fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable sliding-sync for matrix-synapse

Browse source
This commit is contained in:
yuri 2023-10-07 01:40:56 +02:00
commit 8bb1c5853b
4 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
config/hosts/matrix/matrix-synapse.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
@ -47,6 +47,13 @@
turn_user_lifetime = 86400000; turn_user_lifetime = 86400000;
turn_allow_guests = true; turn_allow_guests = true;
}; };
sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
};
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
};
extraConfigFiles = [ extraConfigFiles = [
"/secrets/matrix-registration-shared-secret.secret" "/secrets/matrix-registration-shared-secret.secret"
"/secrets/matrix-turn-shared-secret.secret" "/secrets/matrix-turn-shared-secret.secret"

19
config/hosts/matrix/nginx.nix
View file

@ -16,13 +16,18 @@
ssl = true; ssl = true;
} }
]; ];
locations."~ ^(/_matrix|/_synapse/client)" = { locations = {
proxyPass = "http://localhost:8008"; "~ ^(/_matrix|/_synapse/client)" = {
extraConfig = '' proxyPass = "http://127.0.0.1:8008";
# Nginx by default only allows file uploads up to 1M in size extraConfig = ''
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml # Nginx by default only allows file uploads up to 1M in size
client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size}; # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
''; client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
'';
};
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://127.0.0.1:8009";
};
}; };
extraConfig = '' extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol; listen 0.0.0.0:8443 http2 ssl proxy_protocol;

8
config/hosts/matrix/secrets.nix
View file

@ -32,4 +32,12 @@
permissions = "0640"; permissions = "0640";
uploadAt = "pre-activation"; uploadAt = "pre-activation";
}; };
deployment.keys."matrix-SYNCV3_SECRET.secret" = {
keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "matrix/SYNCV3_SECRET" ];
destDir = "/secrets";
user = "matrix-synapse";
group = "matrix-synapse";
permissions = "0640";
uploadAt = "pre-activation";
};
} }

2
config/hosts/web-public-2/virtualHosts/nekover.se.nix
View file

@ -22,7 +22,7 @@
''; '';
}; };
locations."/.well-known/matrix/client" = { locations."/.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}}'"; return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}}'";
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;