From 7775ad332eb40cf34718c3d3e1adfe60cd8c45bf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Oct 2024 17:27:17 +0100 Subject: [PATCH] matrix: do not change paths for nachtigall secrets --- hosts/nachtigall/configuration.nix | 4 ++++ modules/coturn/default.nix | 3 ++- modules/matrix/default.nix | 26 +++++++++++++++----------- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index eb7e657f..f49be986 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -63,18 +63,21 @@ # matrix-synapse age.secrets."nachtigall-matrix-synapse-signing-key" = { file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age"; + path = "/run/agenix/matrix-synapse-signing-key"; mode = "400"; owner = "matrix-synapse"; }; age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = { file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age"; + path = "/run/agenix/matrix-synapse-secret-config.yaml"; mode = "400"; owner = "matrix-synapse"; }; age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = { file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age"; + path = "/run/agenix/matrix-synapse-sliding-sync-secret"; mode = "400"; owner = "matrix-synapse"; }; @@ -82,6 +85,7 @@ pub-solar-os.matrix-synapse = { enable = true; + sliding-sync.enable = true; signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path; extra-config-files = [ config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path diff --git a/modules/coturn/default.nix b/modules/coturn/default.nix index a7d3e867..bf364487 100644 --- a/modules/coturn/default.nix +++ b/modules/coturn/default.nix @@ -7,6 +7,7 @@ { age.secrets."nachtigall-coturn-static-auth-secret" = { file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age"; + path = "/run/agenix/coturn-static-auth-secret"; mode = "400"; owner = "turnserver"; }; @@ -18,7 +19,7 @@ min-port = 49000; max-port = 50000; use-auth-secret = true; - static-auth-secret-file = "/run/agenix/nachtigall-coturn-static-auth-secret"; + static-auth-secret-file = config.age.secrets."nachtigall-coturn-static-auth-secret".path; realm = "turn.${config.pub-solar-os.networking.domain}"; cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index d8518d3f..c0bee63c 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -30,6 +30,10 @@ in type = lib.types.str; default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key"; }; + sliding-sync.enable = lib.mkEnableOption { + description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+"; + default = false; + }; }; config = lib.mkIf config.pub-solar-os.matrix-synapse.enable { @@ -261,17 +265,17 @@ in plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; }; - #services.matrix-sliding-sync = { - # enable = true; - # settings = { - # SYNCV3_SERVER = "https://${publicDomain}"; - # SYNCV3_BINDADDR = "127.0.0.1:8011"; - # # The bind addr for Prometheus metrics, which will be accessible at - # # /metrics at this address - # SYNCV3_PROM = "127.0.0.1:9100"; - # }; - # environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path; - #}; + services.matrix-sliding-sync = { + enable = config.pub-solar-os.matrix-synapse.sliding-sync.enable; + settings = { + SYNCV3_SERVER = "https://${publicDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:8011"; + # The bind addr for Prometheus metrics, which will be accessible at + # /metrics at this address + SYNCV3_PROM = "127.0.0.1:9100"; + }; + environmentFile = config.age.secrets."nachtigall-matrix-synapse-sliding-sync-secret".path; + }; pub-solar-os.backups.restic.matrix-synapse = { paths = [