blob: 8277e215cdc4214eb0beaacec35099e9ea59b747 (
plain) (
tree)
|
|
{ config, lib, pkgs, ... }:
let
domain = config.userdata.domain;
database = {
connection_string = "postgres:///dendrite?host=/run/postgresql";
max_open_conns = 90;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
in
{
sops.secrets."matrix-${domain}/key" = {};
services = {
postgresql = {
enable = true;
package = with pkgs; postgresql_15;
settings = {
log_timezone = config.time.timeZone;
listen_addresses = lib.mkForce "";
};
ensureDatabases = [ "dendrite" ];
ensureUsers = [{
name = "dendrite";
ensureDBOwnership = true;
}];
authentication = lib.mkForce "local all all trust";
};
dendrite = {
enable = true;
loadCredential = [
"private_key:${config.sops.secrets."matrix-${domain}/key".path}"
];
settings = {
sync_api.search = {
enable = true;
index_path = "/var/lib/dendrite/searchindex";
};
global = {
server_name = domain;
private_key = "$CREDENTIALS_DIRECTORY/private_key";
trusted_third_party_id_servers = [
"matrix.org"
"vector.im"
];
inherit database;
};
logging = [{
type = "std";
level = "warn";
}];
mscs = {
inherit database;
mscs = [ "msc2836" ];
};
sync_api = {
inherit database;
real_ip_header = "X-Real-IP";
};
media_api = {
inherit database;
dynamic_thumbnails = true;
max_file_size_bytes = 12800000000;
};
federation_api = {
inherit database;
send_max_retries = 8;
key_perspectives = [{
server_name = "matrix.org";
keys = [
{
key_id = "ed25519:auto";
public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}
{
key_id = "ed25519:a_RXGa";
public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
}
];
}];
};
app_service_api = {
inherit database;
};
room_server = {
inherit database;
};
push_server = {
inherit database;
};
relay_api = {
inherit database;
};
key_server = {
inherit database;
};
user_api = {
account_database = database;
device_database = database;
};
};
};
};
}
|
