VEGAS/matrix: use Patroni database, move dataDir

2022-08-10 00:31:17 +02:00 · 2022-08-10 00:31:17 +02:00 · e038d8180d
commit e038d8180d
parent 35189ed6de
2 changed files with 43 additions and 21 deletions
--- a/hosts/VEGAS/services/matrix/default.nix
+++ b/hosts/VEGAS/services/matrix/default.nix
@ -1,6 +1,9 @@
-{ config, lib, pkgs, tools, ... }:
+{ cluster, config, lib, pkgs, tools, ... }:
 let
  inherit (tools.meta) domain;
  patroni = cluster.config.links.patroni-pg-access;
  listener = {
    port = 8008;
    bind_addresses = lib.singleton "127.0.0.1";
@ -34,8 +37,22 @@ let
      handlers = [ "journal" ];
    };
  };
  dbConfig.database = {
    name = "psycopg2";
    args = {
      user = "matrix";
      database = "matrix";
      host = patroni.ipv4;
      inherit (patroni) port;
      cp_min = 1;
      cp_max = 10;
    };
  };
  clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig);
  logConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON logConfig);
  dbConfigJSON = pkgs.writeText "matrix-log-config.json" (builtins.toJSON dbConfig);
  dbPasswordFile = config.age.secrets.synapse-db.path;
  dbConfigOut = "${cfg.dataDir}/synapse-db-config-generated.yml";
  cfg = config.services.matrix-synapse;
 in {
  imports = [
@ -74,6 +91,7 @@ in {
  services.matrix-synapse = {
    enable = true;
    plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ];
    dataDir = "/srv/storage/private/matrix";
    settings = {
      server_name = domain;
@ -100,12 +118,11 @@ in {
      in map makeTurnServer combinations;
    };
-    extraConfigFiles = map (x: config.age.secrets.${x}.path) [
+    extraConfigFiles = (map (x: config.age.secrets.${x}.path) [
      "synapse-ldap"
      "synapse-db"
      "synapse-turn"
      "synapse-keys"
-    ]; 
+    ]) ++ [ dbConfigOut ];
  };
  services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains {
@ -126,9 +143,16 @@ in {
      };
    };
  };
-  systemd.services = lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: {
+  systemd.services = lib.mkMerge [
-    serviceConfig = {
+    (lib.genAttrs [ "coturn" "matrix-appservice-discord" "matrix-synapse" ] (_: {
-      Slice = "communications.slice";
+      serviceConfig = {
-    };
+        Slice = "communications.slice";
-  });
+      };
    }))
    {
      matrix-synapse.preStart = ''
        ${pkgs.jq}/bin/jq -c --slurp '.[0] * .[1]' ${dbConfigJSON} '${dbPasswordFile}' | install -Dm400 -o matrix-synapse -g matrix-synapse /dev/stdin '${dbConfigOut}'
      '';
    }
  ];
 }
--- a/secrets/synapse-db.age
+++ b/secrets/synapse-db.age
@ -1,13 +1,11 @@
 age-encryption.org/v1
-> ssh-ed25519 NO562A z3CK5DY5HpHg3ACVxLrz0YF/Yn114CZeaOWbBUiDbXA
+-> ssh-ed25519 NO562A rUwm3B9bXVr9yQEVb+0T8TESFX3TtQ/36jzACQ/wPjs
-WvWSEpovH2fVJuOCk2OpzgyONyHEaQb+Koafmfz0FRM
+Z9uNi+t0/0uxQcRrmESjw5y442+YXYTineRJCyeP+Cc
-> ssh-ed25519 5/zT0w /FNqwfZgpihWRHg7tGH42Ak31FAC2sGtyPD20BrFuVI
+-> ssh-ed25519 5/zT0w EqEi9yGubbrohSMbXho2g+Bfs1wlLQ5r3jNmeDHEhzQ
-GTMAwKTosLe/3xjPIrKhkQT0yKI7YaFNRNMxUOh8Rh4
+pUMrCW/pktQ2e2hrGlaMRMCCzLEQ0StArhZNjoqiJUs
-> ssh-ed25519 d3WGuA UA4tVfhoqb0nHOXw2Z94KsnsxXtyHd3Zoowcbh7/pk0
+-> ssh-ed25519 d3WGuA P5gHDU9MHDe88QmIEX1xLqw07QB0rMtHMThxqCd2IHw
-nIfnGT2AtUxZX/GFptH8RgN8kMoEf5/TYM8TH38CI7Y
+TePeD3eny5ptgor08ORKVslB4LOX5ITz1ebssB1F2bw
-> ~0K&gN-grease u
+-> X-grease d c4UL V1
-J1bL/6N3ZA
+y+2gDQ
--- LhSYtzwk6JfYCX5Ae7ldAsCwDg1Bg2W8BMM1oQvl9m8
+--- oEZLM3hETNqGb7gl5COcl8NzEL4029rFRVZWtZ1IjWI
-Ŕ1›Ą$ě]ĺľÎžZPeÇúSśNám
+0z	[©D9B–Yb×WaÇ[
HÍCE:<sHÑ*Ó7ë‡Ñ†ï÷Eñ½‡ƒºp°õó_
˜²ÁýPBÄÅ6Ô<36>)<29>¤OkîGšW<C5A1>Å=Ûˆe;^;ÆÕÐÿ<C390><¤<ÅC&¬w<0B>"T¸ppýJSëpA<70>oõ”Lq*ýò,ÕúU2<[Íœ<C38D>áßÝ<C39F>Ü¹ÖÇLïò7Ï<37>ø¨fºÔ¬ðÇ±ê·X!xž.€++a…{?–¿õrÀÂîð,`ì`£3F$²2oðˆ?l·Kö¼Sâ‚,ÁñM‘‰21£¾åärÓ’(+ÎƒDxŒ7 ŒV„.‹Út7aQ÷bîè»7N=¶PÑä07À…c|Q&	¸j¬²,Q‡¿	Ï£<C38F>*½‰_,’®¿ÿ‚ÿÍýžÃ.á«§w÷I|
 [çd:ˇý2Y)YŤ^i=Řř<C598>ÎĆă7sĘľ´`°M‘¶]ŚX@®Ű+¦©—Cz˘<0B>•ŽŔS!đNi<>ăwö;s–”ČĆéŰőR9drí
 LĆWśqYűđdéŁ0kxe!c\Ë¸¶ŤĺÉ$o1 kGľáibÜŰ4‚ĺMa××{˝°hOÇ¶Őu»µ:P#Ň–tÜ7e_3