diff --git a/hosts/nachtigall/apps/matrix/synapse.nix b/hosts/nachtigall/apps/matrix/synapse.nix index 050cad2..1c76e1d 100644 --- a/hosts/nachtigall/apps/matrix/synapse.nix +++ b/hosts/nachtigall/apps/matrix/synapse.nix @@ -15,6 +15,12 @@ in { owner = "matrix-synapse"; }; + age.secrets."matrix-synapse-sliding-sync-secret" = { + file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + services.matrix-synapse = { enable = true; settings = { @@ -226,6 +232,18 @@ in { plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; + + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://${publicDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:8011"; + # The bind addr for Prometheus metrics, which will be accessible at + # /metrics at this address + SYNCV3_PROM = "127.0.0.1:9100"; + }; + environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path; + }; }; services.restic.backups.matrix-synapse-storagebox = { diff --git a/hosts/nachtigall/apps/nginx-matrix.nix b/hosts/nachtigall/apps/nginx-matrix.nix index ef4ee28..5dd3c48 100644 --- a/hosts/nachtigall/apps/nginx-matrix.nix +++ b/hosts/nachtigall/apps/nginx-matrix.nix @@ -9,7 +9,7 @@ let wellKnownClient = domain: { "m.homeserver".base_url = "https://matrix.${domain}"; "m.identity_server".base_url = "https://matrix.${domain}"; - "org.matrix.msc3575.proxy".url = "https://matrix.${domain}/sliding-sync"; + "org.matrix.msc3575.proxy".url = "https://matrix.${domain}"; "im.vector.riot.e2ee".default = true; "io.element.e2ee" = { default = true; @@ -98,6 +98,12 @@ in extraConfig = commonHeaders; }; + # sliding-sync + "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { + proxyPass = "http://127.0.0.1:8011"; + extraConfig = commonHeaders; + }; + "~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = { proxyPass = "http://127.0.0.1:8008"; diff --git a/secrets/matrix-synapse-sliding-sync-secret.age b/secrets/matrix-synapse-sliding-sync-secret.age new file mode 100644 index 0000000..966eb28 --- /dev/null +++ b/secrets/matrix-synapse-sliding-sync-secret.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg O7ax7BWOp2BEKA9i4WAmI0hsGoRjSzfAbMb4eRLdoRM +LlddBgKAoFe7qKvq7ixIphiWiO1JzKSyLJ6PSmUd2xA +-> ssh-ed25519 uYcDNw 5gN/+TZa94jPsMsrwXlrb1U8alMnCJq5/EIegIus0SI +NUTWQw6WCZTpKK4EFBL1lxSSnI9WEAb1MB7iFiezDFg +-> ssh-rsa kFDS0A +mXTGOqDXWJSVo58aok+GC2v7Xm/lL/QUrA9H4Ywfz1ksK2O1vZFmmrj9YOGMwtz3 +KodmEn8339Oyz0Tw2lSDMJb22OZPxs2q1tYQ33tvj1OXVQygzW1q/RfTPXFtTCVo +alKl2Dbr8esFN+Cfpdh4zHJFab73m6FUDGF2k4O5Gos8eOUiUx1O8WPMDtKgwTqM +Wtbnk0iBiTdgjwdFjkdMnx1bxGxa4pEtqtBdw9UiLwPKoPWJzHg7F9uIWH8L0FkQ +ml7K+pjZMzwWdJwuaLpIB3yCTDiSF4j9Wr74sXjUGQ/atGesIImIGnXEyZ0v6RI2 +uRP4gx4zA9eoYcIWpuitgx9VKDwwJjcAyhffbZvTYF2ogtnWtCBIlY5jAtIV5l9I +x0k/FMfq0hGvXOJb976zsW83ZaXVPFpUEV75mweVAUbsnRmML1kyYKAFWF58hSoa +aEmij9hDvPIoQn2f6OTCtWXSJBtJjhxr4uvbKfrvhQojol91cU0w+fDe5rsZzhMk +CksD3JM+OmCpguvl+4jANxPVY58avIjZArOn/UVyM0LLuKFLfRzqpBup6ifv3Wpk +gplElrdz4iGHoEnceCGVJXcxXVbMfB4cr8I5BMK65TgN0pkl+VG6vY/TvgUl5a1C +VjLQxIVg3hEy8mRvIGjjo0R2E8qTkcMn5Bz5mjFJeXI +-> ssh-ed25519 YFSOsg nvVCR2LV8DHU+hIQa19uX9pEhA+NQxMkmBUMDktKOGU +Q9qhrcOeEA3myMqZbptbsWCS9hbm67pF5qO3jARN/bs +-> ssh-ed25519 iHV63A +Pca506lCnqn/+2e3lKVzlLcsa63EgngYry54yiAxA0 +hyZZUoRuYjJvhznZBAkRRjq2x6jZvJX0sfj+jigX39c +-> ssh-ed25519 BVsyTA hza+5wLH7L3VyXIwBK/sq5UNR6SC3EnKxQ3ucrVPwXc +BAXKAf2gdMT29ZXEAeq0B54ojrGa9LwfhBK91v68yis +-> !By"-grease +7r6wODXXipdv7nXJ+K653PLYdKOLF1pEvCWeKk8/q49s5ScMqZpGVA +--- zNjNg84OVHL/CbJyutcBz6eWD+71peLb7weZ/EjQaic +r!?RUoE~W>_t=*7t=QԹ[`@B۝jedܰ qo^PN{H^jBh:PP&♗mܯt \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 712839d..21e7a52 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,6 +44,7 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;