Sovran_SystemsOS/modules/synapse.nix

{ config, pkgs, lib, ... }:


####### CREATE NEW USER (ADMIN OR NOT) VIA TERMINAL #######

#  (Run as root in terminal) matrix-synapse-register_new_matrix_user #

####### #######

let
	personalization = import ./personalization.nix;
in
{
	services.matrix-synapse = {
		enable = true;
		settings = {
			include_content = false;
			group_unread_count_by_room = false;
			encryption_enabled_by_default_for_room_type = "invite";
			allow_profile_lookup_over_federation = false;
			allow_device_name_lookup_over_federation = false;
			server_name = personalization.matrix_url;
		 	url_preview_enabled = true;
		 	max_upload_size = "1024M";
		 	url_preview_ip_range_blacklist = [
				"10.0.0.0/8"
				"100.64.0.0/10"
				"169.254.0.0/16"
				"172.16.0.0/12"
				"192.0.0.0/24"
				"192.0.2.0/24"
				"192.168.0.0/16"
				"192.88.99.0/24"
				"198.18.0.0/15"
				"198.51.100.0/24"
				"2001:db8::/32"
				"203.0.113.0/24"
				"224.0.0.0/4"
				"::1/128"
				"fc00::/7"
				"fe80::/10"
				"fec0::/10"
				"ff00::/8"
				];
		 	url_preview_ip_ranger_whitelist = [ "127.0.0.1" ];
		 	turn_shared_secret = "${personalization.age.secrets.turn.file}";
    		turn_uris = [
      			"turn:${personalization.matrix_url}:5349?transport=udp"
      			"turn:${personalization.matrix_url}:5349?transport=tcp"
      			"turns:${personalization.matrix_url}:5349?transport=udp"
      			"turns:${personalization.matrix_url}:5349?transport=tcp"
          	];
			presence.enabled = true;
			enable_registration = false;
			registration_shared_secret = "${personalization.age.secrets.matrix_reg_secret.file}";
			listeners = [
				{
					port = 8008;
					bind_addresses = [ "::1" ];
					type = "http";
					tls = false;
					x_forwarded = true;
					resources = [ {
						names = [ "client" ];
						compress = true;
					} 
					{
						names = [ "federation" ];
						compress = false;
					} ];
				}
			];
		};
 	};
}