services: matrix-synapse: migrate to new config format
This commit is contained in:
parent
3edac96be2
commit
aa72401909
|
@ -100,7 +100,6 @@ in
|
||||||
|
|
||||||
matrix = {
|
matrix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
registration_shared_secret = secrets.matrix-registration-shared-secret;
|
|
||||||
emailConfig = secrets.matrixEmailConfig;
|
emailConfig = secrets.matrixEmailConfig;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config.my.secrets = {
|
config.my.secrets = {
|
||||||
matrix-registration-shared-secret = fileContents ./matrix-registration-shared-secret.secret;
|
|
||||||
shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret;
|
shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret;
|
||||||
shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret;
|
shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret;
|
||||||
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
||||||
|
|
Binary file not shown.
|
@ -26,11 +26,11 @@ in {
|
||||||
options.my.services.matrix = let inherit (lib) types; in {
|
options.my.services.matrix = let inherit (lib) types; in {
|
||||||
enable = mkEnableOption "Matrix Synapse";
|
enable = mkEnableOption "Matrix Synapse";
|
||||||
|
|
||||||
registration_shared_secret = mkOption {
|
secretConfigFile = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
example = "deadbeef";
|
example = "/var/run/my_secrets/config.secret";
|
||||||
description = "Shared secret to register users";
|
description = "Secrets file included in configuration";
|
||||||
};
|
};
|
||||||
|
|
||||||
emailConfig = mkOption {
|
emailConfig = mkOption {
|
||||||
|
@ -76,99 +76,85 @@ in {
|
||||||
|
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
server_name = domain;
|
|
||||||
public_baseurl = "https://matrix.${domain}";
|
|
||||||
|
|
||||||
registration_shared_secret = cfg.registration_shared_secret;
|
extraConfigFiles = lib.optionals (cfg.secretConfigFile != null) [
|
||||||
|
cfg.secretConfigFile
|
||||||
listeners = [
|
|
||||||
# Federation
|
|
||||||
{
|
|
||||||
bind_address = "::1";
|
|
||||||
port = federationPort.private;
|
|
||||||
tls = false; # Terminated by nginx.
|
|
||||||
x_forwarded = true;
|
|
||||||
resources = [ { names = [ "federation" ]; compress = false; } ];
|
|
||||||
}
|
|
||||||
|
|
||||||
# Client
|
|
||||||
{
|
|
||||||
bind_address = "::1";
|
|
||||||
port = clientPort.private;
|
|
||||||
tls = false; # Terminated by nginx.
|
|
||||||
x_forwarded = true;
|
|
||||||
resources = [ { names = [ "client" ]; compress = false; } ];
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
account_threepid_delegates.msisdn = "https://vector.im";
|
settings = let
|
||||||
|
logConfig = ''
|
||||||
|
version: 1
|
||||||
|
|
||||||
extraConfig = ''
|
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||||
experimental_features: { spaces_enabled: true }
|
# from the message text.
|
||||||
use_presence: false
|
formatters:
|
||||||
|
journal_fmt:
|
||||||
|
format: '%(name)s: [%(request)s] %(message)s'
|
||||||
|
|
||||||
email:
|
filters:
|
||||||
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
context:
|
||||||
#
|
(): synapse.util.logcontext.LoggingContextFilter
|
||||||
smtp_host: "${cfg.emailConfig.smtpHost}"
|
request: ""
|
||||||
|
|
||||||
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
handlers:
|
||||||
#
|
journal:
|
||||||
smtp_port: ${toString cfg.emailConfig.smtpPort}
|
class: systemd.journal.JournalHandler
|
||||||
|
formatter: journal_fmt
|
||||||
|
filters: [context]
|
||||||
|
SYSLOG_IDENTIFIER: synapse
|
||||||
|
|
||||||
# Username/password for authentication to the SMTP server. By default, no
|
root:
|
||||||
# authentication is attempted.
|
level: WARN
|
||||||
#
|
handlers: [journal]
|
||||||
smtp_user: "${cfg.emailConfig.smtpUser}"
|
|
||||||
smtp_pass: "${cfg.emailConfig.smtpPass}"
|
|
||||||
|
|
||||||
# Uncomment the following to require TLS transport security for SMTP.
|
disable_existing_loggers: False
|
||||||
# By default, Synapse will connect over plain text, and will then switch to
|
'';
|
||||||
# TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
|
in {
|
||||||
# Synapse will refuse to connect unless the server supports STARTTLS.
|
server_name = domain;
|
||||||
#
|
public_baseurl = "https://matrix.${domain}";
|
||||||
require_transport_security: true
|
|
||||||
|
|
||||||
# notif_from defines the "From" address to use when sending emails.
|
account_threepid_delegates = {
|
||||||
# It must be set if email sending is enabled.
|
msisdn = "https://vector.im";
|
||||||
#
|
};
|
||||||
# The placeholder '%(app)s' will be replaced by the application name,
|
|
||||||
# which is normally 'app_name' (below), but may be overridden by the
|
|
||||||
# Matrix client application.
|
|
||||||
#
|
|
||||||
# Note that the placeholder must be written '%(app)s', including the
|
|
||||||
# trailing 's'.
|
|
||||||
#
|
|
||||||
notif_from: "${cfg.emailConfig.notifFrom}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
logConfig = ''
|
listeners = [
|
||||||
version: 1
|
# Federation
|
||||||
|
{
|
||||||
|
bind_addresses = [ "::1" ];
|
||||||
|
port = federationPort.private;
|
||||||
|
tls = false; # Terminated by nginx.
|
||||||
|
x_forwarded = true;
|
||||||
|
resources = [ { names = [ "federation" ]; compress = false; } ];
|
||||||
|
}
|
||||||
|
|
||||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
# Client
|
||||||
# from the message text.
|
{
|
||||||
formatters:
|
bind_addresses = [ "::1" ];
|
||||||
journal_fmt:
|
port = clientPort.private;
|
||||||
format: '%(name)s: [%(request)s] %(message)s'
|
tls = false; # Terminated by nginx.
|
||||||
|
x_forwarded = true;
|
||||||
|
resources = [ { names = [ "client" ]; compress = false; } ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
filters:
|
experimental_features = {
|
||||||
context:
|
spaces_enabled = true;
|
||||||
(): synapse.util.logcontext.LoggingContextFilter
|
};
|
||||||
request: ""
|
|
||||||
|
|
||||||
handlers:
|
use_presence = false;
|
||||||
journal:
|
|
||||||
class: systemd.journal.JournalHandler
|
|
||||||
formatter: journal_fmt
|
|
||||||
filters: [context]
|
|
||||||
SYSLOG_IDENTIFIER: synapse
|
|
||||||
|
|
||||||
root:
|
email = {
|
||||||
level: WARN
|
smtp_host = cfg.emailConfig.smtpHost;
|
||||||
handlers: [journal]
|
smtp_port = cfg.emailConfig.smtpPort;
|
||||||
|
smtp_user = cfg.emailConfig.smtpUser;
|
||||||
|
smtp_pass = cfg.emailConfig.smtpPass;
|
||||||
|
|
||||||
disable_existing_loggers: False
|
require_transport_security = true;
|
||||||
'';
|
notif_from = cfg.emailConfig.notifFrom;
|
||||||
|
};
|
||||||
|
|
||||||
|
log_config = pkgs.writeText "log_config.yaml" logConfig;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
|
Loading…
Reference in a new issue