forked from pub-solar/infra
Merge pull request 'feat(matrix): enable sliding-sync' (#83) from feat/matrix-synapse-sliding-sync into main
Reviewed-on: pub-solar/infra#83 Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
This commit is contained in:
commit
2e2ca2fc82
|
@ -15,6 +15,12 @@ in {
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
age.secrets."matrix-synapse-sliding-sync-secret" = {
|
||||||
|
file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -226,6 +232,18 @@ in {
|
||||||
plugins = [
|
plugins = [
|
||||||
config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth
|
config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sliding-sync = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
SYNCV3_SERVER = "https://${publicDomain}";
|
||||||
|
SYNCV3_BINDADDR = "127.0.0.1:8011";
|
||||||
|
# The bind addr for Prometheus metrics, which will be accessible at
|
||||||
|
# /metrics at this address
|
||||||
|
SYNCV3_PROM = "127.0.0.1:9100";
|
||||||
|
};
|
||||||
|
environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.restic.backups.matrix-synapse-storagebox = {
|
services.restic.backups.matrix-synapse-storagebox = {
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
wellKnownClient = domain: {
|
wellKnownClient = domain: {
|
||||||
"m.homeserver".base_url = "https://matrix.${domain}";
|
"m.homeserver".base_url = "https://matrix.${domain}";
|
||||||
"m.identity_server".base_url = "https://matrix.${domain}";
|
"m.identity_server".base_url = "https://matrix.${domain}";
|
||||||
"org.matrix.msc3575.proxy".url = "https://matrix.${domain}/sliding-sync";
|
"org.matrix.msc3575.proxy".url = "https://matrix.${domain}";
|
||||||
"im.vector.riot.e2ee".default = true;
|
"im.vector.riot.e2ee".default = true;
|
||||||
"io.element.e2ee" = {
|
"io.element.e2ee" = {
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -98,6 +98,12 @@ in
|
||||||
extraConfig = commonHeaders;
|
extraConfig = commonHeaders;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# sliding-sync
|
||||||
|
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8011";
|
||||||
|
extraConfig = commonHeaders;
|
||||||
|
};
|
||||||
|
|
||||||
"~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = {
|
"~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = {
|
||||||
proxyPass = "http://127.0.0.1:8008";
|
proxyPass = "http://127.0.0.1:8008";
|
||||||
|
|
||||||
|
|
27
secrets/matrix-synapse-sliding-sync-secret.age
Normal file
27
secrets/matrix-synapse-sliding-sync-secret.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg O7ax7BWOp2BEKA9i4WAmI0hsGoRjSzfAbMb4eRLdoRM
|
||||||
|
LlddBgKAoFe7qKvq7ixIphiWiO1JzKSyLJ6PSmUd2xA
|
||||||
|
-> ssh-ed25519 uYcDNw 5gN/+TZa94jPsMsrwXlrb1U8alMnCJq5/EIegIus0SI
|
||||||
|
NUTWQw6WCZTpKK4EFBL1lxSSnI9WEAb1MB7iFiezDFg
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
mXTGOqDXWJSVo58aok+GC2v7Xm/lL/QUrA9H4Ywfz1ksK2O1vZFmmrj9YOGMwtz3
|
||||||
|
KodmEn8339Oyz0Tw2lSDMJb22OZPxs2q1tYQ33tvj1OXVQygzW1q/RfTPXFtTCVo
|
||||||
|
alKl2Dbr8esFN+Cfpdh4zHJFab73m6FUDGF2k4O5Gos8eOUiUx1O8WPMDtKgwTqM
|
||||||
|
Wtbnk0iBiTdgjwdFjkdMnx1bxGxa4pEtqtBdw9UiLwPKoPWJzHg7F9uIWH8L0FkQ
|
||||||
|
ml7K+pjZMzwWdJwuaLpIB3yCTDiSF4j9Wr74sXjUGQ/atGesIImIGnXEyZ0v6RI2
|
||||||
|
uRP4gx4zA9eoYcIWpuitgx9VKDwwJjcAyhffbZvTYF2ogtnWtCBIlY5jAtIV5l9I
|
||||||
|
x0k/FMfq0hGvXOJb976zsW83ZaXVPFpUEV75mweVAUbsnRmML1kyYKAFWF58hSoa
|
||||||
|
aEmij9hDvPIoQn2f6OTCtWXSJBtJjhxr4uvbKfrvhQojol91cU0w+fDe5rsZzhMk
|
||||||
|
CksD3JM+OmCpguvl+4jANxPVY58avIjZArOn/UVyM0LLuKFLfRzqpBup6ifv3Wpk
|
||||||
|
gplElrdz4iGHoEnceCGVJXcxXVbMfB4cr8I5BMK65TgN0pkl+VG6vY/TvgUl5a1C
|
||||||
|
VjLQxIVg3hEy8mRvIGjjo0R2E8qTkcMn5Bz5mjFJeXI
|
||||||
|
-> ssh-ed25519 YFSOsg nvVCR2LV8DHU+hIQa19uX9pEhA+NQxMkmBUMDktKOGU
|
||||||
|
Q9qhrcOeEA3myMqZbptbsWCS9hbm67pF5qO3jARN/bs
|
||||||
|
-> ssh-ed25519 iHV63A +Pca506lCnqn/+2e3lKVzlLcsa63EgngYry54yiAxA0
|
||||||
|
hyZZUoRuYjJvhznZBAkRRjq2x6jZvJX0sfj+jigX39c
|
||||||
|
-> ssh-ed25519 BVsyTA hza+5wLH7L3VyXIwBK/sq5UNR6SC3EnKxQ3ucrVPwXc
|
||||||
|
BAXKAf2gdMT29ZXEAeq0B54ojrGa9LwfhBK91v68yis
|
||||||
|
-> !By"-grease
|
||||||
|
7r6wODXXipdv7nXJ+K653PLYdKOLF1pEvCWeKk8/q49s5ScMqZpGVA
|
||||||
|
--- zNjNg84OVHL/CbJyutcBz6eWD+71peLb7weZ/EjQaic
|
||||||
|
r!ï?RUàÕoäE‹¤~Wü>_íðtÜî=‰*7ëÎt<C38E>=QÔ¹ü[`@ï‹“£BÛ<42>§jedÜ°Í¢q¤Ño^Ÿ³™P÷±áNÜÏ{H…^€ª¾j¬°ÚBûh¼:PPµÞ&â™—mܯt
|
|
@ -44,6 +44,7 @@ in {
|
||||||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
Loading…
Reference in a new issue