✨ matrix-sliding-sync - new module upstream

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1689516967,
-        "narHash": "sha256-sFAa33wkQHanmij/uhfGduIDK8z4dJAita/rK6u9pvE=",
+        "lastModified": 1689825754,
+        "narHash": "sha256-u3W3WGO3BA63nb+CeNLBajbJ/sl8tDXBHKxxeTOCxfo=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "61662a63bfe1726588c1da6b412df86d8ca94d63",
+        "rev": "531c3de7eccf95155828e0cd9f18c25e7f937777",
         "type": "github"
       },
       "original": {
@@ -213,11 +213,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1689495092,
-        "narHash": "sha256-yZu2j5FpLZEPhJQQutMCPTxa1VMigLPabLYvLTq6ASM=",
+        "lastModified": 1689891262,
+        "narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f84579a70b8c74e5ebb37299a0c3ba279f09382",
+        "rev": "ee5673246de0254186e469935909e821b8f4ec15",
         "type": "github"
       },
       "original": {
@@ -280,15 +280,15 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1689373857,
-        "narHash": "sha256-mtBksyvhhT98Zsm9tYHuMKuLwUKDwv+BGTl6K5nOGhY=",
-        "owner": "nixos",
+        "lastModified": 1689534811,
+        "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dfdbcc428f365071f0ca3888f6ec8c25c3792885",
+        "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
         "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
@@ -328,11 +328,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1689601424,
-        "narHash": "sha256-WEqoSflQP65MF9O9k+JEkvUXMEoyCatmMAoLOowcEoE=",
+        "lastModified": 1689935543,
+        "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d0f2758381caca8b4fb4a6cac61721cc9de06bd9",
+        "rev": "e43e2448161c0a2c4928abec4e16eae1516571bc",
         "type": "github"
       },
       "original": {
@@ -353,11 +353,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1689553106,
-        "narHash": "sha256-RFFf6BbpqQB0l1ehAbgri9g9MGZkAY9UdiNotD9fG8Y=",
+        "lastModified": 1689668210,
+        "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "87589fa438dd6d5b8c7c1c6ab2ad69e4663bb51f",
+        "rev": "eb433bff05b285258be76513add6f6c57b441775",
         "type": "github"
       },
       "original": {

modules/matrix/default.nix

@@ -1,10 +1,6 @@
 { config, pkgs, ... }:
 
 {
-  imports = [
-    ../../services/matrix-sliding-sync.nix
-  ];
-
   environment.systemPackages = with pkgs; [
     matrix-synapse-tools.synadm
   ];
@@ -51,12 +47,22 @@
       extraConfigFiles = [
         config.sops.secrets.matrix-registration-secret.path
       ];
-    };
 
-    matrix-syncv3.enable = true;
+      sliding-sync = {
+        enable = true;
+        settings = {
+          SYNCV3_SERVER = "https://matrix.walkah.chat";
+          SYNCV3_BINDADDR = "0.0.0.0:8088";
+        };
+        environmentFile = config.sops.secrets.matrix-sliding-sync-secret.path;
+      };
+
+    };
   };
 
   sops.secrets.matrix-registration-secret = {
     owner = "matrix-synapse";
   };
+
+  sops.secrets.matrix-sliding-sync-secret = { };
 }

secrets/secrets.yaml

@@ -1,4 +1,5 @@
 matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
+matrix-sliding-sync-secret: ENC[AES256_GCM,data:jZvU3VhOLhM7bU3DkITB+TXROcImaKCcqoECGVQ63fADVrs42mGwnzLeQ9HxI6jLCuNMLKm0juXslUATA51wP3ta0z/1KiwX7q2Fwj4D/w==,iv:BYn7DAcpFOeTQNz9KnkAMIppmypFTllPLfK35n7hB9A=,tag:K6+fSRkMdSOHvrb+spVI3w==,type:str]
 ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str]
 drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
 traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str]
@@ -76,8 +77,8 @@ sops:
             dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd
             96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-19T01:51:10Z"
-    mac: ENC[AES256_GCM,data:dIOL/ovDcGbgLNFSNmlR/rneEcVtUQi0wGzLoJpzv3sT23DsiyXm4WZVShIz+Kjxsu6rFsRnqO6yGfHvA9aDE0Iz0DGPm4AgLl2pRq+cgPoTuZRnKptwLLNcCKXxWu74g0bBn6/PirYFcEK3hZN9gejA6910lFrHpsPdmiWVu94=,iv:HaBxBIpS+JWsKg38TuQP9VbsYYGKQjpq1UYWvxAC/MA=,tag:GrI57dalcj/sOwdX7I6lbA==,type:str]
+    lastmodified: "2023-07-21T16:24:17Z"
+    mac: ENC[AES256_GCM,data:Lr5eATX46pS0oyRBL/lFqaNWUroRmZ35jPHQlMTsO8PMGy4gnpOr5ILRvTqKraOLkJDF/dEutA5bI5/nOzvkcaC6qFstQVbwpg30ComKki8NHs8RMsSvMNMt6UDIa9U2/wjkiEyBP7yeopZZDaGmLFQMf/jh7lj/JpopQaw0JKw=,iv:soT0OwadNhHJBMmjVoRrYu4AalE/p6VXMHDI8m6Vdz8=,tag:dhYxzB9f5vtXYQSC6SRwPA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3

services/matrix-sliding-sync.nix

@@ -1,63 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-with lib;
-let
-  cfg = config.services.matrix-syncv3;
-in
-{
-  options = {
-    services.matrix-syncv3 = {
-      enable = mkEnableOption "SyncV3 for matrix";
-      package = mkPackageOption pkgs "matrix-sliding-sync" { };
-
-      port = mkOption {
-        type = types.int;
-        default = 8088;
-        description = ''
-          The port to listen on.
-        '';
-      };
-
-      environmentFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        description = ''
-          Must contain the `SYNCV3_SECRET` environment variable. 
-          Generated with ``openssl rand -hex 32``.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services = {
-      postgresql = {
-        ensureDatabases = [ "matrix-syncv3" ];
-        ensureUsers = [{
-          name = "matrix-syncv3";
-          ensurePermissions."DATABASE \"matrix-syncv3\"" = "ALL PRIVILEGES";
-        }];
-      };
-    };
-
-    systemd.services.matrix-syncv3 = {
-      after = [ "matrix-synapse.service" "postgresql.service" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        DynamicUser = true;
-        StateDirectory = "matrix-syncv3";
-        WorkingDirectory = "/var/lib/matrix-syncv3";
-        Environment = [
-          "SYNCV3_SERVER=https://matrix.walkah.chat"
-          "SYNCV3_DB=postgresql:///matrix-syncv3?host=/run/postgresql"
-          "SYNCV3_BINDADDR=0.0.0.0:${toString cfg.port}"
-        ];
-      };
-      script = ''
-        path=/var/lib/matrix-syncv3/secret
-        [ -f $path ] || ${pkgs.openssl}/bin/openssl rand -hex 32 > $path
-        export SYNCV3_SECRET=$(cat $path)
-        exec ${cfg.package}/bin/syncv3
-      '';
-    };
-  };
-}