nix-deploy/config/hosts/wind/services/synapse.nix

90 lines
2.3 KiB
Nix
Raw Permalink Normal View History

2021-09-22 10:16:11 +02:00
{ config, ... }:
{
services.matrix-synapse = {
enable = true;
server_name = "graven.dev";
enable_registration = false;
2021-09-22 15:31:20 +02:00
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
2021-09-23 16:45:06 +02:00
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
2021-09-22 10:16:11 +02:00
max_upload_size = "100M";
database_type = "psycopg2";
database_user = "synapse";
database_name = "synapse";
2021-09-22 15:31:20 +02:00
turn_uris = [
"turn:turn.graven.dev:3478?transport=udp"
"turn:turn.graven.dev:3478?transport=tcp"
"turn:turn.graven.dev:3479?transport=udp"
"turn:turn.graven.dev:3479?transport=tcp"
"turns:turn.graven.dev:5349?transport=udp"
"turns:turn.graven.dev:5349?transport=tcp"
"turns:turn.graven.dev:5350?transport=udp"
"turns:turn.graven.dev:5350?transport=tcp"
];
report_stats = true;
withJemalloc = true;
2021-12-18 12:50:07 +01:00
2021-12-20 11:56:41 +01:00
extraConfig = ''
password_config:
enabled: false
2021-12-18 12:50:07 +01:00
oidc_providers:
- idp_id: authentik
idp_name: authentik
discover: true
2021-12-20 11:56:41 +01:00
issuer: "https://auth.graven.dev/application/o/synapse/"
client_id: "7a77036d3b360265895f2ab5a51264ba586c93d5"
client_secret: "a9f9146fd13338230481a71c824d122bfb5e8a2118f2cdaf882746ad6726aeecd50ef522338acec89d3f8ccb8014124e022a6af6769807ea4271931f219a3f55"
allow_existing_users: true
2021-12-18 12:50:07 +01:00
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
2021-12-20 11:56:41 +01:00
localpart_template: "{{ user.name }}"
display_name_template: "{{ user.name|capitalize }}"
'';
2021-12-18 12:50:07 +01:00
2021-09-22 10:16:11 +02:00
logConfig = ''
2021-12-18 12:50:07 +01:00
version: 1
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
formatters:
2021-12-20 11:56:41 +01:00
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
handlers:
2021-12-20 11:56:41 +01:00
console:
class: logging.StreamHandler
formatter: precise
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
loggers:
2021-12-20 11:56:41 +01:00
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARN
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
root:
2021-12-20 11:56:41 +01:00
level: WARN
handlers: [console]
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
disable_existing_loggers: false
2021-09-22 10:16:11 +02:00
'';
listeners = [
{
port = 8008;
bind_address = "127.0.0.1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
}