Enable sliding-sync for matrix-synapse

2023-10-07 01:40:56 +02:00 · 2023-10-07 01:40:56 +02:00 · 8bb1c5853b
commit 8bb1c5853b
parent 9ac8327798
4 changed files with 29 additions and 9 deletions
--- a/config/hosts/matrix/matrix-synapse.nix
+++ b/config/hosts/matrix/matrix-synapse.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
  services.matrix-synapse = {
    enable = true;
@ -47,6 +47,13 @@
      turn_user_lifetime = 86400000;
      turn_allow_guests = true;
    };
+    sliding-sync = {
+      enable = true;
+      settings = {
+        SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
+      };
+      environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
+    };
    extraConfigFiles = [
      "/secrets/matrix-registration-shared-secret.secret"
      "/secrets/matrix-turn-shared-secret.secret"
--- a/config/hosts/matrix/nginx.nix
+++ b/config/hosts/matrix/nginx.nix
@ -16,14 +16,19 @@
          ssl = true;
        }
      ];
-      locations."~ ^(/_matrix|/_synapse/client)" = {
-        proxyPass = "http://localhost:8008";
+      locations = {
+        "~ ^(/_matrix|/_synapse/client)" = {
+          proxyPass = "http://127.0.0.1:8008";
          extraConfig = ''
            # Nginx by default only allows file uploads up to 1M in size
            # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
            client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
          '';
        };
+        "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+          proxyPass = "http://127.0.0.1:8009";
+        };
+      };
      extraConfig = ''
        listen 0.0.0.0:8443 http2 ssl proxy_protocol;

--- a/config/hosts/matrix/secrets.nix
+++ b/config/hosts/matrix/secrets.nix
@ -32,4 +32,12 @@
    permissions = "0640";
    uploadAt = "pre-activation";
  };
+  deployment.keys."matrix-SYNCV3_SECRET.secret" = {
+    keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "matrix/SYNCV3_SECRET" ];
+    destDir = "/secrets";
+    user = "matrix-synapse";
+    group = "matrix-synapse";
+    permissions = "0640";
+    uploadAt = "pre-activation";
+  };
 }
--- a/config/hosts/web-public-2/virtualHosts/nekover.se.nix
+++ b/config/hosts/web-public-2/virtualHosts/nekover.se.nix
@ -22,7 +22,7 @@
      '';
    };
    locations."/.well-known/matrix/client" = {
-      return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}}'";
+      return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}}'";
      extraConfig = ''
        default_type application/json;
        add_header Access-Control-Allow-Origin *;