diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/kay/modules/dendrite.nix | 4 | ||||
-rw-r--r-- | hosts/kay/modules/matrix_sliding_sync.nix | 14 | ||||
-rw-r--r-- | hosts/kay/modules/www.nix | 21 | ||||
-rw-r--r-- | hosts/kay/secrets.yaml | 8 |
4 files changed, 39 insertions, 8 deletions
diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix index ef5d491..8277e21 100644 --- a/hosts/kay/modules/dendrite.nix +++ b/hosts/kay/modules/dendrite.nix @@ -10,7 +10,7 @@ let }; in { - sops.secrets."misc/matrix-${domain}" = {}; + sops.secrets."matrix-${domain}/key" = {}; services = { postgresql = { @@ -31,7 +31,7 @@ in dendrite = { enable = true; loadCredential = [ - "private_key:${config.sops.secrets."misc/matrix-${domain}".path}" + "private_key:${config.sops.secrets."matrix-${domain}/key".path}" ]; settings = { diff --git a/hosts/kay/modules/matrix_sliding_sync.nix b/hosts/kay/modules/matrix_sliding_sync.nix new file mode 100644 index 0000000..f18ef10 --- /dev/null +++ b/hosts/kay/modules/matrix_sliding_sync.nix @@ -0,0 +1,14 @@ +{ config, ... }: + +let + domain = config.userdata.domain; +in +{ + sops.secrets."matrix-${domain}/sliding_sync" = {}; + + services.matrix-synapse.sliding-sync = { + enable = true; + environmentFile = config.sops.secrets."matrix-${domain}/sliding_sync".path; + settings.SYNCV3_SERVER = "https://${domain}"; + }; +} diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix index a81adc2..a63f2ba 100644 --- a/hosts/kay/modules/www.nix +++ b/hosts/kay/modules/www.nix @@ -9,6 +9,7 @@ in { imports = [ ./dendrite.nix + ./matrix_sliding_sync.nix ./cgit.nix ]; @@ -30,14 +31,28 @@ in client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + + locations."/.well-known/matrix/server".return = '' + 200 '{ "m.server": "${domain}:443" }' ''; locations."/_matrix" = { proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; }; - locations."/.well-known/matrix/server".return = '' - 200 '{ "m.server": "${domain}:443" }' + + locations."/.well-known/matrix/client".return = '' + 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://${domain}"; + "org.matrix.msc3575.proxy".url = "https://${domain}"; + }}' ''; + locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = let + addr = "${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; + in { + proxyPass = "http://${addr}"; + }; }; "www.${domain}" = { forceSSL = true; diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml index d23526d..d9c40e0 100644 --- a/hosts/kay/secrets.yaml +++ b/hosts/kay/secrets.yaml @@ -6,10 +6,12 @@ hurricane: username: ENC[AES256_GCM,data:NXfBArIE7B40,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:UeSZc20JghP8oT+R8RubXw==,type:str] update_key: ENC[AES256_GCM,data:5qYBHLJngitUoy1vzEho/MJtXUxKY8imsjW0trvyl37LdnVZs3ZKPQ==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:6ZlWGmgaMuxHsR3rSpV0fw==,type:str] tunnel_id: ENC[AES256_GCM,data:Fb8qazGD,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:DpmLdvR1oOC4TKmQv/VqIw==,type:str] +matrix-sinanmohd.com: + key: ENC[AES256_GCM,data:+DAQ84NBNo0lsvrk9npFfbLqJCv9UKxhUShjkDDDu4ZZcmFxW4GBYB/f8W/vyxeOlKcRq1dKk1Vp2qO6YGxM/jTsj5o74ndbHU1jxUxEoRzljYaEb1q4rbVBUflKXYPAQKE3AIMSAZa7pcVPHkDcCs3XCClwqt1nrZEo9ncsbBtwV6X4z7V5xg==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:unlv3OLWZ+vrOs89GxshUA==,type:str] + sliding_sync: ENC[AES256_GCM,data:WxjlO9qjtYGA9Tr8feRKKkQcImDkpf3m7VfCNf6bpxdzsUtitcuC2mMUruhyib193x3vehNK0Ksx/LT457ZThY3g4/qz98EBQsauJUOM,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:E7LZM9mhisTzwkucgBaXYA==,type:str] misc: namecheap.com: ENC[AES256_GCM,data:8sN1/APumZDclTAeYEy4nidGbvooDK6Us0yOZBbG4oU=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:ky/ucGEHWBtWwGcwK+1nhw==,type:str] wireguard: ENC[AES256_GCM,data:4GIb92p8VE/TUqLc7AztSKRc6soS7n+O/i4v1ltSqZkU8cEPyZMNRpIvXRQ=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:wr1YJbcG1L5wI01rCwv1zQ==,type:str] - matrix-sinanmohd.com: ENC[AES256_GCM,data:iU1RGvv275iZpP5L8T2BPCqDIPlGUXdx7Hcct8T7kK2eYH5mGHN1o16azEJKuVKJfrZ86Lt5bDCBu9i7IcF0yXqlf6tqdjeoQdhhZXvC7f7zXNiypiRc5LFh0Ks7mXQxNhxPUQ6HRxKmLC+15H9FAn69fK7NOIh9ZG8QBKAXRrtosyTYnSPdPQ==,iv:0vPDl1YvSseIj2VVlX5jrvd1BwGuBXP3pgaHponE5ZU=,tag:eon485eelXfCKjhKat5fzw==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +27,8 @@ sops: bUY4eisvWDIxdWplQjlod0hIcjVGNlUKYkA9hUTHuWgST3UUr7ACtmgC9s5SGEAp ker5KUGGi1fHgGlsPKHmnJSvikkVFlOVAhVa8R6X02l8FJf0lcjOYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-01T04:04:29Z" - mac: ENC[AES256_GCM,data:H/UBa9IBJGjnUhfdOfaUsVpUN/P1bF+RgXXsV+TMvhDo9qX0VsjGV3F+dmzMdEeleTYUGSBL8vxudKaE2aZwXgAmz3ViuRqwAGCQa76twv4CwFBNIBMiZe9ljJe4GoHT2GGzeVhDnkuQuhkjrNKOqfX5jz4BUYby3Ku5UuBakxA=,iv:sjfMuqYgnfekK3SqYH6zKsAkmgj9nB7DFC1OnobdbCs=,tag:l0ndfqus1l12KSzCi+77Ig==,type:str] + lastmodified: "2023-12-23T10:23:55Z" + mac: ENC[AES256_GCM,data:feUTBRfI9IMpqd6RsA/zF9FjXK5ckhJw9JEUGByw4XiEZ0ccnpaQGhj/nUh53VrU/o0eo+IW4nutBHXMaqqJNVymtOOSnzkfH8SiEc7+N4i4FAcvwwXKN05oeArVbeHqEvtjMSRYQbS/TlOjK8YNkKdc61/7RjOQhdpiJIHkMko=,iv:1STxqdkSKWWgKa9MOdhzdIDjR0g0pJHAHIMyy0DbtRM=,tag:i71mRqXea/1hC8PwtJJw7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 |