Finally switch to flakes.

nixos/server/synapse.nix

@@ -0,0 +1,96 @@
+{pkgs, config, ...}: {
+  services = let
+    secrets = import ../common/secrets.nix;
+  in {
+    # Synapse Matrix server
+    matrix-synapse = with config.services.coturn; {
+      enable = true;
+      settings = {
+        server_name = "${secrets.jimDomain}";
+        public_baseurl = "https://matrix.${secrets.jimDomain}";
+        suppress_key_server_warning = true;
+
+        # Set the network config
+        listeners = [{
+          # Client config
+          port = 8008;
+          bind_addresses = [ "::" "0.0.0.0" ];
+          resources = [ { compress = false;  names = [ "client" "federation" ]; } ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+        }];
+
+        # Enable smtp for password resets
+        email = {
+          notif_from = "Jimbo's Matrix <noreply@${secrets.jimDomain}>";
+          smtp_host = "mx.${secrets.jimDomain}";
+          smtp_user = "noreply@${secrets.jimDomain}";
+          smtp_pass = secrets.noreplyPassword;
+          enable_tls = true;
+          smtp_port = 587;
+          require_transport_security = true;
+        };
+
+        # Disable registration without email
+        registrations_require_3pid = [ "email" ];
+
+        # Allow only this range of emails
+        allowed_local_3pids = [{
+          medium = "email";
+          pattern = "^[^@]+@jimbosfiles\\.com$";
+        }];
+
+        # Set the type of database
+        database.name = "sqlite3";
+
+        # Allow account registration
+        enable_registration = true;
+
+        # General settings
+        url_preview_enabled = true;
+        max_upload_size = "50M";
+        report_stats = false;
+
+        # Turn settings
+        turn_uris = [
+          "turn:turn.${secrets.jimDomain}:3478?transport=udp"
+          "turn:turn.${secrets.jimDomain}:3478?transport=tcp"
+        ];
+        turn_shared_secret = static-auth-secret;
+        turn_user_lifetime = "1h";
+
+        # Ratelimiting
+        burst_count = 15;
+      };
+    };
+
+    # Sliding sync proxy for Matrix
+    matrix-sliding-sync = let
+      matrixSecretFile = pkgs.writeText "matrixsecret" ''
+        SYNCV3_SECRET=${secrets.matrixSecret}
+      '';
+    in {
+      enable = true;
+      settings = {
+        SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}";
+        SYNCV3_BINDADDR = "0.0.0.0:8009";
+      };
+      environmentFile = "${matrixSecretFile}";
+    };
+
+    # Coturn for VC
+    coturn = rec {
+      enable = true;
+      no-cli = true;
+      no-tcp-relay = true;
+      min-port = 49000;
+      max-port = 50000;
+      use-auth-secret = true;
+      static-auth-secret = "will be world readable for local users :(";
+      realm = "turn.${secrets.jimDomain}";
+      cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
+      pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
+    };
+  };
+}