diff options
Diffstat (limited to 'hosts/kay/modules')
-rw-r--r-- | hosts/kay/modules/dendrite.nix | 4 | ||||
-rw-r--r-- | hosts/kay/modules/matrix_sliding_sync.nix | 14 | ||||
-rw-r--r-- | hosts/kay/modules/www.nix | 21 |
3 files changed, 34 insertions, 5 deletions
diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix index ef5d491..8277e21 100644 --- a/hosts/kay/modules/dendrite.nix +++ b/hosts/kay/modules/dendrite.nix @@ -10,7 +10,7 @@ let }; in { - sops.secrets."misc/matrix-${domain}" = {}; + sops.secrets."matrix-${domain}/key" = {}; services = { postgresql = { @@ -31,7 +31,7 @@ in dendrite = { enable = true; loadCredential = [ - "private_key:${config.sops.secrets."misc/matrix-${domain}".path}" + "private_key:${config.sops.secrets."matrix-${domain}/key".path}" ]; settings = { diff --git a/hosts/kay/modules/matrix_sliding_sync.nix b/hosts/kay/modules/matrix_sliding_sync.nix new file mode 100644 index 0000000..f18ef10 --- /dev/null +++ b/hosts/kay/modules/matrix_sliding_sync.nix @@ -0,0 +1,14 @@ +{ config, ... }: + +let + domain = config.userdata.domain; +in +{ + sops.secrets."matrix-${domain}/sliding_sync" = {}; + + services.matrix-synapse.sliding-sync = { + enable = true; + environmentFile = config.sops.secrets."matrix-${domain}/sliding_sync".path; + settings.SYNCV3_SERVER = "https://${domain}"; + }; +} diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix index a81adc2..a63f2ba 100644 --- a/hosts/kay/modules/www.nix +++ b/hosts/kay/modules/www.nix @@ -9,6 +9,7 @@ in { imports = [ ./dendrite.nix + ./matrix_sliding_sync.nix ./cgit.nix ]; @@ -30,14 +31,28 @@ in client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + + locations."/.well-known/matrix/server".return = '' + 200 '{ "m.server": "${domain}:443" }' ''; locations."/_matrix" = { proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; }; - locations."/.well-known/matrix/server".return = '' - 200 '{ "m.server": "${domain}:443" }' + + locations."/.well-known/matrix/client".return = '' + 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://${domain}"; + "org.matrix.msc3575.proxy".url = "https://${domain}"; + }}' ''; + locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = let + addr = "${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; + in { + proxyPass = "http://${addr}"; + }; }; "www.${domain}" = { forceSSL = true; |