summaryrefslogtreecommitdiff
path: root/os/kay/modules/matrix/dendrite.nix
blob: 71266a5791cb5980edd82edaa3b3d88d6983fee6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{ config, lib, pkgs, ... }:

let
  domain = config.global.userdata.domain;
  database = {
    connection_string = "postgres:///dendrite?host=/run/postgresql";
    max_open_conns = 90;
    max_idle_conns = 5;
    conn_max_lifetime = -1;
  };
in
{
  sops.secrets."matrix-${domain}/key" = {};

  services = {
    postgresql = {
      enable = true;
      package = with pkgs; postgresql_15;
      settings = {
        log_timezone = config.time.timeZone;
        listen_addresses = lib.mkForce "";
      };
      ensureDatabases = [ "dendrite" ];
      ensureUsers = [{
        name = "dendrite";
        ensureDBOwnership = true;
      }];
      authentication = lib.mkForce "local all all trust";
    };

    dendrite = {
      enable = true;
      loadCredential = [
        "private_key:${config.sops.secrets."matrix-${domain}/key".path}"
      ];

      settings = {
        sync_api.search = {
          enable = true;
          index_path = "/var/lib/dendrite/searchindex";
        };
        global = {
          server_name = domain;
          private_key = "$CREDENTIALS_DIRECTORY/private_key";
          trusted_third_party_id_servers = [
            "matrix.org"
            "vector.im"
          ];
          inherit database;
        };
        logging = [{
          type = "std";
          level = "warn";
        }];
        mscs = {
          inherit database;
          mscs = [ "msc2836" ];
        };
        sync_api = {
          inherit database;
          real_ip_header = "X-Real-IP";
        };
        media_api = {
          inherit database;
          dynamic_thumbnails = true;
          max_file_size_bytes = 12800000000;
        };
        federation_api = {
          inherit database;
          send_max_retries = 8;
          key_perspectives = [{
            server_name = "matrix.org";
            keys = [
              {
                key_id = "ed25519:auto";
                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
              }
              {
                key_id = "ed25519:a_RXGa";
                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
              }
            ];
          }];
        };

        app_service_api = {
          inherit database;
        };
        room_server = {
          inherit database;
        };
        push_server = {
          inherit database;
        };
        relay_api = {
          inherit database;
        };
        key_server = {
          inherit database;
        };
        user_api = {
          account_database = database;
          device_database = database;
        };
      };
    };
  };
}