coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Migrate from Synapse to Dendrite

This commit is contained in:
coolneng 2022-07-20 16:34:14 +02:00
parent d1eaf76099
commit af18ffd29e
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
10 changed files with 171 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
configuration.nix
View File

@ -122,6 +122,17 @@ with pkgs;
owner = "coolneng";
group = "users";
};
# HACK The owner and group is set by systemd due to the use of DynamicUser
secrets.dendrite = {
file = secrets/dendrite.age;
owner = "63026";
group = "63026";
};
secrets.dendrite-postgres = {
file = secrets/dendrite-postgres.age;
owner = "63026";
group = "63026";
};
identityPaths = [ "/home/coolneng/.ssh/id_ed25519" ];
};

70
flake.lock
View File

@ -20,6 +20,75 @@
"type": "github"
}
},
"devshell": {
"locked": {
"lastModified": 1642188268,
"narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
"owner": "numtide",
"repo": "devshell",
"rev": "696acc29668b644df1740b69e1601119bf6da83b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1641205782,
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nix-matrix-appservices": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1650783069,
"narHash": "sha256-mcjuOAXVC9zZ6f5Uh67uEpiZzaTMFP6ZvW8pqanesLM=",
"owner": "coffeetables",
"repo": "nix-matrix-appservices",
"rev": "5483c1b3f73c81a4533a1d7a8cc80486ca9b5c14",
"type": "gitlab"
},
"original": {
"owner": "coffeetables",
"repo": "nix-matrix-appservices",
"type": "gitlab"
}
},
"nixlib": {
"locked": {
"lastModified": 1643502816,
"narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
"owner": "divnix",
"repo": "nixpkgs.lib",
"rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
"type": "github"
},
"original": {
"owner": "divnix",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1656933710,
@ -53,6 +122,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"nix-matrix-appservices": "nix-matrix-appservices",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
}

13
flake.nix
View File

@ -7,10 +7,18 @@
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-matrix-appservices = {
url = "gitlab:coffeetables/nix-matrix-appservices";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, agenix, nixos-hardware, ... }@inputs:
outputs = { self, nixpkgs, agenix, nixos-hardware, nix-matrix-appservices, ...
}@inputs:
let
system = "aarch64-linux";
@ -25,6 +33,7 @@
(import ./configuration.nix)
agenix.nixosModules.age
nixos-hardware.nixosModules.raspberry-pi-4
nix-matrix-appservices.nixosModule
];
specialArgs = { inherit inputs; };
};

94
modules/communication.nix
View File

@ -1,41 +1,79 @@
{ config, lib, pkgs, ... }:
{
with pkgs;
# NOTE Reference the environment variable set in the corresponding agenix secret
let database.connection_string = "$DB_STRING";
in {
# Matrix server configuration
services.matrix-synapse = {
services.dendrite = {
enable = true;
httpPort = 8008;
environmentFile = config.age.secrets.dendrite-postgres.path;
loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
settings = {
server_name = "coolneng.duckdns.org";
public_baseurl = "https://matrix.coolneng.duckdns.org";
listeners = [{
port = 8008;
tls = false;
resources = [{
compress = true;
names = [ "client" ];
}];
bind_addresses = [ "127.0.0.1" ];
}];
app_service_config_files =
[ "/var/lib/matrix-synapse/telegram-registration.yaml" ];
global = {
server_name = "coolneng.duckdns.org";
private_key = config.age.secrets.dendrite.path;
inherit database;
};
# HACK Inherit postgres connection string for the rest of the DBs
app_service_api = { inherit database; };
media_api = { inherit database; };
room_server = { inherit database; };
push_server = { inherit database; };
mscs = {
inherit database;
mscs = [ "msc2836" "msc2946" ];
};
sync_api = { inherit database; };
key_server = { inherit database; };
federation_api = { inherit database; };
user_api = {
account_database = database;
device_database = database;
};
};
};
# Telegram bridge for Matrix
services.mautrix-telegram = {
enable = true;
environmentFile = /var/lib/mautrix-telegram/telegram.env;
settings = {
homeserver = {
address = "https://matrix.coolneng.duckdns.org";
domain = "coolneng.duckdns.org";
};
appservice = {
address = "http://localhost:8118";
# Matrix bridges
services.matrix-appservices = {
homeserver = "dendrite";
addRegistrationFiles = true;
services = {
telegram = {
port = 8118;
format = "mautrix-python";
package = mautrix-telegram;
};
facebook = {
port = 8228;
format = "mautrix-python";
package = mautrix-facebook;
};
signal = {
port = 8338;
format = "mautrix-python";
package = mautrix-signal;
serviceConfig = {
StateDirectory = [ "matrix-as-signal" "signald" ];
JoinNamespaceOf = "signald.service";
SupplementaryGroups = [ "signald" ];
};
settings.signal = {
socket_path = config.services.signald.socketPath;
outgoing_attachment_dir = "/var/lib/signald/tmp";
};
};
bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
};
serviceDependencies = [ "matrix-synapse.service" ];
};
# Additional settings for mautrix-signal
services.signald.enable = true;
systemd.services.matrix-as-signal = {
requires = [ "signald.service" ];
after = [ "signald.service" ];
};
}

11
modules/webstack.nix
View File

@ -45,6 +45,7 @@
"rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
"/.well-known/".alias = "${../well-known}" + "/";
};
};
"radicale.coolneng.duckdns.org" = {
@ -88,7 +89,13 @@
ssl = true;
}
];
locations."/".proxyPass = "http://localhost:8008/";
locations."~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
"element.coolneng.duckdns.org" = {
enableACME = true;
@ -177,7 +184,7 @@
"syncthing.service"
"miniflux.service"
"radicale.service"
"matrix-synapse.service"
"dendrite.service"
"phpfpm-wallabag.service"
];
}

2
scripts/motd.sh
View File

@ -25,7 +25,7 @@ services=(
"miniflux.service"
"phpfpm-wallabag.service"
"gitea.service"
"matrix-synapse.service"
"dendrite.service"
"mautrix-telegram.service"
"nginx.service"
"dnsmasq.service"

BIN
secrets/dendrite-postgres.age Normal file
View File

Binary file not shown.

BIN
secrets/dendrite.age Normal file
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@ -9,4 +9,6 @@ in {
"ddclient.age".publicKeys = [ zion ];
"miniflux.age".publicKeys = [ zion ];
"git.age".publicKeys = [ zion ];
"dendrite.age".publicKeys = [ zion ];
"dendrite-postgres.age".publicKeys = [ zion ];
}

1
well-known/matrix/server Normal file
View File

@ -0,0 +1 @@
{ "m.server": "matrix.coolneng.duckdns.org:443" }