{ makeSystem , nixpkgs , commonConfig }: makeSystem { system = "x86_64-linux"; name = "synapse"; inherit nixpkgs; config = { pkgs, lib, ... }: let inherit (lib) singleton makeSearchPathOutput; in { dumb-init = { enable = true; type.services = { }; }; environment.systemPackages = [ pkgs.openssh ]; services.synapse = { enable = true; package = import ./synapse-package.nix pkgs; settings = { listeners = [ # The HTTP replication port { port = 9093; bind_addresses = [ "0.0.0.0" ]; type = "http"; resources = [ { names = [ "replication" ]; } ]; } { port = 6167; tls = false; type = "http"; x_forwarded = true; bind_adrresses = [ "0.0.0.0" ]; resources = singleton { names = [ "client" "federation" ]; compress = false; }; } { port = 9000; bind_addresses = [ "127.0.0.1" ]; type = "manhole"; } ]; public_baseurl = "https://matrix.redalder.org/"; # Add a random shared secret to authenticate traffic. worker_replication_secret = ""; }; arguments = { "config-path" = [ (commonConfig pkgs) "/secrets/extra.yaml" "/var/lib/registrations/extra.yaml" ]; "keys-directory" = "/var/lib/synapse/keys"; }; }; }; }