defiant/matrix-synapse: Add sliding sync

felixalbpc/flake: fix group bug
defiant/nginx: Fix broken git-default. Temporarily disable nextcloud
2024-09-25 19:56:59 +02:00 · 2024-09-25 19:56:37 +02:00 · 2024-09-25 19:28:52 +02:00
5 changed files with 28 additions and 19 deletions
--- a/base.nix
+++ b/base.nix
@ -82,7 +82,7 @@

  users.users.felixalb = {
    isNormalUser = true;
-    extraGroups = lib.mkDefault [
+    extraGroups = [
      "wheel"
      "docker"
    ];
--- a/hosts/defiant/services/matrix/synapse.nix
+++ b/hosts/defiant/services/matrix/synapse.nix
@ -12,6 +12,12 @@
    group = "matrix-synapse";
  };

+  sops.secrets."matrix/slidingsyncsecret" = {
+    restartUnits = [ "matrix-synapse.service" ];
+    owner = "matrix-synapse";
+    group = "matrix-synapse";
+  };
+
  services.matrix-synapse-next = {
    enable = true;
    enableNginx = true;
@ -75,6 +81,8 @@
      tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
      tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";

+      enableSlidingSync = true;
+
      oidc_providers = [
        {
          idp_id = "keycloak";
@ -93,10 +101,12 @@
    };
  };

-  services.postgresqlBackup.databases = [ "matrix-synapse" ];
+  services.matrix-synapse.sliding-sync.environmentFile = config.sops.secrets."matrix/slidingsyncsecret".path;

  services.redis.servers."".enable = true;

+  services.postgresqlBackup.databases = [ "matrix-synapse" ];
+
  services.nginx.virtualHosts."matrix.feal.no" = {
    listen = [
      { addr = "192.168.10.175"; port = 43443; ssl = true; }
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@ -12,8 +12,6 @@ in {
    recommendedGzipSettings = true;
    recommendedOptimisation = true;

-    virtualHosts."git.feal.no".default = true;
-
    defaultListen = [
      {
        addr = "192.168.10.175";
@ -56,15 +54,17 @@ in {
      '';
    } // overrides;
  in {
-    "cloud.feal.no" = publicProxy "" {
-      locations."/" = {
-        proxyPass = "http://challenger.home.feal.no";
-        extraConfig = ''
-          client_max_body_size 8G;
-        '';
+    # "cloud.feal.no" = publicProxy "" {
+    #   locations."/" = {
+    #     proxyPass = "http://challenger.home.feal.no";
+    #     extraConfig = ''
+    #       client_max_body_size 8G;
+    #     '';
+    #   };
+    # };
+    "git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {
+      default = true;
    };
-    };
-    "git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {};
    "jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" { };
    "iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
    "music.feal.no" = publicProxy "http://challenger.home.feal.no/" { };
--- a/hosts/felixalbpc/configuration.nix
+++ b/hosts/felixalbpc/configuration.nix
@ -33,7 +33,6 @@

  users.users.felixalb = {
    uid = 1328256;
-    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [ ];
  };

--- a/secrets/defiant/defiant.yaml
+++ b/secrets/defiant/defiant.yaml
@ -2,6 +2,7 @@ matrix:
    synapse:
        registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
        oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
+    slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
 domeneshop:
    netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
 hedgedoc:
@ -39,9 +40,8 @@ sops:
            RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
            fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-08T00:14:52Z"
-    mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str]
+    lastmodified: "2024-09-25T17:49:30Z"
+    mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
-
Author	SHA1	Message	Date
Felix Albrigtsen	69949e872d	defiant/matrix-synapse: Add sliding sync	2024-09-25 19:56:59 +02:00
Felix Albrigtsen	b553f83da8	felixalbpc/flake: fix group bug	2024-09-25 19:56:37 +02:00
Felix Albrigtsen	bfcb4f7dce	defiant/nginx: Fix broken git-default. Temporarily disable nextcloud	2024-09-25 19:28:52 +02:00