{ config, ... }: { services.matrix-synapse = { enable = true; withJemalloc = true; settings = { server_name = "graven.dev"; enable_registration = false; registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file; turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file; max_upload_size = "100M"; database.name = "psycopg2"; database.args.user = "synapse"; database.args.database = "synapse"; turn_uris = [ "turn:turn.graven.dev:3478?transport=udp" "turn:turn.graven.dev:3478?transport=tcp" "turn:turn.graven.dev:3479?transport=udp" "turn:turn.graven.dev:3479?transport=tcp" "turns:turn.graven.dev:5349?transport=udp" "turns:turn.graven.dev:5349?transport=tcp" "turns:turn.graven.dev:5350?transport=udp" "turns:turn.graven.dev:5350?transport=tcp" ]; report_stats = true; extraConfig = '' password_config: enabled: false oidc_providers: - idp_id: authentik idp_name: authentik discover: true issuer: "https://auth.graven.dev/application/o/synapse/" client_id: "7a77036d3b360265895f2ab5a51264ba586c93d5" client_secret: "a9f9146fd13338230481a71c824d122bfb5e8a2118f2cdaf882746ad6726aeecd50ef522338acec89d3f8ccb8014124e022a6af6769807ea4271931f219a3f55" allow_existing_users: true scopes: - "openid" - "profile" - "email" user_mapping_provider: config: localpart_template: "{{ user.name }}" display_name_template: "{{ user.name|capitalize }}" ''; logConfig = '' version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' handlers: console: class: logging.StreamHandler formatter: precise loggers: synapse.storage.SQL: # beware: increasing this to DEBUG will make synapse log sensitive # information such as access tokens. level: WARN root: level: WARN handlers: [console] disable_existing_loggers: false ''; listeners = [ { port = 8008; bind_addresses = ["127.0.0.1"]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = false; } ]; } ]; }; }; }