{config, ...}: let httpIntPort = 14030; dbIntPort = 14032; domHost = "mtx.min.rip"; domDelegate = "min.rip"; dir = "/srv/synapse"; dirSynapse = "${dir}/synapse"; dirDb = "${dir}/db"; in { services.nginx = { virtualHosts.${domHost} = { locations."/" = { proxyPass = "http://127.0.0.1:${toString httpIntPort}"; }; forceSSL = true; enableACME = true; }; virtualHosts.${domDelegate} = { locations."/.well-known/matrix/client" = { return = ''200 '{"m.homeserver": {"base_url": "https://${domHost}:443"}}' ''; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; }; locations."/.well-known/matrix/server" = { return = ''200 '{"m.server": "${domHost}:443"}' ''; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; }; }; }; # Auto-create directories we need systemd.tmpfiles.rules = [ "d ${dir} 0777 root root - -" "d ${dirSynapse} 0750 224 224 - -" "d ${dirDb} 0750 70 70 - -" ]; virtualisation.oci-containers.containers.synapse-db = { image = "docker.io/postgres:12-alpine"; environment = { POSTGRES_USER = "synapse"; POSTGRES_PASSWORD = "synapse"; POSTGRES_INITDB_ARGS = "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"; }; volumes = [ "${dirDb}:/var/lib/postgresql/data" ]; ports = ["${toString dbIntPort}:5432/tcp"]; # extraOptions = [ # "--health-cmd" "pg_isready -U \${POSTGRES_USER}" # "--health-interval=5s" # "--health-retries=5" # ]; }; sops.secrets."svc-synapse-synapse-config" = { owner = "matrix-synapse"; group = "matrix-synapse"; mode = "0664"; }; services.matrix-synapse = { enable = true; withJemalloc = true; dataDir = dirSynapse; extraConfigFiles = [config.sops.secrets."svc-synapse-synapse-config".path]; settings = { server_name = domDelegate; listeners = [ { bind_addresses = ["127.0.0.1"]; port = httpIntPort; tls = false; type = "http"; x_forwarded = true; resources = [ { names = ["client" "federation"]; compress = false; } ]; } ]; database = { name = "psycopg2"; args = { user = "synapse"; password = "synapse"; database = "synapse"; host = "127.0.0.1"; port = dbIntPort; }; }; report_stats = false; }; }; }