matrix-synapse: init on caliban

[mweinelt]

Draft of the matrix-synapse deployment.

Does not yet build, because I'm waiting on UDS support for the synapse listeners, which people are currently actively working on.

• Generic nginx module
• Generic PostgreSQL module with backup integration
• Matrix Synapse module
• Promtheus scraping for Synapse

Depends on

• 345

• https://github.com/NixOS/nixpkgs/pull/286172

Follow-up:

• https://github.com/NixOS/nixos-homepage/pull/1218

[JulienMalka]

@mweinelt Thank you for the great work on the backup module, do you mind if I cherry pick it to its own PR that we can merge so I can finish https://github.com/NixOS/nixos-org-configurations/pull/287 ?

[mweinelt]

I extracted the backup module and caliban's config into #345. Will rebase once it is merged.

[Erethon]

I would recommend adding some extra configs in synapse, namely:

• federation_metrics_domains pointing to matrix.org and maybe other big public instances (like fairydust.space). This can help with identifying problems like the ones mentioned in #410
• web_client_location: This will help any people that end up browsing to matrix.nixos.org without really knowing what to do to join the chat. Since matrix.nixos.org won't actually host any user accounts it doesn't make sense to point this to an actual element-web client. I think it could be set to https://matrix.to/#/#community:nixos.org which is the same link as the one provided in the community page.
• presence: Presence is a feature that's know to cause issues and is often disabled in most large installations as mentioned in the documentation. Since this homeserver will only host bot accounts, there really isn't a reason to have presence enabled that is a feature meant for humans and is resource heavy.
• media_retention: This is more of a policy thing, but I believe that remote media should be removed after a while because they're somewhat of an abuse vector currently.

[mweinelt]

federation_metrics_domains pointing to matrix.org and maybe other big public instances (like fairydust.space). This can help with identifying problems like the ones mentioned in https://github.com/NixOS/infra/issues/410

We'll revisit that when we dig into monitoring.

[mweinelt]

web_client_location: This will help any people that end up browsing to matrix.nixos.org without really knowing what to do to join the chat. Since matrix.nixos.org won't actually host any user accounts it doesn't make sense to point this to an actual element-web client. I think it could be set to matrix.to/#/#community:nixos.org which is the same link as the one provided in the community page.

Implemented.

presence: Presence is a feature that's know to https://github.com/element-hq/synapse/issues/15877 and is often disabled in most large installations as mentioned in the documentation. Since this homeserver will only host bot accounts, there really isn't a reason to have presence enabled that is a feature meant for humans and is resource heavy.

We have one interactive administrative user, and we're not that short on resources.

media_retention: This is more of a policy thing, but I believe that remote media should be removed after a while because they're somewhat of an abuse vector currently.

Went with 90d for local content, 14d for remote content, as shown in the config example from upstream.

[mweinelt]

We're migrated.

Set up the Grafana dashboard up and configured federation_metrics_domains.