{ config, pkgs, ... }: let domain = "matrix.${config.networking.domain}"; domainClient = "chat.${config.networking.domain}"; clientConfig = { "m.homeserver" = { base_url = "https://${domain}:443"; }; }; in { age.secrets = { "matrix/shared" = { file = ../../../../secrets/nuc/matrix/shared.age; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; "matrix/sync" = { file = ../../../../secrets/nuc/matrix/sync.age; }; }; services = { postgresql = { enable = true; ensureUsers = [{ name = "matrix-synapse"; }]; }; matrix-synapse = { enable = true; configureRedisLocally = true; enableRegistrationScript = false; extraConfigFiles = [ config.age.secrets."matrix/shared".path ]; log = { root.level = "WARNING"; }; settings = { server_name = config.networking.domain; listeners = [{ path = "/run/matrix-synapse/server.sock"; mode = "666"; type = "http"; x_forwarded = true; resources = [{ names = [ "client" "federation" ]; compress = false; }]; }]; }; }; matrix-sliding-sync = { enable = true; settings = { SYNCV3_SERVER = "https://${domain}"; SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock"; }; environmentFile = config.age.secrets."matrix/sync".path; }; caddy = { virtualHosts = { # synapse "${domain}".extraConfig = '' reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock reverse_proxy unix//run/matrix-synapse/server.sock ''; # element "${domainClient}".extraConfig = '' root '${pkgs.element-web.override { conf = { default_server_config = { inherit (clientConfig) "m.homeserver"; "m.identity_server".base_url = ""; }; disable_3pid_login = true; }; }}' ''; }; }; }; systemd.services.matrix-synapse = { after = [ "matrix-synapse-pgsetup.service" ]; serviceConfig = { RuntimeDirectory = "matrix-synapse"; }; }; systemd.services.matrix-sliding-sync = { serviceConfig = { RuntimeDirectory = "matrix-sliding-sync"; }; }; systemd.services.matrix-synapse-pgsetup = { description = "Prepare Synapse postgres database"; wantedBy = [ "multi-user.target" ]; after = [ "networking.target" "postgresql.service" ]; serviceConfig.Type = "oneshot"; path = [ pkgs.sudo config.services.postgresql.package ]; # create database for synapse. will silently fail if it already exists script = '' sudo -u ${config.services.postgresql.superUser} psql <