VEGAS/matrix: use Patroni database, move dataDir

hosts/VEGAS/services/matrix/default.nix

@@ -1,6 +1,9 @@
-{ config, lib, pkgs, tools, ... }:
+{ cluster, config, lib, pkgs, tools, ... }:
 let
   inherit (tools.meta) domain;
+
+  patroni = cluster.config.links.patroni-pg-access;
+
   listener = {
     port = 8008;
     bind_addresses = lib.singleton "127.0.0.1";
@@ -34,8 +37,22 @@ let
       handlers = [ "journal" ];
     };
   };
+  dbConfig.database = {
+    name = "psycopg2";
+    args = {
+      user = "matrix";
+      database = "matrix";
+      host = patroni.ipv4;
+      inherit (patroni) port;
+      cp_min = 1;
+      cp_max = 10;
+    };
+  };
   clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig);
   logConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON logConfig);
+  dbConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON dbConfig);
+  dbPasswordFile = config.age.secrets.synapse-db.path;
+  dbConfigOut = "${cfg.dataDir}/synapse-db-config-generated.yml";
   cfg = config.services.matrix-synapse;
 in {
   imports = [
@@ -74,6 +91,7 @@ in {
   services.matrix-synapse = {
     enable = true;
     plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ];
+    dataDir = "/srv/storage/private/matrix";
 
     settings = {
       server_name = domain;
@@ -100,12 +118,11 @@ in {
       in map makeTurnServer combinations;
     };
 
-    extraConfigFiles = map (x: config.age.secrets.${x}.path) [
+    extraConfigFiles = (map (x: config.age.secrets.${x}.path) [
       "synapse-ldap"
-      "synapse-db"
       "synapse-turn"
       "synapse-keys"
-    ]; 
+    ]) ++ [ dbConfigOut ];
   };
 
   services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains {
@@ -126,9 +143,16 @@ in {
       };
     };
   };
-  systemd.services = lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: {
-    serviceConfig = {
-      Slice = "communications.slice";
-    };
-  });
+  systemd.services = lib.mkMerge [
+    (lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: {
+      serviceConfig = {
+        Slice = "communications.slice";
+      };
+    }))
+    {
+      matrix-synapse.preStart = ''
+        ${pkgs.jq}/bin/jq -c --slurp '.[0] * .[1]' ${dbConfigJSON} '${dbPasswordFile}' | install -Dm400 -o matrix-synapse -g matrix-synapse /dev/stdin '${dbConfigOut}'
+      '';
+    }
+  ];
 }

secrets/synapse-db.age

@@ -1,13 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 NO562A z3CK5DY5HpHg3ACVxLrz0YF/Yn114CZeaOWbBUiDbXA
-WvWSEpovH2fVJuOCk2OpzgyONyHEaQb+Koafmfz0FRM
--> ssh-ed25519 5/zT0w /FNqwfZgpihWRHg7tGH42Ak31FAC2sGtyPD20BrFuVI
-GTMAwKTosLe/3xjPIrKhkQT0yKI7YaFNRNMxUOh8Rh4
--> ssh-ed25519 d3WGuA UA4tVfhoqb0nHOXw2Z94KsnsxXtyHd3Zoowcbh7/pk0
-nIfnGT2AtUxZX/GFptH8RgN8kMoEf5/TYM8TH38CI7Y
--> ~0K&gN-grease u
-J1bL/6N3ZA
---- LhSYtzwk6JfYCX5Ae7ldAsCwDg1Bg2W8BMM1oQvl9m8
-Ŕ1›Ą$ě]ĺľΞZPeÇúSśNám
-[çd:ˇý2Y)YŤ^i=Řř<C598>ÎĆă7sĘľ´`°M‘¶]ŚX@®Ű+¦©—Cz˘<0B>•ŽŔS!đNi<>ăwö;s–”ČĆéŰőR9drí
-LĆWśqYűđdéŁ0kxe!c\˸¶ŤĺÉ$o1 kGľáibÜŰ4‚ĺMa××{˝°hOǶŐu»µ:P#Ň–tÜ7
e_3
+-> ssh-ed25519 NO562A rUwm3B9bXVr9yQEVb+0T8TESFX3TtQ/36jzACQ/wPjs
+Z9uNi+t0/0uxQcRrmESjw5y442+YXYTineRJCyeP+Cc
+-> ssh-ed25519 5/zT0w EqEi9yGubbrohSMbXho2g+Bfs1wlLQ5r3jNmeDHEhzQ
+pUMrCW/pktQ2e2hrGlaMRMCCzLEQ0StArhZNjoqiJUs
+-> ssh-ed25519 d3WGuA P5gHDU9MHDe88QmIEX1xLqw07QB0rMtHMThxqCd2IHw
+TePeD3eny5ptgor08ORKVslB4LOX5ITz1ebssB1F2bw
+-> X-grease d c4UL V1
+y+2gDQ
+--- oEZLM3hETNqGb7gl5COcl8NzEL4029rFRVZWtZ1IjWI
+0z	[©D9B–Yb×WaÇ[
HÍCE:<sHÑ*Ó7ë‡Ñ†ï÷Eñ½‡ƒºp°õó_
˜²ÁýPBÄÅ6Ô<36>)<29>¤OkîGšW<C5A1>Å=Ûˆe;^;ÆÕÐÿ<C390><¤<ÅC&¬w<0B>"T¸ppýJSëpA<70>oõ”Lq*ýò,ÕúU2<[Íœ<C38D>áßÝ<C39F>ܹÖÇLïò7Ï<37>ø¨fºÔ¬ðDZê·X!xž.€++a…{?–¿õrÀÂîð,`ì`£3F$²2oðˆ?l·Kö¼Sâ‚,ÁñM‘‰21£¾åärÓ’(+΃DxŒ7 ŒV„.‹Út7aQ÷bîè»7N=¶PÑ
ä07À…c|Q&	¸j¬²,Q‡¿	Ï£<C38F>*½‰_,’®¿ÿ‚ÿÍ
ýžÃ.᫧w÷I|