parent
c29df5f8a7
commit
7e10bf4327
@ -0,0 +1,25 @@ |
||||
version: 1 |
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it |
||||
# from the message text. |
||||
formatters: |
||||
journal_fmt: |
||||
format: '%(name)s: [%(request)s] %(message)s' |
||||
|
||||
filters: |
||||
context: |
||||
(): synapse.util.logcontext.LoggingContextFilter |
||||
request: "" |
||||
|
||||
handlers: |
||||
journal: |
||||
class: systemd.journal.JournalHandler |
||||
formatter: journal_fmt |
||||
filters: [context] |
||||
SYSLOG_IDENTIFIER: synapse |
||||
|
||||
root: |
||||
level: INFO |
||||
handlers: [journal] |
||||
|
||||
disable_existing_loggers: False |
@ -0,0 +1,279 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.matrix-synapse; |
||||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig; |
||||
configFile = pkgs.writeText "homeserver.yaml" '' |
||||
tls_certificate_path: "${cfg.tls_certificate_path}" |
||||
tls_private_key_path: "${cfg.tls_private_key_path}" |
||||
tls_dh_params_path: "${cfg.tls_dh_params_path}" |
||||
no_tls: ${if cfg.no_tls then "true" else "false"} |
||||
bind_port: ${toString cfg.bind_port} |
||||
unsecure_port: ${toString cfg.unsecure_port} |
||||
bind_host: "${cfg.bind_host}" |
||||
server_name: "${cfg.server_name}" |
||||
pid_file: "/var/run/matrix-synapse.pid" |
||||
web_client: ${if cfg.web_client then "true" else "false"} |
||||
database: { |
||||
name: "${cfg.database_type}", |
||||
args: { |
||||
${concatStringsSep ",\n " ( |
||||
mapAttrsToList (n: v: "\"${n}\": ${v}") cfg.database_args |
||||
)} |
||||
} |
||||
} |
||||
log_file: "/var/log/matrix-synapse/homeserver.log" |
||||
log_config: "${logConfigFile}" |
||||
media_store_path: "/var/lib/matrix-synapse/media" |
||||
recaptcha_private_key: "${cfg.recaptcha_private_key}" |
||||
recaptcha_public_key: "${cfg.recaptcha_public_key}" |
||||
enable_registration_captcha: ${if cfg.enable_registration_captcha then "true" else "false"} |
||||
turn_uris: ${if (length cfg.turn_uris) == 0 then "[]" else ("\n" + (concatStringsSep "\n" (map (s: "- " + s) cfg.turn_uris)))} |
||||
turn_shared_secret: "${cfg.turn_shared_secret}" |
||||
enable_registration: ${if cfg.enable_registration then "true" else "false"} |
||||
${optionalString (cfg.registration_shared_secret != "") '' |
||||
registration_shared_secret: "${cfg.registration_shared_secret}" |
||||
''} |
||||
enable_metrics: ${if cfg.enable_metrics then "true" else "false"} |
||||
report_stats: ${if cfg.report_stats then "true" else "false"} |
||||
signing_key_path: "/var/lib/matrix-synapse/homeserver.signing.key" |
||||
perspectives: |
||||
servers: { |
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: '' |
||||
"${n}": { |
||||
"verify_keys": { |
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: '' |
||||
"${n}": { |
||||
"key": "${v}" |
||||
}'') v)} |
||||
} |
||||
'') cfg.servers)} |
||||
} |
||||
} |
||||
${cfg.extraConfig} |
||||
''; |
||||
in { |
||||
options = { |
||||
services.matrix-synapse = { |
||||
enable = mkEnableOption "matrix.org synapse"; |
||||
package = mkOption { |
||||
type = types.package; |
||||
default = pkgs.matrix-synapse; |
||||
description = '' |
||||
Overridable attribute of the matrix synapse server package to use. |
||||
''; |
||||
}; |
||||
no_tls = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Don't bind to the https port |
||||
''; |
||||
}; |
||||
tls_certificate_path = mkOption { |
||||
type = types.path; |
||||
default = "/var/lib/matrix-synapse/homeserver.tls.crt"; |
||||
description = '' |
||||
PEM encoded X509 certificate for TLS |
||||
''; |
||||
}; |
||||
tls_private_key_path = mkOption { |
||||
type = types.path; |
||||
default = "/var/lib/matrix-synapse/homeserver.tls.key"; |
||||
description = '' |
||||
PEM encoded private key for TLS |
||||
''; |
||||
}; |
||||
tls_dh_params_path = mkOption { |
||||
type = types.path; |
||||
default = "/var/lib/matrix-synapse/homeserver.tls.dh"; |
||||
description = '' |
||||
PEM dh parameters for ephemeral keys |
||||
''; |
||||
}; |
||||
bind_port = mkOption { |
||||
type = types.int; |
||||
default = 8448; |
||||
description = '' |
||||
The port to listen for HTTPS requests on. |
||||
For when matrix traffic is sent directly to synapse. |
||||
''; |
||||
}; |
||||
unsecure_port = mkOption { |
||||
type = types.int; |
||||
default = 8008; |
||||
description = '' |
||||
The port to listen for HTTP requests on. |
||||
For when matrix traffic passes through loadbalancer that unwraps TLS. |
||||
''; |
||||
}; |
||||
bind_host = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
description = '' |
||||
Local interface to listen on. |
||||
The empty string will cause synapse to listen on all interfaces. |
||||
''; |
||||
}; |
||||
server_name = mkOption { |
||||
type = types.str; |
||||
description = '' |
||||
The domain name of the server, with optional explicit port. |
||||
This is used by remote servers to connect to this server, |
||||
e.g. matrix.org, localhost:8080, etc. |
||||
This is also the last part of your UserID. |
||||
''; |
||||
}; |
||||
web_client = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Whether to serve a web client from the HTTP/HTTPS root resource. |
||||
''; |
||||
}; |
||||
database_type = mkOption { |
||||
type = types.enum [ "sqlite3" "psycopg2" ]; |
||||
default = "sqlite3"; |
||||
description = '' |
||||
The database engine name. Can be sqlite or psycopg2. |
||||
''; |
||||
}; |
||||
database_args = mkOption { |
||||
type = types.attrs; |
||||
default = { |
||||
database = "/var/lib/matrix-synapse/homeserver.db"; |
||||
}; |
||||
description = '' |
||||
Arguments to pass to the engine. |
||||
''; |
||||
}; |
||||
recaptcha_private_key = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
description = '' |
||||
This Home Server's ReCAPTCHA private key. |
||||
''; |
||||
}; |
||||
recaptcha_public_key = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
description = '' |
||||
This Home Server's ReCAPTCHA public key. |
||||
''; |
||||
}; |
||||
enable_registration_captcha = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Enables ReCaptcha checks when registering, preventing signup |
||||
unless a captcha is answered. Requires a valid ReCaptcha |
||||
public/private key. |
||||
''; |
||||
}; |
||||
turn_uris = mkOption { |
||||
type = types.listOf types.str; |
||||
default = []; |
||||
description = '' |
||||
The public URIs of the TURN server to give to clients |
||||
''; |
||||
}; |
||||
turn_shared_secret = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
description = '' |
||||
The shared secret used to compute passwords for the TURN server |
||||
''; |
||||
}; |
||||
enable_registration = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Enable registration for new users. |
||||
''; |
||||
}; |
||||
registration_shared_secret = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
description = '' |
||||
If set, allows registration by anyone who also has the shared |
||||
secret, even if registration is otherwise disabled. |
||||
''; |
||||
}; |
||||
enable_metrics = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Enable collection and rendering of performance metrics |
||||
''; |
||||
}; |
||||
report_stats = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
''; |
||||
}; |
||||
servers = mkOption { |
||||
type = types.attrs; |
||||
default = { |
||||
"matrix.org" = { |
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; |
||||
}; |
||||
}; |
||||
description = '' |
||||
The trusted servers to download signing keys from. |
||||
''; |
||||
}; |
||||
extraConfig = mkOption { |
||||
type = types.lines; |
||||
default = ""; |
||||
description = '' |
||||
Extra config options for matrix-synapse. |
||||
''; |
||||
}; |
||||
logConfig = mkOption { |
||||
type = types.lines; |
||||
default = readFile ./matrix-synapse-log_config.yaml; |
||||
description = '' |
||||
A yaml python logging config file |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
users.extraUsers = [ |
||||
{ name = "matrix-synapse"; |
||||
group = "matrix-synapse"; |
||||
home = "/var/lib/matrix-synapse"; |
||||
createHome = true; |
||||
shell = "${pkgs.bash}/bin/bash"; |
||||
uid = config.ids.uids.matrix-synapse; |
||||
} ]; |
||||
|
||||
users.extraGroups = [ |
||||
{ name = "matrix-synapse"; |
||||
gid = config.ids.gids.matrix-synapse; |
||||
} ]; |
||||
|
||||
systemd.services.matrix-synapse = { |
||||
after = [ "network.target" ]; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
preStart = '' |
||||
mkdir -p /var/lib/matrix-synapse |
||||
chmod 700 /var/lib/matrix-synapse |
||||
chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse |
||||
${cfg.package}/bin/homeserver --config-path ${configFile} --generate-keys |
||||
''; |
||||
serviceConfig = { |
||||
Type = "simple"; |
||||
User = "matrix-synapse"; |
||||
Group = "matrix-synapse"; |
||||
WorkingDirectory = "/var/lib/matrix-synapse"; |
||||
PermissionsStartOnly = true; |
||||
ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile}"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
@ -0,0 +1,45 @@ |
||||
{ pkgs, stdenv, buildPythonPackage, pythonPackages, fetchurl, fetchFromGitHub }: |
||||
let |
||||
matrix-angular-sdk = buildPythonPackage rec { |
||||
name = "matrix-angular-sdk-${version}"; |
||||
version = "0.6.6"; |
||||
|
||||
src = fetchurl { |
||||
url = "https://pypi.python.org/packages/source/m/matrix-angular-sdk/matrix-angular-sdk-${version}.tar.gz"; |
||||
sha256 = "1vknhmibb8gh8lng50va2cdvng5xm7vqv9dl680m3gj38pg0bv8a"; |
||||
}; |
||||
}; |
||||
in |
||||
buildPythonPackage rec { |
||||
name = "matrix-synapse-${version}"; |
||||
version = "0.12.0"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "matrix-org"; |
||||
repo = "synapse"; |
||||
rev = "f35f8d06ea58e2d0cdccd82924c7a44fd93f4c38"; |
||||
sha256 = "0b0k1am9lh0qglagc06m91qs26ybv37k7wpbg5333x8jaf5d1si4"; |
||||
}; |
||||
|
||||
patches = [ ./matrix-synapse.patch ]; |
||||
|
||||
propagatedBuildInputs = with pythonPackages; [ |
||||
blist canonicaljson daemonize dateutil frozendict pillow pybcrypt pyasn1 |
||||
pydenticon pymacaroons-pynacl pynacl pyopenssl pysaml2 pytz requests2 |
||||
service-identity signedjson systemd twisted15 ujson unpaddedbase64 pyyaml |
||||
matrix-angular-sdk |
||||
]; |
||||
|
||||
# Checks fail because of Tox. |
||||
doCheck = false; |
||||
|
||||
buildInputs = with pythonPackages; [ |
||||
mock setuptoolsTrial |
||||
]; |
||||
|
||||
meta = { |
||||
homepage = https://matrix.org; |
||||
description = "Matrix reference homeserver"; |
||||
license = stdenv.lib.licenses.asl20; |
||||
}; |
||||
} |
@ -0,0 +1,20 @@ |
||||
diff --git a/homeserver b/homeserver
|
||||
new file mode 120000
|
||||
index 0000000..2f1d413
|
||||
--- /dev/null
|
||||
+++ b/homeserver
|
||||
@@ -0,0 +1 @@
|
||||
+synapse/app/homeserver.py
|
||||
\ No newline at end of file
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 9d24761..f3e6a00 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -85,6 +85,6 @@ setup(
|
||||
include_package_data=True,
|
||||
zip_safe=False,
|
||||
long_description=long_description,
|
||||
- scripts=["synctl"] + glob.glob("scripts/*"),
|
||||
+ scripts=["synctl", "homeserver"] + glob.glob("scripts/*"),
|
||||
cmdclass={'test': Tox},
|
||||
)
|
Loading…
Reference in new issue