{ pkgs, ... }: let baseUrl = "matrix.xenia.me.uk"; port = 8008; in { imports = [ ../traefik/default.nix ]; services.postgresql.enable = true; services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; ''; services = { matrix-synapse = { enable = true; settings.server_name = "https://${baseUrl}"; # The public base URL value must match the `base_url` value set in `clientConfig` above. # The default value here is based on `server_name`, so if your `server_name` is different # from the value of `fqdn` above, you will likely run into some mismatched domain names # in client applications. settings.public_baseurl = "https://${baseUrl}"; settings.listeners = [{ bind_addresses = [ "127.0.0.1" ]; port = 8008; type = "http"; tls = false; x_forwarded = true; resources = [{ names = [ "client" "federation" ]; compress = true; }]; }]; }; traefik = { staticConfigOptions.entryPoints.synapse-federation.address = ":8448"; dynamicConfigOptions.http = { routers = { synapse-service = { rule = "Host(`matrix.xenia.me.uk`)"; entryPoints = [ "http" "https" ]; service = "synapse-service"; tls = { certResolver = "default"; }; }; synapse-federation-client = { rule = "PathPrefix(`/.well-known/matrix/client)"; entryPoints = [ "synapse-federation" ]; service = "synapse-service"; tls = { certResolver = "default"; }; }; synapse-federation-server = { rule = "PathPrefix(`/.well-known/matrix/server)"; entryPoints = [ "synapse-federation" ]; service = "synapse-service"; tls = { certResolver = "default"; }; }; }; services = { synapse-service.loadBalancer.servers = [{ url = "http://localhost:8008"; }]; }; }; }; }; }