| 12 Mar 2022 |
 @delroth:delroth.net | (thanks for the really quick review on that one!) | 20:54:34 |
| 15 Mar 2022 |
 Sumner Evans | Element 1.10.7: https://github.com/NixOS/nixpkgs/pull/164279 | 15:25:41 |
| 16 Mar 2022 |
|  Zhaofeng Li joined the room. | 21:59:35 |
|  @tompurl:matrix.org joined the room. | 22:01:26 |
| 18 Mar 2022 |
| @tompurl:matrix.org | Hello! I'm moving my Synapse server from a Debian host to my NixOS host. So far things are going well but I don't see any place to enter my database password, and I don't see anything in the derivation about that here:
- https://search.nixos.org/options?channel=21.11&show=services.matrix-synapse.database_name&from=0&size=50&sort=relevance&type=packages&query=services.matrix-synapse
Does anyone know how I can configure this value?
| 18:14:06 |
 f0x | tompurl: it's under services.matrix-synapse.database_args, key password | 18:17:20 |
| @tompurl:matrix.org | f0x: Thank you! I figured that was it but I didn't see any docs on it. | 18:17:48 |
| f0x | it might be useful to add to the example snippet for it, since it would be a common use | 18:18:28 |
| f0x | oh it doesn't have any example currently https://github.com/NixOS/nixpkgs/blob/nixos-21.11/nixos/modules/services/misc/matrix-synapse.nix#L396-L408 | 18:19:19 |
| @tompurl:matrix.org | Ok, now I'm getting an error stating that peer authentication isn't working with Postgres. Is there a way to tell Synapse to use TCP auth or do I need to update my pg_hba.conf file somehow? | 18:42:14 |
| @tompurl:matrix.org | f0x: Ahh, never mind. I was able to fix that by simply adding a database_args.host param and setting it to localhost. Now everything's working. Thank you for your quick help! | 19:45:59 |
| f0x | ah nice :) | 19:50:53 |
| @tompurl:matrix.org | Shoot, federation isn't working. I googled how to fix this and surprise, I found https://federationtester.matrix.org , which to my surprise was also created by you f0x .
I tried both of my matrix-related domain names (destrocodpiece.wtf and matrix.destrocodpiece.wtf). The former gave me this error:
server name/.well-known result contains explicit port number: no SRV lookup done
The latter gave me this:
Get "https://98.34.0.148:8448/_matrix/key/v2/server": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Do you know where I can go from here to troubleshoot this?
| 21:16:13 |
| f0x | tompurl: what is your nginx setup like? | 21:21:17 |
| @tompurl:matrix.org | { config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
### Nextcloud
"docs.tompurl.com" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
### Synapse
# This host section can be placed on a different host than the rest,
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"destrocodpiece.wtf" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "matrix.destrocodpiece.wtf:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://destrocodpiece.wtf"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
# Reverse proxy for Matrix client-server and server-server communication
"matrix.destrocodpiece.wtf" = {
enableACME = true;
forceSSL = true;
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Element web section below.
locations."/".extraConfig = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
};
};
};
};
}
| 21:22:56 |
| @tompurl:matrix.org | Oh wait | 21:23:45 |
| @tompurl:matrix.org | lol | 21:23:46 |
| @tompurl:matrix.org | Now your fantastic tool is giving me a green for "destrocodpiece.wtf" | 21:24:01 |
| f0x | heh, what changed lol | 21:24:15 |
| @tompurl:matrix.org | I added the "matrix" prefix to "m.server" | 21:24:28 |
| f0x | ah yep, that'd fix it | 21:24:56 |
| f0x | you could also do away with the matrix. subdomain and reverseproxy /_matrix on destrocodepiece.wtf directly, but either works | 21:25:35 |
| @tompurl:matrix.org | Oh, so I could delete the entire "matrix.destrocodpiese.wtf" virtual host? | 21:27:06 |
