From 17a779f5f9f315eb32ed2b3745d0177a8327a93e Mon Sep 17 00:00:00 2001 From: James Walker Date: Fri, 21 Jul 2023 12:48:23 -0400 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20matrix-sliding-sync=20-=20new=20mod?= =?UTF-8?q?ule=20upstream?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.lock | 34 ++++++++--------- modules/matrix/default.nix | 18 ++++++--- secrets/secrets.yaml | 5 ++- services/matrix-sliding-sync.nix | 63 -------------------------------- 4 files changed, 32 insertions(+), 88 deletions(-) delete mode 100644 services/matrix-sliding-sync.nix diff --git a/flake.lock b/flake.lock index 0e671f9..d21f191 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1689516967, - "narHash": "sha256-sFAa33wkQHanmij/uhfGduIDK8z4dJAita/rK6u9pvE=", + "lastModified": 1689825754, + "narHash": "sha256-u3W3WGO3BA63nb+CeNLBajbJ/sl8tDXBHKxxeTOCxfo=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "61662a63bfe1726588c1da6b412df86d8ca94d63", + "rev": "531c3de7eccf95155828e0cd9f18c25e7f937777", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1689495092, - "narHash": "sha256-yZu2j5FpLZEPhJQQutMCPTxa1VMigLPabLYvLTq6ASM=", + "lastModified": 1689891262, + "narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f84579a70b8c74e5ebb37299a0c3ba279f09382", + "rev": "ee5673246de0254186e469935909e821b8f4ec15", "type": "github" }, "original": { @@ -280,15 +280,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1689373857, - "narHash": "sha256-mtBksyvhhT98Zsm9tYHuMKuLwUKDwv+BGTl6K5nOGhY=", - "owner": "nixos", + "lastModified": 1689534811, + "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfdbcc428f365071f0ca3888f6ec8c25c3792885", + "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -328,11 +328,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1689601424, - "narHash": "sha256-WEqoSflQP65MF9O9k+JEkvUXMEoyCatmMAoLOowcEoE=", + "lastModified": 1689935543, + "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0f2758381caca8b4fb4a6cac61721cc9de06bd9", + "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc", "type": "github" }, "original": { @@ -353,11 +353,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689553106, - "narHash": "sha256-RFFf6BbpqQB0l1ehAbgri9g9MGZkAY9UdiNotD9fG8Y=", + "lastModified": 1689668210, + "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "87589fa438dd6d5b8c7c1c6ab2ad69e4663bb51f", + "rev": "eb433bff05b285258be76513add6f6c57b441775", "type": "github" }, "original": { diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index 8dddd7b..accbfb1 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ../../services/matrix-sliding-sync.nix - ]; - environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ]; @@ -51,12 +47,22 @@ extraConfigFiles = [ config.sops.secrets.matrix-registration-secret.path ]; - }; - matrix-syncv3.enable = true; + sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://matrix.walkah.chat"; + SYNCV3_BINDADDR = "0.0.0.0:8088"; + }; + environmentFile = config.sops.secrets.matrix-sliding-sync-secret.path; + }; + + }; }; sops.secrets.matrix-registration-secret = { owner = "matrix-synapse"; }; + + sops.secrets.matrix-sliding-sync-secret = { }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 456a191..24bc4b6 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,4 +1,5 @@ matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str] +matrix-sliding-sync-secret: ENC[AES256_GCM,data:jZvU3VhOLhM7bU3DkITB+TXROcImaKCcqoECGVQ63fADVrs42mGwnzLeQ9HxI6jLCuNMLKm0juXslUATA51wP3ta0z/1KiwX7q2Fwj4D/w==,iv:BYn7DAcpFOeTQNz9KnkAMIppmypFTllPLfK35n7hB9A=,tag:K6+fSRkMdSOHvrb+spVI3w==,type:str] ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str] drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str] traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str] @@ -76,8 +77,8 @@ sops: dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd 96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-19T01:51:10Z" - mac: ENC[AES256_GCM,data:dIOL/ovDcGbgLNFSNmlR/rneEcVtUQi0wGzLoJpzv3sT23DsiyXm4WZVShIz+Kjxsu6rFsRnqO6yGfHvA9aDE0Iz0DGPm4AgLl2pRq+cgPoTuZRnKptwLLNcCKXxWu74g0bBn6/PirYFcEK3hZN9gejA6910lFrHpsPdmiWVu94=,iv:HaBxBIpS+JWsKg38TuQP9VbsYYGKQjpq1UYWvxAC/MA=,tag:GrI57dalcj/sOwdX7I6lbA==,type:str] + lastmodified: "2023-07-21T16:24:17Z" + mac: ENC[AES256_GCM,data:Lr5eATX46pS0oyRBL/lFqaNWUroRmZ35jPHQlMTsO8PMGy4gnpOr5ILRvTqKraOLkJDF/dEutA5bI5/nOzvkcaC6qFstQVbwpg30ComKki8NHs8RMsSvMNMt6UDIa9U2/wjkiEyBP7yeopZZDaGmLFQMf/jh7lj/JpopQaw0JKw=,iv:soT0OwadNhHJBMmjVoRrYu4AalE/p6VXMHDI8m6Vdz8=,tag:dhYxzB9f5vtXYQSC6SRwPA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/services/matrix-sliding-sync.nix b/services/matrix-sliding-sync.nix deleted file mode 100644 index a96465e..0000000 --- a/services/matrix-sliding-sync.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, options, ... }: -with lib; -let - cfg = config.services.matrix-syncv3; -in -{ - options = { - services.matrix-syncv3 = { - enable = mkEnableOption "SyncV3 for matrix"; - package = mkPackageOption pkgs "matrix-sliding-sync" { }; - - port = mkOption { - type = types.int; - default = 8088; - description = '' - The port to listen on. - ''; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Must contain the `SYNCV3_SECRET` environment variable. - Generated with ``openssl rand -hex 32``. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - postgresql = { - ensureDatabases = [ "matrix-syncv3" ]; - ensureUsers = [{ - name = "matrix-syncv3"; - ensurePermissions."DATABASE \"matrix-syncv3\"" = "ALL PRIVILEGES"; - }]; - }; - }; - - systemd.services.matrix-syncv3 = { - after = [ "matrix-synapse.service" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - StateDirectory = "matrix-syncv3"; - WorkingDirectory = "/var/lib/matrix-syncv3"; - Environment = [ - "SYNCV3_SERVER=https://matrix.walkah.chat" - "SYNCV3_DB=postgresql:///matrix-syncv3?host=/run/postgresql" - "SYNCV3_BINDADDR=0.0.0.0:${toString cfg.port}" - ]; - }; - script = '' - path=/var/lib/matrix-syncv3/secret - [ -f $path ] || ${pkgs.openssl}/bin/openssl rand -hex 32 > $path - export SYNCV3_SECRET=$(cat $path) - exec ${cfg.package}/bin/syncv3 - ''; - }; - }; -}