1
0
Fork 0

synapse: support sliding-sync

This commit is contained in:
Daniel Kempkens 2023-07-24 12:27:16 +02:00
parent 623758e6be
commit 071cdaff41
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 50 additions and 10 deletions

View file

@ -128,6 +128,10 @@
group = "matrix-synapse";
};
synapse-sliding-sync-config = {
file = ./synapse/slidingSyncConfig.age;
};
mautrix-whatsapp-config = {
file = ./mautrix-whatsapp/config.age;
symlink = false;

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g zhyMIQB98GvWL6S2Z6+rjOkwsfv5Fw1NbICtvbOz8HM
vZAh7I5xP8RobeVS8NIZ58I9tm+cpiOZ7m+gLFKenjo
-> ssh-ed25519 iO8/4g QycwplaVdS9CfKWpc2YXe6CAKlCNekT3+4b/+I+Fv0Q
BHoeoRZr3MUbbrF5dSGWUtHOp5RGu6lImAFdcH+z4hE
-> M-grease <tBIm-. 73d5m ?rf< |ZV<=edr
8KF7r7ZTJWphTxl/u8SW8g38o7XZDe2CiQ
--- MGWu4qXtsRCcLxRkpSEajwhu7yrhUVS/ub2oPJNGBXw
0þœå¨oçÿúE¾:×gº‰]íñÐ<C3B1>G½Q~Š®¬vΡZR ž­E^”Ô`œs\ܬ@‡F'] Lm‡¦LÜœº\Ç|ö\Ú¾òA;ȺKˆ¤6iÙ^ÞHú”«K°ÑoGÀ#µ¡' åØÓ‰¾°P»¿J

View file

@ -52,6 +52,7 @@ in
"agenix/hosts/tanker/proxitok/environment.age".publicKeys = tanker;
"agenix/hosts/tanker/synapse/extraConfig.age".publicKeys = tanker;
"agenix/hosts/tanker/synapse/slidingSyncConfig.age".publicKeys = tanker;
"agenix/hosts/tanker/mautrix-signal/config.age".publicKeys = tanker;

View file

@ -1,5 +1,8 @@
{ config, ... }:
let
fqdn = "matrix.kempkens.io";
in
{
services.matrix-synapse = {
enable = true;
@ -8,7 +11,7 @@
settings = {
server_name = "kempkens.io";
public_baseurl = "https://matrix.kempkens.io/";
public_baseurl = "https://${fqdn}/";
listeners = [
{
@ -87,13 +90,24 @@
};
extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://${fqdn}";
SYNCV3_BINDADDR = "127.0.0.1:8009";
};
environmentFile = config.age.secrets.synapse-sliding-sync-config.path;
};
};
systemd.services.matrix-synapse.after = [ "podman-wait-for-host-interface.service" ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 8008 ];
services.nginx.virtualHosts."matrix.kempkens.io" = {
services.nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
@ -102,17 +116,29 @@
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."~ ^(/_matrix|/_synapse/client)" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8008";
proxyWebsockets = true;
location ~* ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
proxy_pass http://127.0.0.1:8009;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://127.0.0.1:8008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
extraConfig = ''
client_max_body_size 50m;
proxy_force_ranges on;
'';
};
}
'';
};
}