matrix: do not change paths for nachtigall secrets

hosts/nachtigall/configuration.nix

@@ -63,18 +63,21 @@
   # matrix-synapse
   age.secrets."nachtigall-matrix-synapse-signing-key" = {
     file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
+    path = "/run/agenix/matrix-synapse-signing-key";
     mode = "400";
     owner = "matrix-synapse";
   };
 
   age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
     file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
+    path = "/run/agenix/matrix-synapse-secret-config.yaml";
     mode = "400";
     owner = "matrix-synapse";
   };
 
   age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
     file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
+    path = "/run/agenix/matrix-synapse-sliding-sync-secret";
     mode = "400";
     owner = "matrix-synapse";
   };
@@ -82,6 +85,7 @@
 
   pub-solar-os.matrix-synapse = {
     enable = true;
+    sliding-sync.enable = true;
     signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
     extra-config-files = [
       config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path

modules/coturn/default.nix

@@ -7,6 +7,7 @@
 {
   age.secrets."nachtigall-coturn-static-auth-secret" = {
     file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age";
+    path = "/run/agenix/coturn-static-auth-secret";
     mode = "400";
     owner = "turnserver";
   };
@@ -18,7 +19,7 @@
     min-port = 49000;
     max-port = 50000;
     use-auth-secret = true;
-    static-auth-secret-file = "/run/agenix/nachtigall-coturn-static-auth-secret";
+    static-auth-secret-file = config.age.secrets."nachtigall-coturn-static-auth-secret".path;
     realm = "turn.${config.pub-solar-os.networking.domain}";
     cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
     pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";

modules/matrix/default.nix

@@ -30,6 +30,10 @@ in
       type = lib.types.str;
       default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
     };
+    sliding-sync.enable = lib.mkEnableOption {
+      description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+";
+      default = false;
+    };
   };
 
   config = lib.mkIf config.pub-solar-os.matrix-synapse.enable {
@@ -261,17 +265,17 @@ in
       plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ];
     };
 
-    #services.matrix-sliding-sync = {
+    services.matrix-sliding-sync = {
-    #  enable = true;
+      enable = config.pub-solar-os.matrix-synapse.sliding-sync.enable;
-    #  settings = {
+      settings = {
-    #    SYNCV3_SERVER = "https://${publicDomain}";
+        SYNCV3_SERVER = "https://${publicDomain}";
-    #    SYNCV3_BINDADDR = "127.0.0.1:8011";
+        SYNCV3_BINDADDR = "127.0.0.1:8011";
-    #    # The bind addr for Prometheus metrics, which will be accessible at
+        # The bind addr for Prometheus metrics, which will be accessible at
-    #    # /metrics at this address
+        # /metrics at this address
-    #    SYNCV3_PROM = "127.0.0.1:9100";
+        SYNCV3_PROM = "127.0.0.1:9100";
-    #  };
+      };
-    #  environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path;
+      environmentFile = config.age.secrets."nachtigall-matrix-synapse-sliding-sync-secret".path;
-    #};
+    };
 
     pub-solar-os.backups.restic.matrix-synapse = {
       paths = [