tente: replace Synapse with Conduit

I didn't have working push notifications for a long time with Synapse.
At one point I had tried setting up ntfy since it implements a Matrix push
gateway but never got this to work. Conduit has a push gateway builtin
and also Rust makes more sense for a Matrix server than Python.

2 files changed, 14 insertions, 27 deletions

diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index ac8f438..6063b2c 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -9,8 +9,10 @@ let
   acmeEmail = "martin@push-f.com";
   sources = import <top/npins>;
   helpers = import <top/helpers.nix> { inherit config lib pkgs; };
+  pkgs-unstable = import sources.nixpkgs-unstable {};
 in
 {
+  _module.args = { inherit pkgs-unstable; };
   imports = [
     ./hardware-configuration.nix
     <top/profiles/server>
diff --git a/nixos/hosts/tente/matrix.nix b/nixos/hosts/tente/matrix.nix
index 2eb8673..89782fc 100644
--- a/nixos/hosts/tente/matrix.nix
+++ b/nixos/hosts/tente/matrix.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, pkgs-unstable, ... }:
 
 let
   cfg = config.matrix;
@@ -19,32 +19,19 @@ in
 
   config = {
     services = {
-      matrix-synapse = {
+      matrix-conduit = {
         enable = true;
+        package = pkgs-unstable.matrix-conduit;
         settings = {
-          server_name = cfg.serverName;
-          listeners = [{
-            # This listener matches the default of NixOS 24.11 (replicated here to make the port configurable).
-            bind_addresses = ["127.0.0.1"];
+          global = {
+            server_name = cfg.serverName;
             port = cfg.port;
-            resources = [
-              {
-                compress = true;
-                names = ["client"];
-              }
-              {
-                compress = false;
-                names = ["federation"];
-              }
-            ];
-            tls = false;
-            type = "http";
-            x_forwarded = true;
-          }];
+            address = "127.0.0.1"; # this is the default of conduit but the nixos service defaults to ::1
+            database_backend = "rocksdb";
+            enable_lightning_bolt = false;
+            allow_registration = false;
+          };
         };
-
-        # The default is INFO which can easily spam the systemd journal with 500k messages a day.
-        log.root.level = "WARNING";
       };
 
       nginx.virtualHosts.${cfg.apiDomain} = {
@@ -54,14 +41,12 @@ in
 
         # TODO: add locations."/" with some message
 
-        # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
+        # Forward all Matrix API calls to the Conduit Matrix homeserver. A trailing slash
         # *must not* be used here.
         locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
-        # Forward requests for e.g. SSO and password-resets.
-        locations."/_synapse/client".proxyPass = "http://127.0.0.1:${toString cfg.port}";
       };
 
-      # I don't really care about these nginx access logs. Synapse has its own
+      # I don't really care about these nginx access logs. Conduit has its own
       # log anyway and with the default log rotation (weekly and delaycompress=true)
       # the access logs from last week took up ~800MB.
       logrotate.settings.matrix-nginx-access-log =