From d74f67e4fbb4f98f94be0111808d834619ca941b Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Sep 2025 16:43:54 +0200 Subject: [PATCH] switch to synapse away from conduit --- .../authentication/zitadel/default.nix | 11 +- .../communication/conduit/default.nix | 135 +++++++++++++++--- 2 files changed, 120 insertions(+), 26 deletions(-) diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 2f65f6f..7edccc1 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -4,8 +4,7 @@ let cfg = config.${namespace}.services.authentication.zitadel; - db_name = "zitadel"; - db_user = "zitadel"; + database = "zitadel"; in { options.${namespace}.services.authentication.zitadel = { @@ -72,9 +71,9 @@ in Host = "localhost"; # Zitadel will report error if port is not set Port = 5432; - Database = db_name; + Database = database; User = { - Username = db_user; + Username = database; SSL.Mode = "disable"; }; Admin = { @@ -105,10 +104,10 @@ in postgresql = { enable = true; - ensureDatabases = [ db_name ]; + ensureDatabases = [ database ]; ensureUsers = [ { - name = db_user; + name = database; ensureDBOwnership = true; } ]; diff --git a/modules/nixos/services/communication/conduit/default.nix b/modules/nixos/services/communication/conduit/default.nix index 13a2cbc..3e909ff 100644 --- a/modules/nixos/services/communication/conduit/default.nix +++ b/modules/nixos/services/communication/conduit/default.nix @@ -1,9 +1,15 @@ { config, lib, pkgs, namespace, ... }: let + inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.services.communication.conduit; - domain = "matrix.kruining.eu"; + + domain = "kruining.eu"; + fqn = "matrix.${domain}"; + port = 4001; + + database = "synapse"; in { options.${namespace}.services.communication.conduit = { @@ -20,13 +26,13 @@ in services = { matrix-conduit = { - enable = true; + enable = false; settings.global = { address = "::"; - port = 4001; + port = port; - server_name = "matrix.kruining.eu"; + server_name = domain; database_backend = "rocksdb"; # database_path = "/var/lib/matrix-conduit/"; @@ -38,27 +44,115 @@ in }; }; - # postgresql = { - # enable = true; - # ensureDatabases = [ "conduit" ]; - # ensureUsers = [ - # { - # name = "conduit"; - # ensureDBOwnership = true; - # } - # ]; - # }; + matrix-synapse = { + enable = true; + + extras = [ "oidc" ]; + plugins = with config.services.matrix-synapse.package.plugins; []; + + settings = { + server_name = domain; + public_baseurl = "https://${fqn}"; + + enable_registration = false; + registration_shared_secret = "tZtBnlhEmLbMwF0lQ112VH1Rl5MkZzYH9suI4pEoPXzk6nWUB8FJF4eEnwLkbstz"; + + url_preview_enabled = true; + precence.enabled = true; + + database = { + # this is postgresql (also the default, but I prefer to be explicit) + name = "psycopg2"; + args = { + database = database; + user = database; + }; + }; + + listeners = [ + { + bind_addresses = ["::"]; + port = port; + type = "http"; + tls = false; + x_forwarded = true; + + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + }; + + mautrix-signal = { + enable = true; + registerToSynapse = true; + + settings = { + appservice = { + provisioning.enabled = false; + port = 40011; + }; + + homeserver = { + address = "http://[::1]:${toString port}"; + domain = domain; + }; + + bridge = { + permissions = { + "@chris:${domain}" = "admin"; + }; + }; + }; + }; + + mautrix-whatsapp = { + enable = true; + registerToSynapse = true; + + settings = { + appservice = { + provisioning.enabled = false; + port = 40012; + }; + + homeserver = { + address = "http://[::1]:${toString port}"; + domain = domain; + }; + + bridge = { + permissions = { + "@chris:${domain}" = "admin"; + }; + }; + }; + }; + + postgresql = { + enable = true; + ensureDatabases = [ database ]; + ensureUsers = [ + { + name = database; + ensureDBOwnership = true; + } + ]; + }; caddy = { enable = true; virtualHosts = let - inherit (builtins) toJSON; - server = { - "m.server" = "${domain}:443"; + "m.server" = "${fqn}:443"; }; client = { - "m.homeserver".base_url = "https://${domain}"; + "m.homeserver".base_url = "https://${fqn}"; "m.identity_server".base_url = "https://auth.amarth.cloud"; }; in { @@ -67,9 +161,10 @@ in header /.well-known/matrix/* Access-Control-Allow-Origin * respond /.well-known/matrix/server `${toJSON server}` respond /.well-known/matrix/client `${toJSON client}` - + ''; + "${fqn}".extraConfig = '' reverse_proxy /_matrix/* http://::1:4001 - # reverse_proxy /_synapse/client/* http://::1:4001 + reverse_proxy /_synapse/client/* http://::1:4001 ''; }; };