From 6cb5887bba97897f95094ca07a72ff5a70cb44dc Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Mon, 17 Jun 2024 11:10:26 +0200 Subject: [PATCH] Reapply "matrix: configure sliding sync proxy" This reverts commit 0f844c8bb27adbbdef18c839675ce704b55f55f1. --- machines/lasting-integrity/default.nix | 2 +- modules/base/network/wireguard.nix | 6 +- modules/services/matrix/default.nix | 63 ++++++++++++------- secrets.nix | 1 + .../services/matrix-sliding-sync/env.age | 10 +++ 5 files changed, 55 insertions(+), 27 deletions(-) create mode 100644 secrets/files/services/matrix-sliding-sync/env.age diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix index d70bb8db..3937133f 100644 --- a/machines/lasting-integrity/default.nix +++ b/machines/lasting-integrity/default.nix @@ -102,7 +102,7 @@ root = pkgs.runCommand "well-known-matrix" { } '' mkdir -p $out/.well-known/matrix echo '{"m.server":"matrix.vanpetegem.me:443"}' > $out/.well-known/matrix/server - echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"}}' > $out/.well-known/matrix/client + echo '{"m.homeserver":{"base_url":"https://matrix.vanpetegem.me"},"org.matrix.msc3575.proxy":{"url":"https://matrix-sync.vanpetegem.me"}}' > $out/.well-known/matrix/client ''; extraConfig = '' default_type application/json; diff --git a/modules/base/network/wireguard.nix b/modules/base/network/wireguard.nix index ad950b92..7220783a 100644 --- a/modules/base/network/wireguard.nix +++ b/modules/base/network/wireguard.nix @@ -119,7 +119,8 @@ in domains = [ "internal" ]; dns = [ data.lasting-integrity.ip ]; linkConfig.MTUBytes = "1342"; - routes = [( + routes = [ + ( if config.chvp.base.network.wireguard.server then { Gateway = "${data.${config.networking.hostName}.ip}"; Destination = subnet; @@ -128,7 +129,8 @@ in Destination = subnet; GatewayOnLink = true; } - )]; + ) + ]; }; }; services = { diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index a7e0981f..82bd22be 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -8,31 +8,37 @@ config = lib.mkIf config.chvp.services.matrix.enable { chvp.base.zfs.systemLinks = [{ path = "/var/lib/matrix-hookshot"; type = "data"; }]; - chvp.services.nginx.hosts = [{ - fqdn = "matrix.vanpetegem.me"; - options.locations = { - "/" = { - proxyPass = "http://127.0.0.1:8448"; - extraConfig = '' - proxy_set_header X-Forwarded-Ssl on; - proxy_read_timeout 600; - client_max_body_size 10M; - ''; + chvp.services.nginx.hosts = [ + { + fqdn = "matrix.vanpetegem.me"; + options.locations = { + "/" = { + proxyPass = "http://127.0.0.1:8448"; + extraConfig = '' + proxy_set_header X-Forwarded-Ssl on; + proxy_read_timeout 600; + client_max_body_size 10M; + ''; + }; + "/_slack" = { + proxyPass = "http://127.0.0.1:9898"; + extraConfig = '' + proxy_set_header X-Forwarded-Ssl on; + ''; + }; + "~ ^/_hookshot/(.*)" = { + proxyPass = "http://127.0.0.1:9000/$1"; + extraConfig = '' + proxy_set_header X-Forwarded-Ssl on; + ''; + }; }; - "/_slack" = { - proxyPass = "http://127.0.0.1:9898"; - extraConfig = '' - proxy_set_header X-Forwarded-Ssl on; - ''; - }; - "~ ^/_hookshot/(.*)" = { - proxyPass = "http://127.0.0.1:9000/$1"; - extraConfig = '' - proxy_set_header X-Forwarded-Ssl on; - ''; - }; - }; - }]; + } + { + fqdn = "matrix-sync.vanpetegem.me"; + basicProxy = "http://localhost:8009"; + } + ]; services = { matrix-synapse = { @@ -91,6 +97,14 @@ } ]; }; + matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://matrix.vanpetegem.me"; + }; + environmentFile = config.age.secrets."files/servers/matrix-sliding-sync/env".path; + createDatabase = true; + }; }; systemd.services = { @@ -210,5 +224,6 @@ file = ../../../secrets/files/services/matrix-hookshot/registration.yml.age; owner = "matrix-synapse"; }; + age.secrets."files/servers/matrix-sliding-sync/env".file = ../../../secrets/files/services/matrix-sliding-sync/env.age; }; } diff --git a/secrets.nix b/secrets.nix index b63045fc..e2a114cf 100644 --- a/secrets.nix +++ b/secrets.nix @@ -92,6 +92,7 @@ in "secrets/files/services/matrix-synapse/config.yml.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/services/mautrix-whatsapp/config.yml.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/services/mautrix-whatsapp/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users; + "secrets/files/services/matrix-sliding-sync/env.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/wireguard/kharbranth.privkey.age".publicKeys = [ kharbranth ] ++ users; "secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users; diff --git a/secrets/files/services/matrix-sliding-sync/env.age b/secrets/files/services/matrix-sliding-sync/env.age new file mode 100644 index 00000000..eaaee275 --- /dev/null +++ b/secrets/files/services/matrix-sliding-sync/env.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 hKAFvQ 01r3r3syfKF1BJAV2vBhEIynbuXc7RSdDZ2ZEnobP0A +fe/eNoEJLDSQyCJx6l2uApU6Ua1+OHa0fCbuRq+kpgQ +-> ssh-ed25519 s9rb8g FLndrvrVosBbOA9q3U7gPPC5P/aDk/3gD4QvktMaIgI +L+fMpcVUQ6t/emGx6hT8L1oJ6XU6fbIiQBTqPPOcZKY +-> ssh-ed25519 yad4VQ yer5pPN5QiAOZ5Pd0jO/wcSsEn88WzXGB/qVsIwISG4 +O+Faz3AGCnjzBq472e6I1f4fnBCx8s4CNQm/MgcDZiI +--- PBVH3Z9HbIpqnTV4IxBOvNyr67c2Cdwc2erFPPUjeFQ +zp@~ŵpy~Zge;{' bzoB