2024-08-29 18:17:30 +00:00
|
|
|
{ lib, config, ... }:
|
2024-08-25 15:02:35 +00:00
|
|
|
{
|
2024-08-11 10:08:41 +00:00
|
|
|
services.matrix-synapse = {
|
|
|
|
enable = true;
|
|
|
|
withJemalloc = true;
|
|
|
|
enableRegistrationScript = false;
|
2024-08-25 15:02:35 +00:00
|
|
|
extraConfigFiles = [ config.sops.secrets."synapse/secret".path ];
|
2024-08-11 10:08:41 +00:00
|
|
|
settings = {
|
|
|
|
server_name = "ny4.dev";
|
|
|
|
public_baseurl = "https://matrix.ny4.dev";
|
|
|
|
presence.enabled = false; # tradeoff
|
|
|
|
listeners = [
|
|
|
|
{
|
|
|
|
path = "/run/matrix-synapse/synapse.sock";
|
|
|
|
type = "http";
|
2024-08-29 18:17:30 +00:00
|
|
|
resources = lib.singleton {
|
|
|
|
names = [
|
|
|
|
"client"
|
|
|
|
"federation"
|
|
|
|
];
|
|
|
|
compress = true;
|
|
|
|
};
|
2024-08-11 10:08:41 +00:00
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2024-08-25 16:09:26 +00:00
|
|
|
experimental_features = {
|
|
|
|
# MSC3575 (Sliding Sync API endpoints)
|
|
|
|
# TODO: drop matrix-sliding-sync proxy
|
|
|
|
msc3575_enabled = true;
|
|
|
|
};
|
|
|
|
|
2024-08-11 10:08:41 +00:00
|
|
|
# https://element-hq.github.io/synapse/latest/openid.html#keycloak
|
2024-08-29 18:17:30 +00:00
|
|
|
oidc_providers = lib.singleton {
|
|
|
|
idp_id = "keycloak";
|
|
|
|
idp_name = "id.ny4.dev";
|
|
|
|
issuer = "https://id.ny4.dev/realms/ny4";
|
|
|
|
client_id = "synapse";
|
|
|
|
client_secret_path = config.sops.secrets."synapse/oidc".path;
|
|
|
|
scopes = [
|
|
|
|
"openid"
|
|
|
|
"profile"
|
|
|
|
];
|
|
|
|
user_mapping_provider.config = {
|
|
|
|
localpart_template = "{{ user.preferred_username }}";
|
|
|
|
display_name_template = "{{ user.name }}";
|
|
|
|
};
|
|
|
|
backchannel_logout_enabled = true;
|
|
|
|
allow_existing_users = true;
|
|
|
|
};
|
2024-08-11 10:08:41 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.matrix-synapse = {
|
|
|
|
environment = config.networking.proxy.envVars;
|
2024-08-25 15:02:35 +00:00
|
|
|
serviceConfig.RuntimeDirectory = [ "matrix-synapse" ];
|
2024-08-11 10:08:41 +00:00
|
|
|
};
|
|
|
|
}
|