From 8bb1c5853b65b690cb8882047760cd13e146be1b Mon Sep 17 00:00:00 2001 From: yuri Date: Sat, 7 Oct 2023 01:40:56 +0200 Subject: [PATCH] Enable sliding-sync for matrix-synapse --- config/hosts/matrix/matrix-synapse.nix | 9 ++++++++- config/hosts/matrix/nginx.nix | 19 ++++++++++++------- config/hosts/matrix/secrets.nix | 8 ++++++++ .../web-public-2/virtualHosts/nekover.se.nix | 2 +- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index 893cfb2..1a4fb12 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { services.matrix-synapse = { enable = true; @@ -47,6 +47,13 @@ turn_user_lifetime = 86400000; turn_allow_guests = true; }; + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; + }; + environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; + }; extraConfigFiles = [ "/secrets/matrix-registration-shared-secret.secret" "/secrets/matrix-turn-shared-secret.secret" diff --git a/config/hosts/matrix/nginx.nix b/config/hosts/matrix/nginx.nix index de8f332..234362d 100644 --- a/config/hosts/matrix/nginx.nix +++ b/config/hosts/matrix/nginx.nix @@ -16,13 +16,18 @@ ssl = true; } ]; - locations."~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - # Nginx by default only allows file uploads up to 1M in size - # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml - client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size}; - ''; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + # Nginx by default only allows file uploads up to 1M in size + # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml + client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size}; + ''; + }; + "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { + proxyPass = "http://127.0.0.1:8009"; + }; }; extraConfig = '' listen 0.0.0.0:8443 http2 ssl proxy_protocol; diff --git a/config/hosts/matrix/secrets.nix b/config/hosts/matrix/secrets.nix index 24329ea..7024f35 100644 --- a/config/hosts/matrix/secrets.nix +++ b/config/hosts/matrix/secrets.nix @@ -32,4 +32,12 @@ permissions = "0640"; uploadAt = "pre-activation"; }; + deployment.keys."matrix-SYNCV3_SECRET.secret" = { + keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "matrix/SYNCV3_SECRET" ]; + destDir = "/secrets"; + user = "matrix-synapse"; + group = "matrix-synapse"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; } diff --git a/config/hosts/web-public-2/virtualHosts/nekover.se.nix b/config/hosts/web-public-2/virtualHosts/nekover.se.nix index 7ea6e2c..91c131d 100644 --- a/config/hosts/web-public-2/virtualHosts/nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/nekover.se.nix @@ -22,7 +22,7 @@ ''; }; locations."/.well-known/matrix/client" = { - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}}'"; + return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}}'"; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *;