{ config, ... }: { services.matrix-synapse = { enable = true; server_name = "graven.dev"; enable_registration = false; registration_shared_secret = builtins.toString config.secrets.files.synapse_registration_shared_secret.file; turn_shared_secret = builtins.toString config.secrets.files.turn_shared_secret.file; max_upload_size = "100M"; database_type = "psycopg2"; database_user = "synapse"; database_name = "synapse"; turn_uris = [ "turn:turn.graven.dev:3478?transport=udp" "turn:turn.graven.dev:3478?transport=tcp" "turn:turn.graven.dev:3479?transport=udp" "turn:turn.graven.dev:3479?transport=tcp" "turns:turn.graven.dev:5349?transport=udp" "turns:turn.graven.dev:5349?transport=tcp" "turns:turn.graven.dev:5350?transport=udp" "turns:turn.graven.dev:5350?transport=tcp" ]; report_stats = true; withJemalloc = true; extraConfig = '' oidc_providers: - idp_id: authentik idp_name: authentik discover: true issuer: "https://auth.graven.dev/application/o/matrix-synapse/" client_id: "b680e49c584fad37610d465b1ea270e8daf7ce50" client_secret: "d404b3bca1e7d2073a79b4e6d60b64505e2249a7fa6b5a2a0f499ab1955b93e269cddff4c8ce37c8ad929e16cdab5640ec2c25cec36ed73e67b753b6d4689cac" scopes: - "openid" - "profile" - "email" user_mapping_provider: config: localpart_template: "{{ '{{ user.name }}' }}" display_name_template: "{{ '{{ user.name|capitalize }}' }}" ''; logConfig = '' version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' handlers: console: class: logging.StreamHandler formatter: precise loggers: synapse.storage.SQL: # beware: increasing this to DEBUG will make synapse log sensitive # information such as access tokens. level: WARN root: level: WARN handlers: [console] disable_existing_loggers: false ''; listeners = [ { port = 8008; bind_address = "127.0.0.1"; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = false; } ]; } ]; }; }