diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index bd78a79..d47b74f 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -41,6 +41,10 @@ in owner = "matrix-synapse"; group = "matrix-synapse"; }; + + "matrix/matrix.hillion.co.uk/syncv3_secret" = { + file = ../../secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age; + }; }; services = { @@ -114,6 +118,15 @@ in }; }; + matrix-synapse.sliding-sync = { + enable = true; + environmentFile = config.age.secrets."matrix/matrix.hillion.co.uk/syncv3_secret".path; + settings = { + SYNCV3_SERVER = "https://matrix.hillion.co.uk"; + SYNCV3_BINDADDR = "[::]:8009"; + }; + }; + heisenbridge = lib.mkIf cfg.heisenbridge { enable = true; owner = "@jake:hillion.co.uk"; diff --git a/modules/www/global.nix b/modules/www/global.nix index a3aee28..38befff 100644 --- a/modules/www/global.nix +++ b/modules/www/global.nix @@ -42,7 +42,10 @@ in header /.well-known/matrix/* Access-Control-Allow-Origin * respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200 - respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.hillion.co.uk"}}` + respond /.well-known/matrix/client `${builtins.toJSON { + "m.homeserver" = { "base_url" = "https://matrix.hillion.co.uk"; }; + "org.matrix.msc3575.proxy" = { "url" = "https://matrix.hillion.co.uk"; }; + }}` 200 respond 404 } @@ -65,6 +68,7 @@ in reverse_proxy http://${locations.services.gitea}:3000 ''; "matrix.hillion.co.uk".extraConfig = '' + reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync http://${locations.services.matrix}:8009 reverse_proxy /_matrix/* http://${locations.services.matrix}:8008 reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008 ''; diff --git a/secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age b/secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age new file mode 100644 index 0000000..71bec00 --- /dev/null +++ b/secrets/matrix/matrix.hillion.co.uk/syncv3_secret.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-rsa GxPFJQ +Z3WKcEusrn04hb2zUpEFBHOoqDIaCzMo/jZuOX/eMKPBqTrxcba9ZgxOFE7+yaUi +FJvlQNg5pQn/vaCtHkJWfBXdKiwZ3pIeaqwNcto8EprKLxIAkLjMBMOursz9k41E +0B4NKRyxiQO2kMgjKb9jYzhioan3NG1Loto8RbjbUPlqn/Q0NEsq8Uql0qaM02Ba +zBd1Xt1MFDtemXxzfmeqLMX45F67B8JKFujnXajR7qoRCmzz6kkj6zb+SEE+Nodq +9J/i4rpgwP0B9Zgp9QqnvOBVuLtxPOv/EE+Dp9Ktj1v5SxlJbQoPBiX5pZd5n3/n +dqibdn1Jls57qCs9sHAlDQ +-> ssh-rsa K9mW1w +BMNOK5nTDPSw5wZsdWlpWzbA62WdDmqg3CdiYSA8mDZT5LFHsmZt4azfwvCWnwKh +jvzWsNgASSdCCGk4xzDR8qzVAvcku5IxgQjGWCfa307r8k1RFMF910+QpS0nsckE +voBCvNIbv1Qjg6MKSXIDmmDjeLedL/0WYp7mX2FHQbs2Mau3xHz+l4mW9C6Dlyeu +PdR6IYJxqxDOqQk2FIMYq7vS1JWDo2ntS3XcufUL4V6TeFj1Soauff9/55hqt8Tm +JlUkbHmc/69bsqbr3en1sk6lk7GV7M87tfjGJuhdsMQLY10jFuZfkpewRhCLTEpR +LFooblAploXTZfXkvmoj2A +-> ssh-ed25519 iWiFbA izGiArlZgQMVSnQv/WG7+tBUnk0z/iUHI1TgAf0d5V0 +Qw/pUd8y7UNElE9U+VwE7cQhemfPXFhFoiKQya34Bwo +--- FfPFhjvH78/oBzE1tL93Vxm6fV9zsHL3S8aDb3KWA4o +óœ}þŠ lj¿mE_¿9mç}z ¼?ü-Ø9F•]IóãÞØy7uw¼x¼ŠQ3ÅìüqñŠJ„åVº–/”º@>°vÊî-G4;Êí1Ñ&@§k® ÍWë+c*ûžìá|#»û˜Èª­³Wy +fC° \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4ec4773..e1bc100 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -72,6 +72,8 @@ in "matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.boron ]; "matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ]; + "matrix/matrix.hillion.co.uk/syncv3_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ]; + # Backups Secrets "restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.cx.boron ts.home.microserver ]; "restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];