diff --git a/hosts/nachtigall/apps/matrix/synapse.nix b/hosts/nachtigall/apps/matrix/synapse.nix index 050cad2..1c76e1d 100644 --- a/hosts/nachtigall/apps/matrix/synapse.nix +++ b/hosts/nachtigall/apps/matrix/synapse.nix @@ -15,6 +15,12 @@ in { owner = "matrix-synapse"; }; + age.secrets."matrix-synapse-sliding-sync-secret" = { + file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + services.matrix-synapse = { enable = true; settings = { @@ -226,6 +232,18 @@ in { plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; + + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://${publicDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:8011"; + # The bind addr for Prometheus metrics, which will be accessible at + # /metrics at this address + SYNCV3_PROM = "127.0.0.1:9100"; + }; + environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path; + }; }; services.restic.backups.matrix-synapse-storagebox = { diff --git a/hosts/nachtigall/apps/nginx-matrix.nix b/hosts/nachtigall/apps/nginx-matrix.nix index ef4ee28..afeb9c4 100644 --- a/hosts/nachtigall/apps/nginx-matrix.nix +++ b/hosts/nachtigall/apps/nginx-matrix.nix @@ -98,6 +98,12 @@ in extraConfig = commonHeaders; }; + # sliding-sync + "/sliding-sync" = { + proxyPass = "http://127.0.0.1:8011"; + extraConfig = commonHeaders; + }; + "~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = { proxyPass = "http://127.0.0.1:8008"; diff --git a/secrets/matrix-synapse-sliding-sync-secret.age b/secrets/matrix-synapse-sliding-sync-secret.age new file mode 100644 index 0000000..87c6fb1 --- /dev/null +++ b/secrets/matrix-synapse-sliding-sync-secret.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg ZAytAxSCDBwBmR7gjWbITQsp3XDf2DRR3pj5yncgcDw +taDoCdUqg9yy0bObDyUSZHE8pUxNqHQMv1nWfDCmAjQ +-> ssh-ed25519 uYcDNw eGOdA1rVklmAfeZ1KkOIPzpHzesMZNpfLsEw7V0J8AE +9jdpr/XURp5XK5yRq/EB9tUGMx+4i+tTi7eqhexEo0A +-> ssh-rsa kFDS0A +U+m/e7AsVAFvSUHEZn6E/ZQW4h0A/b5Guh1demD5N40P1k3TdOq2L/UbKF3Xu85p +R48Fg6EB8VnXXaERx1Oifld+hLkClM5vS1xTgRT7x7ghXc+wnirOxRhWq7R1mUD3 +KTWEZ+RYiqz4GXV1PjzVDI2j0rd4a5sCFk238DZyYeJ/sSrrDcUEf15XCb9iPQQQ +XgV2VqMnkNxswqg2JO5oTno6VWJD+Xj5agOnPnHSIJs4LD60AyepQFQRDTmjgk9l +e3+Kp2S+nlXE+qGjCPtKhu4CUDDxiN0Ken5SgaOe2UJUnBmZdrk4dfnxaHTpD1Qv +knDpzklAnGkofqFKxaBpACGNDayqJndoHOIpAhH1xxMpgKp2whHOI+nZox6wNhtZ +LNdk7/Pm1l9yFYKtNTo/7UKQuJIRQ7BXqM8XXZu+nyDHoSZSOolF3ZQ7PJC+bGpN +id0uV2JWts6dRAiP0JVot3JND+bbcgBn98kP7rCw3hv9/dAwy4jueUfDOaJS6Xpb +zvYpurUZxCiVXJ42A4Lt0oVK1W0IxOw/R6goP3xNCRU/UarpPN7CW7+kswL4Doaq +wdScue8HkHMIjwt1KVBoSFKWQKiPTCZ8PL4ySxaa/Kf1OsZ/x7t5TNKtQsDQ45GK +3piOdjYvL6noaPjLk0ev23bs4bQyITQXThFMgIij7WA +-> ssh-ed25519 YFSOsg lZOhoVyzA9a39Ogslpma4Wu9vzx9d05DDB+FTqZzsj8 +XdXtBlFMRUJnB2tFhOpT/TgwVt06ba9v5F9hWho1a3A +-> ssh-ed25519 iHV63A /LYzVHc7Fh0ZmVzJKbkBF7F6CdZOJ6QLT6vOLeS9tXc +2M8BXLo+oBG0sdkuIr4jdPOguqH9yPR4riGdGuuyiwA +-> ssh-ed25519 BVsyTA eV6iYMJAz2AFzjJK9eB4xImnKXsvWawFfvqm59nx2m0 +9uxzMlyGDO38vLFdbMng0pqpQ2AdkYEq/FaajZaVDEU +-> a-grease \-@wjs :O +2MFVQpzuIz5l71cLzswjoczEiVEAUnM+Mge943oyo/xl/027wsev15JetLLiUa93 +OzwLMmg5cAhjuKOfaDxZ8AOa +--- bBFGpIH3XBmtk3VzEkQz0g069LNXWnaWyIZfZ61P+aw +kZIQ䈷/ \cl|\>N1,?[t~Fy.cAT0H'vAh4Sg0 /*8M \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 712839d..21e7a52 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,6 +44,7 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;