From 8f137c28230623259a964484adcf31fe00756594 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sat, 17 Dec 2022 16:39:09 +0300
Subject: 2022-12-17

---
 modules/nixos/matrix/synapse.nix | 93 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 modules/nixos/matrix/synapse.nix

(limited to 'modules/nixos/matrix/synapse.nix')

diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
new file mode 100644
index 0000000..6ff5e0d
--- /dev/null
+++ b/modules/nixos/matrix/synapse.nix
@@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.matrix.synapse;
+in {
+  options.nixfiles.modules.matrix.synapse = {
+    enable = mkEnableOption "Synapse Matrix server";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = config.networking.domain;
+    };
+  };
+
+  config = let
+    bind_address = "127.0.0.1";
+    port = 8448;
+  in
+    mkIf cfg.enable {
+      nixfiles.modules = {
+        nginx = {
+          enable = true;
+          upstreams.synapse.servers."${bind_address}:${toString port}" = {};
+          virtualHosts.${cfg.domain}.locations = {
+            "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse";
+            "= /.well-known/matrix/server" = {
+              extraConfig = ''
+                add_header Content-Type application/json;
+              '';
+              return = "200 '${
+                generators.toJSON {} {"m.server" = "${cfg.domain}:443";}
+              }'";
+            };
+            "= /.well-known/matrix/client" = {
+              extraConfig = ''
+                add_header Content-Type application/json;
+                add_header Access-Control-Allow-Origin *;
+              '';
+              return = "200 '${
+                generators.toJSON {} {
+                  "m.homeserver".base_url = "https://${cfg.domain}";
+                }
+              }'";
+            };
+          };
+        };
+        postgresql.enable = true;
+      };
+
+      services = let
+        db = "synapse";
+      in {
+        matrix-synapse = {
+          enable = true;
+          server_name = config.networking.domain;
+
+          database_type = "psycopg2";
+          database_name = db;
+          database_user = db;
+
+          listeners = [
+            {
+              inherit bind_address port;
+              type = "http";
+              tls = false;
+              x_forwarded = true;
+              resources = [
+                {
+                  names = ["client" "federation"];
+                  compress = false;
+                }
+              ];
+            }
+          ];
+        };
+
+        postgresql = {
+          ensureDatabases = [db];
+          ensureUsers = [
+            {
+              name = db;
+              ensurePermissions."DATABASE \"${db}\"" = "ALL";
+            }
+          ];
+        };
+      };
+    };
+}
-- 
cgit v1.2.3