{ config, lib, ... }: with lib; let cfg = config.nixfiles.modules.matrix.synapse; in { options.nixfiles.modules.matrix.synapse = { enable = mkEnableOption "Synapse Matrix server"; domain = mkOption { description = "Domain name sans protocol scheme."; type = with types; str; default = config.networking.domain; }; }; config = let bind_address = "127.0.0.1"; port = 8448; in mkIf cfg.enable { ark.directories = ["/var/lib/matrix-synapse"]; nixfiles.modules = { nginx = { enable = true; upstreams.synapse.servers."${bind_address}:${toString port}" = {}; virtualHosts.${cfg.domain}.locations = { "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; ''; return = "200 '${ generators.toJSON {} {"m.server" = "${cfg.domain}:443";} }'"; }; "= /.well-known/matrix/client" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; return = "200 '${ generators.toJSON {} { "m.homeserver".base_url = "https://${cfg.domain}"; } }'"; }; }; }; postgresql.enable = true; }; services = let db = "synapse"; in { matrix-synapse = { enable = true; server_name = config.networking.domain; database_type = "psycopg2"; database_name = db; database_user = db; listeners = [ { inherit bind_address port; type = "http"; tls = false; x_forwarded = true; resources = [ { names = ["client" "federation"]; compress = false; } ]; } ]; }; postgresql = { ensureDatabases = [db]; ensureUsers = [ { name = db; ensurePermissions."DATABASE \"${db}\"" = "ALL"; } ]; }; }; }; }