chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrate matrix-synapse away from docker

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-07-10 14:19:05 +02:00
parent 7051e2e1e3
commit 3af05052c8
No known key found for this signature in database
GPG key ID: 019E764B7184435A
10 changed files with 202 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

168
modules/services/matrix/default.nix Normal file
View file

@ -0,0 +1,168 @@
{ config, lib, pkgs, ... }:
{
options.chvp.services.matrix.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.services.matrix.enable {
chvp.services.nginx.hosts = [{
fqdn = "matrix.vanpetegem.me";
options.locations = {
"/" = {
proxyPass = "http://127.0.0.1:8448";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 600;
client_max_body_size 10M;
'';
};
"/_slack" = {
proxyPass = "http://127.0.0.1:9898";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
'';
};
};
}];
services = {
matrix-synapse = {
enable = true;
server_name = "vanpetegem.me";
public_baseurl = "https://vanpetegem.me";
listeners = [{
port = 8448;
bind_address = "localhost";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = ["client" "webclient"]; compress = true; }
{ names = ["federation"]; compress = false; }
];
}];
url_preview_enabled = true;
enable_metrics = false;
enable_registration = false;
report_stats = false;
allow_guest_access = false;
app_service_config_files = [
config.age.secrets."files/services/matrix-synapse/whatsapp-registration.yml".path
config.age.secrets."files/services/matrix-synapse/slack-registration.yml".path
];
extraConfigFiles = [
config.age.secrets."files/services/matrix-synapse/config.yml".path
];
dataDir = "${config.chvp.dataPrefix}/var/lib/matrix-synapse";
};
postgresql = {
enable = true;
dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
ensureDatabases = [
"matrix-synapse"
"matrix_appservice_slack"
"mautrix_whatsapp"
];
ensureUsers = [
{
name = "matrix_appservice_slack";
ensurePermissions = {
"DATABASE matrix_appservice_slack" = "ALL PRIVILEGES";
};
}
{
name = "mautrix_whatsapp";
ensurePermissions = {
"DATABASE mautrix_whatsapp" = "ALL PRIVILEGES";
};
}
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
};
}
];
};
};
systemd.services = {
matrix-appservice-slack = {
description = "Matrix <-> Slack bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack --config ${config.age.secrets."files/services/matrix-appservice-slack/config.yml".path} --file ${config.age.secrets."files/services/matrix-appservice-slack/registration.yml".path}";
serviceConfig = {
User = "matrix_appservice_slack";
Group = "matrix_appservice_slack";
};
};
matrix-synapse = {
requires = [ "postgresql.service" ];
};
mautrix-whatsapp = {
description = "Matrix <-> WhatsApp bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp --config ${config.age.secrets."files/services/mautrix-whatsapp/config.yml".path}";
serviceConfig = {
User = "mautrix_whatsapp";
Group = "mautrix_whatsapp";
};
};
};
systemd.tmpfiles.rules = [
"d /var/log/mautrix-whatsapp - mautrix_whatsapp mautrix_whatsapp"
];
users = {
users = {
matrix_appservice_slack = {
group = "matrix_appservice_slack";
isSystemUser = true;
};
mautrix_whatsapp = {
group = "mautrix_whatsapp";
isSystemUser = true;
};
};
groups = {
matrix_appservice_slack = {};
mautrix_whatsapp = {};
};
};
age.secrets."files/services/matrix-appservice-slack/config.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/config.yml.age;
owner = "matrix_appservice_slack";
};
age.secrets."files/services/matrix-appservice-slack/registration.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/registration.yml.age;
owner = "matrix_appservice_slack";
};
age.secrets."files/services/mautrix-whatsapp/config.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/config.yml.age;
owner = "mautrix_whatsapp";
};
age.secrets."files/services/mautrix-whatsapp/registration.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/registration.yml.age;
owner = "mautrix_whatsapp";
};
age.secrets."files/services/matrix-synapse/config.yml" = {
file = ../../../secrets/files/services/matrix-synapse/config.yml.age;
owner = "matrix-synapse";
};
age.secrets."files/services/matrix-synapse/slack-registration.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/registration.yml.age;
owner = "matrix-synapse";
};
age.secrets."files/services/matrix-synapse/whatsapp-registration.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/registration.yml.age;
owner = "matrix-synapse";
};
};
}