Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 480fd8bd30771ead70e5808dc02a729d68c1247c / . / modules / matrix.nix
blob: 4be396e69110959ecac04bdf3f39da2cad99984d [file] [log] [blame]
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]1{ base, config, lib, pkgs, ... }:
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]2lib.recursiveUpdate
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]3{
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]4 services.matrix-synapse = {
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]5 enable = true;
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]6 withJemalloc = true;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]7
Skyler Grey1144d002023-05-21 00:17:29 +0200[diff] [blame]8 settings = rec {
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]9 server_name = "coded.codes";
Skyler Grey1144d002023-05-21 00:17:29 +0200[diff] [blame]10 auto_join_rooms = [ "#general:${server_name}" ];
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]11 enable_registration = true;
12 registration_requires_token = true;
13 registration_shared_secret = "!!registration_shared_secret!!";
14 public_baseurl = "https://matrix-backend.coded.codes/";
15 max_upload_size = "100M";
16 listeners = [{
17 x_forwarded = true;
18 tls = false;
19 resources = [{
20 names = [
21 "client"
22 "federation"
23 ];
24 compress = true;
25 }];
26 port = 4527;
27 }];
28 enable_metrics = true;
29 database.args.database = "synapse";
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]30 };
31 };
32
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]33 sops.secrets = {
34 registration_shared_secret = {
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]35 mode = "0400";
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]36 owner = config.users.users.root.name;
37 group = config.users.users.nobody.group;
38 sopsFile = ../secrets/matrix.json;
39 format = "json";
40 };
41 matrix_private_key = {
42 mode = "0600";
43 owner = config.users.users.matrix-synapse.name;
44 group = config.users.users.matrix-synapse.group;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]45 sopsFile = ../secrets/matrix_private_key.pem;
46 format = "binary";
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]47 path = config.services.matrix-synapse.settings.signing_key_path;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]48 };
49 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]50} (
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]51 let
52 isDerived = base != null;
53 in
54 if isDerived
55 # We cannot use mkIf as both sides are evaluated no matter the condition value
56 # Given we use base as an attrset, mkIf will error if base is null in here
57 then
58 let
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]59 synapse_cfgfile = config.services.matrix-synapse.configFile;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]60 in
61 {
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]62 scalpel.trafos."synapse.yaml" = {
63 source = toString synapse_cfgfile;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]64 matchers."registration_shared_secret".secret =
65 config.sops.secrets.registration_shared_secret.path;
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]66 owner = config.users.users.matrix-synapse.name;
67 group = config.users.users.matrix-synapse.group;
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]68 mode = "0400";
69 };
70
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]71 systemd.services.matrix-synapse.serviceConfig.ExecStart = lib.mkForce (
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]72 builtins.replaceStrings
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]73 [ "${synapse_cfgfile}" ]
74 [ "${config.scalpel.trafos."synapse.yaml".destination}" ]
75 "${base.config.systemd.services.matrix-synapse.serviceConfig.ExecStart}"
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]76 );
Skyler Grey8e32c832023-05-20 22:54:30 +0200[diff] [blame]77
78 systemd.services.matrix-synapse.preStart = lib.mkForce (
79 builtins.replaceStrings
80 [ "${synapse_cfgfile}" ]
81 [ "${config.scalpel.trafos."synapse.yaml".destination}" ]
82 "${base.config.systemd.services.matrix-synapse.preStart}"
83 );
84
85 environment.systemPackages =
86 with lib; let
87 cfg = config.services.matrix-synapse;
88 registerNewMatrixUser =
89 let
90 isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
91 listener =
92 lib.findFirst
93 (
94 listener: lib.any
95 (
96 resource: lib.any
97 (
98 name: name == "client"
99 )
100 resource.names
101 )
102 listener.resources
103 )
104 (lib.last cfg.settings.listeners)
105 cfg.settings.listeners;
106 # FIXME: Handle cases with missing client listener properly,
107 # don't rely on lib.last, this will not work.
108
109 # add a tail, so that without any bind_addresses we still have a useable address
110 bindAddress = head (listener.bind_addresses ++ [ "127.0.0.1" ]);
111 listenerProtocol =
112 if listener.tls
113 then "https"
114 else "http";
115 in
116 pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
117 exec ${cfg.package}/bin/register_new_matrix_user \
118 $@ \
119 ${lib.concatMapStringsSep " " (x: "-c ${x}") ([
120 config.scalpel.trafos."synapse.yaml".destination ] ++ cfg.extraConfigFiles)} \
121 "${listenerProtocol}://${
122 if (isIpv6 bindAddress) then
123 "[${bindAddress}]"
124 else
125 "${bindAddress}"
126 }:${builtins.toString listener.port}/"
127 '';
128 in
129 [ (lib.meta.hiPrio registerNewMatrixUser) ];
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]130 }
131 else { }
132)