2021-09-22 10:16:11 +02:00
|
|
|
{ config, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
services.matrix-synapse = {
|
|
|
|
enable = true;
|
|
|
|
server_name = "graven.dev";
|
|
|
|
enable_registration = false;
|
2021-09-22 15:31:20 +02:00
|
|
|
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
|
2021-09-23 16:45:06 +02:00
|
|
|
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
|
2021-09-22 10:16:11 +02:00
|
|
|
max_upload_size = "100M";
|
|
|
|
database_type = "psycopg2";
|
|
|
|
database_user = "synapse";
|
|
|
|
database_name = "synapse";
|
2021-09-22 15:31:20 +02:00
|
|
|
turn_uris = [
|
|
|
|
"turn:turn.graven.dev:3478?transport=udp"
|
|
|
|
"turn:turn.graven.dev:3478?transport=tcp"
|
|
|
|
"turn:turn.graven.dev:3479?transport=udp"
|
|
|
|
"turn:turn.graven.dev:3479?transport=tcp"
|
|
|
|
"turns:turn.graven.dev:5349?transport=udp"
|
|
|
|
"turns:turn.graven.dev:5349?transport=tcp"
|
|
|
|
"turns:turn.graven.dev:5350?transport=udp"
|
|
|
|
"turns:turn.graven.dev:5350?transport=tcp"
|
|
|
|
];
|
|
|
|
report_stats = true;
|
|
|
|
withJemalloc = true;
|
2021-12-18 12:50:07 +01:00
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
oidc_providers:
|
|
|
|
- idp_id: authentik
|
|
|
|
idp_name: authentik
|
|
|
|
discover: true
|
|
|
|
issuer: "https://auth.graven.dev/application/o/matrix-synapse/"
|
|
|
|
client_id: "b680e49c584fad37610d465b1ea270e8daf7ce50"
|
|
|
|
client_secret: "d404b3bca1e7d2073a79b4e6d60b64505e2249a7fa6b5a2a0f499ab1955b93e269cddff4c8ce37c8ad929e16cdab5640ec2c25cec36ed73e67b753b6d4689cac"
|
|
|
|
scopes:
|
|
|
|
- "openid"
|
|
|
|
- "profile"
|
|
|
|
- "email"
|
|
|
|
user_mapping_provider:
|
|
|
|
config:
|
|
|
|
localpart_template: "{{ '{{ user.name }}' }}"
|
|
|
|
display_name_template: "{{ '{{ user.name|capitalize }}' }}"
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
2021-09-22 10:16:11 +02:00
|
|
|
logConfig = ''
|
2021-12-18 12:50:07 +01:00
|
|
|
version: 1
|
2021-09-22 10:16:11 +02:00
|
|
|
|
2021-12-18 12:50:07 +01:00
|
|
|
formatters:
|
|
|
|
precise:
|
|
|
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
2021-09-22 10:16:11 +02:00
|
|
|
|
2021-12-18 12:50:07 +01:00
|
|
|
handlers:
|
|
|
|
console:
|
|
|
|
class: logging.StreamHandler
|
|
|
|
formatter: precise
|
2021-09-22 10:16:11 +02:00
|
|
|
|
2021-12-18 12:50:07 +01:00
|
|
|
loggers:
|
|
|
|
synapse.storage.SQL:
|
|
|
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
|
|
|
# information such as access tokens.
|
|
|
|
level: WARN
|
2021-09-22 10:16:11 +02:00
|
|
|
|
2021-12-18 12:50:07 +01:00
|
|
|
root:
|
|
|
|
level: WARN
|
|
|
|
handlers: [console]
|
2021-09-22 10:16:11 +02:00
|
|
|
|
2021-12-18 12:50:07 +01:00
|
|
|
disable_existing_loggers: false
|
2021-09-22 10:16:11 +02:00
|
|
|
'';
|
|
|
|
listeners = [
|
|
|
|
{
|
|
|
|
port = 8008;
|
|
|
|
bind_address = "127.0.0.1";
|
|
|
|
type = "http";
|
|
|
|
tls = false;
|
|
|
|
x_forwarded = true;
|
|
|
|
resources = [
|
|
|
|
{
|
|
|
|
names = [ "client" "federation" ];
|
|
|
|
compress = false;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|