matrix: configure sliding sync proxy

2024-06-17 10:43:55 +02:00 · 2024-06-17 10:43:55 +02:00 · 67cd1b08b5
commit 67cd1b08b5
parent 8dea344121
5 changed files with 55 additions and 27 deletions
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@ -102,7 +102,7 @@
                root = pkgs.runCommand "well-known-matrix" { } ''
                  mkdir -p $out/.well-known/matrix
                  echo '{"m.server":"matrix.vanpetegem.me:443"}' > $out/.well-known/matrix/server
-                  echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"}}' > $out/.well-known/matrix/client
+                  echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"},"org.matrix.msc3575.proxy":{"url":"https://matrix-sync.vanpetegem.me"}}' > $out/.well-known/matrix/client
                '';
                extraConfig = ''
                  default_type application/json;
--- a/modules/base/network/wireguard.nix
+++ b/modules/base/network/wireguard.nix
@ -119,7 +119,8 @@ in
          domains = [ "internal" ];
          dns = [ data.lasting-integrity.ip ];
          linkConfig.MTUBytes = "1342";
-          routes = [(
+          routes = [
+            (
              if config.chvp.base.network.wireguard.server then {
                Gateway = "${data.${config.networking.hostName}.ip}";
                Destination = subnet;
@ -128,7 +129,8 @@ in
                Destination = subnet;
                GatewayOnLink = true;
              }
-          )];
+            )
+          ];
        };
      };
      services = {
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@ -8,31 +8,37 @@

  config = lib.mkIf config.chvp.services.matrix.enable {
    chvp.base.zfs.systemLinks = [{ path = "/var/lib/matrix-hookshot"; type = "data"; }];
-    chvp.services.nginx.hosts = [{
-      fqdn = "matrix.vanpetegem.me";
-      options.locations = {
-        "/" = {
-          proxyPass = "http://127.0.0.1:8448";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-Ssl on;
-            proxy_read_timeout 600;
-            client_max_body_size 10M;
-          '';
+    chvp.services.nginx.hosts = [
+      {
+        fqdn = "matrix.vanpetegem.me";
+        options.locations = {
+          "/" = {
+            proxyPass = "http://127.0.0.1:8448";
+            extraConfig = ''
+              proxy_set_header X-Forwarded-Ssl on;
+              proxy_read_timeout 600;
+              client_max_body_size 10M;
+            '';
+          };
+          "/_slack" = {
+            proxyPass = "http://127.0.0.1:9898";
+            extraConfig = ''
+              proxy_set_header X-Forwarded-Ssl on;
+            '';
+          };
+          "~ ^/_hookshot/(.*)" = {
+            proxyPass = "http://127.0.0.1:9000/$1";
+            extraConfig = ''
+              proxy_set_header X-Forwarded-Ssl on;
+            '';
+          };
        };
-        "/_slack" = {
-          proxyPass = "http://127.0.0.1:9898";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-Ssl on;
-          '';
-        };
-        "~ ^/_hookshot/(.*)" = {
-          proxyPass = "http://127.0.0.1:9000/$1";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-Ssl on;
-          '';
-        };
-      };
-    }];
+      }
+      {
+        fqdn = "matrix-sync.vanpetegem.me";
+        basicProxy = "http://localhost:8009";
+      }
+    ];

    services = {
      matrix-synapse = {
@ -91,6 +97,14 @@
          }
        ];
      };
+      matrix-sliding-sync = {
+        enable = true;
+        settings = {
+          SYNCV3_SERVER = "https://matrix.vanpetegem.me";
+        };
+        environmentFile = config.age.secrets."files/servers/matrix-sliding-sync/env".path;
+        createDatabase = true;
+      };
    };

    systemd.services = {
@ -210,5 +224,6 @@
      file = ../../../secrets/files/services/matrix-hookshot/registration.yml.age;
      owner = "matrix-synapse";
    };
+    age.secrets."files/servers/matrix-sliding-sync/env".file = ../../../secrets/files/services/matrix-sliding-sync/env.age;
  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -92,6 +92,7 @@ in
  "secrets/files/services/matrix-synapse/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/services/mautrix-whatsapp/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/services/mautrix-whatsapp/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users;
+  "secrets/files/services/matrix-sliding-sync/env.age".publicKeys = [ lasting-integrity ] ++ users;

  "secrets/files/wireguard/kharbranth.privkey.age".publicKeys = [ kharbranth ] ++ users;
  "secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users;
--- a/secrets/files/services/matrix-sliding-sync/env.age
+++ b/secrets/files/services/matrix-sliding-sync/env.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 hKAFvQ 01r3r3syfKF1BJAV2vBhEIynbuXc7RSdDZ2ZEnobP0A
+fe/eNoEJLDSQyCJx6l2uApU6Ua1+OHa0fCbuRq+kpgQ
+-> ssh-ed25519 s9rb8g FLndrvrVosBbOA9q3U7gPPC5P/aDk/3gD4QvktMaIgI
+L+fMpcVUQ6t/emGx6hT8L1oJ6XU6fbIiQBTqPPOcZKY
+-> ssh-ed25519 yad4VQ yer5pPN5QiAOZ5Pd0jO/wcSsEn88WzXGB/qVsIwISG4
+O+Faz3AGCnjzBq472e6I1f4fnBCx8s4CNQm/MgcDZiI
+--- PBVH3Z9HbIpqnTV4IxBOvNyr67c2Cdwc2erFPPUjeFQ
+zù¾®âžp@~Åµˆ˜Ôp—‹¢<E280B9>y~ÀZ<>Êñòóg¶¨e;ý{Þ'¤ñêÀ÷Þbõzo²B<þ¬z“¸Û¦,<2C>ÑøFóyoÁT3Ý›|%Nöú0§ýKÉ\™Jâ[N@Ê1!&Hº
+’³D=ä½îÈ