mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 08:29:23 +08:00
add synapse
This commit is contained in:
@@ -252,6 +252,7 @@
|
||||
};
|
||||
misskey-proxy = { "xn--qbtm095lrg0bfka60z.chn.moe" = {}; "xn--s8w913fdga.chn.moe" = {}; };
|
||||
coturn.enable = true;
|
||||
synapse-proxy."synapse.chn.moe" = {};
|
||||
};
|
||||
boot =
|
||||
{
|
||||
@@ -339,6 +340,7 @@
|
||||
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
|
||||
wallabag.enable = true;
|
||||
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
|
||||
synapse.enable = true;
|
||||
};
|
||||
boot =
|
||||
{
|
||||
|
||||
@@ -9,9 +9,7 @@ inputs:
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) coturn;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf coturn.enable
|
||||
{
|
||||
services.coturn =
|
||||
|
||||
@@ -10,6 +10,7 @@ inputs:
|
||||
./meilisearch.nix
|
||||
./xray.nix
|
||||
./coturn.nix
|
||||
./synapse.nix
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
|
||||
156
modules/services/synapse.nix
Normal file
156
modules/services/synapse.nix
Normal file
@@ -0,0 +1,156 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
synapse =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
||||
hostname = mkOption { type = types.str; default = "synapse.chn.moe"; };
|
||||
};
|
||||
synapse-proxy = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.str; default = submoduleInputs.config._module.args.name; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) synapse synapse-proxy;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(mkIf synapse.enable
|
||||
{
|
||||
services.matrix-synapse =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
server_name = synapse.hostname;
|
||||
listeners =
|
||||
[{
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
port = 8008;
|
||||
resources = [{ names = [ "client" "federation" ]; compress = false; }];
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = true;
|
||||
}];
|
||||
database =
|
||||
{
|
||||
name = "psycopg2";
|
||||
args =
|
||||
{
|
||||
user = "synapse";
|
||||
database = "synapse";
|
||||
host = "127.0.0.1";
|
||||
port = "5432";
|
||||
};
|
||||
};
|
||||
email =
|
||||
{
|
||||
smtp_host = "mail.chn.moe";
|
||||
smtp_port = 25;
|
||||
smtp_user = "bot@chn.moe";
|
||||
require_transport_security = true;
|
||||
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
|
||||
app_name = "Haonan Chen's synapse";
|
||||
};
|
||||
admin_contact = "mailto:chn@chn.moe";
|
||||
enable_registration = true;
|
||||
registrations_require_3pid = [ "email" ];
|
||||
turn_uris = [ "turn:coturn.chn.moe" ];
|
||||
max_upload_size = "1024M";
|
||||
web_client_location = "https://element.chn.moe/";
|
||||
serve_server_wellknown = true;
|
||||
report_stats = true;
|
||||
trusted_key_servers = [{ server_name = "matrix.org"; }];
|
||||
suppress_key_server_warning = true;
|
||||
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
|
||||
{
|
||||
version = 1;
|
||||
formatters.precise.format =
|
||||
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
|
||||
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
|
||||
root = { level = "INFO"; handlers = [ "console" ]; };
|
||||
disable_existing_loggers = true;
|
||||
};
|
||||
};
|
||||
extraConfigFiles = [ inputs.config.sops.templates."synapse/password.yaml".path ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."synapse/password.yaml" =
|
||||
{
|
||||
owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
group = inputs.config.systemd.services.matrix-synapse.serviceConfig.Group;
|
||||
content = builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "password.yaml"
|
||||
{
|
||||
database.args.password = inputs.config.sops.placeholder."postgresql/synapse";
|
||||
turn_shared_secret = inputs.config.sops.placeholder."synapse/coturn";
|
||||
registration_shared_secret = inputs.config.sops.placeholder."synapse/registration";
|
||||
macaroon_secret_key = inputs.config.sops.placeholder."synapse/macaroon";
|
||||
form_secret = inputs.config.sops.placeholder."synapse/form";
|
||||
signing_key_path = inputs.config.sops.secrets."synapse/signing-key".path;
|
||||
email.smtp_pass = inputs.config.sops.placeholder."mail/bot";
|
||||
});
|
||||
};
|
||||
secrets = (listToAttrs (map
|
||||
(secret: { name = "synapse/${secret}"; value = {}; })
|
||||
[ "coturn" "registration" "macaroon" "form" ]))
|
||||
// { "synapse/signing-key".owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User; }
|
||||
// { "mail/bot" = {}; };
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy =
|
||||
{
|
||||
"${synapse.hostname}" =
|
||||
{
|
||||
upstream = "http://127.0.0.1:${toString synapse.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = synapse.hostname;
|
||||
};
|
||||
"direct.${synapse.hostname}" =
|
||||
{
|
||||
upstream = "http://127.0.0.1:${toString synapse.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = synapse.hostname;
|
||||
detectAuth = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
postgresql = { enable = true; instances.synapse = {}; };
|
||||
};
|
||||
})
|
||||
(mkIf (synapse-proxy != {})
|
||||
{
|
||||
nixos.services.nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy = listToAttrs (map
|
||||
(proxy:
|
||||
{
|
||||
name = proxy.value.hostname;
|
||||
value =
|
||||
{
|
||||
upstream = "https://direct.${proxy.value.hostname}";
|
||||
websocket = true;
|
||||
setHeaders.Host = "direct.${proxy.value.hostname}";
|
||||
addAuth = true;
|
||||
};
|
||||
})
|
||||
(attrsToList synapse-proxy));
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
@@ -53,6 +53,8 @@ nginx:
|
||||
xn--qbtm095lrg0bfka60z.chn.moe: ENC[AES256_GCM,data:6alYFNVOAk0Yp0l4K6G4t6iIptkpsqDxWLRjfSo9UsewNFrbsMqw8JWNAYIqEhitcCb0cMZIBgI=,iv:xZzGMCOJU9Ja9XhDE/4gjsLb7FEjzhfCUtiS7ORvnp4=,tag:pfJr5+GstP9BoKa/bI+t2g==,type:str]
|
||||
#ENC[AES256_GCM,data:4DZF7+ES+DloksRjIlE5GUP3D1V7B7RGrkCVR8r3jqVr8jQubGpDPFE=,iv:4ZWoAEEBjqQDLNAOcgbgFV9btx5v8t3s+D/0uuGynX4=,tag:p5NrYdcX/jdA2atnFMJ6sA==,type:comment]
|
||||
xn--s8w913fdga.chn.moe: ENC[AES256_GCM,data:66JQ6jYy/Md0fWB/yUI00zK3mrUlm+LuO2kS6UmGTIgQ9REDKhq4anVV1l72tK+Ogxfk+wEG7Rc=,iv:hYAsdPAgN2Dmqgtn7rChrqF4cwYmMPXjG82CrPXlnC0=,tag:XUh6M3g0miDC92oWyMyIWA==,type:str]
|
||||
#ENC[AES256_GCM,data:+vQv0OiAnoVvRsgJa/suMdrQ6tTszhLdKqF58Ysbi4ESMy3bWdkH0hQ=,iv:z6jQRLRRnSph6+6yidhRvU4LOLUdpnPg//0J0jDnBCk=,tag:3yUMZcuBGcOgEYuuxD5ZuQ==,type:comment]
|
||||
synapse.chn.moe: ENC[AES256_GCM,data:Thnj1uOAhzUHDpX7MXo6hRCP7xWlq9N5v9C0TzcpDWSeis0wpb8BKeJzp+olIWk4iehENgQc1ws=,iv:Hf9PYYUkubXJ3qggXzHIY69s8ruEscfIEHI+SvMO9l4=,tag:n8R5mS7KUY2CPrYPRctPGw==,type:str]
|
||||
maxmind-license: ENC[AES256_GCM,data:sESU6uK9EYLido9/0sXO2Zw1SjuKmxPh4r3giJcaG7068gn1kByjsA==,iv:htnFgnLrH35zSvmlRAdoRDLFIpKroKO5dW9TNK9soUc=,tag:6pJuc54SrKP5n0kJJ7fGyA==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
@@ -82,8 +84,8 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-29T12:27:39Z"
|
||||
mac: ENC[AES256_GCM,data:NnJiE2k2Oyt0QScaI8yAyA7qOMw7M8T8GOurpDx3Phy31Pa0GvXO23cf5ynp2IZooKoob/hPiP5E5ltnfbCdGhUCBgtSDOM6B6OGRWWCK1kz3G1yPn3DzCjrqUAjdHdEd94FTNCaBQUl0zw2U9mX6y8aoKNaYPcRM7pXn8GGRwU=,iv:B4tKjNqouaeEzHJplTwTOqqKITEAFQPlJxiiGeVt1qs=,tag:8BsB+ipGPXz8O19I0/e2iQ==,type:str]
|
||||
lastmodified: "2023-08-29T13:47:17Z"
|
||||
mac: ENC[AES256_GCM,data:yJPCvlmADSnMvVXMtPhrmp9DOZ/pj1ey2/SZCpZhbBkYDa+sSg48YCKqMPwqyx7PdkQHfVjhyen+eRJjczbeaTclClpGKRkQJzW7qArZz4dF5sfD+q64i8zjVmjxX2Pajb/iHWbQiax7kp5YSgYEKXSP3caCb73fu7aL3Tm9Isw=,iv:6o5MaH/Oy53HabDNDITz1XHDNBila5KgtkU4mwmfkwg=,tag:nuo0srgaAfhEP2xPp2r43w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -3,6 +3,7 @@ acme:
|
||||
nginx:
|
||||
detectAuth:
|
||||
direct.xn--s8w913fdga.chn.moe: ENC[AES256_GCM,data:6002XL/N+U9+1MVvWZLio0nC0laqf1K3Gh6kkzgGjqT3DHnMiycfsbO1vj6c,iv:o08K08/ZPPugjeA3eKPoiVe/ltEZv1OVuiZa/VyPv/A=,tag:CXu4i4upNdyNwJTXxhwc3w==,type:str]
|
||||
direct.synapse.chn.moe: ENC[AES256_GCM,data:tvmm5xhZtuwa48tBrKHdYs4lKdEsBpCb0w00fpN0f8W57X+ijLTZCxu5AVN+,iv:5SoEvoIUfgGNsdPBLiY+2xsYfgqR9vDOGT6g3hlzgSY=,tag:nhWpGA3xSQ+X94ezauEeTg==,type:str]
|
||||
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
|
||||
redis:
|
||||
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
|
||||
@@ -11,6 +12,7 @@ redis:
|
||||
postgresql:
|
||||
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
|
||||
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
|
||||
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
|
||||
meilisearch:
|
||||
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
|
||||
rsshub:
|
||||
@@ -21,8 +23,13 @@ rsshub:
|
||||
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
|
||||
mail:
|
||||
bot-encoded: ENC[AES256_GCM,data:HstqDfhKoLqDip9O+mwYGbNlNQ==,iv:CZSTfxJHhI6nG7501cQdJiZ9l3uKS7d5YsA8iVTUuoE=,tag:Rj3rvXJzDp8XzODV/gABog==,type:str]
|
||||
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
|
||||
synapse:
|
||||
coturn: ENC[AES256_GCM,data:d0slDodWSVCMMgYXeLYcESuS3q2OkRI0fGTPAn1Ho+WLc/g8IHwSDtLt6W8j9UiBn1TpLVHnI71M6SZLwZK2XQ==,iv:nF89F/ezZFgCrS1WLLTgdV6pksSSgntJUdJ8Q2hVME4=,tag:Z0bJFFRdZCinrFDH9gyGwg==,type:str]
|
||||
registration: ENC[AES256_GCM,data:bvDx/RaGLd7wkQIGz6+GKNHzuwjaoC2IOIY5Nu+/UAAjlwtTv5fhjlxq1ylTctvaeto=,iv:2mcSGeocXboBcY3SHkio8tnj+7rM1o5gOHZGYBP5x+Q=,tag:3vcVHR03NyIq6DvbPApFkg==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:SUJe+4q7QlWBceL/cyJxrjl9OV9o2//YEu3k4rzRRg3eSgiDphyL8MWzoO/WH8MzaH8=,iv:2tTQVj9kHa3Lb3ZqnxwSfpyWEDq77gtxS+iBqKuTLpY=,tag:XnKKMg8sxw3WQtJvfcyXcA==,type:str]
|
||||
form: ENC[AES256_GCM,data:N/5El9TMbVL0zKTiTgtjdhk3PeRmWV7grckZ6NrroaXqt0I1HCCUGJQA+Qd7fp5SKV0=,iv:AfP6PrsyU6cCQa3LEUivN3k5pv/JARVzEigHJLopasU=,tag:CT0/7czF+VNnlb5yN8EZXg==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:ZCayvU2lElUnuyVDL05XjO3v2P78ha9i9PEcLvpBLgNeYkh7nH9Z4kIAP6Pmbw39ufaSJuo5tZZPmA==,iv:CfxqL7dJbmG/jEcdDe+Su8uxsA4dkOq/CCOGlb3EDIk=,tag:9728QS3GLnTcerzDgtQEWw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -47,8 +54,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-29T12:27:54Z"
|
||||
mac: ENC[AES256_GCM,data:pbZqUybl1YVjUs/KPXN6Vt0kz9L3LBLxYHhTlHj5xXw4Ctjmo50kzN1bgNfCqRduNK9YtaO4SNK9AVPPQxE7KtXr7IbyCrFgDvLKGh8OzrEVAKKfiGmvJCaDxU0su6W3xc9CTsNj/xOM2KRfyBA9G3KfqLm3RN6FDLL3d4uukVs=,iv:uMb58lXVTNkn40IgrOhjxU2Xn68BzF58OfND1SyI0Y0=,tag:Wg2TWtNtoZ1Fi0ektIMtJA==,type:str]
|
||||
lastmodified: "2023-08-29T14:07:02Z"
|
||||
mac: ENC[AES256_GCM,data:vfAdG15p0USMgctkoiw9ynZUOAxTW2rsJBt3UY91N6h1GBW4oqBQWuksj49fCJX/CmsQDdjV9wS0VGEbx8aIcVizwmDSfnYMS2Dxe9A7caGOvCGahomasLrR0HfKRXrrx45fXTz9fxCxiNniUZGkiXIJ1VcQYf/jdidGFNSQm+c=,iv:MZpghtpGDf1Upez7sglLhnskkCXPFlEww4GDY6/2hjA=,tag:FFCjm3RVxFfh9IhwUC3ziQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
Reference in New Issue
Block a user