Compare commits
2 commits
2c97e3150e
...
1289e3dc3b
| Author | SHA1 | Date | |
|---|---|---|---|
 Casper V. Kristensen
|
1289e3dc3b | ||
|
Casper V. Kristensen
|
de401a9e5c |
32
flake.lock
32
flake.lock
|
|
@ -85,11 +85,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716736760,
|
||||
"narHash": "sha256-h3RmnNknKYtVA+EvUSra6QAwfZjC2q1G8YA7W0gat8Y=",
|
||||
"lastModified": 1717097707,
|
||||
"narHash": "sha256-HC5vJ3oYsjwsCaSbkIPv80e4ebJpNvFKQTBOGlHvjLs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "5d151429e1e79107acf6d06dcc5ace4e642ec239",
|
||||
"rev": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -136,11 +136,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1716798306,
|
||||
"narHash": "sha256-s8+OhT1WSPMoqbTawT30hj4NVMg+w03/a+2HVqcNhY0=",
|
||||
"lastModified": 1716987116,
|
||||
"narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "9a20e17a73b052d6be912adcee220cb483477094",
|
||||
"rev": "8251761f93d6f5b91cee45ac09edb6e382641009",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -152,11 +152,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1716633019,
|
||||
"narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=",
|
||||
"lastModified": 1716991068,
|
||||
"narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e",
|
||||
"rev": "25cf937a30bf0801447f6bf544fc7486c6309234",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -198,11 +198,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1716509168,
|
||||
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
|
||||
"lastModified": 1716948383,
|
||||
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
|
||||
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -228,11 +228,11 @@
|
|||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1715639840,
|
||||
"narHash": "sha256-/GzOncvbpx/6FekAz/s4sN+fB/t1SZADu6Qn/xCteXg=",
|
||||
"lastModified": 1717157873,
|
||||
"narHash": "sha256-83FNu9/bO88ubXOUakzRfBvJJYLbIlN+fVtAtVy/as8=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "51391a0e689b523d1213f6c6019a18631489cc91",
|
||||
"revCount": 39,
|
||||
"rev": "3369fe960dfa17dc4b3a3f84f10fd30e49fee75f",
|
||||
"revCount": 41,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{...}: {
|
||||
{
|
||||
config,
|
||||
secrets,
|
||||
...
|
||||
}: {
|
||||
# https://element-hq.github.io/synapse/latest/
|
||||
# https://nixos.org/manual/nixos/stable/#module-services-matrix
|
||||
# https://wiki.nixos.org/wiki/Matrix
|
||||
|
|
@ -44,6 +48,36 @@
|
|||
};
|
||||
};
|
||||
|
||||
# https://github.com/matrix-org/sliding-sync
|
||||
services.matrix-synapse.sliding-sync = {
|
||||
# Unlike matrix-synapse, sliding-sync has createDatabase=true by default,
|
||||
# which means we don't have to configure the database in the postgres
|
||||
# service manually.
|
||||
enable = true;
|
||||
settings.SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
|
||||
environmentFile = config.age.secrets.matrix-sliding-sync-environment-file.path;
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureDatabases = [
|
||||
# matrix-synapse expects the database to have the options `LC_COLLATE`
|
||||
# and `LC_CTYPE` set to `C`, which basically instructs postgres to
|
||||
# ignore any locale-based preferences. Do this manually.
|
||||
# https://github.com/NixOS/nixpkgs/commit/8be61f7a36f403c15e1a242e129be7375aafaa85
|
||||
"matrix-synapse"
|
||||
];
|
||||
ensureUsers = [
|
||||
# If the database user name equals the connecting system user name,
|
||||
# postgres by default will accept a passwordless connection via unix
|
||||
# domain socket. This makes it possible to run many postgres-backed
|
||||
# services without creating any database secrets at all.
|
||||
{
|
||||
name = "matrix-synapse";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
{
|
||||
|
|
@ -54,4 +88,11 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
|
||||
age.secrets.matrix-sliding-sync-environment-file = {
|
||||
file = "${secrets}/secrets/matrix-sliding-sync-environment-file.age";
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,26 +6,6 @@
|
|||
enable = true;
|
||||
# https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
|
||||
package = pkgs.postgresql_16;
|
||||
ensureDatabases = [
|
||||
"matrix-synapse"
|
||||
];
|
||||
ensureUsers = [
|
||||
# If the database user name equals the connecting system user name,
|
||||
# postgres by default will accept a passwordless connection via unix
|
||||
# domain socket. This makes it possible to run many postgres-backed
|
||||
# services without creating any database secrets at all.
|
||||
{
|
||||
name = "matrix-synapse";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
initialScript = pkgs.writeText "init.sql" ''
|
||||
# https://github.com/NixOS/nixpkgs/commit/8be61f7a36f403c15e1a242e129be7375aafaa85
|
||||
CREATE DATABASE "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue