walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

matrix-sliding-sync - new module upstream

Browse Source
This commit is contained in:
James Walker 2023-07-21 12:48:23 -04:00
parent 402bddec5d
commit 17a779f5f9
Signed by: walkah
GPG Key ID: 3C127179D6086E93
4 changed files with 32 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock generated
View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1689516967, "lastModified": 1689825754,
"narHash": "sha256-sFAa33wkQHanmij/uhfGduIDK8z4dJAita/rK6u9pvE=", "narHash": "sha256-u3W3WGO3BA63nb+CeNLBajbJ/sl8tDXBHKxxeTOCxfo=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "61662a63bfe1726588c1da6b412df86d8ca94d63", "rev": "531c3de7eccf95155828e0cd9f18c25e7f937777",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -213,11 +213,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1689495092, "lastModified": 1689891262,
"narHash": "sha256-yZu2j5FpLZEPhJQQutMCPTxa1VMigLPabLYvLTq6ASM=", "narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f84579a70b8c74e5ebb37299a0c3ba279f09382", "rev": "ee5673246de0254186e469935909e821b8f4ec15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -280,15 +280,15 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1689373857, "lastModified": 1689534811,
"narHash": "sha256-mtBksyvhhT98Zsm9tYHuMKuLwUKDwv+BGTl6K5nOGhY=", "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dfdbcc428f365071f0ca3888f6ec8c25c3792885", "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -328,11 +328,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1689601424, "lastModified": 1689935543,
"narHash": "sha256-WEqoSflQP65MF9O9k+JEkvUXMEoyCatmMAoLOowcEoE=", "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d0f2758381caca8b4fb4a6cac61721cc9de06bd9", "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -353,11 +353,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1689553106, "lastModified": 1689668210,
"narHash": "sha256-RFFf6BbpqQB0l1ehAbgri9g9MGZkAY9UdiNotD9fG8Y=", "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "87589fa438dd6d5b8c7c1c6ab2ad69e4663bb51f", "rev": "eb433bff05b285258be76513add6f6c57b441775",
"type": "github" "type": "github"
}, },
"original": { "original": {

18
modules/matrix/default.nix
View File

@ -1,10 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
../../services/matrix-sliding-sync.nix
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
matrix-synapse-tools.synadm matrix-synapse-tools.synadm
]; ];
@ -51,12 +47,22 @@
extraConfigFiles = [ extraConfigFiles = [
config.sops.secrets.matrix-registration-secret.path config.sops.secrets.matrix-registration-secret.path
]; ];
};
matrix-syncv3.enable = true; sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://matrix.walkah.chat";
SYNCV3_BINDADDR = "0.0.0.0:8088";
};
environmentFile = config.sops.secrets.matrix-sliding-sync-secret.path;
};
};
}; };
sops.secrets.matrix-registration-secret = { sops.secrets.matrix-registration-secret = {
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
sops.secrets.matrix-sliding-sync-secret = { };
} }

5
secrets/secrets.yaml
View File

@ -1,4 +1,5 @@
matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str] matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
matrix-sliding-sync-secret: ENC[AES256_GCM,data:jZvU3VhOLhM7bU3DkITB+TXROcImaKCcqoECGVQ63fADVrs42mGwnzLeQ9HxI6jLCuNMLKm0juXslUATA51wP3ta0z/1KiwX7q2Fwj4D/w==,iv:BYn7DAcpFOeTQNz9KnkAMIppmypFTllPLfK35n7hB9A=,tag:K6+fSRkMdSOHvrb+spVI3w==,type:str]
ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str] ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str]
drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str] drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str] traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str]
@ -76,8 +77,8 @@ sops:
dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd
96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw== 96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-19T01:51:10Z" lastmodified: "2023-07-21T16:24:17Z"
mac: ENC[AES256_GCM,data:dIOL/ovDcGbgLNFSNmlR/rneEcVtUQi0wGzLoJpzv3sT23DsiyXm4WZVShIz+Kjxsu6rFsRnqO6yGfHvA9aDE0Iz0DGPm4AgLl2pRq+cgPoTuZRnKptwLLNcCKXxWu74g0bBn6/PirYFcEK3hZN9gejA6910lFrHpsPdmiWVu94=,iv:HaBxBIpS+JWsKg38TuQP9VbsYYGKQjpq1UYWvxAC/MA=,tag:GrI57dalcj/sOwdX7I6lbA==,type:str] mac: ENC[AES256_GCM,data:Lr5eATX46pS0oyRBL/lFqaNWUroRmZ35jPHQlMTsO8PMGy4gnpOr5ILRvTqKraOLkJDF/dEutA5bI5/nOzvkcaC6qFstQVbwpg30ComKki8NHs8RMsSvMNMt6UDIa9U2/wjkiEyBP7yeopZZDaGmLFQMf/jh7lj/JpopQaw0JKw=,iv:soT0OwadNhHJBMmjVoRrYu4AalE/p6VXMHDI8m6Vdz8=,tag:dhYxzB9f5vtXYQSC6SRwPA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

63
services/matrix-sliding-sync.nix
View File

@ -1,63 +0,0 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.matrix-syncv3;
in
{
options = {
services.matrix-syncv3 = {
enable = mkEnableOption "SyncV3 for matrix";
package = mkPackageOption pkgs "matrix-sliding-sync" { };
port = mkOption {
type = types.int;
default = 8088;
description = ''
The port to listen on.
'';
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Must contain the `SYNCV3_SECRET` environment variable.
Generated with ``openssl rand -hex 32``.
'';
};
};
};
config = mkIf cfg.enable {
services = {
postgresql = {
ensureDatabases = [ "matrix-syncv3" ];
ensureUsers = [{
name = "matrix-syncv3";
ensurePermissions."DATABASE \"matrix-syncv3\"" = "ALL PRIVILEGES";
}];
};
};
systemd.services.matrix-syncv3 = {
after = [ "matrix-synapse.service" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "matrix-syncv3";
WorkingDirectory = "/var/lib/matrix-syncv3";
Environment = [
"SYNCV3_SERVER=https://matrix.walkah.chat"
"SYNCV3_DB=postgresql:///matrix-syncv3?host=/run/postgresql"
"SYNCV3_BINDADDR=0.0.0.0:${toString cfg.port}"
];
};
script = ''
path=/var/lib/matrix-syncv3/secret
[ -f $path ] || ${pkgs.openssl}/bin/openssl rand -hex 32 > $path
export SYNCV3_SECRET=$(cat $path)
exec ${cfg.package}/bin/syncv3
'';
};
};
}