{
config,
lib,
pkgs,
...
}:
with pkgs;
# NOTE Reference the environment variable set in the corresponding agenix secret
let
database = {
connection_string = "$DB_STRING";
max_open_conns = 100;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
in
{
# Matrix server configuration
services.dendrite = {
enable = true;
httpPort = 8008;
environmentFile = config.age.secrets.dendrite-postgres.path;
loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
settings = {
global = {
server_name = "coolneng.duckdns.org";
private_key = config.age.secrets.dendrite.path;
inherit database;
dns_cache.enabled = true;
};
# HACK Inherit postgres connection string for the rest of the DBs
app_service_api = {
inherit database;
};
media_api = {
inherit database;
};
room_server = {
inherit database;
};
push_server = {
inherit database;
};
mscs = {
inherit database;
mscs = [
"msc2836"
"msc2946"
];
};
sync_api = {
inherit database;
};
key_server = {
inherit database;
};
federation_api = {
inherit database;
};
user_api = {
account_database = database;
device_database = database;
};
};
};
# Start dendrite after config files are mounted
systemd.services.dendrite.unitConfig.RequiresMountsFor = [
/var/lib/matrix-as-facebook
/var/lib/matrix-as-signal
/var/lib/matrix-as-telegram
];
# MQTT configuration
services.mosquitto = {
enable = true;
dataDir = "/vault/mosquitto";
logType = [
"websockets"
"error"
"warning"
"notice"
"information"
];
logDest = [ "syslog" ];
listeners = [
{
users.homeostasis = {
acl = [ "write #" ];
hashedPasswordFile = config.age.secrets.mqtt-sender.path;
};
users.prometheus = {
acl = [ "read #" ];
hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
};
}
];
};
}