2024-04-24 14:17:04 +02:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
let
|
|
|
|
|
|
|
|
settingsFormat = pkgs.formats.yaml { };
|
|
|
|
configurationYaml = settingsFormat.generate "dendrite.yaml" settings;
|
|
|
|
workingDir = "/var/lib/dendrite";
|
|
|
|
|
|
|
|
environmentFile = config.sops.secrets.dendrite-env.path;
|
|
|
|
|
|
|
|
httpPort = 8008;
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
global = {
|
|
|
|
server_name = "matrix.boskma.frl";
|
2024-04-24 14:59:02 +02:00
|
|
|
# private_key = config.sops.secrets.dendrite-private-key.path;
|
|
|
|
private_key = "$$CREDENTIALS_DIRECTORY/private_key";
|
2024-04-24 14:17:04 +02:00
|
|
|
|
|
|
|
database = {
|
|
|
|
connection_string = "postgresql://%2Frun%2Fpostgresql/dendrite";
|
|
|
|
max_open_conns = 100;
|
|
|
|
max_idle_conns = 5;
|
|
|
|
conn_max_lifetime = -1;
|
|
|
|
};
|
|
|
|
|
|
|
|
trusted_third_party_id_servers = [
|
|
|
|
"matrix.org"
|
|
|
|
"vector.im"
|
|
|
|
];
|
|
|
|
disable_federation = false;
|
|
|
|
presence = {
|
|
|
|
inbound = true;
|
|
|
|
outbound = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
server_notices = {
|
|
|
|
enabled = true;
|
|
|
|
local_part = "_server";
|
|
|
|
display_part = "Tidingen";
|
|
|
|
room_name = "Tidingen";
|
|
|
|
};
|
|
|
|
|
|
|
|
metrics = {
|
|
|
|
enabled = true;
|
|
|
|
basic_auth = {
|
|
|
|
username = "metrics";
|
|
|
|
password = "metrics";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
client_api = {
|
|
|
|
registration_shared_secret = "$REGISTRATION_SECRET";
|
|
|
|
};
|
|
|
|
federation_api = {
|
|
|
|
key_perspectives = [
|
|
|
|
{
|
|
|
|
server_name = "matrix.org";
|
|
|
|
keys = [
|
|
|
|
{
|
|
|
|
key_id = "ed25519:auto";
|
|
|
|
public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
key_id = "ed25519:a_RXGa";
|
|
|
|
public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
media_api = {
|
|
|
|
max_file_size_bytes = 25 * 1024 * 1024;
|
|
|
|
thumbnail_sizes = [
|
|
|
|
{
|
|
|
|
height = 32;
|
|
|
|
method = "crop";
|
|
|
|
width = 32;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
height = 96;
|
|
|
|
method = "crop";
|
|
|
|
width = 96;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
height = 480;
|
|
|
|
method = "scale";
|
|
|
|
width = 640;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
logging = [
|
|
|
|
{
|
|
|
|
type = "std";
|
|
|
|
level = "info";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
systemd.services.dendrite = {
|
|
|
|
description = "Dendrite Matrix homeserver";
|
|
|
|
after = [ "network.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "simple";
|
|
|
|
DynamicUser = true;
|
|
|
|
StateDirectory = "dendrite";
|
|
|
|
WorkingDirectory = workingDir;
|
|
|
|
RuntimeDirectory = "dendrite";
|
|
|
|
RuntimeDirectoryMode = "0700";
|
|
|
|
LimitNOFILE = 65535;
|
|
|
|
EnvironmentFile = environmentFile;
|
2024-04-24 14:59:02 +02:00
|
|
|
LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
|
2024-04-24 14:17:04 +02:00
|
|
|
ExecStartPre = [
|
|
|
|
''
|
|
|
|
${pkgs.envsubst}/bin/envsubst \
|
|
|
|
-i ${configurationYaml} \
|
|
|
|
-o /run/dendrite/dendrite.yaml
|
|
|
|
''
|
|
|
|
];
|
|
|
|
ExecStart = lib.strings.concatStringsSep " " ([
|
|
|
|
"${pkgs.dendrite}/bin/dendrite"
|
|
|
|
"--config /run/dendrite/dendrite.yaml"
|
|
|
|
"--http-bind-address :${builtins.toString httpPort}"
|
|
|
|
]);
|
|
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
|
|
Restart = "on-failure";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|