Enable metrics for matrix-synapse

Update element-web to 1.11.109
Update mastodon tangerine UI to 2.4.4
2025-08-22 19:14:41 +02:00 · 2025-08-20 23:00:45 +02:00 · 2025-08-20 22:53:54 +02:00 · 2025-08-20 22:39:34 +02:00 · 2025-08-20 21:12:30 +02:00 · 2025-08-20 21:02:53 +02:00
8 changed files with 70 additions and 59 deletions
--- a/config/common/default.nix
+++ b/config/common/default.nix
@ -41,7 +41,6 @@
  security.acme = {
    defaults.email = "acme@grzb.de";
    acceptTerms = true;
-    preliminarySelfsigned = true;
  };

  # Print the ed25519 public ssh host key to console when booting
--- a/config/hosts/mastodon/mastodon.nix
+++ b/config/hosts/mastodon/mastodon.nix
@ -2,8 +2,8 @@
 let
  tangerineUI = pkgs.fetchgit {
    url = "https://github.com/nileane/TangerineUI-for-Mastodon.git";
-    rev = "v2.4.3";
-    hash = "sha256-OThT3fp676RMfYY3ehzM4DnAlJOqdPoYIHpoBbN/RHQ=";
+    rev = "v2.4.4";
+    hash = "sha256-58xiS2yzv4z24IULJQWpkqV1Op6e+U6SFd1XjpAB6Go=";
  };
  mastodonModern = pkgs.fetchgit {
    url = "https://git.gay/freeplay/Mastodon-Modern.git";
@ -16,14 +16,14 @@ let
  };
  mastodonNekoverseOverlay = final: prev: {
    mastodon = (prev.mastodon.override rec {
-      version = "4.4.1";
+      version = "4.4.3";
      srcOverride = final.applyPatches {
        src = pkgs.stdenv.mkDerivation {
          name = "mastodonWithThemes";
          src = pkgs.fetchgit {
            url = "https://github.com/mastodon/mastodon.git";
            rev = "v${version}";
-            sha256 = "sha256-hu6AmR0CvI3lVixJ2UmWY3KAlWbqYULCQAjRGJcuIhc=";
+            sha256 = "sha256-HFvsf8uNP5TV6vPaIkWKnuOKExQhgvrhyRWf3OCqIDk=";
          };
          # mastodon ships with broken symlinks, disable the check for that for now
          dontCheckForBrokenSymlinks = true;
--- a/config/hosts/matrix/configuration.nix
+++ b/config/hosts/matrix/configuration.nix
@ -9,7 +9,7 @@
    hostName = "matrix";
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 8443 8448 ];
+      allowedTCPPorts = [ 80 8443 8448 9000 ];
    };
  };

--- a/config/hosts/matrix/matrix-synapse.nix
+++ b/config/hosts/matrix/matrix-synapse.nix
@ -3,26 +3,40 @@
  services.matrix-synapse = {
    enable = true;
    settings = {
-      listeners = [{
-        port = 8008;
-        bind_addresses = [
-          "::1"
-          "127.0.0.1"
-        ];
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-        resources = [
-          {
-            compress = true;
-            names = [ "client" ];
-          }
-          {
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = [
+            "::1"
+            "127.0.0.1"
+          ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              compress = true;
+              names = [ "client" ];
+            }
+            {
+              compress = false;
+              names = [ "federation" ];
+            }
+          ];
+        }
+        {
+          port = 9000;
+          type = "http";
+          tls = false;
+          bind_addresses = [
+            "0.0.0.0"
+          ];
+          resources = [{
+            names = [ "metrics" ];
            compress = false;
-            names = [ "federation" ];
-          }
-        ];
-      }];
+          }];
+        }
+      ];
      server_name = "nekover.se";
      public_baseurl = "https://matrix.nekover.se";
      database = {
@ -40,6 +54,7 @@
      signing_key_path = "/secrets/matrix-homeserver-signing-key.secret";
      admin_contact = "mailto:admin@nekover.se";
      web_client_location = "https://element.nekover.se";
+      enable_metrics = true;
      turn_uris = [
        "turns:turn.nekover.se?transport=udp"
        "turns:turn.nekover.se?transport=tcp"
--- a/config/hosts/metrics/nginx.nix
+++ b/config/hosts/metrics/nginx.nix
@ -22,25 +22,6 @@
          proxyWebsockets = true;
        };
      };
-      "alertmanager.grzb.de"= {
-        forceSSL = true;
-        enableACME = true;
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 80;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-        ];
-        locations."/" = {
-          proxyPass = "http://${config.services.prometheus.alertmanager.listenAddress}:${builtins.toString config.services.prometheus.alertmanager.port}";
-          proxyWebsockets = true;
-        };
-      };
    };
  };
 }
--- a/config/hosts/metrics/prometheus.nix
+++ b/config/hosts/metrics/prometheus.nix
@ -1,8 +1,16 @@
-{ hosts, ... }:
+{ hosts, pkgs, ... }:
+let
+  # https://github.com/element-hq/synapse/tree/master/contrib/prometheus/
+  synapseRules = pkgs.fetchurl {
+    url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/prometheus/synapse-v2.rules";
+    hash = "sha256-WldlBdCMzul49OlFhJMsrx4MYFakHTa36Y9HnV22EwI=";
+  };
+in
 {
  services.prometheus = {
    enable = true;
    retentionTime = "90d";
+    ruleFiles = [ synapseRules ];
    scrapeConfigs = [
      {
        job_name = "node";
@ -15,6 +23,14 @@
          };
        }) (builtins.attrNames hosts);
      }
+      {
+        job_name = "synapse";
+        scrape_interval = "15s";
+        metrics_path = "/_synapse/metrics";
+        static_configs = [{
+          targets = [ "matrix.vs.grzb.de:9000" ];
+        }];
+      }
    ];
  };
 }
--- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
+++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix
@ -1,9 +1,9 @@
 { pkgs, ... }:
 let
-  elementWebVersion = "1.11.106";
+  elementWebVersion = "1.11.109";
  element-web = pkgs.fetchzip {
    url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-5E6za7G7Olia5VzOnBjYMeGJ2Xifqx+vDmCFgNLaRZo=";
+    sha256 = "sha256-eKPClYJxUhCJznI1+dv9w2h0CoSKgZsBZCsuM3KH5ag=";
  };
  elementWebSecurityHeaders = ''
  	# Configuration best practices
--- a/flake.lock
+++ b/flake.lock
@ -118,11 +118,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1754951463,
-        "narHash": "sha256-QokKO2Ofo4hW5XvcMdZ89XEPAyFo6vqz7yCD5fx9wFw=",
+        "lastModified": 1755678965,
+        "narHash": "sha256-zyEsoxHTMIbyYWpc4n+jiKwZ9TcIE4DPotdxAe2Jrso=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "216c1318892aa8236e38dcbc6dfd976f5eff4e48",
+        "rev": "0ee3848fea3e9c7dadf47cf1e89f8c13878e9f6f",
        "type": "github"
      },
      "original": {
@ -150,11 +150,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1754986950,
-        "narHash": "sha256-8sbLVtESf/0gBp522Bz7TSvgulzTOFx9/wG92tBM4GE=",
+        "lastModified": 1755716446,
+        "narHash": "sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cfa72d41e8b342aea82ee6ae28ecfc2293ac599b",
+        "rev": "b0eccfbc0168243438e8a6747fcdfb1bb796a3f7",
        "type": "github"
      },
      "original": {
@ -166,11 +166,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1754975461,
-        "narHash": "sha256-F/EzILKOWZ4UvCbj655MLAf2EfjbhFbz1iKrxaJxmuk=",
+        "lastModified": 1755672759,
+        "narHash": "sha256-YO9q05I+vi6zrHpxeBcDnQYKX7TS4T3SxPXYd6N00XA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cca779286a4dfd33a04d11954829dfeca0904b79",
+        "rev": "25bf5c5df47ae79b24fbae8d0d3f6480dadde3ed",
        "type": "github"
      },
      "original": {
@ -214,11 +214,11 @@
        "nixpkgs-25_05": "nixpkgs-25_05"
      },
      "locked": {
-        "lastModified": 1747965231,
-        "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=",
+        "lastModified": 1755110674,
+        "narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "53007af63fade28853408370c4c600a63dd97f41",
+        "rev": "f5936247dbdb8501221978562ab0b302dd75456c",
        "type": "gitlab"
      },
      "original": {
Author	SHA1	Message	Date
fi	139033130f	Enable metrics for matrix-synapse	2025-08-22 19:14:41 +02:00
fi	71f7131b7d	Update element-web to 1.11.109	2025-08-20 23:00:45 +02:00
fi	25592dff5d	Update mastodon tangerine UI to 2.4.4	2025-08-20 22:53:54 +02:00
fi	bb51d64a9a	Update mastodon to 4.4.3	2025-08-20 22:39:34 +02:00
fi	55a984b03c	Remove security.acme.preliminarySelfsigned option as it no longer has an effect	2025-08-20 21:12:30 +02:00
fi	31a081ffb8	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/216c1318892aa8236e38dcbc6dfd976f5eff4e48?narHash=sha256-QokKO2Ofo4hW5XvcMdZ89XEPAyFo6vqz7yCD5fx9wFw%3D' (2025-08-11) → 'github:NixOS/nixpkgs/0ee3848fea3e9c7dadf47cf1e89f8c13878e9f6f?narHash=sha256-zyEsoxHTMIbyYWpc4n%2BjiKwZ9TcIE4DPotdxAe2Jrso%3D' (2025-08-20) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/cfa72d41e8b342aea82ee6ae28ecfc2293ac599b?narHash=sha256-8sbLVtESf/0gBp522Bz7TSvgulzTOFx9/wG92tBM4GE%3D' (2025-08-12) → 'github:NixOS/nixpkgs/b0eccfbc0168243438e8a6747fcdfb1bb796a3f7?narHash=sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs%3D' (2025-08-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/cca779286a4dfd33a04d11954829dfeca0904b79?narHash=sha256-F/EzILKOWZ4UvCbj655MLAf2EfjbhFbz1iKrxaJxmuk%3D' (2025-08-12) → 'github:NixOS/nixpkgs/25bf5c5df47ae79b24fbae8d0d3f6480dadde3ed?narHash=sha256-YO9q05I%2Bvi6zrHpxeBcDnQYKX7TS4T3SxPXYd6N00XA%3D' (2025-08-20) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/53007af63fade28853408370c4c600a63dd97f41?narHash=sha256-BW3ktviEhfCN/z3%2BkEyzpDKAI8qFTwO7%2BS0NVA0C90o%3D' (2025-05-23) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/f5936247dbdb8501221978562ab0b302dd75456c?narHash=sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI%3D' (2025-08-13)	2025-08-20 21:02:53 +02:00