flake/hosts/pek0/services/matrix.nix

73 lines
2 KiB
Nix
Raw Normal View History

2024-08-29 18:17:30 +00:00
{ lib, config, ... }:
{
2024-08-11 10:08:41 +00:00
services.matrix-synapse = {
enable = true;
withJemalloc = true;
enableRegistrationScript = false;
extraConfigFiles = [ config.sops.secrets."synapse/secret".path ];
2024-08-11 10:08:41 +00:00
settings = {
server_name = "ny4.dev";
public_baseurl = "https://matrix.ny4.dev";
presence.enabled = false; # tradeoff
listeners = [
{
path = "/run/matrix-synapse/synapse.sock";
type = "http";
2024-08-29 18:17:30 +00:00
resources = lib.singleton {
names = [
"client"
"federation"
];
compress = true;
};
2024-08-11 10:08:41 +00:00
}
];
# https://element-hq.github.io/synapse/latest/openid.html#keycloak
2024-08-29 18:17:30 +00:00
oidc_providers = lib.singleton {
idp_id = "keycloak";
idp_name = "id.ny4.dev";
issuer = "https://id.ny4.dev/realms/ny4";
client_id = "synapse";
client_secret_path = config.sops.secrets."synapse/oidc".path;
scopes = [
"openid"
"profile"
];
user_mapping_provider.config = {
localpart_template = "{{ user.preferred_username }}";
display_name_template = "{{ user.name }}";
};
backchannel_logout_enabled = true;
allow_existing_users = true;
};
2024-08-11 10:08:41 +00:00
};
};
systemd.services.matrix-synapse = {
environment = config.networking.proxy.envVars;
serviceConfig.RuntimeDirectory = [ "matrix-synapse" ];
2024-08-11 10:08:41 +00:00
};
2024-08-31 02:15:09 +00:00
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
2024-09-20 17:38:01 +00:00
match = lib.singleton { host = [ "matrix.ny4.dev" ]; };
2024-08-31 02:15:09 +00:00
handle = lib.singleton {
handler = "subroute";
routes = lib.singleton {
match = lib.singleton {
path = [
"/_matrix/*"
"/_synapse/*"
"/health"
];
};
handle = lib.singleton {
handler = "reverse_proxy";
headers.request.set."X-Forwarded-Proto" = [ "https" ];
2024-09-20 17:38:01 +00:00
upstreams = lib.singleton { dial = "unix//run/matrix-synapse/synapse.sock"; };
2024-08-31 02:15:09 +00:00
};
};
};
};
2024-08-11 10:08:41 +00:00
}