From 15aef4bcb80f96e4bc8dbf5ae41e881cc1b9f20d Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Feb 2026 00:34:30 +0000 Subject: [PATCH] Matrix. It works --- host/chat.allthe.gay/configuration.nix | 34 +++++-- host/chat.allthe.gay/services/postgres.nix | 88 ++++++++++++++++++ host/chat.allthe.gay/services/synapse.nix | 103 +++++++++++++++++++++ host/chat.allthe.gay/users/chris.nix | 11 +++ 4 files changed, 228 insertions(+), 8 deletions(-) create mode 100644 host/chat.allthe.gay/services/postgres.nix create mode 100644 host/chat.allthe.gay/services/synapse.nix create mode 100644 host/chat.allthe.gay/users/chris.nix diff --git a/host/chat.allthe.gay/configuration.nix b/host/chat.allthe.gay/configuration.nix index b669284..25d0c53 100644 --- a/host/chat.allthe.gay/configuration.nix +++ b/host/chat.allthe.gay/configuration.nix @@ -1,5 +1,10 @@ -{pkgs,lib,...}: +{ pkgs, lib, ... }: { + imports = [ + ./users/chris.nix + ./services/postgres.nix + ./services/synapse.nix + ]; boot = { kernelPackages = pkgs.linuxPackages_latest; loader.grub = { @@ -9,10 +14,16 @@ }; }; networking = { - hostName = "chat-allthe-gay"; - wireless.enable = false; - nameservers = lib.mkForce [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" ]; - firewall.enable = lib.mkForce true; + hostName = "chat-allthe-gay"; + wireless.enable = false; + nameservers = lib.mkForce [ + "1.1.1.1" + "1.0.0.1" + "8.8.8.8" + "8.8.4.4" + ]; + firewall.enable = lib.mkForce true; + firewall.allowedTCPPorts = [ 8008 ]; }; systemd.network = { enable = true; @@ -20,9 +31,9 @@ name = "ens18"; DHCP = "no"; routes = [ - {Gateway = "172.30.0.1";} + { Gateway = "172.30.0.1"; } ]; - address = ["172.30.0.50/24"]; + address = [ "172.30.0.50/24" ]; }; }; @@ -47,7 +58,10 @@ ]; nix = { settings = { - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ + "nix-command" + "flakes" + ]; }; }; security = { @@ -55,5 +69,9 @@ sudo.wheelNeedsPassword = false; }; + services.openssh = { + enable = true; + }; + system.stateVersion = "26.11"; # Emma [it/its] - NEVER CHANGE THIS } diff --git a/host/chat.allthe.gay/services/postgres.nix b/host/chat.allthe.gay/services/postgres.nix new file mode 100644 index 0000000..a955641 --- /dev/null +++ b/host/chat.allthe.gay/services/postgres.nix @@ -0,0 +1,88 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + systemd.tmpfiles.rules = [ "d /data/postgres/data 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_18; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host matrix-synapse matrix-synapse 127.0.0.1/32 trust + host all all 0.0.0.0/0 md5 + ''; + # initialScript = pkgs.writeText "backend-initScript" '' + # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB; + # CREATE DATABASE nixcloud; + # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud; + # ''; + dataDir = "/data/postgres/data"; + settings = { + # https://pgconfigurator.cybertec.at/ + max_connections = 250; + superuser_reserved_connections = 3; + + # shared_buffers = "32565MB"; + # work_mem = "512MB"; + # maintenance_work_mem = "1024MB"; + # huge_pages = "try"; + # effective_cache_size = "60GB"; #was 22 + # effective_io_concurrency = "8"; + # random_page_cost = 4; + + # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10; + # shared_preload_libraries = "pg_stat_statements"; + # track_io_timing = "on"; + # track_functions = "pl"; + # "pg_stat_statements.max" = "10000"; # additional + # "pg_stat_statements.track" = "all"; # additional + + # wal_level = "replica"; + # max_wal_senders = 0; + # synchronous_commit = "off"; #was on + + # checkpoint_timeout = "15min"; + # checkpoint_completion_target = "0.9"; + # max_wal_size = "1GB"; + # min_wal_size = "512MB"; + # + # wal_compression = "on"; + # wal_buffers = "-1"; + # wal_writer_delay = "200ms"; + # wal_writer_flush_after = "1MB"; + # #checkpoint_segments = "64"; # additional + # default_statistics_target = "250"; # additional + + # bgwriter_delay = "200ms"; + # bgwriter_lru_maxpages = "100"; + # bgwriter_lru_multiplier = "2.0"; + # bgwriter_flush_after = "0"; + + # max_worker_processes = "32"; #was 14 + # max_parallel_workers_per_gather = "16"; #was 7 + # max_parallel_maintenance_workers = "16"; #was 7 + # max_parallel_workers = "32"; #was 14 + # parallel_leader_participation = "on"; + + # enable_partitionwise_join = "on"; + # enable_partitionwise_aggregate = "on"; + # jit = "on"; + # max_slot_wal_keep_size = "1GB"; + # track_wal_io_timing = "on"; + # maintenance_io_concurrency = "4"; + # wal_recycle = "on"; + + }; + }; + +} + diff --git a/host/chat.allthe.gay/services/synapse.nix b/host/chat.allthe.gay/services/synapse.nix new file mode 100644 index 0000000..38daaea --- /dev/null +++ b/host/chat.allthe.gay/services/synapse.nix @@ -0,0 +1,103 @@ +{ ... }: +{ + services.matrix-synapse = { + enable = true; + withJemalloc = true; + + dataDir = "/data/synapse"; + + settings = { + listeners = [ + { + port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = true; + } + ]; + } + { + type = "http"; + path = "/run/matrix-synapse/main-http.sock"; + mode = "666"; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = false; + } + ]; + } + ]; + + server_name = "allthe.gay"; + + enable_registration = true; + registration_requires_token = true; + + allow_device_name_lookup_over_federation = true; + + registration_shared_secret = "dingus"; + + dyanmic_thumbnails = true; + + presence = { + enable = true; + update_interval = 60; + }; + + url_preview_enabled = true; + database = { + name = "psycopg2"; + args = { + user = "matrix-synapse"; + password = "somepassword"; + database = "matrix-synapse"; + host = "127.0.0.1"; + application_name = "matrix-synapse (allthe.gay)"; + cp_min = 5; + cp_max = 50; + #cp_reconnect_interval = "True"; + }; + }; + + max_image_pixels = "100M"; + report_stats = false; + user_directory = { + enabled = true; + search_all_users = true; + prefer_local_users = true; + }; + # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py + experimental_features = { + "msc2409_to_device_messages_enabled" = true; + "msc2815_enabled" = true; # Redacted event content + "msc3026_enabled" = true; # Busy presence + "msc3202_transaction_extensions" = true; # appservice transaction extensions (device list/keys) + "msc3266_enabled" = true; # Room summary API + "msc3391_enabled" = true; # Remove account data + "msc3823_account_suspension" = true; # Account suspension + "msc3852_enabled" = true; # Last seen on /devices (CS-API/admin) + "msc3874_enabled" = true; # filtering /messages with rel_types / not_rel_types + "msc3890_enabled" = true; # communicate account data deletion to clients + "msc3912_enabled" = true; # /messages with rel_types / not_rel_types and event id + "msc3916_authenticated_media_enabled" = true; # Authenticated media + "msc4069_profile_inhibit_propagation" = true; # Inhibit profile update propagation + "msc4133_enabled" = true; # Custom profile fields + "msc4151_enabled" = true; # Report room API (CS-API) + "msc4210_enabled" = false; # Remove legacy mentions -- we want this *disabled* for moderation reasons + "msc4222_enabled" = true; # state_after in sync + }; + }; + }; +} diff --git a/host/chat.allthe.gay/users/chris.nix b/host/chat.allthe.gay/users/chris.nix new file mode 100644 index 0000000..1c13ca8 --- /dev/null +++ b/host/chat.allthe.gay/users/chris.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + users.users.chris = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPSWGpMgmeP91yE54/pN9Pzb84YKnDHvAQ+rrlXvH86" + ]; + }; +}