Migrate from Synapse to Dendrite

2022-07-20 16:34:14 +02:00 · 2022-07-20 16:34:14 +02:00 · af18ffd29e
parent d1eaf76099
commit af18ffd29e
10 changed files with 171 additions and 33 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -122,6 +122,17 @@ with pkgs;
      owner = "coolneng";
      group = "users";
    };
    # HACK The owner and group is set by systemd due to the use of DynamicUser
    secrets.dendrite = {
      file = secrets/dendrite.age;
      owner = "63026";
      group = "63026";
    };
    secrets.dendrite-postgres = {
      file = secrets/dendrite-postgres.age;
      owner = "63026";
      group = "63026";
    };
    identityPaths = [ "/home/coolneng/.ssh/id_ed25519" ];
  };
--- a/flake.lock
+++ b/flake.lock
@ -20,6 +20,75 @@
        "type": "github"
      }
    },
    "devshell": {
      "locked": {
        "lastModified": 1642188268,
        "narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "696acc29668b644df1740b69e1601119bf6da83b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1641205782,
        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "nix-matrix-appservices": {
      "inputs": {
        "devshell": "devshell",
        "flake-compat": "flake-compat",
        "nixlib": "nixlib",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1650783069,
        "narHash": "sha256-mcjuOAXVC9zZ6f5Uh67uEpiZzaTMFP6ZvW8pqanesLM=",
        "owner": "coffeetables",
        "repo": "nix-matrix-appservices",
        "rev": "5483c1b3f73c81a4533a1d7a8cc80486ca9b5c14",
        "type": "gitlab"
      },
      "original": {
        "owner": "coffeetables",
        "repo": "nix-matrix-appservices",
        "type": "gitlab"
      }
    },
    "nixlib": {
      "locked": {
        "lastModified": 1643502816,
        "narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
        "owner": "divnix",
        "repo": "nixpkgs.lib",
        "rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
        "type": "github"
      },
      "original": {
        "owner": "divnix",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1656933710,
@ -53,6 +122,7 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
        "nix-matrix-appservices": "nix-matrix-appservices",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs"
      }
--- a/flake.nix
+++ b/flake.nix
@ -7,10 +7,18 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixos-hardware = {
      url = "github:NixOS/nixos-hardware";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-matrix-appservices = {
      url = "gitlab:coffeetables/nix-matrix-appservices";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, agenix, nixos-hardware, ... }@inputs:
+  outputs = { self, nixpkgs, agenix, nixos-hardware, nix-matrix-appservices, ...
    }@inputs:
    let
      system = "aarch64-linux";
@ -25,6 +33,7 @@
          (import ./configuration.nix)
          agenix.nixosModules.age
          nixos-hardware.nixosModules.raspberry-pi-4
          nix-matrix-appservices.nixosModule
        ];
        specialArgs = { inherit inputs; };
      };
--- a/modules/communication.nix
+++ b/modules/communication.nix
@ -1,41 +1,79 @@
 { config, lib, pkgs, ... }:
-{
+with pkgs;
 # NOTE Reference the environment variable set in the corresponding agenix secret
 let database.connection_string = "$DB_STRING";
 in {
  # Matrix server configuration
-  services.matrix-synapse = {
+  services.dendrite = {
    enable = true;
    httpPort = 8008;
    environmentFile = config.age.secrets.dendrite-postgres.path;
    loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
    settings = {
-      server_name = "coolneng.duckdns.org";
+      global = {
-      public_baseurl = "https://matrix.coolneng.duckdns.org";
+        server_name = "coolneng.duckdns.org";
-      listeners = [{
+        private_key = config.age.secrets.dendrite.path;
-        port = 8008;
+        inherit database;
-        tls = false;
+      };
-        resources = [{
+      # HACK Inherit postgres connection string for the rest of the DBs
-          compress = true;
+      app_service_api = { inherit database; };
-          names = [ "client" ];
+      media_api = { inherit database; };
-        }];
+      room_server = { inherit database; };
-        bind_addresses = [ "127.0.0.1" ];
+      push_server = { inherit database; };
-      }];
+      mscs = {
-      app_service_config_files =
+        inherit database;
-        [ "/var/lib/matrix-synapse/telegram-registration.yaml" ];
+        mscs = [ "msc2836" "msc2946" ];
      };
      sync_api = { inherit database; };
      key_server = { inherit database; };
      federation_api = { inherit database; };
      user_api = {
        account_database = database;
        device_database = database;
      };
    };
  };
-  # Telegram bridge for Matrix
+  # Matrix bridges
-  services.mautrix-telegram = {
+  services.matrix-appservices = {
-    enable = true;
+    homeserver = "dendrite";
-    environmentFile = /var/lib/mautrix-telegram/telegram.env;
+    addRegistrationFiles = true;
-    settings = {
+    services = {
-      homeserver = {
+      telegram = {
        address = "https://matrix.coolneng.duckdns.org";
        domain = "coolneng.duckdns.org";
      };
      appservice = {
        address = "http://localhost:8118";
        port = 8118;
        format = "mautrix-python";
        package = mautrix-telegram;
      };
      facebook = {
        port = 8228;
        format = "mautrix-python";
        package = mautrix-facebook;
      };
      signal = {
        port = 8338;
        format = "mautrix-python";
        package = mautrix-signal;
        serviceConfig = {
          StateDirectory = [ "matrix-as-signal" "signald" ];
          JoinNamespaceOf = "signald.service";
          SupplementaryGroups = [ "signald" ];
        };
        settings.signal = {
          socket_path = config.services.signald.socketPath;
          outgoing_attachment_dir = "/var/lib/signald/tmp";
        };
      };
      bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
    };
    serviceDependencies = [ "matrix-synapse.service" ];
  };
  # Additional settings for mautrix-signal
  services.signald.enable = true;
  systemd.services.matrix-as-signal = {
    requires = [ "signald.service" ];
    after = [ "signald.service" ];
  };
 }
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@ -45,6 +45,7 @@
            "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
          "/miniflux/".extraConfig =
            "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
          "/.well-known/".alias = "${../well-known}" + "/";
        };
      };
      "radicale.coolneng.duckdns.org" = {
@ -88,7 +89,13 @@
            ssl = true;
          }
        ];
-        locations."/".proxyPass = "http://localhost:8008/";
+        locations."~ ^(/_matrix|/_synapse/client)" = {
          proxyPass = "http://localhost:8008";
          extraConfig = ''
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
          '';
        };
      };
      "element.coolneng.duckdns.org" = {
        enableACME = true;
@ -177,7 +184,7 @@
    "syncthing.service"
    "miniflux.service"
    "radicale.service"
-    "matrix-synapse.service"
+    "dendrite.service"
    "phpfpm-wallabag.service"
  ];
 }
--- a/scripts/motd.sh
+++ b/scripts/motd.sh
@ -25,7 +25,7 @@ services=(
 	"miniflux.service"
 	"phpfpm-wallabag.service"
 	"gitea.service"
-	"matrix-synapse.service"
+	"dendrite.service"
 	"mautrix-telegram.service"
 	"nginx.service"
 	"dnsmasq.service"
--- a/secrets/dendrite-postgres.age
+++ b/secrets/dendrite-postgres.age
--- a/secrets/dendrite.age
+++ b/secrets/dendrite.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -9,4 +9,6 @@ in {
  "ddclient.age".publicKeys = [ zion ];
  "miniflux.age".publicKeys = [ zion ];
  "git.age".publicKeys = [ zion ];
  "dendrite.age".publicKeys = [ zion ];
  "dendrite-postgres.age".publicKeys = [ zion ];
 }
--- a/well-known/matrix/server
+++ b/well-known/matrix/server
@ -0,0 +1 @@
 { "m.server": "matrix.coolneng.duckdns.org:443" }
		`@ -0,0 +1 @@`
							`{ "m.server": "matrix.coolneng.duckdns.org:443" }`