kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Synapse cleanup, monitoring

Browse source
This commit is contained in:
Kat Inskip 2023-07-29 12:37:48 -07:00
parent ab8885a907
commit d38cc5233f
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
8 changed files with 77 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/roles/matrix-homeserver/nginx.nix
View file

@ -20,7 +20,7 @@ in {
return 404;
'';
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
locations."/_synapse".proxyPass = "http://[::1]:8008";
extraConfig = ''
http2_max_requests 100000;
keepalive_requests 100000;

5
nixos/roles/matrix-homeserver/secrets.yaml
View file

@ -1,4 +1,5 @@
matrix_shared_registration_secret: ENC[AES256_GCM,data:DsCqfbS2yxN7nVRevcjpfO63jBUsyQHfEfbpZpD3cBtPf+JuZ8TFPBNNQwx2NYdyty60INdr4w==,iv:pSf6VDS9bqZIq8ZqOW0v4siRbDp9EEdw7TtSSjjrC6A=,tag:V61OqmdsNzczOzf+2Y6LSA==,type:str]
api_id: ENC[AES256_GCM,data:z1FqOKDSG1uo4BYgt2Ct9cUUy/daSgMNCnOHsdhG0ocw7eNI,iv:2cpOFO0Fcv/Y2xj/5UErbZ9qiLtn0QUWUg12Z9z/Ug4=,tag:cYEgrUM8GJ+uGNXKz4GpdQ==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -15,8 +16,8 @@ sops:
eWdDbGxobFlkZG1SL3UrTEJXajU3RXMK9ULFsUDHxBtzCy5tbwSFeKm18TRjX1mO
B1SbGXUNG1XreeRpb5n7r01njVrPpbJI3DPtjvoKquNTc2BhZHi0Xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-25T21:32:10Z"
mac: ENC[AES256_GCM,data:a8M6/7jh2kZpLS582ZUlnZbMCcHRvMI5x0mK/+tFiM1uUFgHPS4wg5tywkccUtX9iBK4cFRxFRWH+nnclYiljiYUCKeNGrnuy6+2YVjqtSEvSSooV0ku3za34+OVzd2VUhH7wcKG2Q9VAmZwok1z6YyP++lQarGcntQR/1iXHrg=,iv:bYgwNrr2RAtIB1FhtTDM2+1H4Ju+kvAfyY96VRRgSis=,tag:JmRjS6pnrzjWKdPAfBeUfQ==,type:str]
lastmodified: "2023-07-29T18:54:02Z"
mac: ENC[AES256_GCM,data:fJdeN80RbQ3wq9udQt/XA7XlvhT+y9gR8z38t2l5P9vnyfqlxEiyfPIdFO8p01ZW3HZFVMessx2ev469LTMXcvf3Ln+L/dopSzZm7L4IRx2EvLYN2PbrZ86/AhgI/CEWyYX/xEMdwxZFR08KNBIMfu161YeDGDgPeevbRpCWkRA=,iv:kY59Y+wN2ZbGFDFOGplFzWpgW0OG+RBcTfucpZNyjq0=,tag:4vPdTfw0lEr5+fH/ACqSuQ==,type:str]
pgp:
- created_at: "2023-04-25T21:47:23Z"
enc: |

5
nixos/roles/matrix-homeserver/synapse.nix
View file

@ -1,6 +1,7 @@
{
lib,
config,
pkgs,
...
}: let
inherit (lib.modules) mkDefault;
@ -39,4 +40,8 @@ in {
];
};
};
environment.systemPackages = with pkgs; [
synapse-cleanup
];
}

8
nixos/roles/monitoring-server/grafana.nix
View file

@ -5,8 +5,10 @@
}: {
services.grafana = {
enable = true;
domain = "mon.kittywit.ch";
port = 2342;
addr = "127.0.0.1";
settings.server = {
domain = "mon.kittywit.ch";
http_port = 2342;
http_addr = "127.0.0.1";
};
};
}

4
nixos/roles/monitoring-server/nginx.nix
View file

@ -1,7 +1,7 @@
{config, ...}: {
services.nginx.virtualHosts.${config.services.grafana.domain} = {
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};

49
packages/synapse-cleanup/cleanup.sh Normal file
View file

@ -0,0 +1,49 @@
#!/usr/bin/env bash
set -eu
set -o pipefail
read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER
read -sp "Enter the admin user token required: " API_ID
TEMPDIR=$(mktemp -d)
echo -n "Starting synapse, just to make sure it is online for these requests"
systemctl start matrix-synaps
sleep 5
echo -n "Collecting required room data"
curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}"/roomlist.json
jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/to_purge.txt
jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/history_purge.txt
ts=$(( $(date --date="1 month ago" +%s)*1000 ))
echo -n "Cleaning up media store"
curl --header "Authorization: Bearer ${API_ID}" -X POST "https://${HOMESERVER}/_synapse/admin/v1/media/delete?before_ts=${ts}"
echo -n "Deleting empty rooms"
rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/to_purge.txt)
for room_id in $rooms_to_remove; do
if [ -n "$room_id" ];then
echo -e "\nDeleting ${room_id}!\n"
curl --header "Authorization: Bearer ${API_ID}" -X DELETE -H "Content-Type: application/json" -d "{}" "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}"
fi
done
rooms_to_clean=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/history_purge.txt)
echo -n "Deleting unnecessary room history"
for room_id in $rooms_to_clean; do
echo -e "\nRemoving history for $room_id\n"
curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": $ts }" "https://${HOMESERVER}/_synapse/admin/v1/purge_history/\${room_id}"
don
sudo -u matrix-synapse synapse_auto_compressor -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/" -c 500 -n 100
echo -n "Last optimization steps, database optimization, shutting down Synapse"
systemctl stop matrix-synaps
sudo -u postgres psql matrix-synapse -c "REINDEX (VERBOSE) DATABASE \"matrix-synapse\";"
sudo -u postgres psql -c "VACUUM FULL VERBOSE;"
rm -rf "${TEMPDIR}"
echo -n "Synapse cleanup performed, booting up"
systemctl start matrix-synapse

11
packages/synapse-cleanup/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
wrapShellScriptBin,
pkgs,
}:
wrapShellScriptBin "synapse-cleanup" ./cleanup.sh {
depsRuntimePath = with pkgs; [
matrix-synapse-tools.rust-synapse-compress-state
curl
jq
];
}

1
tree.nix
View file

@ -40,6 +40,7 @@
];
};
"systems/*".aliasDefault = true;
"packages/*".aliasDefault = true;
"nixos/hardware".evaluateDefault = true;
"nixos/hardware/*".functor.enable = true;
"darwin/*".functor.enable = true;