i use mx-puppet now. it works better and requires no patching (at least yet. maybe it will in the future to support threads).
86 lines
3.3 KiB
Nix
86 lines
3.3 KiB
Nix
# docs: https://nixos.wiki/wiki/Matrix
|
|
# docs: https://nixos.org/manual/nixos/stable/index.html#module-services-matrix-synapse
|
|
{ config, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./discord-puppet.nix
|
|
# ./irc.nix
|
|
];
|
|
|
|
sane.impermanence.service-dirs = [
|
|
{ user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
|
|
];
|
|
services.matrix-synapse.enable = true;
|
|
services.matrix-synapse.settings.log_config = ./synapse-log_level.yaml;
|
|
services.matrix-synapse.settings.server_name = "uninsane.org";
|
|
|
|
# services.matrix-synapse.enable_registration_captcha = true;
|
|
# services.matrix-synapse.enable_registration_without_verification = true;
|
|
services.matrix-synapse.settings.enable_registration = true;
|
|
# services.matrix-synapse.registration_shared_secret = "<shared key goes here>";
|
|
|
|
# default for listeners is port = 8448, tls = true, x_forwarded = false.
|
|
# we change this because the server is situated behind nginx.
|
|
services.matrix-synapse.settings.listeners = [
|
|
{
|
|
port = 8008;
|
|
bind_addresses = [ "127.0.0.1" ];
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [
|
|
{
|
|
names = [ "client" "federation" ];
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
services.matrix-synapse.settings.admin_contact = "admin.matrix@uninsane.org";
|
|
services.matrix-synapse.settings.registrations_require_3pid = [ "email" ];
|
|
|
|
services.matrix-synapse.extraConfigFiles = [
|
|
config.sops.secrets.matrix_synapse_secrets.path
|
|
];
|
|
|
|
# services.matrix-synapse.extraConfigFiles = [builtins.toFile "matrix-synapse-extra-config" ''
|
|
# admin_contact: "admin.matrix@uninsane.org"
|
|
# registrations_require_3pid:
|
|
# - email
|
|
# email:
|
|
# smtp_host: "mx.uninsane.org"
|
|
# smtp_port: 587
|
|
# smtp_user: "matrix-synapse"
|
|
# smtp_pass: "${secrets.matrix-synapse.smtp_pass}"
|
|
# require_transport_security: true
|
|
# enable_tls: true
|
|
# notif_from: "%(app)s <notify.matrix@uninsane.org>"
|
|
# app_name: "Uninsane Matrix"
|
|
# enable_notifs: true
|
|
# validation_token_lifetime: 96h
|
|
# invite_client_location: "https://web.matrix.uninsane.org"
|
|
# subjects:
|
|
# email_validation: "[%(server_name)s] Validate your email"
|
|
# ''];
|
|
|
|
# new users may be registered on the CLI:
|
|
# register_new_matrix_user -c /nix/store/8n6kcka37jhmi4qpd2r03aj71pkyh21s-homeserver.yaml http://localhost:8008
|
|
#
|
|
# or provide an registration token then can use to register through the client.
|
|
# docs: https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/admin_api/registration_tokens.md
|
|
# first, grab your own user's access token (Help & About section in Element). then:
|
|
# curl --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens
|
|
# create a token with unlimited uses:
|
|
# curl -d '{}' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
|
|
# create a token with limited uses:
|
|
# curl -d '{ "uses_allowed": 1 }' --header "Authorization: Bearer <my_token>" localhost:8008/_synapse/admin/v1/registration_tokens/new
|
|
|
|
|
|
sops.secrets.matrix_synapse_secrets = {
|
|
sopsFile = ../../../../secrets/servo.yaml;
|
|
owner = config.users.users.matrix-synapse.name;
|
|
};
|
|
}
|