diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml
index 5961209bc13..507d28814ea 100644
--- a/nixos/doc/manual/configuration/configuration.xml
+++ b/nixos/doc/manual/configuration/configuration.xml
@@ -21,7 +21,6 @@
-
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml
index 18cb1e4c314..20f232c9110 100644
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@@ -746,21 +746,10 @@ auth required pam_succeed_if.so uid >= 1000 quiet
}
If you deploy a fresh matrix-synapse, you need to configure
- the database yourself. An example for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>:
-{ ... }: {
- services.matrix-synapse = {
- enable = true;
- /* and all the other config you've defined here */
- };
- services.postgresql.enable = true;
- services.postgresql.initialScript = ''
- CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
- CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- '';
-}
+ the database yourself (e.g. by using the
+ services.postgresql.initialScript
+ option). An example for this can be found in the
+ documentation of the Matrix module.
If you initially deployed your matrix-synapse on
nixos-unstableafter the 19.09-release,
diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix
index 52b917a73a0..d02fa13bb99 100644
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@@ -113,7 +113,7 @@ ${cfg.extraConfig}
'';
hasLocalPostgresDB = let args = cfg.database_args; in
- usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" ]));
+ usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
in {
options = {
services.matrix-synapse = {
@@ -721,4 +721,6 @@ in {
'')
];
+ meta.doc = ./matrix-synapse.xml;
+
}
diff --git a/nixos/doc/manual/configuration/matrix.xml b/nixos/modules/services/misc/matrix-synapse.xml
similarity index 61%
rename from nixos/doc/manual/configuration/matrix.xml
rename to nixos/modules/services/misc/matrix-synapse.xml
index ef8d5cbda88..053a3b2a563 100644
--- a/nixos/doc/manual/configuration/matrix.xml
+++ b/nixos/modules/services/misc/matrix-synapse.xml
@@ -40,26 +40,35 @@ let
in join config.networking.hostName config.networking.domain;
in {
networking = {
- hostName = "myhostname";
- domain = "example.org";
+ hostName = "myhostname";
+ domain = "example.org";
};
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ services.postgresql.enable = true;
+ services.postgresql.initialScript = ''
+ CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+ CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+ '';
services.nginx = {
- enable = true;
+ enable = true;
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
# but the rest make sense as well
- recommendedTlsSettings = true;
- recommendedOptimisation = true;
- recommendedGzipSettings = true;
- recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
- virtualHosts = {
+ virtualHosts = {
# This host section can be placed on a different host than the rest,
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
- locations."= /.well-known/matrix/server".extraConfig =
+ locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
@@ -68,7 +77,7 @@ in {
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
- locations."= /.well-known/matrix/client".extraConfig =
+ locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
@@ -84,34 +93,37 @@ in {
# Reverse proxy for Matrix client-server and server-server communication
${fqdn} = {
- enableACME = true;
- forceSSL = true;
+ enableACME = true;
+ forceSSL = true;
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Riot Web section below.
- locations."/".extraConfig = ''
+ locations."/".extraConfig = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
- proxyPass = "http://[::1]:8008"; # without a trailing /
+ proxyPass = "http://[::1]:8008"; # without a trailing /
};
};
};
};
services.matrix-synapse = {
- enable = true;
- server_name = config.networking.domain;
- listeners = [
+ enable = true;
+ server_name = config.networking.domain;
+ listeners = [
{
- port = 8008;
- bind_address = "::1";
- type = "http";
- tls = false;
- x_forwarded = true;
- resources = [
- { names = [ "client" "federation" ]; compress = false; }
+ port = 8008;
+ bind_address = "::1";
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [ "client" "federation" ];
+ compress = false;
+ }
];
}
];
@@ -135,10 +147,10 @@ in {
If you want to run a server with public registration by anybody, you can
- then enable . Otherwise, or you can generate a registration secret with
+ then enable services.matrix-synapse.enable_registration =
+ true;. Otherwise, or you can generate a registration secret with
pwgen -s 64 1 and set it with
- . To
+ . To
create a new user or admin, run the following after you have set the secret
and have rebuilt NixOS:
@@ -154,8 +166,8 @@ Success!
@your-username:example.org. Note that the registration
secret ends up in the nix store and therefore is world-readable by any user
on your machine, so it makes sense to only temporarily activate the
- option until a better solution
- for NixOS is in place.
+ registration_shared_secret
+ option until a better solution for NixOS is in place.
@@ -177,15 +189,24 @@ Success!
Matrix Now! for a list of existing clients and their supported
featureset.
-services.nginx.virtualHosts."riot.${fqdn}" = {
- enableACME = true;
- forceSSL = true;
- serverAliases = [
- "riot.${config.networking.domain}"
- ];
+{
+ services.nginx.virtualHosts."riot.${fqdn}" = {
+ enableACME = true;
+ forceSSL = true;
+ serverAliases = [
+ "riot.${config.networking.domain}"
+ ];
- root = pkgs.riot-web;
-};
+ root = pkgs.riot-web.override {
+ conf = {
+ default_server_config."m.homeserver" = {
+ "base_url" = "${config.networking.domain}";
+ "server_name" = "${fqdn}";
+ };
+ };
+ };
+ };
+}