nix-deploy/config/hosts/wind/services/synapse.nix

88 lines
2.3 KiB
Nix
Raw Normal View History

2021-09-22 10:16:11 +02:00
{ config, ... }:
{
services.matrix-synapse = {
enable = true;
server_name = "graven.dev";
enable_registration = false;
2021-09-22 15:31:20 +02:00
registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file;
2021-09-23 16:45:06 +02:00
turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file;
2021-09-22 10:16:11 +02:00
max_upload_size = "100M";
database_type = "psycopg2";
database_user = "synapse";
database_name = "synapse";
2021-09-22 15:31:20 +02:00
turn_uris = [
"turn:turn.graven.dev:3478?transport=udp"
"turn:turn.graven.dev:3478?transport=tcp"
"turn:turn.graven.dev:3479?transport=udp"
"turn:turn.graven.dev:3479?transport=tcp"
"turns:turn.graven.dev:5349?transport=udp"
"turns:turn.graven.dev:5349?transport=tcp"
"turns:turn.graven.dev:5350?transport=udp"
"turns:turn.graven.dev:5350?transport=tcp"
];
report_stats = true;
withJemalloc = true;
2021-12-18 12:50:07 +01:00
extraConfig = ''
oidc_providers:
- idp_id: authentik
idp_name: authentik
discover: true
issuer: "https://auth.graven.dev/application/o/matrix-synapse/"
client_id: "b680e49c584fad37610d465b1ea270e8daf7ce50"
client_secret: "d404b3bca1e7d2073a79b4e6d60b64505e2249a7fa6b5a2a0f499ab1955b93e269cddff4c8ce37c8ad929e16cdab5640ec2c25cec36ed73e67b753b6d4689cac"
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
localpart_template: "{{ '{{ user.name }}' }}"
display_name_template: "{{ '{{ user.name|capitalize }}' }}"
'';
2021-09-22 10:16:11 +02:00
logConfig = ''
2021-12-18 12:50:07 +01:00
version: 1
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
handlers:
console:
class: logging.StreamHandler
formatter: precise
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARN
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
root:
level: WARN
handlers: [console]
2021-09-22 10:16:11 +02:00
2021-12-18 12:50:07 +01:00
disable_existing_loggers: false
2021-09-22 10:16:11 +02:00
'';
listeners = [
{
port = 8008;
bind_address = "127.0.0.1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
}