synapse: support sliding-sync

2023-07-24 12:27:16 +02:00 · 2023-07-24 12:27:16 +02:00 · 071cdaff41
commit 071cdaff41
parent 623758e6be
4 changed files with 50 additions and 10 deletions
--- a/agenix/hosts/tanker/config.nix
+++ b/agenix/hosts/tanker/config.nix
@ -128,6 +128,10 @@
      group = "matrix-synapse";
    };

+    synapse-sliding-sync-config = {
+      file = ./synapse/slidingSyncConfig.age;
+    };
+
    mautrix-whatsapp-config = {
      file = ./mautrix-whatsapp/config.age;
      symlink = false;
--- a/agenix/hosts/tanker/synapse/slidingSyncConfig.age
+++ b/agenix/hosts/tanker/synapse/slidingSyncConfig.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g zhyMIQB98GvWL6S2Z6+rjOkwsfv5Fw1NbICtvbOz8HM
+vZAh7I5xP8RobeVS8NIZ58I9tm+cpiOZ7m+gLFKenjo
+-> ssh-ed25519 iO8/4g QycwplaVdS9CfKWpc2YXe6CAKlCNekT3+4b/+I+Fv0Q
+BHoeoRZr3MUbbrF5dSGWUtHOp5RGu6lImAFdcH+z4hE
+-> M-grease <tBIm-. 73d5m ?rf< |ZV<=edr
+8KF7r7ZTJWphTxl/u8SW8g38o7XZDe2CiQ
+--- MGWu4qXtsRCcLxRkpSEajwhu7yrhUVS/ub2oPJNGBXw
+0þœå¨oçÿúE¾:×gº‰]íñÐ<C3B1>G½Q~Š®¬vÎ¡ZRžE^”Ô`œs\Ü¬@‡F']
Lm‡¦LÜœº\Ç|ö\Ú¾òA;ÈºKˆ¤6iÙ^ÞHú”«K°’ÑoGÀ#µ¡'	åØÓ‰¾°P»¿J
--- a/secrets.nix
+++ b/secrets.nix
@ -52,6 +52,7 @@ in
  "agenix/hosts/tanker/proxitok/environment.age".publicKeys = tanker;

  "agenix/hosts/tanker/synapse/extraConfig.age".publicKeys = tanker;
+  "agenix/hosts/tanker/synapse/slidingSyncConfig.age".publicKeys = tanker;

  "agenix/hosts/tanker/mautrix-signal/config.age".publicKeys = tanker;

--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@ -1,5 +1,8 @@
 { config, ... }:

+let
+  fqdn = "matrix.kempkens.io";
+in
 {
  services.matrix-synapse = {
    enable = true;
@ -8,7 +11,7 @@

    settings = {
      server_name = "kempkens.io";
-      public_baseurl = "https://matrix.kempkens.io/";
+      public_baseurl = "https://${fqdn}/";

      listeners = [
        {
@ -87,13 +90,24 @@
    };

    extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
+
+    sliding-sync = {
+      enable = true;
+
+      settings = {
+        SYNCV3_SERVER = "https://${fqdn}";
+        SYNCV3_BINDADDR = "127.0.0.1:8009";
+      };
+
+      environmentFile = config.age.secrets.synapse-sliding-sync-config.path;
+    };
  };

  systemd.services.matrix-synapse.after = [ "podman-wait-for-host-interface.service" ];

  networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];

-  services.nginx.virtualHosts."matrix.kempkens.io" = {
+  services.nginx.virtualHosts."${fqdn}" = {
    quic = true;
    http3 = true;

@ -102,17 +116,29 @@

    extraConfig = ''
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    '';

-    locations."~ ^(/_matrix|/_synapse/client)" = {
-      recommendedProxySettings = true;
-      proxyPass = "http://127.0.0.1:8008";
-      proxyWebsockets = true;
+      location ~* ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
+        proxy_pass http://127.0.0.1:8009;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+      }
+
+      location ~* ^(\/_matrix|\/_synapse\/client) {
+        proxy_pass http://127.0.0.1:8008;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;

-      extraConfig = ''
        client_max_body_size 50m;
        proxy_force_ranges on;
-      '';
-    };
+      }
+    '';
  };
 }