mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-12-07 07:24:47 +01:00
ee6b977a97
Signed-off-by: Magic_RB <magic_rb@redalder.org>
283 lines
8.6 KiB
Nix
283 lines
8.6 KiB
Nix
{ nglib, nixpkgs }:
|
|
let
|
|
logConfig = pkgs: (pkgs.formats.yaml {}).generate "log.yaml"
|
|
{
|
|
version = 1;
|
|
|
|
formatters.precise.format = "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
|
|
handlers.console =
|
|
{
|
|
class = "logging.StreamHandler";
|
|
formatter = "precise";
|
|
};
|
|
loggers."synapse.storage.SQL" =
|
|
{
|
|
level = "INFO";
|
|
};
|
|
root =
|
|
{
|
|
level = "INFO";
|
|
handlers = [ "console" ];
|
|
};
|
|
|
|
disable_existing_loggers = false;
|
|
};
|
|
|
|
commonConfig = pkgs: (pkgs.formats.yaml {}).generate "common.yaml"
|
|
{
|
|
server_name = "matrix.redalder.org";
|
|
report_stats = "yes";
|
|
pid_file = "/homeserver.pid";
|
|
|
|
log_config = logConfig pkgs;
|
|
|
|
trusted_key_servers =
|
|
[
|
|
{
|
|
server_name = "matrix.org";
|
|
}
|
|
];
|
|
media_store_path = "/var/lib/synapse/media_store";
|
|
signing_key_path = "/var/lib/synapse/signing.key";
|
|
|
|
enable_registration = false;
|
|
enable_registration_without_verification = false;
|
|
|
|
federation_sender_instances = [
|
|
"worker-federation-sender-0"
|
|
];
|
|
};
|
|
|
|
genericWorker = { listener_resources, name }:
|
|
nglib.makeSystem {
|
|
system = "x86_64-linux";
|
|
name = "synapse-worker-${name}";
|
|
inherit nixpkgs;
|
|
config = ({ pkgs, ... }:
|
|
{
|
|
dumb-init = {
|
|
enable = true;
|
|
type.services = { };
|
|
};
|
|
|
|
services.synapse.workers.${name} = {
|
|
settings = {
|
|
worker_app = "synapse.app.generic_worker";
|
|
|
|
# The replication listener on the main synapse process.
|
|
worker_replication_host = "127.0.0.1";
|
|
worker_replication_http_port = 9093;
|
|
|
|
worker_listeners = [
|
|
{
|
|
port = 6167;
|
|
tls = false;
|
|
type = "http";
|
|
x_forwarded = true;
|
|
bind_adrresses = [ "0.0.0.0" ];
|
|
resources =
|
|
[
|
|
{
|
|
names = listener_resources;
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
worker_log_config = logConfig pkgs;
|
|
};
|
|
arguments = {
|
|
config-path = [
|
|
(commonConfig pkgs)
|
|
"/secrets/extra.yaml"
|
|
"/var/lib/registrations/extra.yaml"
|
|
];
|
|
keys-directory = [
|
|
"/var/lib/synapse/keys"
|
|
];
|
|
};
|
|
};
|
|
});
|
|
};
|
|
in
|
|
{
|
|
postgresql = nglib.makeSystem {
|
|
system = "x86_64-linux";
|
|
name = "nixng-synapse-postgresql";
|
|
inherit nixpkgs;
|
|
config = { pkgs, config, ... }:
|
|
{
|
|
config = {
|
|
dumb-init = {
|
|
enable = true;
|
|
type.services = {};
|
|
};
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_12;
|
|
|
|
initialScript = "/secrets/init.sql";
|
|
enableTCPIP = true;
|
|
|
|
authentication = "host all all all md5";
|
|
|
|
ensureDatabases = {
|
|
"synapse" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
|
"mautrix-facebook" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
|
"mautrix-signal" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
|
"mautrix-whatsapp" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
|
"mautrix-discord" = { ENCODING = "UTF8"; TEMPLATE = "template0"; };
|
|
};
|
|
ensureExtensions = {};
|
|
ensureUsers = [
|
|
{
|
|
name = "synapse";
|
|
ensurePermissions."DATABASE \"synapse\"" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "mautrix-facebook";
|
|
ensurePermissions."DATABASE \"mautrix-facebook\"" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "mautrix-signal";
|
|
ensurePermissions."DATABASE \"mautrix-signal\"" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "mautrix-whatsapp";
|
|
ensurePermissions."DATABASE \"mautrix-whatsapp\"" = "ALL PRIVILEGES";
|
|
}
|
|
{
|
|
name = "mautrix-discord";
|
|
ensurePermissions."DATABASE \"mautrix-discord\"" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
redis = nglib.makeSystem {
|
|
system = "x86_64-linux";
|
|
name = "redis";
|
|
inherit nixpkgs;
|
|
config = ({ pkgs, ... }:
|
|
{
|
|
dumb-init = {
|
|
enable = true;
|
|
type.services = { };
|
|
};
|
|
|
|
users.users."redis" = {
|
|
home = "/var/empty";
|
|
uid = 9001;
|
|
group = "redis";
|
|
};
|
|
|
|
users.groups."redis" = {
|
|
gid = 9001;
|
|
};
|
|
|
|
init.services.redis = {
|
|
enabled = true;
|
|
shutdownOnExit = true;
|
|
script =
|
|
pkgs.writeShellScript "redis-run" ''
|
|
cd /var/lib/redis
|
|
chpst -U redis:redis ${pkgs.redis}/bin/redis-server ${./redis.conf}
|
|
'';
|
|
};
|
|
|
|
init.services.redis-setup = {
|
|
enabled = true;
|
|
script =
|
|
pkgs.writeShellScript "redis-run" ''
|
|
export PATH="${pkgs.redis}/bin:$PATH"
|
|
nc -z 127.0.0.1 6379 -w 10 -v || exit 1
|
|
|
|
redis-cli acl setuser default on '>'"$(cat /secrets/redis_password)" allcommands allkeys
|
|
sleep 86400
|
|
'';
|
|
};
|
|
});
|
|
};
|
|
|
|
synapseFederationSender = genericWorker { name = "generic"; listener_resources = [ "health" ]; };
|
|
synapseFederationReceiver = genericWorker { name = "generic"; listener_resources = [ "health" "federation" ]; };
|
|
synapseClient = genericWorker { name = "generic"; listener_resources = [ "client" "health" ]; };
|
|
synapseSync = genericWorker { name = "generic"; listener_resources = [ "client" "health" ]; };
|
|
|
|
synapse = nglib.makeSystem {
|
|
system = "x86_64-linux";
|
|
name = "synapse";
|
|
inherit nixpkgs;
|
|
config = ({ pkgs, ... }:
|
|
{
|
|
dumb-init = {
|
|
enable = true;
|
|
type.services = { };
|
|
};
|
|
|
|
init.services.synapse = {
|
|
enabled = true;
|
|
shutdownOnExit = true;
|
|
script =
|
|
let
|
|
synapseConfig = (pkgs.formats.yaml {}).generate "synapse.yaml"
|
|
{
|
|
listeners =
|
|
[
|
|
# The HTTP replication port
|
|
{
|
|
port = 9093;
|
|
bind_addresses = [ "0.0.0.0" ];
|
|
type = "http";
|
|
resources = [
|
|
{
|
|
names = [ "replication" ];
|
|
}
|
|
];
|
|
}
|
|
{
|
|
port = 6167;
|
|
tls = false;
|
|
type = "http";
|
|
x_forwarded = true;
|
|
bind_adrresses = [ "0.0.0.0" ];
|
|
resources =
|
|
[
|
|
{
|
|
names = [ "client" "federation" ];
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
public_baseurl = "https://matrix.redalder.org/";
|
|
|
|
# Add a random shared secret to authenticate traffic.
|
|
worker_replication_secret = "";
|
|
};
|
|
in
|
|
pkgs.writeShellScript "synapse"
|
|
''
|
|
[ -e /var/lib/synapse/signing.key ] || \
|
|
${pkgs.matrix-synapse}/bin/synapse_homeserver \
|
|
--config-path ${synapseConfig} \
|
|
--config-path ${commonConfig pkgs} \
|
|
--config-path /secrets/extra.yaml \
|
|
--config-path /var/lib/registrations/extra.yaml \
|
|
--keys-directory /var/lib/synapse/keys \
|
|
--generate-keys
|
|
${pkgs.matrix-synapse}/bin/synapse_homeserver \
|
|
--config-path ${synapseConfig} \
|
|
--config-path ${commonConfig pkgs} \
|
|
--config-path /secrets/extra.yaml \
|
|
--config-path /var/lib/registrations/extra.yaml \
|
|
--keys-directory /var/lib/synapse/keys
|
|
'';
|
|
};
|
|
});
|
|
};
|
|
}
|