diff --git a/hosts/wynne/services/apps/acomputer.lol.nix b/hosts/wynne/services/apps/acomputer.lol.nix index f390237..a2b743d 100644 --- a/hosts/wynne/services/apps/acomputer.lol.nix +++ b/hosts/wynne/services/apps/acomputer.lol.nix @@ -11,7 +11,7 @@ _: { handle /.well-known/matrix/client { header Content-Type application/json header Access-Control-Allow-Origin * - respond `{"m.homeserver": {"base_url": "https://matrix.acomputer.lol:443"}}` + respond `{"m.homeserver": {"base_url": "https://matrix.acomputer.lol:443"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.acomputer.lol"}}` } ''; }; diff --git a/hosts/wynne/services/apps/dendrite/default.nix b/hosts/wynne/services/apps/dendrite/default.nix index cee64a1..06e6f51 100644 --- a/hosts/wynne/services/apps/dendrite/default.nix +++ b/hosts/wynne/services/apps/dendrite/default.nix @@ -1,8 +1,20 @@ -{ pkgs, ... }: { +{ config, pkgs, ... }: { + sops = { + secrets = { + "matrix/syncv3_secret" = { + mode = "444"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + }; + }; services = { caddy.virtualHosts."matrix.acomputer.lol" = { extraConfig = '' + reverse_proxy /client/* 127.0.0.1:8009 + reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync 127.0.0.1:8009 reverse_proxy /_matrix/* 127.0.0.1:8008 + reverse_proxy /_dendrite/* 127.0.0.1:8008 reverse_proxy /_synapse/* 127.0.0.1:8008 ''; }; @@ -22,6 +34,15 @@ transport.useCompression = true; } ]; + matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://matrix.acomputer.lol"; + SYNCV3_BINDADDR = "127.0.0.1:8009"; + SYNCV3_DB = "postgresql://dendrite@localhost/dendrite?sslmode=disable"; + }; + environmentFile = config.sops.secrets."matrix/syncv3_secret".path; + }; }; systemd.services.dendrite = { description = "Dendrite Matrix homeserver"; diff --git a/secrets.yaml b/secrets.yaml index d535750..6fac739 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -22,6 +22,8 @@ wireguard: psk: ENC[AES256_GCM,data:5psT1pbRMDCBXHYg4z5zqsYTmgQgg0Df+xEtbEhf1YBzl6qEYyjLDhvpvaQ=,iv:wH9CqNBmLjlGlDPFZtTQ+tCVYBTkhLfwLc2nWNhlYCM=,tag:YWtFcx4YD6gh5qDnIYshfQ==,type:str] frp: token_file: ENC[AES256_GCM,data:y8QgggTJaQ2STMGNGT0RagUhBgA6H20plzEwd9jNhdXl1098URUV0288YoTnQcc=,iv:/BYWC2WYvXrlvNc97RJTfhf1IratSRU0vHcaxLXJ+V4=,tag:PlStSrzm09fW442uBHAiUg==,type:str] +matrix: + syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str] sops: kms: [] gcp_kms: [] @@ -91,8 +93,8 @@ sops: YzdpTitkMHh6VUFtV2FodVF6OWJkTU0KBjC+esgHZ8hTWXwZ+cy4++jLP+gsruHM fmRDhvQu0MNHkjQ8q4VmwRVl10uc8CyTDFTuyDoAhvmnzXHtrg1wpA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-03T20:04:33Z" - mac: ENC[AES256_GCM,data:bBHgqZTOIPYyVy6hb6cH+8DePsetM15alNqCff25ttydN8GDawHhQyDFg7DB+F9/QVokgCnlt/ds9lr/c17/kTWI77gQNVT99LlBWNQp7sLB0tBPEaDWpkWYHWznGo1d3L31sxwVDaoVaMyzoDXoQ6orDb8DYhNI2LV1QunKcyI=,iv:AfWN7dV8pxDyBwbpyL3KZAGhsSCuGHBpun3RSGy99zw=,tag:2uhNArDbuLfTYilxE+kTRw==,type:str] + lastmodified: "2024-09-09T13:51:59Z" + mac: ENC[AES256_GCM,data:2Prs+ebvAhBT4c5O+Omd+UhVg2mUTZ/oPfgwifz+we9t+2zOcsLYblll2Bs+XFShIrXDFgrUmjxZMGTsD3rEOfzIJxwY0o2G6iJ+0pg4QjMpDpPGyj4Z4yEVw9zoqUoirk86R7mWSh66xbnCwaZnAaXCiwRQT8ExYGxCvJ68egc=,iv:0ulQKbbzDO3ljRP6itDsMWplIQf02d/YtoWW0jHAXk8=,tag:1p6iv3FHZe0b2EzXjvywNQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0