| 7 Feb 2022 |
 Dandellion | lmao welcome to the federation | 20:08:56 |
 hexa | reverted to the default module and I'm back âšī¸ | 20:09:24 |
| hexa | but I don't want back! | 20:09:27 |
| Dandellion | In reply to @hexa:lossy.network
awesome, so from university I know that this is trivial. it actualy is surprisingly simple. I dont do it but the access token is just base64 encoded json lol | 20:09:40 |
| Dandellion | In reply to @hexa:lossy.network
awesome, so from university I know that this is trivial. * it actually is surprisingly simple. I dont do it but the access token is just base64 encoded json lol | 20:09:49 |
| hexa | yeah, but I'm not sure how to tell nginx to look at that, so I went with upstreams that use ip_hash | 20:10:10 |
| hexa | * yeah, but I'm not sure how to tell nginx to look at that, so I went with upstreams that use ip_hash instead | 20:10:14 |
| hexa | looked also at hash, but didn't see how it could look at the Authorization header | 20:10:47 |
| Dandellion | yeah I dont think nginx can do it | 20:10:59 |
| Dandellion | In reply to @hexa:lossy.network
also âĻ wondering how you handle the worker_replication_secret I don't use it đ
| 20:14:24 |
| hexa | yeah, noticed it was optional later on | 20:14:44 |
| hexa | so, surprised that outbound federation seems to have been broken | 20:15:15 |
| hexa | while the server told me they were sent | 20:15:31 |
| Dandellion | I'll try set up a syncotron, I only use federation senders and recievers | 20:16:16 |
| Dandellion | * I'll try set up a syncotron, I only use federation senders and recievers until now | 20:16:21 |
| hexa | set up two client, two sync, two federation, one media đ | 20:17:11 |
| hexa | because 12C/24T and stuff is idling hard | 20:17:33 |
| Dandellion | I'd suggest trying to set up only a federation sender and see if that works | 20:19:16 |
| Dandellion | since that requires no proxying | 20:19:27 |
| hexa | I disabled all worker endpoints in nginx | 20:22:17 |
| hexa | and that still did not work, so I went back to the stock module | 20:22:30 |
| Dandellion | quite curious | 20:22:43 |
| hexa | but sure, let me give that a shot | 20:22:43 |
| hexa | https://paste.lossy.network/B4 | 20:23:45 |
| hexa | that was my configuration, I commented out the nginx locations when I noticed people didn't see me | 20:24:19 |
| Dandellion | { config, lib, pkgs, ... }:
let
cfg = config.services.matrix-synapse-next;
in
{
imports = [ ./synapse-module ];
services.matrix-synapse-next = {
enable = true;
package = pkgs.matrix-synapse;
dataDir = "/data/synapse";
enableMainSynapse = true;
settings = {
server_name = "pvv.ntnu.no";
public_baseurl = "https://matrix.pvv.ntnu.no";
database = {
name = "psycopg2";
args = {
host = "localhost";
user = "synapse";
password = "synapse";
dbname = "synapse";
};
};
listeners = [
{
bind_addresses = ["127.0.1.2"]; port = 8008; tls = false; type = "http";
x_forwarded = true;
resources = [
{ names = ["client"]; compress = true;}
{ names = ["federation"]; compress = false;}
];
}
{
bind_addresses = ["127.0.1.2"]; port = 8010; tls = false; type = "http";
resources = [
{ names = ["metrics"]; compress = false; }
];
}
{
bind_addresses = [ "127.0.1.2"]; port = 9008; tls = false; type = "http";
resources = [
{ names = ["replication"]; compress = false; }
];
}
];
enable_metrics = true;
use_presence = true;
password_config.enabled = lib.mkForce false;
enable_registration = false;
signing_key_path = "${cfg.dataDir}/homeserver.signing.key";
media_store_path = "${cfg.dataDir}/media";
federation_sender_instances = [
"federation_sender1"
];
redis = {
enabled = true;
};
};
workers = {
"federation_sender1" = {
settings = {
worker_app = "synapse.app.federation_sender";
worker_replication_host = "127.0.1.2";
worker_replication_http_port = 9008;
worker_listeners = [
{
bind_addresses = ["127.0.1.10"]; port = 8010; tls = false; type = "http";
resources = [
{ names = ["metrics"]; compress = false; }
];
}
];
};
};
"federation_reciever1" = {
settings = {
worker_app = "synapse.app.generic_worker";
worker_replication_host = "127.0.1.2";
worker_replication_http_port = 9008;
worker_listeners = [
{
bind_addresses = ["127.0.1.11"]; port = 8010; tls = false; type = "http";
resources = [
{ names = ["metrics"]; compress = false; }
];
}
{
bind_addresses = ["127.0.1.11"]; port = 8011; tls = false; type = "http";
resources = [
{ names = ["federation"]; compress = false; }
];
}
];
};
};
};
};
services.redis.enable = true;
services.nginx.virtualHosts."matrix.pvv.ntnu.no" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.1.2:8008";
};
locations."/_matrix/federation" = {
proxyPass = "http://127.0.1.11:8011";
};
};
}
| 20:25:59 |
| hexa |
signing_key_path = "${cfg.dataDir}/homeserver.signing.key";
| 20:26:41 |
| hexa | I stumbled over that as well đ | 20:26:47 |
| hexa | Dandellion: metrics resource on the federation sender?! | 20:29:26 |
| Dandellion | sure, it lets you pull stuff in from prometheus from the worker | 20:29:57 |
