Configure matrix-authentication-service

2025-02-11 23:09:22 +01:00 · 2025-02-11 23:09:22 +01:00 · 881189eb62
commit 881189eb62
parent e484360f91
9 changed files with 172 additions and 42 deletions
--- a/config/hosts/matrix/matrix-authentication-service.nix
+++ b/config/hosts/matrix/matrix-authentication-service.nix
@ -0,0 +1,94 @@
+{ pkgs, ... }:
+let
+  masSettings = {
+    http = {
+      listeners = [
+        {
+          name = "web";
+          resources = [
+            { name = "discovery"; }
+            { name = "human"; }
+            { name = "oauth"; }
+            { name = "compat"; }
+            { name = "graphql"; }
+            { 
+              name = "assets";
+              path = "${pkgs.matrix-authentication-service}/share/matrix-authentication-service/assets/";
+            }
+          ];
+          binds = [{
+            host = "localhost";
+            port = 8080;
+          }];
+          proxy_protocol = false;
+        }
+        {
+          name = "internal";
+          resources = [{
+            name = "health";
+          }];
+          binds = [{
+            host = "localhost";
+            port = 8081;
+          }];
+          proxy_protocol = false;
+        }
+      ];
+      trusted_proxies = [
+        "192.168.0.0/16"
+        "172.16.0.0/12"
+        "10.0.0.0/10"
+        "127.0.0.1/8"
+        "fd00::/8"
+        "::1/128"
+      ];
+      public_base = "https://mas.nekover.se";
+    };
+    database = {
+      uri = "postgresql://mas_user:mas@localhost/mas";
+      max_connections = 10;
+      min_connections = 0;
+      connect_timeout = 30;
+      idle_timeout = 600;
+      max_lifetime = 1800;
+    };
+    passwords = {
+      enabled = true;
+      schemes = [
+        {
+          version = 1;
+          algorithm = "bcrypt";
+        }
+        {
+          version = 2;
+          algorithm = "argon2id";
+        }
+      ]; 
+      minimum_complexity = 8;
+    };
+  };
+  masSettingsFile = ((pkgs.formats.yaml { }).generate "mas-config" masSettings);
+in
+{
+  environment.systemPackages = with pkgs; [
+    matrix-authentication-service
+    syn2mas
+  ];
+
+
+  systemd.services.matrix-authentication-service = {
+    description = "Matrix Authentication Service";
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.matrix-authentication-service}/bin/mas-cli server --config=${masSettingsFile} --config=/secrets/matrix-mas-secret-config.secret";
+      WorkingDirectory = "${pkgs.matrix-authentication-service}";
+      User = "matrix-synapse";
+      Group = "matrix-synapse";
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };
+}