From f8ed25e743be764ac8fa1ddea9ad4b400ffc1d69 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 7 Sep 2021 11:24:11 +0200
Subject: [PATCH] port synapse to postgres

---
 hosts/architect/matrix.nix | 69 ++++++++++++++++++++++----------------
 1 file changed, 41 insertions(+), 28 deletions(-)

diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix
index a009dd6..d4f7a83 100644
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@@ -6,11 +6,11 @@ with import ./network.nix;
     matrix-synapse = {
       enable = true;
       server_name = "${matrixdomain}";
-      database_type = "sqlite3";
+      database_name = "synapse";
       public_baseurl = "https://${matrixdomain}";
       registration_shared_secret = "runas!";
       dynamic_thumbnails = true;
-      enable_registration = true;
+      #enable_registration = true;
       app_service_config_files = [ 
         "/var/lib/matrix-synapse/discord-registration.yaml" 
         "/var/lib/matrix-synapse/telegram-registration.yaml" 
@@ -39,6 +39,19 @@ with import ./network.nix;
       ];
     };
 
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "synapse" ];
+      ensureUsers = [
+        {
+          name = "matrix-synapse";
+          ensurePermissions = {
+            "DATABASE synapse" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+    };
+
     nginx.virtualHosts = {
       # server
       ${matrixdomain} = {
@@ -109,28 +122,28 @@ with import ./network.nix;
     };
 
     # telegram bridge
-    
-  mautrix-telegram = {
-    enable = true;
-    environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
 
-    settings = {
-      homeserver = {
-        address = "https://${matrixdomain}";
-        domain = "${matrixdomain}";
-      };
+    mautrix-telegram = {
+      enable = true;
+      environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
 
-      appservice = {
-        provisioning.enabled = false;
-        id = "telegram";
-      };
-
-      bridge = {
-        permissions = {
-          "@pepe:${matrixdomain}" = "admin";
-          "${matrixdomain}" = "puppeting";
+      settings = {
+        homeserver = {
+          address = "https://${matrixdomain}";
+          domain = "${matrixdomain}";
         };
 
+        appservice = {
+          provisioning.enabled = false;
+          id = "telegram";
+        };
+
+        bridge = {
+          permissions = {
+            "@pepe:${matrixdomain}" = "admin";
+            "${matrixdomain}" = "puppeting";
+          };
+
         # Animated stickers conversion requires additional packages in the
         # service's path.
         # If this isn't a fresh installation, clearing the bridge's uploaded
@@ -150,18 +163,18 @@ with import ./network.nix;
     };
   };
 
-  };
+};
 
-  systemd.services.mautrix-telegram.path = with pkgs; [
-    lottieconverter  # for animated stickers conversion, unfree package
-    ffmpeg           # if converting animated stickers to webm (very slow!)
-  ];
+systemd.services.mautrix-telegram.path = with pkgs; [
+  lottieconverter  # for animated stickers conversion, unfree package
+  ffmpeg           # if converting animated stickers to webm (very slow!)
+];
 
-  networking.extraHosts = ''
+networking.extraHosts = ''
         127.0.0.1 ${matrixdomain} ${matrixwebdomain}
         ${architect-lan} ${matrixdomain} ${matrixwebdomain}
         ${architect-wg} ${matrixdomain} ${matrixwebdomain}
-  '';
+'';
 
-  users.groups.acme.members = [ "turnserver" ];
+users.groups.acme.members = [ "turnserver" ];
 }