||
|
./matrix-synapse.nix
|
||||||
../dev.nix
|
../dev.nix
|
||||||
self.inputs.clan-core.clanModules.zt-tcp-relay
|
self.inputs.clan-core.clanModules.zt-tcp-relay
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,147 +0,0 @@
|
||||||
{ config
|
|
||||||
, pkgs
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
database = {
|
|
||||||
connection_string = "postgres:///dendrite?host=/run/postgresql";
|
|
||||||
max_open_conns = 100;
|
|
||||||
max_idle_conns = 5;
|
|
||||||
conn_max_lifetime = -1;
|
|
||||||
};
|
|
||||||
inherit (config.services.dendrite.settings.global) server_name;
|
|
||||||
domain = "clan.lol";
|
|
||||||
nginx-vhost = "matrix.${domain}";
|
|
||||||
element-web =
|
|
||||||
pkgs.runCommand "element-web-with-config"
|
|
||||||
{
|
|
||||||
nativeBuildInputs = [ pkgs.buildPackages.jq ];
|
|
||||||
} ''
|
|
||||||
cp -r ${pkgs.element-web} $out
|
|
||||||
chmod -R u+w $out
|
|
||||||
jq '."default_server_config"."m.homeserver" = { "base_url": "https://${nginx-vhost}:443", "server_name": "${server_name}" }' \
|
|
||||||
> $out/config.json < ${pkgs.element-web}/config.json
|
|
||||||
ln -s $out/config.json $out/config.${nginx-vhost}.json
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.dendrite = {
|
|
||||||
enable = true;
|
|
||||||
httpPort = 8043;
|
|
||||||
# $ echo "REGISTRATION_SHARED_SECRET=$(openssl rand -base64 32)"
|
|
||||||
|
|
||||||
# To create a user:
|
|
||||||
# $ password=$(nix run "nixpkgs#xkcdpass" -- -n 3 -d-)
|
|
||||||
# $ shared_secret=$(sops -d --extract '["registration-secret"]' ./secrets.yaml| sed s/REGISTRATION_SHARED_SECRET=//)
|
|
||||||
# $ nix shell "nixpkgs#matrix-synapse" -c register_new_matrix_user --password "${password}" --shared-secret "${shared_secret}" "https://matrix.clan.lol:443"
|
|
||||||
environmentFile = config.sops.secrets.registration-secret.path;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
sync_api.search = {
|
|
||||||
enabled = true;
|
|
||||||
index_path = "/var/lib/dendrite/searchindex";
|
|
||||||
};
|
|
||||||
global = {
|
|
||||||
server_name = domain;
|
|
||||||
# `private_key` has the type `path`
|
|
||||||
# prefix a `/` to make `path` happy
|
|
||||||
private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key";
|
|
||||||
trusted_third_party_id_servers = [
|
|
||||||
"matrix.org"
|
|
||||||
"vector.im"
|
|
||||||
];
|
|
||||||
metrics.enabled = true;
|
|
||||||
};
|
|
||||||
logging = [
|
|
||||||
{
|
|
||||||
type = "std";
|
|
||||||
level = "warn";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
app_service_api = {
|
|
||||||
inherit database;
|
|
||||||
config_files = [ ];
|
|
||||||
};
|
|
||||||
client_api = {
|
|
||||||
registration_disabled = true;
|
|
||||||
rate_limiting.enabled = false;
|
|
||||||
registration_shared_secret = ''''${REGISTRATION_SHARED_SECRET}'';
|
|
||||||
};
|
|
||||||
media_api = {
|
|
||||||
inherit database;
|
|
||||||
dynamic_thumbnails = true;
|
|
||||||
};
|
|
||||||
room_server = {
|
|
||||||
inherit database;
|
|
||||||
};
|
|
||||||
push_server = {
|
|
||||||
inherit database;
|
|
||||||
};
|
|
||||||
relay_api = {
|
|
||||||
inherit database;
|
|
||||||
};
|
|
||||||
mscs = {
|
|
||||||
inherit database;
|
|
||||||
mscs = [ "msc2836" "msc2946" ];
|
|
||||||
};
|
|
||||||
sync_api = {
|
|
||||||
inherit database;
|
|
||||||
real_ip_header = "X-Real-IP";
|
|
||||||
};
|
|
||||||
key_server = {
|
|
||||||
inherit database;
|
|
||||||
};
|
|
||||||
federation_api = {
|
|
||||||
inherit database;
|
|
||||||
key_perspectives = [
|
|
||||||
{
|
|
||||||
server_name = "matrix.org";
|
|
||||||
keys = [
|
|
||||||
{
|
|
||||||
key_id = "ed25519:auto";
|
|
||||||
public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
key_id = "ed25519:a_RXGa";
|
|
||||||
public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
prefer_direct_fetch = false;
|
|
||||||
};
|
|
||||||
user_api = {
|
|
||||||
account_database = database;
|
|
||||||
device_database = database;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.dendrite.serviceConfig.LoadCredential = [
|
|
||||||
# $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key'
|
|
||||||
"matrix-server-key:${config.sops.secrets.matrix-server-key.path}"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.dendrite.after = [ "postgresql.service" ];
|
|
||||||
services.postgresql = {
|
|
||||||
ensureDatabases = [ "dendrite" ];
|
|
||||||
ensureUsers = [{
|
|
||||||
name = "dendrite";
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts.${nginx-vhost} = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_read_timeout 600;
|
|
||||||
'';
|
|
||||||
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
|
||||||
# for remote admin access
|
|
||||||
locations."/_synapse".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
|
||||||
locations."/".root = element-web;
|
|
||||||
};
|
|
||||||
}
|
|
6
modules/web01/matrix-synapse.nix
Normal file
6
modules/web01/matrix-synapse.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ self, ... }:
|
||||||
|
{
|
||||||
|
imports = [ self.inputs.clan-core.clanModules.matrix-synapse ];
|
||||||
|
clan.matrix-synapse.enable = true;
|
||||||
|
clan.matrix-synapse.domain = "clan.lol";
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user