{ lib, flake, ... }: { age.secrets."matrix-mjolnir-password" = { file = "${flake.self}/secrets/matrix-mjolnir-password.age"; mode = "640"; owner = "root"; group = "mjolnir"; }; # Adopted from: # https://github.com/NixOS/nixos-org-configurations/blob/42ab3d94c0b5995f2ea05eb0b20b4759192c01ff/non-critical-infra/modules/mjolnir.nix # # pantalaimon takes ages to start up, so mjolnir could hit the systemd burst # limit and then just be down forever. We don't want mjolnir to ever go down, # so disable rate-limiting and allow it to flap until pantalaimon is alive. systemd.services.mjolnir.serviceConfig.Restart = lib.mkForce "always"; systemd.services.mjolnir.serviceConfig.RestartSec = 3; systemd.services.mjolnir.unitConfig.StartLimitIntervalSec = 0; services.pantalaimon-headless.instances.mjolnir.listenAddress = "127.0.0.1"; services.mjolnir = { enable = true; homeserverUrl = "https://matrix.pub.solar:443"; pantalaimon = { enable = true; username = "mjolnir"; passwordFile = "/run/agenix/matrix-mjolnir-password"; options = { listenAddress = "127.0.0.1"; }; }; managementRoom = "#moderators:pub.solar"; # https://github.com/matrix-org/mjolnir/blob/master/config/default.yaml settings = { noop = false; protectAllJoinedRooms = true; fasterMembershipChecks = true; # too noisy verboseLogging = false; }; }; }