From d38cc5233f1b560c0cbbdcd8501b89e9d8d55543 Mon Sep 17 00:00:00 2001
From: Kat Inskip <kat@inskip.me>
Date: Sat, 29 Jul 2023 12:37:48 -0700
Subject: [PATCH] Synapse cleanup, monitoring

---
 nixos/roles/matrix-homeserver/nginx.nix    |  2 +-
 nixos/roles/matrix-homeserver/secrets.yaml |  5 ++-
 nixos/roles/matrix-homeserver/synapse.nix  |  5 +++
 nixos/roles/monitoring-server/grafana.nix  |  8 ++--
 nixos/roles/monitoring-server/nginx.nix    |  4 +-
 packages/synapse-cleanup/cleanup.sh        | 49 ++++++++++++++++++++++
 packages/synapse-cleanup/default.nix       | 11 +++++
 tree.nix                                   |  1 +
 8 files changed, 77 insertions(+), 8 deletions(-)
 create mode 100644 packages/synapse-cleanup/cleanup.sh
 create mode 100644 packages/synapse-cleanup/default.nix

diff --git a/nixos/roles/matrix-homeserver/nginx.nix b/nixos/roles/matrix-homeserver/nginx.nix
index a16c4898..74e2f08b 100644
--- a/nixos/roles/matrix-homeserver/nginx.nix
+++ b/nixos/roles/matrix-homeserver/nginx.nix
@@ -20,7 +20,7 @@ in {
           return 404;
         '';
         locations."/_matrix".proxyPass = "http://[::1]:8008";
-        locations."/_synapse/client".proxyPass = "http://[::1]:8008";
+        locations."/_synapse".proxyPass = "http://[::1]:8008";
         extraConfig = ''
           http2_max_requests 100000;
           keepalive_requests 100000;
diff --git a/nixos/roles/matrix-homeserver/secrets.yaml b/nixos/roles/matrix-homeserver/secrets.yaml
index 9f17e79f..ee98804d 100644
--- a/nixos/roles/matrix-homeserver/secrets.yaml
+++ b/nixos/roles/matrix-homeserver/secrets.yaml
@@ -1,4 +1,5 @@
 matrix_shared_registration_secret: ENC[AES256_GCM,data:DsCqfbS2yxN7nVRevcjpfO63jBUsyQHfEfbpZpD3cBtPf+JuZ8TFPBNNQwx2NYdyty60INdr4w==,iv:pSf6VDS9bqZIq8ZqOW0v4siRbDp9EEdw7TtSSjjrC6A=,tag:V61OqmdsNzczOzf+2Y6LSA==,type:str]
+api_id: ENC[AES256_GCM,data:z1FqOKDSG1uo4BYgt2Ct9cUUy/daSgMNCnOHsdhG0ocw7eNI,iv:2cpOFO0Fcv/Y2xj/5UErbZ9qiLtn0QUWUg12Z9z/Ug4=,tag:cYEgrUM8GJ+uGNXKz4GpdQ==,type:str]
 sops:
     shamir_threshold: 1
     kms: []
@@ -15,8 +16,8 @@ sops:
             eWdDbGxobFlkZG1SL3UrTEJXajU3RXMK9ULFsUDHxBtzCy5tbwSFeKm18TRjX1mO
             B1SbGXUNG1XreeRpb5n7r01njVrPpbJI3DPtjvoKquNTc2BhZHi0Xg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-25T21:32:10Z"
-    mac: ENC[AES256_GCM,data:a8M6/7jh2kZpLS582ZUlnZbMCcHRvMI5x0mK/+tFiM1uUFgHPS4wg5tywkccUtX9iBK4cFRxFRWH+nnclYiljiYUCKeNGrnuy6+2YVjqtSEvSSooV0ku3za34+OVzd2VUhH7wcKG2Q9VAmZwok1z6YyP++lQarGcntQR/1iXHrg=,iv:bYgwNrr2RAtIB1FhtTDM2+1H4Ju+kvAfyY96VRRgSis=,tag:JmRjS6pnrzjWKdPAfBeUfQ==,type:str]
+    lastmodified: "2023-07-29T18:54:02Z"
+    mac: ENC[AES256_GCM,data:fJdeN80RbQ3wq9udQt/XA7XlvhT+y9gR8z38t2l5P9vnyfqlxEiyfPIdFO8p01ZW3HZFVMessx2ev469LTMXcvf3Ln+L/dopSzZm7L4IRx2EvLYN2PbrZ86/AhgI/CEWyYX/xEMdwxZFR08KNBIMfu161YeDGDgPeevbRpCWkRA=,iv:kY59Y+wN2ZbGFDFOGplFzWpgW0OG+RBcTfucpZNyjq0=,tag:4vPdTfw0lEr5+fH/ACqSuQ==,type:str]
     pgp:
         - created_at: "2023-04-25T21:47:23Z"
           enc: |
diff --git a/nixos/roles/matrix-homeserver/synapse.nix b/nixos/roles/matrix-homeserver/synapse.nix
index 9583db6d..9eb6dc4a 100644
--- a/nixos/roles/matrix-homeserver/synapse.nix
+++ b/nixos/roles/matrix-homeserver/synapse.nix
@@ -1,6 +1,7 @@
 {
   lib,
   config,
+  pkgs,
   ...
 }: let
   inherit (lib.modules) mkDefault;
@@ -39,4 +40,8 @@ in {
       ];
     };
   };
+
+  environment.systemPackages = with pkgs; [
+    synapse-cleanup
+  ];
 }
diff --git a/nixos/roles/monitoring-server/grafana.nix b/nixos/roles/monitoring-server/grafana.nix
index 6833a8d9..0ce83ff3 100644
--- a/nixos/roles/monitoring-server/grafana.nix
+++ b/nixos/roles/monitoring-server/grafana.nix
@@ -5,8 +5,10 @@
 }: {
   services.grafana = {
     enable = true;
-    domain = "mon.kittywit.ch";
-    port = 2342;
-    addr = "127.0.0.1";
+    settings.server = {
+      domain = "mon.kittywit.ch";
+      http_port = 2342;
+      http_addr = "127.0.0.1";
+    };
   };
 }
diff --git a/nixos/roles/monitoring-server/nginx.nix b/nixos/roles/monitoring-server/nginx.nix
index db27270b..2f5f5e74 100644
--- a/nixos/roles/monitoring-server/nginx.nix
+++ b/nixos/roles/monitoring-server/nginx.nix
@@ -1,7 +1,7 @@
 {config, ...}: {
-  services.nginx.virtualHosts.${config.services.grafana.domain} = {
+  services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
     locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+      proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
       proxyWebsockets = true;
     };
   };
diff --git a/packages/synapse-cleanup/cleanup.sh b/packages/synapse-cleanup/cleanup.sh
new file mode 100644
index 00000000..e61f7ffe
--- /dev/null
+++ b/packages/synapse-cleanup/cleanup.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -eu
+set -o pipefail
+
+read -p "Enter the homeserver name, without https:// prefix: " HOMESERVER
+read -sp "Enter the admin user token required: " API_ID
+
+TEMPDIR=$(mktemp -d)
+
+echo -n "Starting synapse, just to make sure it is online for these requests"
+systemctl start matrix-synaps
+sleep 5
+
+echo -n "Collecting required room data"
+curl --header "Authorization: Bearer ${API_ID}" "https://${HOMESERVER}/_synapse/admin/v1/rooms?limit=500" > "${TEMPDIR}"/roomlist.json
+jq '.rooms[] | select(.joined_local_members == 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/to_purge.txt
+jq '.rooms[] | select(.joined_local_members != 0) | .room_id' < "${TEMPDIR}"/roomlist.json > "${TEMPDIR}"/history_purge.txt
+ts=$(( $(date --date="1 month ago" +%s)*1000 ))
+
+echo -n "Cleaning up media store"
+curl --header "Authorization: Bearer ${API_ID}" -X POST "https://${HOMESERVER}/_synapse/admin/v1/media/delete?before_ts=${ts}"
+
+echo -n "Deleting empty rooms"
+rooms_to_remove=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/to_purge.txt)
+for room_id in $rooms_to_remove; do
+    if [ -n "$room_id" ];then
+        echo -e "\nDeleting ${room_id}!\n"
+        curl --header "Authorization: Bearer ${API_ID}" -X DELETE -H "Content-Type: application/json" -d "{}" "https://${HOMESERVER}/_synapse/admin/v2/rooms/${room_id}"
+    fi
+done  
+
+rooms_to_clean=$(awk -F '"' '{print $2}' < "${TEMPDIR}"/history_purge.txt)
+echo -n "Deleting unnecessary room history"
+for room_id in $rooms_to_clean; do 
+    echo -e "\nRemoving history for $room_id\n"
+    curl --header "Authorization: Bearer ${API_ID}" -X POST -H "Content-Type: application/json" -d "{ \"delete_local_events\": true, \"purge_up_to_ts\": $ts }"  "https://${HOMESERVER}/_synapse/admin/v1/purge_history/\${room_id}"  
+don
+
+sudo -u matrix-synapse synapse_auto_compressor  -p "postgresql://matrix-synapse?user=matrix-synapse&host=/var/run/postgresql/"  -c 500 -n 100
+
+echo -n "Last optimization steps, database optimization, shutting down Synapse"
+systemctl stop matrix-synaps
+
+sudo -u postgres psql matrix-synapse -c "REINDEX (VERBOSE) DATABASE \"matrix-synapse\";"
+sudo -u postgres psql -c "VACUUM FULL VERBOSE;"
+
+rm -rf "${TEMPDIR}"
+echo -n "Synapse cleanup performed, booting up"
+systemctl start matrix-synapse
\ No newline at end of file
diff --git a/packages/synapse-cleanup/default.nix b/packages/synapse-cleanup/default.nix
new file mode 100644
index 00000000..1bbcf7c9
--- /dev/null
+++ b/packages/synapse-cleanup/default.nix
@@ -0,0 +1,11 @@
+{
+  wrapShellScriptBin,
+  pkgs,
+}:
+wrapShellScriptBin "synapse-cleanup" ./cleanup.sh {
+  depsRuntimePath = with pkgs; [
+    matrix-synapse-tools.rust-synapse-compress-state
+    curl
+    jq
+  ];
+}
diff --git a/tree.nix b/tree.nix
index d9a347c7..049cba74 100644
--- a/tree.nix
+++ b/tree.nix
@@ -40,6 +40,7 @@
       ];
     };
     "systems/*".aliasDefault = true;
+    "packages/*".aliasDefault = true;
     "nixos/hardware".evaluateDefault = true;
     "nixos/hardware/*".functor.enable = true;
     "darwin/*".functor.enable = true;