maxwell/matrix.nix

171 lines
4.6 KiB
Nix
Raw Normal View History

2020-10-20 01:11:28 +02:00
{ config, lib, pkgs, ... }:
let
2024-10-22 23:54:45 +02:00
domain = "eurofusion.eu";
2020-10-20 01:11:28 +02:00
in
{
### Reverse proxy locations
2024-10-22 23:54:45 +02:00
# Setup for well-known on the bare domain
services.nginx.virtualHosts.${domain} =
2020-10-20 01:11:28 +02:00
let
client =
2024-10-22 23:54:45 +02:00
{ "m.homeserver" = { "base_url" = "https://${config.var.hostname}"; };
2020-10-20 01:11:28 +02:00
"m.identity_server" = { "base_url" = "https://matrix.org"; };
};
2024-10-22 23:54:45 +02:00
server = { "m.server" = "${config.var.hostname}:443"; };
2020-10-20 01:11:28 +02:00
in
{
enableACME = true;
forceSSL = true;
2020-10-20 01:11:28 +02:00
# Needed for matrix federation
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
# Needed for automatic homeserver
# setup of matrix clients
locations."/.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
2024-10-22 23:54:45 +02:00
# Forward matrix/admin API calls to synapse
services.nginx.virtualHosts.${config.var.hostname} =
{ locations."/_matrix".proxyPass = "http://localhost:8448";
locations."/_synapse".proxyPass = "http://localhost:8448";
};
2020-10-20 01:11:28 +02:00
### Homeserver
2022-08-10 05:04:54 +02:00
services.matrix-synapse.enable = true;
services.matrix-synapse.settings = {
2024-10-22 23:54:45 +02:00
server_name = domain;
public_baseurl = "https://${config.var.hostname}/";
2020-10-20 01:11:28 +02:00
# Bind on localhost and used a reverse proxy
listeners = [
2022-08-10 05:04:54 +02:00
{ bind_addresses = [ "localhost" ];
2020-10-20 01:11:28 +02:00
port = 8448;
type = "http";
tls = false;
resources = [
{ compress = true; names = [ "client" ] ; }
{ compress = false; names = [ "federation" ]; }
];
x_forwarded = true;
}
];
# Connect to Postrges
database_type = "psycopg2";
2022-08-11 00:02:33 +02:00
database_args =
{ user = "matrix-synapse";
database = "matrix-synapse";
};
2020-10-20 01:11:28 +02:00
# Make logging less verbose
2022-08-10 05:04:54 +02:00
log_config = pkgs.writeText "synapse-log.yml" ''
2020-10-20 01:11:28 +02:00
version: 1
formatters:
2022-08-10 05:04:54 +02:00
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
2020-10-20 01:11:28 +02:00
filters:
2022-08-10 05:04:54 +02:00
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
2020-10-20 01:11:28 +02:00
handlers:
2022-08-10 05:04:54 +02:00
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
2020-10-20 01:11:28 +02:00
root:
2022-08-10 05:04:54 +02:00
level: WARN
handlers: [journal]
2020-10-20 01:11:28 +02:00
disable_existing_loggers: False
'';
allow_guest_access = true;
expire_access_token = true;
event_cache_size = "2K";
max_upload_size = "1000M";
2024-10-22 23:54:45 +02:00
dynamic_thumbnails = true;
2023-09-03 02:13:13 +02:00
# bridges configuration
app_service_config_files =
[ "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" ];
2020-10-20 01:11:28 +02:00
};
2023-09-03 02:13:13 +02:00
2022-08-11 00:02:33 +02:00
# Secrets
services.matrix-synapse.extraConfigFiles =
[
2022-08-11 00:02:33 +02:00
# Password reset via email
# Note: can't be put here, see NixOS/nixpkgs#158605
config.secrets.matrix.email.conf
# Needed by the register_new_matrix_user script
config.secrets.matrix.registration
];
2020-10-20 01:11:28 +02:00
2020-10-26 00:48:10 +01:00
### Database
2020-10-20 01:11:28 +02:00
services.postgresql.enable = true;
2023-09-03 02:13:13 +02:00
# Create databases on the first run
2020-10-26 00:48:10 +01:00
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
2023-09-03 02:13:13 +02:00
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
2020-10-26 00:48:10 +01:00
'';
2023-09-03 02:13:13 +02:00
### Whatsapp bridge
# allow synapse to read the shared secrets
users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ];
2024-10-12 22:43:18 +02:00
# Allow olm for mautrix-whatsapp
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
2023-09-03 02:13:13 +02:00
services.mautrix-whatsapp =
{
enable = true;
serviceDependencies = [ "postgresql.service" ];
settings.appservice =
{ database.type = "postgres";
database.uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
settings.bridge =
{ encryption =
{ allow = true;
default = true;
require = true;
};
permissions =
2024-10-22 23:54:45 +02:00
{ "eurofusion.eu" = "user";
"@rnhmjoj:eurofusion.eu" = "admin";
2023-09-03 02:13:13 +02:00
};
relay.enabled = false;
mute_bridging = true;
};
settings.whatsapp =
{ os_name = "Chrome (Linux)";
browser_name = "chrome";
};
};
2020-10-20 01:11:28 +02:00
}