renge/synapse: Migrate to new settings option

machines/renge/services/matrix/go-neb.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  synapseCfg = config.services.matrix-synapse;
+  synapseCfg = config.services.matrix-synapse.settings;
 in
 {
   sops.secrets = {

machines/renge/services/matrix/mautrix-whatsapp.nix

@@ -1,7 +1,7 @@
 # somewhat adapted from https://github.com/NixOS/nixpkgs/pull/59211
 { config, lib, pkgs, ... }:
 let
-  synapseCfg = config.services.matrix-synapse;
+  synapseCfg = config.services.matrix-synapse.settings;
 in
 let
   config = rec {
@@ -74,5 +74,5 @@ in
     };
   };
 
-  services.matrix-synapse.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";
+  services.matrix-synapse.settings.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";
 }

machines/renge/services/matrix/synapse.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  cfg = config.services.matrix-synapse;
+  cfg = config.services.matrix-synapse.settings;
 
   fqdn = "matrix.sbruder.de";
   domain = "sbruder.de";
@@ -20,64 +20,65 @@ in
 
   services.matrix-synapse = {
     enable = true;
-    server_name = domain;
-    public_baseurl = "https://${fqdn}";
 
-    listeners = lib.singleton {
+    settings = {
-      port = 8008;
+      server_name = domain;
-      bind_address = "127.0.0.1";
+      public_baseurl = "https://${fqdn}";
-      type = "http";
-      tls = false;
-      x_forwarded = true;
-      resources = lib.singleton {
-        names = [ "client" "federation" "metrics" ];
-        compress = false;
-      };
-    };
 
-    turn_uris = [
+      listeners = lib.singleton {
-      "turns:turn.sbruder.de:5349?transport=udp"
+        port = 8008;
-      "turns:turn.sbruder.de:5349?transport=tcp"
+        bind_addresses = [ "127.0.0.1" ];
-      "turn:turn.sbruder.de:3478?transport=udp"
+        type = "http";
-      "turn:turn.sbruder.de:3478?transport=tcp"
+        tls = false;
-    ];
+        x_forwarded = true;
-    turn_user_lifetime = "3600000"; # 1h
+        resources = lib.singleton {
-
+          names = [ "client" "federation" "metrics" ];
-    enable_metrics = true;
+          compress = false;
-
+        };
-    # adapted from https://github.com/NixOS/nixpkgs/blob/7e10bf4327491a6ebccbe1aaa8e6c6c0aca4663a/nixos/modules/services/misc/matrix-synapse-log_config.yaml
-    #  - set root.level to WARNING instead of INFO
-    logConfig = builtins.toJSON {
-      version = 1;
-
-      formatters.journal_fmt.format = "%(name)s: [%(request)s] %(message)s";
-
-      filters.context = {
-        "()" = "synapse.util.logcontext.LoggingContextFilter";
-        request = "";
       };
 
-      handlers.journal = {
+      turn_uris = [
-        class = "systemd.journal.JournalHandler";
+        "turns:turn.sbruder.de:5349?transport=udp"
-        formatter = "journal_fmt";
+        "turns:turn.sbruder.de:5349?transport=tcp"
-        filters = [ "context" ];
+        "turn:turn.sbruder.de:3478?transport=udp"
-        SYSLOG_IDENTIFIER = "synapse";
+        "turn:turn.sbruder.de:3478?transport=tcp"
+      ];
+      turn_user_lifetime = "3600000"; # 1h
+
+      enable_metrics = true;
+
+      # adapted from https://github.com/NixOS/nixpkgs/blob/7e10bf4327491a6ebccbe1aaa8e6c6c0aca4663a/nixos/modules/services/misc/matrix-synapse-log_config.yaml
+      #  - set root.level to WARNING instead of INFO
+      logConfig = builtins.toJSON {
+        version = 1;
+
+        formatters.journal_fmt.format = "%(name)s: [%(request)s] %(message)s";
+
+        filters.context = {
+          "()" = "synapse.util.logcontext.LoggingContextFilter";
+          request = "";
+        };
+
+        handlers.journal = {
+          class = "systemd.journal.JournalHandler";
+          formatter = "journal_fmt";
+          filters = [ "context" ];
+          SYSLOG_IDENTIFIER = "synapse";
+        };
+
+        root = {
+          level = "WARNING";
+          handlers = [ "journal" ];
+        };
+
+        disable_existing_loggers = false;
       };
 
-      root = {
+      max_upload_size = "50M";
-        level = "WARNING";
-        handlers = [ "journal" ];
-      };
 
-      disable_existing_loggers = false;
-    };
-
-    max_upload_size = "50M";
-
-    extraConfig = ''
       # I’m okay with using matrix.org as trusted key server
-      suppress_key_server_warning: true
+      suppress_key_server_warning = true;
-    '';
+    };
 
     extraConfigFiles = with config.sops.secrets; [
       synapse-registration-shared-secret.path
@@ -109,7 +110,7 @@ in
           listenerCfg = (lib.elemAt cfg.listeners 0);
         in
         {
-          proxyPass = "http://${listenerCfg.bind_address}:${toString listenerCfg.port}";
+          proxyPass = "http://${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";
 
           extraConfig = ''
             client_max_body_size ${cfg.max_upload_size};

machines/renge/services/prometheus.nix

@@ -87,11 +87,11 @@ in
       }
       (
         let
-          listenerCfg = (lib.elemAt config.services.matrix-synapse.listeners 0);
+          listenerCfg = (lib.elemAt config.services.matrix-synapse.settings.listeners 0);
         in
         {
           job_name = "synapse";
-          static_configs = mkStaticTarget "${listenerCfg.bind_address}:${toString listenerCfg.port}";
+          static_configs = mkStaticTarget "${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";
           metrics_path = "/_synapse/metrics";
           relabel_configs = lib.singleton {
             target_label = "instance";