matrix: configure sliding sync proxy

2024-06-17 10:43:55 +02:00 · 2024-06-17 10:43:55 +02:00 · 67cd1b08b5
commit 67cd1b08b5
parent 8dea344121
5 changed files with 55 additions and 27 deletions
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@ -102,7 +102,7 @@
                root = pkgs.runCommand "well-known-matrix" { } ''
                  mkdir -p $out/.well-known/matrix
                  echo '{"m.server":"matrix.vanpetegem.me:443"}' > $out/.well-known/matrix/server
-                  echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"}}' > $out/.well-known/matrix/client
+                  echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"},"org.matrix.msc3575.proxy":{"url":"https://matrix-sync.vanpetegem.me"}}' > $out/.well-known/matrix/client
                '';
                extraConfig = ''
                  default_type application/json;
--- a/modules/base/network/wireguard.nix
+++ b/modules/base/network/wireguard.nix
@ -119,7 +119,8 @@ in
          domains = [ "internal" ];
          dns = [ data.lasting-integrity.ip ];
          linkConfig.MTUBytes = "1342";
-          routes = [(
+          routes = [
            (
              if config.chvp.base.network.wireguard.server then {
                Gateway = "${data.${config.networking.hostName}.ip}";
                Destination = subnet;
@ -128,7 +129,8 @@ in
                Destination = subnet;
                GatewayOnLink = true;
              }
-          )];
+            )
          ];
        };
      };
      services = {
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@ -8,31 +8,37 @@
  config = lib.mkIf config.chvp.services.matrix.enable {
    chvp.base.zfs.systemLinks = [{ path = "/var/lib/matrix-hookshot"; type = "data"; }];
-    chvp.services.nginx.hosts = [{
+    chvp.services.nginx.hosts = [
-      fqdn = "matrix.vanpetegem.me";
+      {
-      options.locations = {
+        fqdn = "matrix.vanpetegem.me";
-        "/" = {
+        options.locations = {
-          proxyPass = "http://127.0.0.1:8448";
+          "/" = {
-          extraConfig = ''
+            proxyPass = "http://127.0.0.1:8448";
-            proxy_set_header X-Forwarded-Ssl on;
+            extraConfig = ''
-            proxy_read_timeout 600;
+              proxy_set_header X-Forwarded-Ssl on;
-            client_max_body_size 10M;
+              proxy_read_timeout 600;
-          '';
+              client_max_body_size 10M;
            '';
          };
          "/_slack" = {
            proxyPass = "http://127.0.0.1:9898";
            extraConfig = ''
              proxy_set_header X-Forwarded-Ssl on;
            '';
          };
          "~ ^/_hookshot/(.*)" = {
            proxyPass = "http://127.0.0.1:9000/$1";
            extraConfig = ''
              proxy_set_header X-Forwarded-Ssl on;
            '';
          };
        };
-        "/_slack" = {
+      }
-          proxyPass = "http://127.0.0.1:9898";
+      {
-          extraConfig = ''
+        fqdn = "matrix-sync.vanpetegem.me";
-            proxy_set_header X-Forwarded-Ssl on;
+        basicProxy = "http://localhost:8009";
-          '';
+      }
-        };
+    ];
        "~ ^/_hookshot/(.*)" = {
          proxyPass = "http://127.0.0.1:9000/$1";
          extraConfig = ''
            proxy_set_header X-Forwarded-Ssl on;
          '';
        };
      };
    }];
    services = {
      matrix-synapse = {
@ -91,6 +97,14 @@
          }
        ];
      };
      matrix-sliding-sync = {
        enable = true;
        settings = {
          SYNCV3_SERVER = "https://matrix.vanpetegem.me";
        };
        environmentFile = config.age.secrets."files/servers/matrix-sliding-sync/env".path;
        createDatabase = true;
      };
    };
    systemd.services = {
@ -210,5 +224,6 @@
      file = ../../../secrets/files/services/matrix-hookshot/registration.yml.age;
      owner = "matrix-synapse";
    };
    age.secrets."files/servers/matrix-sliding-sync/env".file = ../../../secrets/files/services/matrix-sliding-sync/env.age;
  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -92,6 +92,7 @@ in
  "secrets/files/services/matrix-synapse/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/services/mautrix-whatsapp/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/services/mautrix-whatsapp/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/services/matrix-sliding-sync/env.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/wireguard/kharbranth.privkey.age".publicKeys = [ kharbranth ] ++ users;
  "secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users;
--- a/secrets/files/services/matrix-sliding-sync/env.age
+++ b/secrets/files/services/matrix-sliding-sync/env.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 hKAFvQ 01r3r3syfKF1BJAV2vBhEIynbuXc7RSdDZ2ZEnobP0A
 fe/eNoEJLDSQyCJx6l2uApU6Ua1+OHa0fCbuRq+kpgQ
 -> ssh-ed25519 s9rb8g FLndrvrVosBbOA9q3U7gPPC5P/aDk/3gD4QvktMaIgI
 L+fMpcVUQ6t/emGx6hT8L1oJ6XU6fbIiQBTqPPOcZKY
 -> ssh-ed25519 yad4VQ yer5pPN5QiAOZ5Pd0jO/wcSsEn88WzXGB/qVsIwISG4
 O+Faz3AGCnjzBq472e6I1f4fnBCx8s4CNQm/MgcDZiI
 --- PBVH3Z9HbIpqnTV4IxBOvNyr67c2Cdwc2erFPPUjeFQ
 zù¾®âžp@~Åµˆ˜Ôp—‹¢<E280B9>y~ÀZ<>Êñòóg¶¨e;ý{Þ'¤ñêÀ÷Þbõzo²B<þ¬z“¸Û¦,<2C>ÑøFóyoÁT3Ý›|%Nöú0§ýKÉ\™Jâ[N@Ê1!&Hº
 ’³D=ä½îÈ