summaryrefslogtreecommitdiff
path: root/hosts/kay/modules
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/kay/modules')
-rw-r--r--hosts/kay/modules/dendrite.nix4
-rw-r--r--hosts/kay/modules/matrix_sliding_sync.nix14
-rw-r--r--hosts/kay/modules/www.nix21
3 files changed, 34 insertions, 5 deletions
diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix
index ef5d491..8277e21 100644
--- a/hosts/kay/modules/dendrite.nix
+++ b/hosts/kay/modules/dendrite.nix
@@ -10,7 +10,7 @@ let
};
in
{
- sops.secrets."misc/matrix-${domain}" = {};
+ sops.secrets."matrix-${domain}/key" = {};
services = {
postgresql = {
@@ -31,7 +31,7 @@ in
dendrite = {
enable = true;
loadCredential = [
- "private_key:${config.sops.secrets."misc/matrix-${domain}".path}"
+ "private_key:${config.sops.secrets."matrix-${domain}/key".path}"
];
settings = {
diff --git a/hosts/kay/modules/matrix_sliding_sync.nix b/hosts/kay/modules/matrix_sliding_sync.nix
new file mode 100644
index 0000000..f18ef10
--- /dev/null
+++ b/hosts/kay/modules/matrix_sliding_sync.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+let
+ domain = config.userdata.domain;
+in
+{
+ sops.secrets."matrix-${domain}/sliding_sync" = {};
+
+ services.matrix-synapse.sliding-sync = {
+ enable = true;
+ environmentFile = config.sops.secrets."matrix-${domain}/sliding_sync".path;
+ settings.SYNCV3_SERVER = "https://${domain}";
+ };
+}
diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix
index a81adc2..a63f2ba 100644
--- a/hosts/kay/modules/www.nix
+++ b/hosts/kay/modules/www.nix
@@ -9,6 +9,7 @@ in
{
imports = [
./dendrite.nix
+ ./matrix_sliding_sync.nix
./cgit.nix
];
@@ -30,14 +31,28 @@ in
client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
- proxy_read_timeout 600;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ '';
+
+ locations."/.well-known/matrix/server".return = ''
+ 200 '{ "m.server": "${domain}:443" }'
'';
locations."/_matrix" = {
proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
};
- locations."/.well-known/matrix/server".return = ''
- 200 '{ "m.server": "${domain}:443" }'
+
+ locations."/.well-known/matrix/client".return = ''
+ 200 '${builtins.toJSON {
+ "m.homeserver".base_url = "https://${domain}";
+ "org.matrix.msc3575.proxy".url = "https://${domain}";
+ }}'
'';
+ locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = let
+ addr = "${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+ in {
+ proxyPass = "http://${addr}";
+ };
};
"www.${domain}" = {
forceSSL = true;