{ makeSystem , nixpkgs , commonConfig }: makeSystem { system = "x86_64-linux"; name = "synapse"; inherit nixpkgs; config = { pkgs, lib, ... }: let inherit (lib) singleton; in { dumb-init = { enable = true; type.services = { }; }; init.services.synapse = { enabled = true; shutdownOnExit = true; script = let synapseConfig = (pkgs.formats.yaml {}).generate "synapse.yaml" { listeners = [ # The HTTP replication port { port = 9093; bind_addresses = [ "0.0.0.0" ]; type = "http"; resources = [ { names = [ "replication" ]; } ]; } { port = 6167; tls = false; type = "http"; x_forwarded = true; bind_adrresses = [ "0.0.0.0" ]; resources = singleton { names = [ "client" "federation" ]; compress = false; }; } ]; public_baseurl = "https://matrix.redalder.org/"; # Add a random shared secret to authenticate traffic. worker_replication_secret = ""; }; in pkgs.writeShellScript "synapse" '' ${pkgs.matrix-synapse}/bin/synapse_homeserver \ --config-path ${synapseConfig} \ --config-path ${commonConfig pkgs} \ --config-path /secrets/extra.yaml \ --config-path /var/lib/registrations/extra.yaml \ --keys-directory /var/lib/synapse/keys \ $([ -e /var/lib/synapse/signing.key ] || echo --generate-keys) ''; }; }; }