nix-infra/config/hosts/matrix/matrix-synapse.nix

{ ... }:
{
  services.matrix-synapse = {
    enable = true;
    settings = {
      listeners = [{
        port = 8008;
        bind_addresses = [
          "::1"
          "127.0.0.1"
        ];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          {
            compress = true;
            names = [ "client" ];
          }
          {
            compress = false;
            names = [ "federation" ];
          }
        ];
      }];
      server_name = "nekover.se";
      public_baseurl = "https://matrix.nekover.se";
      database = {
        name = "psycopg2";
        args.password = "synapse";
      };
      email = {
        smtp_host = "mail-1.grzb.de";
        smtp_port = 465;
        smtp_user = "matrix@nekover.se";
        force_tls = true;
        notif_from = "Nekoverse Matrix Server <nyareply@nekover.se>";
      };
      max_upload_size = "500M";
      signing_key_path = "/secrets/matrix-homeserver-signing-key.secret";
      admin_contact = "mailto:admin@nekover.se";
      web_client_location = "https://element.nekover.se";
      turn_uris = [
        "turns:turn.nekover.se?transport=udp"
        "turns:turn.nekover.se?transport=tcp"
      ];
      turn_user_lifetime = 86400000;
      turn_allow_guests = true;
      experimental_features = {
        msc3861 = {
          enabled = true;
          # Synapse will call `{issuer}/.well-known/openid-configuration` to get the OIDC configuration
          issuer = "https://nekover.se";
          client_id = "0000000000000000000SYNAPSE";
          client_auth_method = "client_secret_basic";
          # Matches the `client_secret` in the auth service config
          client_secret = "SomeRandomSecret";
          # Matches the `matrix.secret` in the auth service config
          admin_token = "AnotherRandomSecret";
          account_management_url = "https://id.nekover.se/realms/nekoverse/account/";
        };
      };
    };
    extras = [ "oidc" ];
    extraConfigFiles = [
      "/secrets/matrix-registration-shared-secret.secret"
      "/secrets/matrix-turn-shared-secret.secret"
      "/secrets/matrix-email-smtp-pass.secret"
      "/secrets/matrix-keycloak-client-secret.secret"
    ];
  };
}
Remove matrix sliding sync options as it is now part of matrix-synapse 2024-11-07 23:11:26 +01:00			`{ ... }:`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`{`
			`services.matrix-synapse = {`
			`enable = true;`
			`settings = {`
Also listen on "::1" 2023-10-05 23:35:00 +02:00			`listeners = [{`
			`port = 8008;`
			`bind_addresses = [`
			`"::1"`
			`"127.0.0.1"`
			`];`
			`type = "http";`
			`tls = false;`
			`x_forwarded = true;`
			`resources = [`
			`{`
			`compress = true;`
			`names = [ "client" ];`
			`}`
			`{`
			`compress = false;`
			`names = [ "federation" ];`
			`}`
			`];`
			`}];`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`server_name = "nekover.se";`
			`public_baseurl = "https://matrix.nekover.se";`
			`database = {`
			`name = "psycopg2";`
			`args.password = "synapse";`
			`};`
			`email = {`
Use only snake case for element-web config since camel case is deprecated 2023-09-19 17:56:36 +02:00			`smtp_host = "mail-1.grzb.de";`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`smtp_port = 465;`
Use only snake case for element-web config since camel case is deprecated 2023-09-19 17:56:36 +02:00			`smtp_user = "matrix@nekover.se";`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`force_tls = true;`
			`notif_from = "Nekoverse Matrix Server <nyareply@nekover.se>";`
			`};`
			`max_upload_size = "500M";`
			`signing_key_path = "/secrets/matrix-homeserver-signing-key.secret";`
			`admin_contact = "mailto:admin@nekover.se";`
			`web_client_location = "https://element.nekover.se";`
			`turn_uris = [`
			`"turns:turn.nekover.se?transport=udp"`
			`"turns:turn.nekover.se?transport=tcp"`
			`];`
			`turn_user_lifetime = 86400000;`
			`turn_allow_guests = true;`
WIP mas 2024-11-08 01:45:53 +01:00			`experimental_features = {`
			`msc3861 = {`
			`enabled = true;`
			# Synapse will call `{issuer}/.well-known/openid-configuration` to get the OIDC configuration
			`issuer = "https://nekover.se";`
			`client_id = "0000000000000000000SYNAPSE";`
			`client_auth_method = "client_secret_basic";`
			# Matches the `client_secret` in the auth service config
			`client_secret = "SomeRandomSecret";`
			# Matches the `matrix.secret` in the auth service config
			`admin_token = "AnotherRandomSecret";`
			`account_management_url = "https://id.nekover.se/realms/nekoverse/account/";`
			`};`
			`};`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`};`
Enable Keycloak SSO for matrix 2024-01-21 21:47:18 +01:00			`extras = [ "oidc" ];`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`extraConfigFiles = [`
			`"/secrets/matrix-registration-shared-secret.secret"`
			`"/secrets/matrix-turn-shared-secret.secret"`
			`"/secrets/matrix-email-smtp-pass.secret"`
Enable Keycloak SSO for matrix 2024-01-21 21:47:18 +01:00			`"/secrets/matrix-keycloak-client-secret.secret"`
Add matrix-synapse host 2023-08-29 16:10:22 +02:00			`];`
			`};`
			`}`