Matrix. It works

host/chat.allthe.gay/configuration.nix

@@ -1,5 +1,10 @@
 { pkgs, lib, ... }:
 {
+  imports = [
+    ./users/chris.nix
+    ./services/postgres.nix
+    ./services/synapse.nix
+  ];
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
     loader.grub = {
@@ -11,8 +16,14 @@
   networking = {
     hostName = "chat-allthe-gay";
     wireless.enable = false;
-   nameservers = lib.mkForce [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" ];
+    nameservers = lib.mkForce [
+      "1.1.1.1"
+      "1.0.0.1"
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
     firewall.enable = lib.mkForce true;
+    firewall.allowedTCPPorts = [ 8008 ];
   };
   systemd.network = {
     enable = true;
@@ -47,7 +58,10 @@
   ];
   nix = {
     settings = {
-      experimental-features = ["nix-command" "flakes"];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
     };
   };
   security = {
@@ -55,5 +69,9 @@
     sudo.wheelNeedsPassword = false;
   };
 
+  services.openssh = {
+    enable = true;
+  };
+
   system.stateVersion = "26.11"; # Emma [it/its] - NEVER CHANGE THIS
 }

host/chat.allthe.gay/services/postgres.nix

@@ -0,0 +1,88 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  systemd.tmpfiles.rules = [ "d /data/postgres/data 0750 postgres postgres" ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_18;
+    enableTCPIP = true;
+    authentication = pkgs.lib.mkOverride 10 ''
+      # TYPE, DATABASE, USER, ADDRESS, METHOD
+      local all all trust
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+      host matrix-synapse matrix-synapse 127.0.0.1/32 trust
+      host all all 0.0.0.0/0 md5
+    '';
+    # initialScript = pkgs.writeText "backend-initScript" ''
+    #   CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+    #   CREATE DATABASE nixcloud;
+    #   GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+    # '';
+    dataDir = "/data/postgres/data";
+    settings = {
+      # https://pgconfigurator.cybertec.at/
+      max_connections = 250;
+      superuser_reserved_connections = 3;
+
+      #      shared_buffers = "32565MB";
+      #      work_mem = "512MB";
+      #      maintenance_work_mem = "1024MB";
+      #      huge_pages = "try";
+      #      effective_cache_size = "60GB"; #was 22
+      #      effective_io_concurrency = "8";
+      #      random_page_cost = 4;
+
+      # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
+      #     shared_preload_libraries = "pg_stat_statements";
+      #     track_io_timing = "on";
+      #     track_functions = "pl";
+      #     "pg_stat_statements.max" = "10000"; # additional
+      #     "pg_stat_statements.track" = "all"; # additional
+
+      #     wal_level = "replica";
+      #     max_wal_senders = 0;
+      #     synchronous_commit = "off"; #was on
+
+      #     checkpoint_timeout = "15min";
+      #     checkpoint_completion_target = "0.9";
+      #     max_wal_size = "1GB";
+      #     min_wal_size = "512MB";
+      #
+      #      wal_compression = "on";
+      #      wal_buffers = "-1";
+      #      wal_writer_delay = "200ms";
+      #      wal_writer_flush_after = "1MB";
+      #      #checkpoint_segments = "64"; # additional
+      #      default_statistics_target = "250"; # additional
+
+      #      bgwriter_delay = "200ms";
+      #      bgwriter_lru_maxpages = "100";
+      #      bgwriter_lru_multiplier = "2.0";
+      #      bgwriter_flush_after = "0";
+
+      #      max_worker_processes = "32"; #was 14
+      #      max_parallel_workers_per_gather = "16"; #was 7
+      #      max_parallel_maintenance_workers = "16"; #was 7
+      #      max_parallel_workers = "32"; #was 14
+      #      parallel_leader_participation = "on";
+
+      #      enable_partitionwise_join = "on";
+      #      enable_partitionwise_aggregate = "on";
+      #      jit = "on";
+      #      max_slot_wal_keep_size = "1GB";
+      #      track_wal_io_timing = "on";
+      #      maintenance_io_concurrency = "4";
+      #      wal_recycle = "on";
+
+    };
+  };
+
+}
+

host/chat.allthe.gay/services/synapse.nix

@@ -0,0 +1,103 @@
+{ ... }:
+{
+  services.matrix-synapse = {
+    enable = true;
+    withJemalloc = true;
+
+    dataDir = "/data/synapse";
+
+    settings = {
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = [ "0.0.0.0" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = [
+                "client"
+                "federation"
+              ];
+              compress = true;
+            }
+          ];
+        }
+        {
+          type = "http";
+          path = "/run/matrix-synapse/main-http.sock";
+          mode = "666";
+          resources = [
+            {
+              names = [
+                "client"
+                "federation"
+              ];
+              compress = false;
+            }
+          ];
+        }
+      ];
+
+      server_name = "allthe.gay";
+
+      enable_registration = true;
+      registration_requires_token = true;
+
+      allow_device_name_lookup_over_federation = true;
+
+      registration_shared_secret = "dingus";
+
+      dyanmic_thumbnails = true;
+
+      presence = {
+        enable = true;
+        update_interval = 60;
+      };
+
+      url_preview_enabled = true;
+      database = {
+        name = "psycopg2";
+        args = {
+          user = "matrix-synapse";
+          password = "somepassword";
+          database = "matrix-synapse";
+          host = "127.0.0.1";
+          application_name = "matrix-synapse (allthe.gay)";
+          cp_min = 5;
+          cp_max = 50;
+          #cp_reconnect_interval = "True";
+        };
+      };
+
+      max_image_pixels = "100M";
+      report_stats = false;
+      user_directory = {
+        enabled = true;
+        search_all_users = true;
+        prefer_local_users = true;
+      };
+      # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+      experimental_features = {
+        "msc2409_to_device_messages_enabled" = true;
+        "msc2815_enabled" = true; # Redacted event content
+        "msc3026_enabled" = true; # Busy presence
+        "msc3202_transaction_extensions" = true; # appservice transaction extensions (device list/keys)
+        "msc3266_enabled" = true; # Room summary API
+        "msc3391_enabled" = true; # Remove account data
+        "msc3823_account_suspension" = true; # Account suspension
+        "msc3852_enabled" = true; # Last seen on /devices (CS-API/admin)
+        "msc3874_enabled" = true; # filtering /messages with rel_types / not_rel_types
+        "msc3890_enabled" = true; # communicate account data deletion to clients
+        "msc3912_enabled" = true; # /messages with rel_types / not_rel_types and event id
+        "msc3916_authenticated_media_enabled" = true; # Authenticated media
+        "msc4069_profile_inhibit_propagation" = true; # Inhibit profile update propagation
+        "msc4133_enabled" = true; # Custom profile fields
+        "msc4151_enabled" = true; # Report room API (CS-API)
+        "msc4210_enabled" = false; # Remove legacy mentions -- we want this *disabled* for moderation reasons
+        "msc4222_enabled" = true; # state_after in sync
+      };
+    };
+  };
+}

host/chat.allthe.gay/users/chris.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  users.users.chris = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPSWGpMgmeP91yE54/pN9Pzb84YKnDHvAQ+rrlXvH86"
+    ];
+  };
+}