Litenet-Nix-Infra/host/matrix/services/matrix/synapse.nix

{ config, pkgs, lib, ... }:

{
  services.matrix-synapse = {
    enable = true;
    withJemalloc = true;

    dataDir = "/mnt/synapse-media";
    
    # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
    settings = {
      server_name = "litenet.tel";


      enable_registration = true;
      registration_requires_token = true;

      require_membership_for_aliases = false;
      redaction_retention_period = null;
      user_ips_max_age = null;
      allow_device_name_lookup_over_federation = true;

      federation = {
        client_timeout = "60s";
        max_short_retries = 6;
        max_short_retry_delay = "10s";
        max_long_retries = 5;
        max_long_retry_delay = "30s";
      };

#      event_cache_size = "1200K"; #defaults to 10K
#      caches = {
#        global_factor = 5000.0;
#        cache_entry_ttl = "12h";
#        expire_caches = true;
#        sync_response_cache_duration = "6h";
#        cache_autotuning = {
#          max_cache_memory_usage = "65536M";
#          target_cache_memory_usage = "32768M";
#          min_cache_ttl = "6h";
#        };
#      };

      # Alicia - figure this out later...
      #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
#      registration_shared_secret_path = "/mnt/synapse-media/registration_shared_secret.txt";
      registration_shared_secret = "fuck";
      
      listeners = [
        { 
          port = 8008;
          bind_addresses = [ "127.0.0.1" ];
          type = "http";
          tls = false;
          x_forwarded = true;
          resources = [ {
            names = [ "client" "federation" ];
            compress = true;
          } ];
        }
      ];
      dynamic_thumbnails = true;
      presence = {
        enable = true;
        update_interval = 60;
      };
      url_preview_enabled = true;
      database = {
        name = "psycopg2";
        args = {
          user = "matrix-synapse";
          #passwordFile = "/run/secrets/matrix-synapse-password";
          password = "somepassword";
          database = "matrix-synapse";
          host = "127.0.0.1";
          application_name = "matrix-synapse (liteniet.tel)";
          cp_min = 5;
          cp_max = 50;
          #cp_reconnect_interval = "True";
        };
      };
      app_service_config_files = [
        #"/etc/matrix-synapse/appservice-registration.yaml"
#        "/var/lib/matrix-synapse/modas-registration.yaml"
      ];

#      rc_message = {
#        per_second = 1000;
#        burst_count = 1000;
#      };
#      rc_login = {
#        address = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#        account = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#        failed_attempts = {
#          per_second = 0.1;
#          burst_count = 3;
#        };
#      };
#      rc_joins = {
#        local = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#        remote = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#      };
#      rc_joins_per_room = {
#        per_second = 1000;
#        burst_count = 1000;
#      };
#      rc_invites = {
#        per_room = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#        per_user = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#        per_issuer = {
#          per_second = 1000;
#          burst_count = 1000;
#        };
#      };
#      rc_federation = {
#        window_size = 10;
#        sleep_limit = 1000;
#        sleep_delay = 100;
#        reject_limit = 1000;
#        concurrent = 100;
#      };
#      federation_rr_transactions_per_room_per_second = 1;

      max_image_pixels = "100M";

      ui_auth = {
        session_timeout = "1m";
      };

      login_via_existing_session = {
        enabled = true;
        require_ui_auth = true;
        token_timeout = "1y";
      };

      #sentry = {
      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
      #};

      report_stats = false;

      user_directory = {
        enabled = true;
        search_all_users = true;
        prefer_local_users = true;
      };

      experimental_features = {
        "org.matrix.msc3026.busy_presence" = true;
        "fi.mau.msc2815" = true;
        "org.matrix.msc3881" = true;
        "org.matrix.msc3874" = true;
        "org.matrix.msc3912" = true;
      };
    };

    plugins = with pkgs.matrix-synapse-plugins; [
      # Alicia - need to port draupnir...
      #matrix-synapse-mjolnir-antispam
#      matrix-synapse-pam
    ];
#    extraConfigFiles = [
#        (pkgs.writeTextFile {
#          name = "matrix-synapse-extra-config.yml";
#          text = ''
#            modules:
#              - module: "pam_auth_provider.PAMAuthProvider"
#                config:
#                  create_users: true
#                  skip_user_check: false
#          '';
#        })
#      ];
  };

    systemd.services.matrix-synapse-reg-token = {
      description = "Random registration token for Synapse.";
      before = ["matrix-synapse.service"]; # So the registration can be used by Synapse
      wantedBy = ["multi-user.target"];
      after = ["network.target"];

      script = ''

        if [ ! -f "registration_shared_secret.txt" ]
        then
          cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
        else
          echo Not generating key, key exists;
        fi'';
      serviceConfig = {
        User = "matrix-synapse";
        Group = "matrix-synapse";
        WorkingDirectory = "/mnt/synapse-media/";
      };
    };

}