nixos-config/machines/neo/dendrite/default.nix

137 lines
3.2 KiB
Nix

{
pkgs,
lib,
config,
...
}:
let
settingsFormat = pkgs.formats.yaml { };
configurationYaml = settingsFormat.generate "dendrite.yaml" settings;
workingDir = "/var/lib/dendrite";
environmentFile = config.sops.secrets.dendrite-env.path;
httpPort = 8008;
settings = {
global = {
server_name = "matrix.boskma.frl";
# private_key = config.sops.secrets.dendrite-private-key.path;
private_key = "$CREDENTIALS_DIRECTORY/private_key";
database = {
connection_string = "postgresql:///dendrite?host=/run/postgresql";
max_open_conns = 90;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
trusted_third_party_id_servers = [
"matrix.org"
"vector.im"
];
disable_federation = false;
presence = {
inbound = true;
outbound = true;
};
server_notices = {
enabled = true;
local_part = "_server";
display_part = "Tidingen";
room_name = "Tidingen";
};
metrics = {
enabled = true;
basic_auth = {
username = "metrics";
password = "metrics";
};
};
};
client_api = {
registration_shared_secret = "$REGISTRATION_SECRET";
};
federation_api = {
key_perspectives = [
{
server_name = "matrix.org";
keys = [
{
key_id = "ed25519:auto";
public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}
{
key_id = "ed25519:a_RXGa";
public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
}
];
}
];
};
media_api = {
base_path = "${workingDir}/media_store";
max_file_size_bytes = 25 * 1024 * 1024;
thumbnail_sizes = [
{
height = 32;
method = "crop";
width = 32;
}
{
height = 96;
method = "crop";
width = 96;
}
{
height = 480;
method = "scale";
width = 640;
}
];
};
logging = [
{
type = "std";
level = "info";
}
];
};
in
{
systemd.services.dendrite = {
description = "Dendrite Matrix homeserver";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = "dendrite";
WorkingDirectory = workingDir;
RuntimeDirectory = "dendrite";
RuntimeDirectoryMode = "0700";
LimitNOFILE = 65535;
EnvironmentFile = environmentFile;
LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
ExecStartPre = [
''
${pkgs.envsubst}/bin/envsubst \
-i ${configurationYaml} \
-o /run/dendrite/dendrite.yaml
''
];
ExecStart = lib.strings.concatStringsSep " " ([
"${pkgs.dendrite}/bin/dendrite"
"--config /run/dendrite/dendrite.yaml"
"--http-bind-address :${builtins.toString httpPort}"
]);
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
};
};
}