services: matrix-synapse: migrate to new config format

This commit is contained in:
Antoine Martin 2022-03-11 16:26:28 +01:00
parent 3edac96be2
commit aa72401909
4 changed files with 68 additions and 84 deletions

View file

@ -100,7 +100,6 @@ in
matrix = { matrix = {
enable = true; enable = true;
registration_shared_secret = secrets.matrix-registration-shared-secret;
emailConfig = secrets.matrixEmailConfig; emailConfig = secrets.matrixEmailConfig;
}; };

View file

@ -10,7 +10,6 @@ in {
}; };
config.my.secrets = { config.my.secrets = {
matrix-registration-shared-secret = fileContents ./matrix-registration-shared-secret.secret;
shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret; shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret;
shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret; shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret;
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;

View file

@ -26,11 +26,11 @@ in {
options.my.services.matrix = let inherit (lib) types; in { options.my.services.matrix = let inherit (lib) types; in {
enable = mkEnableOption "Matrix Synapse"; enable = mkEnableOption "Matrix Synapse";
registration_shared_secret = mkOption { secretConfigFile = mkOption {
type = types.str; type = types.nullOr types.path;
default = null; default = null;
example = "deadbeef"; example = "/var/run/my_secrets/config.secret";
description = "Shared secret to register users"; description = "Secrets file included in configuration";
}; };
emailConfig = mkOption { emailConfig = mkOption {
@ -76,99 +76,85 @@ in {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
server_name = domain;
public_baseurl = "https://matrix.${domain}";
registration_shared_secret = cfg.registration_shared_secret; extraConfigFiles = lib.optionals (cfg.secretConfigFile != null) [
cfg.secretConfigFile
listeners = [
# Federation
{
bind_address = "::1";
port = federationPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [ { names = [ "federation" ]; compress = false; } ];
}
# Client
{
bind_address = "::1";
port = clientPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [ { names = [ "client" ]; compress = false; } ];
}
]; ];
account_threepid_delegates.msisdn = "https://vector.im"; settings = let
logConfig = ''
version: 1
extraConfig = '' # In systemd's journal, loglevel is implicitly stored, so let's omit it
experimental_features: { spaces_enabled: true } # from the message text.
use_presence: false formatters:
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
email: filters:
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. context:
# (): synapse.util.logcontext.LoggingContextFilter
smtp_host: "${cfg.emailConfig.smtpHost}" request: ""
# The port on the mail server for outgoing SMTP. Defaults to 25. handlers:
# journal:
smtp_port: ${toString cfg.emailConfig.smtpPort} class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
# Username/password for authentication to the SMTP server. By default, no root:
# authentication is attempted. level: WARN
# handlers: [journal]
smtp_user: "${cfg.emailConfig.smtpUser}"
smtp_pass: "${cfg.emailConfig.smtpPass}"
# Uncomment the following to require TLS transport security for SMTP. disable_existing_loggers: False
# By default, Synapse will connect over plain text, and will then switch to '';
# TLS via STARTTLS *if the SMTP server supports it*. If this option is set, in {
# Synapse will refuse to connect unless the server supports STARTTLS. server_name = domain;
# public_baseurl = "https://matrix.${domain}";
require_transport_security: true
# notif_from defines the "From" address to use when sending emails. account_threepid_delegates = {
# It must be set if email sending is enabled. msisdn = "https://vector.im";
# };
# The placeholder '%(app)s' will be replaced by the application name,
# which is normally 'app_name' (below), but may be overridden by the
# Matrix client application.
#
# Note that the placeholder must be written '%(app)s', including the
# trailing 's'.
#
notif_from: "${cfg.emailConfig.notifFrom}"
'';
logConfig = '' listeners = [
version: 1 # Federation
{
bind_addresses = [ "::1" ];
port = federationPort.private;
tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [ { names = [ "federation" ]; compress = false; } ];
}
# In systemd's journal, loglevel is implicitly stored, so let's omit it # Client
# from the message text. {
formatters: bind_addresses = [ "::1" ];
journal_fmt: port = clientPort.private;
format: '%(name)s: [%(request)s] %(message)s' tls = false; # Terminated by nginx.
x_forwarded = true;
resources = [ { names = [ "client" ]; compress = false; } ];
}
];
filters: experimental_features = {
context: spaces_enabled = true;
(): synapse.util.logcontext.LoggingContextFilter };
request: ""
handlers: use_presence = false;
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
root: email = {
level: WARN smtp_host = cfg.emailConfig.smtpHost;
handlers: [journal] smtp_port = cfg.emailConfig.smtpPort;
smtp_user = cfg.emailConfig.smtpUser;
smtp_pass = cfg.emailConfig.smtpPass;
disable_existing_loggers: False require_transport_security = true;
''; notif_from = cfg.emailConfig.notifFrom;
};
log_config = pkgs.writeText "log_config.yaml" logConfig;
};
}; };
services.nginx = { services.nginx = {