diff --git a/flake.lock b/flake.lock index 59fb64a..eb5423a 100644 --- a/flake.lock +++ b/flake.lock @@ -257,11 +257,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1688859638, - "narHash": "sha256-GyRhX8GlTQqDWx43uBFEYEQ/WKEqDwjzABHxUCatAno=", + "lastModified": 1688894907, + "narHash": "sha256-U7hEDDhzAhLp6T+DEUbfwAsL+BtqFFGn+S1pa/0XrZY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d485da9d0034a72ceb9679c2ab0156c073f66b82", + "rev": "4ddf98349c793377c76806ebfbdfb2b96dd4ef5d", "type": "github" }, "original": { diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index c026063..8dddd7b 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -1,6 +1,10 @@ { config, pkgs, ... }: { + imports = [ + ../../services/matrix-sliding-sync.nix + ]; + environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ]; @@ -17,7 +21,7 @@ LC_CTYPE = "C"; ''; }; - postgresqlBackup.databases = [ "matrix" ]; + postgresqlBackup.databases = [ "matrix" "matrix-syncv3" ]; matrix-synapse = { enable = true; @@ -48,6 +52,8 @@ config.sops.secrets.matrix-registration-secret.path ]; }; + + matrix-syncv3.enable = true; }; sops.secrets.matrix-registration-secret = { diff --git a/modules/matrix/nginx.nix b/modules/matrix/nginx.nix index 3ef5ec4..8acb861 100644 --- a/modules/matrix/nginx.nix +++ b/modules/matrix/nginx.nix @@ -10,6 +10,12 @@ locations."/" = { proxyPass = "http://100.111.208.75:8008"; }; }; + "syncv3.walkah.chat" = { + forceSSL = true; + enableACME = true; + locations."/" = { proxyPass = "http://100.111.208.75:8088"; }; + }; + "walkah.chat" = { forceSSL = true; enableACME = true; @@ -25,6 +31,7 @@ let client = { "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; }; + "org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; }; }; in '' diff --git a/services/matrix-sliding-sync.nix b/services/matrix-sliding-sync.nix new file mode 100644 index 0000000..a96465e --- /dev/null +++ b/services/matrix-sliding-sync.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, options, ... }: +with lib; +let + cfg = config.services.matrix-syncv3; +in +{ + options = { + services.matrix-syncv3 = { + enable = mkEnableOption "SyncV3 for matrix"; + package = mkPackageOption pkgs "matrix-sliding-sync" { }; + + port = mkOption { + type = types.int; + default = 8088; + description = '' + The port to listen on. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Must contain the `SYNCV3_SECRET` environment variable. + Generated with ``openssl rand -hex 32``. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + services = { + postgresql = { + ensureDatabases = [ "matrix-syncv3" ]; + ensureUsers = [{ + name = "matrix-syncv3"; + ensurePermissions."DATABASE \"matrix-syncv3\"" = "ALL PRIVILEGES"; + }]; + }; + }; + + systemd.services.matrix-syncv3 = { + after = [ "matrix-synapse.service" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + StateDirectory = "matrix-syncv3"; + WorkingDirectory = "/var/lib/matrix-syncv3"; + Environment = [ + "SYNCV3_SERVER=https://matrix.walkah.chat" + "SYNCV3_DB=postgresql:///matrix-syncv3?host=/run/postgresql" + "SYNCV3_BINDADDR=0.0.0.0:${toString cfg.port}" + ]; + }; + script = '' + path=/var/lib/matrix-syncv3/secret + [ -f $path ] || ${pkgs.openssl}/bin/openssl rand -hex 32 > $path + export SYNCV3_SECRET=$(cat $path) + exec ${cfg.package}/bin/syncv3 + ''; + }; + }; +}