From 69949e872d544ce36dfb7e077238c5215a19d125 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Wed, 25 Sep 2024 19:56:59 +0200 Subject: [PATCH] defiant/matrix-synapse: Add sliding sync --- hosts/defiant/services/matrix/synapse.nix | 12 +++++++++++- secrets/defiant/defiant.yaml | 6 +++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/services/matrix/synapse.nix b/hosts/defiant/services/matrix/synapse.nix index 0c846d6..7f60920 100644 --- a/hosts/defiant/services/matrix/synapse.nix +++ b/hosts/defiant/services/matrix/synapse.nix @@ -12,6 +12,12 @@ group = "matrix-synapse"; }; + sops.secrets."matrix/slidingsyncsecret" = { + restartUnits = [ "matrix-synapse.service" ]; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + services.matrix-synapse-next = { enable = true; enableNginx = true; @@ -75,6 +81,8 @@ tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt"; tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key"; + enableSlidingSync = true; + oidc_providers = [ { idp_id = "keycloak"; @@ -93,10 +101,12 @@ }; }; - services.postgresqlBackup.databases = [ "matrix-synapse" ]; + services.matrix-synapse.sliding-sync.environmentFile = config.sops.secrets."matrix/slidingsyncsecret".path; services.redis.servers."".enable = true; + services.postgresqlBackup.databases = [ "matrix-synapse" ]; + services.nginx.virtualHosts."matrix.feal.no" = { listen = [ { addr = "192.168.10.175"; port = 43443; ssl = true; } diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml index 50e3724..59936e3 100644 --- a/secrets/defiant/defiant.yaml +++ b/secrets/defiant/defiant.yaml @@ -2,6 +2,7 @@ matrix: synapse: registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str] oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str] + slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str] domeneshop: netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str] hedgedoc: @@ -39,9 +40,8 @@ sops: RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-08T00:14:52Z" - mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str] + lastmodified: "2024-09-25T17:49:30Z" + mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -