matrix synapse
This commit is contained in:
parent
03bd00c76a
commit
2c97e3150e
5 changed files with 119 additions and 0 deletions
|
@ -18,6 +18,13 @@
|
|||
];
|
||||
group = lib.mkForce "acme";
|
||||
};
|
||||
"vkristensen.dk" = {
|
||||
extraDomainNames = ["*.vkristensen.dk"];
|
||||
reloadServices = [
|
||||
"caddy.service"
|
||||
];
|
||||
group = lib.mkForce "acme";
|
||||
};
|
||||
};
|
||||
users.groups.acme.members = [
|
||||
"caddy"
|
||||
|
|
|
@ -12,8 +12,10 @@
|
|||
./hardware.nix
|
||||
./jellyfin.nix
|
||||
./mail.nix
|
||||
./matrix.nix
|
||||
./memos.nix
|
||||
./network.nix
|
||||
./postgresql.nix
|
||||
./samba.nix
|
||||
./sonarr.nix
|
||||
./syncthing.nix
|
||||
|
|
57
hosts/sigma/matrix.nix
Normal file
57
hosts/sigma/matrix.nix
Normal file
|
@ -0,0 +1,57 @@
|
|||
{...}: {
|
||||
# https://element-hq.github.io/synapse/latest/
|
||||
# https://nixos.org/manual/nixos/stable/#module-services-matrix
|
||||
# https://wiki.nixos.org/wiki/Matrix
|
||||
# https://federationtester.matrix.org
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
# https://element-hq.github.io/synapse/latest/usage/configuration/index.html
|
||||
settings = {
|
||||
# The server_name name appears at the end of usernames and room addresses
|
||||
# created on the server. It should NOT be a matrix-specific subdomain
|
||||
# such as matrix.example.com.
|
||||
# Caddy *does* however serve synapse on matrix.vkristensen.dk (rather
|
||||
# than vkristensen.dk directly). This is done through /.well-known/matrix delegation:
|
||||
# https://element-hq.github.io/synapse/latest/delegate.html.
|
||||
server_name = "vkristensen.dk";
|
||||
# The public-facing base URL that clients use to access this Homeserver.
|
||||
# This is the same URL a user might enter into the 'Custom Homeserver
|
||||
# URL' field on their client. If you use Synapse with a reverse proxy,
|
||||
# this should be the URL to reach Synapse via the proxy.
|
||||
public_baseurl = "https://matrix.vkristensen.dk";
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
# Enable client-server and server-server APIs
|
||||
names = ["client" "federation"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
# Disable trusting signing keys from matrix.org (the default). If set to
|
||||
# the empty array, then Synapse will request the keys directly from the
|
||||
# server that owns the keys.
|
||||
trusted_key_servers = [];
|
||||
# The public URIs of the TURN server to give to clients.
|
||||
# https://element-hq.github.io/synapse/latest/turn-howto.html
|
||||
turn_uris = ["turn:turn.matrix.org?transport=udp" "turn:turn.matrix.org?transport=tcp"];
|
||||
turn_shared_secret = "n0t4ctuAllymatr1Xd0TorgSshar3d5ecret4obvIousreAsons";
|
||||
};
|
||||
};
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
{
|
||||
directory = "/var/lib/matrix-synapse";
|
||||
user = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
mode = "0700";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
51
hosts/sigma/postgresql.nix
Normal file
51
hosts/sigma/postgresql.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{pkgs, ...}: {
|
||||
# https://nixos.org/manual/nixos/stable/#module-postgresql
|
||||
# https://wiki.nixos.org/wiki/PostgreSQL
|
||||
# > sudo -u postgres psql
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
# https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
|
||||
package = pkgs.postgresql_16;
|
||||
ensureDatabases = [
|
||||
"matrix-synapse"
|
||||
];
|
||||
ensureUsers = [
|
||||
# If the database user name equals the connecting system user name,
|
||||
# postgres by default will accept a passwordless connection via unix
|
||||
# domain socket. This makes it possible to run many postgres-backed
|
||||
# services without creating any database secrets at all.
|
||||
{
|
||||
name = "matrix-synapse";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
initialScript = pkgs.writeText "init.sql" ''
|
||||
# https://github.com/NixOS/nixpkgs/commit/8be61f7a36f403c15e1a242e129be7375aafaa85
|
||||
CREATE DATABASE "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
{
|
||||
directory = "/var/lib/postgresql";
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
mode = "0750";
|
||||
}
|
||||
{
|
||||
directory = "/var/backup/postgresql";
|
||||
user = "postgres";
|
||||
group = "root";
|
||||
mode = "0700";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -95,6 +95,8 @@
|
|||
"! /srv/torrents"
|
||||
"! /var/lib/containers/overlay*"
|
||||
"! /var/lib/docker/overlay2"
|
||||
# postgres databases are dumped to /var/backup/postgresql by services.postgresqlBackup
|
||||
"! /var/lib/postgresql"
|
||||
"- *.tmp"
|
||||
|
||||
"! /home/*/Android/Sdk"
|
||||
|
|
Loading…
Reference in a new issue