From e038d8180d92d02ed020f05fb027ab6223d7ed24 Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 10 Aug 2022 00:31:17 +0200 Subject: [PATCH] VEGAS/matrix: use Patroni database, move dataDir --- hosts/VEGAS/services/matrix/default.nix | 42 +++++++++++++++++++------ secrets/synapse-db.age | 22 ++++++------- 2 files changed, 43 insertions(+), 21 deletions(-) diff --git a/hosts/VEGAS/services/matrix/default.nix b/hosts/VEGAS/services/matrix/default.nix index 50e9b1b..6d051ef 100644 --- a/hosts/VEGAS/services/matrix/default.nix +++ b/hosts/VEGAS/services/matrix/default.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, tools, ... }: +{ cluster, config, lib, pkgs, tools, ... }: let inherit (tools.meta) domain; + + patroni = cluster.config.links.patroni-pg-access; + listener = { port = 8008; bind_addresses = lib.singleton "127.0.0.1"; @@ -34,8 +37,22 @@ let handlers = [ "journal" ]; }; }; + dbConfig.database = { + name = "psycopg2"; + args = { + user = "matrix"; + database = "matrix"; + host = patroni.ipv4; + inherit (patroni) port; + cp_min = 1; + cp_max = 10; + }; + }; clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig); logConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON logConfig); + dbConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON dbConfig); + dbPasswordFile = config.age.secrets.synapse-db.path; + dbConfigOut = "${cfg.dataDir}/synapse-db-config-generated.yml"; cfg = config.services.matrix-synapse; in { imports = [ @@ -74,6 +91,7 @@ in { services.matrix-synapse = { enable = true; plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ]; + dataDir = "/srv/storage/private/matrix"; settings = { server_name = domain; @@ -100,12 +118,11 @@ in { in map makeTurnServer combinations; }; - extraConfigFiles = map (x: config.age.secrets.${x}.path) [ + extraConfigFiles = (map (x: config.age.secrets.${x}.path) [ "synapse-ldap" - "synapse-db" "synapse-turn" "synapse-keys" - ]; + ]) ++ [ dbConfigOut ]; }; services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains { @@ -126,9 +143,16 @@ in { }; }; }; - systemd.services = lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: { - serviceConfig = { - Slice = "communications.slice"; - }; - }); + systemd.services = lib.mkMerge [ + (lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: { + serviceConfig = { + Slice = "communications.slice"; + }; + })) + { + matrix-synapse.preStart = '' + ${pkgs.jq}/bin/jq -c --slurp '.[0] * .[1]' ${dbConfigJSON} '${dbPasswordFile}' | install -Dm400 -o matrix-synapse -g matrix-synapse /dev/stdin '${dbConfigOut}' + ''; + } + ]; } diff --git a/secrets/synapse-db.age b/secrets/synapse-db.age index 2779b95..542f36e 100644 --- a/secrets/synapse-db.age +++ b/secrets/synapse-db.age @@ -1,13 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 NO562A z3CK5DY5HpHg3ACVxLrz0YF/Yn114CZeaOWbBUiDbXA -WvWSEpovH2fVJuOCk2OpzgyONyHEaQb+Koafmfz0FRM --> ssh-ed25519 5/zT0w /FNqwfZgpihWRHg7tGH42Ak31FAC2sGtyPD20BrFuVI -GTMAwKTosLe/3xjPIrKhkQT0yKI7YaFNRNMxUOh8Rh4 --> ssh-ed25519 d3WGuA UA4tVfhoqb0nHOXw2Z94KsnsxXtyHd3Zoowcbh7/pk0 -nIfnGT2AtUxZX/GFptH8RgN8kMoEf5/TYM8TH38CI7Y --> ~0K&gN-grease u -J1bL/6N3ZA ---- LhSYtzwk6JfYCX5Ae7ldAsCwDg1Bg2W8BMM1oQvl9m8 -1$]ΞZPeS Nm -[d:2Y)Y^i=7s`M ]X@+Cz S!Niw;sR9dr -LWqYd 0kxe!c\˸$o1kGib4Ma{hOǶu:P#Җt7e_3 \ No newline at end of file +-> ssh-ed25519 NO562A rUwm3B9bXVr9yQEVb+0T8TESFX3TtQ/36jzACQ/wPjs +Z9uNi+t0/0uxQcRrmESjw5y442+YXYTineRJCyeP+Cc +-> ssh-ed25519 5/zT0w EqEi9yGubbrohSMbXho2g+Bfs1wlLQ5r3jNmeDHEhzQ +pUMrCW/pktQ2e2hrGlaMRMCCzLEQ0StArhZNjoqiJUs +-> ssh-ed25519 d3WGuA P5gHDU9MHDe88QmIEX1xLqw07QB0rMtHMThxqCd2IHw +TePeD3eny5ptgor08ORKVslB4LOX5ITz1ebssB1F2bw +-> X-grease d c4UL V1 +y+2gDQ +--- oEZLM3hETNqGb7gl5COcl8NzEL4029rFRVZWtZ1IjWI +0z [D9BYbWa[ HCE:<sH*7E񽇃p_ PB6Ԑ)OkGW=ۈe;^;<<C&w "TppJSpAoLq*,U2<[͜ݏ ܹL7ϏfԬDZX!x.++a{?r,``3F$2o?lKS,M21r(+΃Dx7V.t7aQb7N=P07c|Q& j,Q ϣ*_, .᫧wI| \ No newline at end of file