Blame - modules/matrix.nix - Infra/NixFiles

blob: b83e3f4f2230b6139d95178ed6ce71bb49f369c9 [file] [log] [blame]

Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	1	{ base, config, lib, pkgs, ... }:
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	2	{
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	3	services.matrix-synapse = {
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	4	enable = true;
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	5	withJemalloc = true;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	6
Skyler Grey	1144d00	2023-05-21 00:17:29 +0200	[diff] [blame]	7	settings = rec {
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	8	server_name = "coded.codes";
Skyler Grey	1144d00	2023-05-21 00:17:29 +0200	[diff] [blame]	9	auto_join_rooms = [ "#general:${server_name}" ];
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	10	enable_registration = true;
				11	registration_requires_token = true;
				12	registration_shared_secret = "!!registration_shared_secret!!";
				13	public_baseurl = "https://matrix-backend.coded.codes/";
				14	max_upload_size = "100M";
				15	listeners = [{
				16	x_forwarded = true;
				17	tls = false;
				18	resources = [{
				19	names = [
				20	"client"
				21	"federation"
				22	];
				23	compress = true;
				24	}];
				25	port = 4527;
				26	}];
				27	enable_metrics = true;
				28	database.args.database = "synapse";
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	29	};
				30	};
				31
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	32	sops.secrets = {
				33	registration_shared_secret = {
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	34	mode = "0400";
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	35	owner = config.users.users.root.name;
				36	group = config.users.users.nobody.group;
				37	sopsFile = ../secrets/matrix.json;
				38	format = "json";
				39	};
				40	matrix_private_key = {
				41	mode = "0600";
				42	owner = config.users.users.matrix-synapse.name;
				43	group = config.users.users.matrix-synapse.group;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	44	sopsFile = ../secrets/matrix_private_key.pem;
				45	format = "binary";
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	46	path = config.services.matrix-synapse.settings.signing_key_path;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	47	};
				48	};
				49	} // (
				50	let
				51	isDerived = base != null;
				52	in
				53	if isDerived
				54	# We cannot use mkIf as both sides are evaluated no matter the condition value
				55	# Given we use base as an attrset, mkIf will error if base is null in here
				56	then
				57	let
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	58	synapse_cfgfile = config.services.matrix-synapse.configFile;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	59	in
				60	{
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	61	scalpel.trafos."synapse.yaml" = {
				62	source = toString synapse_cfgfile;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	63	matchers."registration_shared_secret".secret =
				64	config.sops.secrets.registration_shared_secret.path;
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	65	owner = config.users.users.matrix-synapse.name;
				66	group = config.users.users.matrix-synapse.group;
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	67	mode = "0400";
				68	};
				69
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	70	systemd.services.matrix-synapse.serviceConfig.ExecStart = lib.mkForce (
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	71	builtins.replaceStrings
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	72	[ "${synapse_cfgfile}" ]
				73	[ "${config.scalpel.trafos."synapse.yaml".destination}" ]
				74	"${base.config.systemd.services.matrix-synapse.serviceConfig.ExecStart}"
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	75	);
Skyler Grey	8e32c83	2023-05-20 22:54:30 +0200	[diff] [blame]	76
				77	systemd.services.matrix-synapse.preStart = lib.mkForce (
				78	builtins.replaceStrings
				79	[ "${synapse_cfgfile}" ]
				80	[ "${config.scalpel.trafos."synapse.yaml".destination}" ]
				81	"${base.config.systemd.services.matrix-synapse.preStart}"
				82	);
				83
				84	environment.systemPackages =
				85	with lib; let
				86	cfg = config.services.matrix-synapse;
				87	registerNewMatrixUser =
				88	let
				89	isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
				90	listener =
				91	lib.findFirst
				92	(
				93	listener: lib.any
				94	(
				95	resource: lib.any
				96	(
				97	name: name == "client"
				98	)
				99	resource.names
				100	)
				101	listener.resources
				102	)
				103	(lib.last cfg.settings.listeners)
				104	cfg.settings.listeners;
				105	# FIXME: Handle cases with missing client listener properly,
				106	# don't rely on lib.last, this will not work.
				107
				108	# add a tail, so that without any bind_addresses we still have a useable address
				109	bindAddress = head (listener.bind_addresses ++ [ "127.0.0.1" ]);
				110	listenerProtocol =
				111	if listener.tls
				112	then "https"
				113	else "http";
				114	in
				115	pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
				116	exec ${cfg.package}/bin/register_new_matrix_user \
				117	$@ \
				118	${lib.concatMapStringsSep " " (x: "-c ${x}") ([
				119	config.scalpel.trafos."synapse.yaml".destination ] ++ cfg.extraConfigFiles)} \
				120	"${listenerProtocol}://${
				121	if (isIpv6 bindAddress) then
				122	"[${bindAddress}]"
				123	else
				124	"${bindAddress}"
				125	}:${builtins.toString listener.port}/"
				126	'';
				127	in
				128	[ (lib.meta.hiPrio registerNewMatrixUser) ];
Skyler Grey	a78aa67	2023-05-20 13:48:18 +0200	[diff] [blame]	129	}
				130	else { }
				131	)