From 4d1a6b9e5edd81e89e71fa98a1ab618bcd6ada31 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sat, 23 Dec 2023 16:11:03 +0530
Subject: kay/matrix_sliding_sync: init
---
hosts/kay/modules/dendrite.nix | 4 ++--
hosts/kay/modules/matrix_sliding_sync.nix | 14 ++++++++++++++
hosts/kay/modules/www.nix | 21 ++++++++++++++++++---
hosts/kay/secrets.yaml | 8 +++++---
4 files changed, 39 insertions(+), 8 deletions(-)
create mode 100644 hosts/kay/modules/matrix_sliding_sync.nix
(limited to 'hosts/kay')
diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix
index ef5d491..8277e21 100644
--- a/hosts/kay/modules/dendrite.nix
+++ b/hosts/kay/modules/dendrite.nix
@@ -10,7 +10,7 @@ let
};
in
{
- sops.secrets."misc/matrix-${domain}" = {};
+ sops.secrets."matrix-${domain}/key" = {};
services = {
postgresql = {
@@ -31,7 +31,7 @@ in
dendrite = {
enable = true;
loadCredential = [
- "private_key:${config.sops.secrets."misc/matrix-${domain}".path}"
+ "private_key:${config.sops.secrets."matrix-${domain}/key".path}"
];
settings = {
diff --git a/hosts/kay/modules/matrix_sliding_sync.nix b/hosts/kay/modules/matrix_sliding_sync.nix
new file mode 100644
index 0000000..f18ef10
--- /dev/null
+++ b/hosts/kay/modules/matrix_sliding_sync.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+let
+ domain = config.userdata.domain;
+in
+{
+ sops.secrets."matrix-${domain}/sliding_sync" = {};
+
+ services.matrix-synapse.sliding-sync = {
+ enable = true;
+ environmentFile = config.sops.secrets."matrix-${domain}/sliding_sync".path;
+ settings.SYNCV3_SERVER = "https://${domain}";
+ };
+}
diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix
index a81adc2..a63f2ba 100644
--- a/hosts/kay/modules/www.nix
+++ b/hosts/kay/modules/www.nix
@@ -9,6 +9,7 @@ in
{
imports = [
./dendrite.nix
+ ./matrix_sliding_sync.nix
./cgit.nix
];
@@ -30,14 +31,28 @@ in
client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
- proxy_read_timeout 600;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ '';
+
+ locations."/.well-known/matrix/server".return = ''
+ 200 '{ "m.server": "${domain}:443" }'
'';
locations."/_matrix" = {
proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
};
- locations."/.well-known/matrix/server".return = ''
- 200 '{ "m.server": "${domain}:443" }'
+
+ locations."/.well-known/matrix/client".return = ''
+ 200 '${builtins.toJSON {
+ "m.homeserver".base_url = "https://${domain}";
+ "org.matrix.msc3575.proxy".url = "https://${domain}";
+ }}'
'';
+ locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = let
+ addr = "${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+ in {
+ proxyPass = "http://${addr}";
+ };
};
"www.${domain}" = {
forceSSL = true;
diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml
index d23526d..d9c40e0 100644
--- a/hosts/kay/secrets.yaml
+++ b/hosts/kay/secrets.yaml
@@ -6,10 +6,12 @@ hurricane:
username: ENC[AES256_GCM,data:NXfBArIE7B40,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:UeSZc20JghP8oT+R8RubXw==,type:str]
update_key: ENC[AES256_GCM,data:5qYBHLJngitUoy1vzEho/MJtXUxKY8imsjW0trvyl37LdnVZs3ZKPQ==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:6ZlWGmgaMuxHsR3rSpV0fw==,type:str]
tunnel_id: ENC[AES256_GCM,data:Fb8qazGD,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:DpmLdvR1oOC4TKmQv/VqIw==,type:str]
+matrix-sinanmohd.com:
+ key: ENC[AES256_GCM,data:+DAQ84NBNo0lsvrk9npFfbLqJCv9UKxhUShjkDDDu4ZZcmFxW4GBYB/f8W/vyxeOlKcRq1dKk1Vp2qO6YGxM/jTsj5o74ndbHU1jxUxEoRzljYaEb1q4rbVBUflKXYPAQKE3AIMSAZa7pcVPHkDcCs3XCClwqt1nrZEo9ncsbBtwV6X4z7V5xg==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:unlv3OLWZ+vrOs89GxshUA==,type:str]
+ sliding_sync: ENC[AES256_GCM,data:WxjlO9qjtYGA9Tr8feRKKkQcImDkpf3m7VfCNf6bpxdzsUtitcuC2mMUruhyib193x3vehNK0Ksx/LT457ZThY3g4/qz98EBQsauJUOM,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:E7LZM9mhisTzwkucgBaXYA==,type:str]
misc:
namecheap.com: ENC[AES256_GCM,data:8sN1/APumZDclTAeYEy4nidGbvooDK6Us0yOZBbG4oU=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:ky/ucGEHWBtWwGcwK+1nhw==,type:str]
wireguard: ENC[AES256_GCM,data:4GIb92p8VE/TUqLc7AztSKRc6soS7n+O/i4v1ltSqZkU8cEPyZMNRpIvXRQ=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:wr1YJbcG1L5wI01rCwv1zQ==,type:str]
- matrix-sinanmohd.com: ENC[AES256_GCM,data:iU1RGvv275iZpP5L8T2BPCqDIPlGUXdx7Hcct8T7kK2eYH5mGHN1o16azEJKuVKJfrZ86Lt5bDCBu9i7IcF0yXqlf6tqdjeoQdhhZXvC7f7zXNiypiRc5LFh0Ks7mXQxNhxPUQ6HRxKmLC+15H9FAn69fK7NOIh9ZG8QBKAXRrtosyTYnSPdPQ==,iv:0vPDl1YvSseIj2VVlX5jrvd1BwGuBXP3pgaHponE5ZU=,tag:eon485eelXfCKjhKat5fzw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -25,8 +27,8 @@ sops:
bUY4eisvWDIxdWplQjlod0hIcjVGNlUKYkA9hUTHuWgST3UUr7ACtmgC9s5SGEAp
ker5KUGGi1fHgGlsPKHmnJSvikkVFlOVAhVa8R6X02l8FJf0lcjOYA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-12-01T04:04:29Z"
- mac: ENC[AES256_GCM,data:H/UBa9IBJGjnUhfdOfaUsVpUN/P1bF+RgXXsV+TMvhDo9qX0VsjGV3F+dmzMdEeleTYUGSBL8vxudKaE2aZwXgAmz3ViuRqwAGCQa76twv4CwFBNIBMiZe9ljJe4GoHT2GGzeVhDnkuQuhkjrNKOqfX5jz4BUYby3Ku5UuBakxA=,iv:sjfMuqYgnfekK3SqYH6zKsAkmgj9nB7DFC1OnobdbCs=,tag:l0ndfqus1l12KSzCi+77Ig==,type:str]
+ lastmodified: "2023-12-23T10:23:55Z"
+ mac: ENC[AES256_GCM,data:feUTBRfI9IMpqd6RsA/zF9FjXK5ckhJw9JEUGByw4XiEZ0ccnpaQGhj/nUh53VrU/o0eo+IW4nutBHXMaqqJNVymtOOSnzkfH8SiEc7+N4i4FAcvwwXKN05oeArVbeHqEvtjMSRYQbS/TlOjK8YNkKdc61/7RjOQhdpiJIHkMko=,iv:1STxqdkSKWWgKa9MOdhzdIDjR0g0pJHAHIMyy0DbtRM=,tag:i71mRqXea/1hC8PwtJJw7w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
--
cgit v1.2.3