infra/services/synapse.nix

{ config, ... }:

let
  domain = "berlin.ccc.de";
in
{
  services.matrix-synapse = {
    enable = false;
    settings = {
      server_name = domain;
      public_baseurl = "https://matrix.${domain}:443/";
      #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key"
      database.name = "psycopg2";
      listeners = [
        {
          path = "/run/matrix-synapse.sock";
          x_forwarded = true;
          resources = [
            {
              compress = false;
              names = [
                "client"
                "federation"
              ];
            }
          ];
        }
      ];
      dynamic_thumbnails = true;
      max_upload_size = "128M";
      max_image_pixels = "64M";

      retention = {
        enabled = true;
        default_policy = {
          min_lifetime = "1d";
          max_lifetime = "1y";
        };
        allowed_lifetime_min = "1d";
        allowed_lifetime_max = "1y";
      };
    };
    extraConfigFiles = [
      config.age.secrets.matrix-registration-shared-secret.path
    ];
    enableRegistrationScript = true;
  };
}