nix-infra/config/hosts/matrix/matrix-synapse.nix

{ ... }:
{
  services.matrix-synapse = {
    enable = true;
    settings = {
      listeners = [
        {
          port = 8008;
          bind_addresses = [
            "::1"
            "127.0.0.1"
          ];
          type = "http";
          tls = false;
          x_forwarded = true;
          resources = [
            {
              compress = true;
              names = [ "client" ];
            }
            {
              compress = false;
              names = [ "federation" ];
            }
          ];
        }
        {
          port = 9000;
          type = "http";
          tls = false;
          bind_addresses = [
            "0.0.0.0"
          ];
          resources = [{
            names = [ "metrics" ];
            compress = false;
          }];
        }
      ];
      server_name = "nekover.se";
      public_baseurl = "https://matrix.nekover.se";
      database = {
        name = "psycopg2";
        args.password = "synapse";
      };
      email = {
        smtp_host = "mail-1.grzb.de";
        smtp_port = 465;
        smtp_user = "matrix@nekover.se";
        force_tls = true;
        notif_from = "Nekoverse Matrix Server <nyareply@nekover.se>";
      };
      max_upload_size = "500M";
      signing_key_path = "/secrets/matrix-homeserver-signing-key.secret";
      admin_contact = "mailto:admin@nekover.se";
      web_client_location = "https://element.nekover.se";
      enable_metrics = true;
      turn_uris = [
        "turns:turn.nekover.se?transport=udp"
        "turns:turn.nekover.se?transport=tcp"
      ];
      turn_user_lifetime = 86400000;
      turn_allow_guests = true;
      experimental_features = {
        # MSC3266: Room summary API. Used for knocking over federation
        msc3266_enabled = true;
        # MSC4222 needed for syncv2 state_after. This allow clients to
        # correctly track the state of the room.
        msc4222_enabled = true;
      };
      # The maximum allowed duration by which sent events can be delayed, as
      # per MSC4140.
      max_event_delay_duration = "24h";
      rc_message = {
        # This needs to match at least e2ee key sharing frequency plus a bit of headroom
        # Note key sharing events are bursty
        per_second = 0.5;
        burst_count = 30;
      };
      rc_delayed_event_mgmt = {
        # This needs to match at least the heart-beat frequency plus a bit of headroom
        # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
        per_second = 1;
        burst_count = 20;
      };
    };
    extras = [ "oidc" ];
    extraConfigFiles = [
      "/secrets/matrix-registration-shared-secret.secret"
      "/secrets/matrix-turn-shared-secret.secret"
      "/secrets/matrix-email-smtp-pass.secret"
      "/secrets/matrix-homeserver-mas-config.secret"
    ];
  };
}