modules/sliding-sync: init

- Enable sliding-sync on h.
2023-03-08 10:12:26 -07:00 · 2023-03-08 10:12:26 -07:00 · 9d84d1c06f
commit 9d84d1c06f
parent e39d47c54d
2 changed files with 134 additions and 2 deletions
--- a/hosts/h/default.nix
+++ b/hosts/h/default.nix
@ -6,6 +6,7 @@ let
  gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
  icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
  mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
+  slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
  weepushover =
    python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
  pgBackupDir = "/var/backups/postgresql";
@ -34,6 +35,7 @@ in {
    ../../modules/yarr.nix
    ../../modules/tsvnstat.nix
    ../../modules/golink.nix
+    ../../modules/sliding-sync.nix
  ];

  boot.loader.grub.enable = true;
@ -104,6 +106,11 @@ in {
      mode = "400";
      sopsFile = config.xin-secrets.h.services;
    };
+    sliding_sync_env = {
+      owner = config.services.sliding-sync.user;
+      mode = "400";
+      sopsFile = config.xin-secrets.h.services;
+    };
  };

  networking = {
@ -207,6 +214,11 @@ in {
  };

  services = {
+    sliding-sync = {
+      enable = true;
+      server = "https://tapenet.org";
+      package = slidingSyncPkg;
+    };
    pots = {
      enable = true;
      envFile = "${config.sops.secrets.pots_env_file.path}";
@ -597,7 +609,27 @@ in {
              }";
          };
        };
-        "tapenet.org" = {
+        "tapenet.org" = if config.services.sliding-sync.enable then {
+          forceSSL = true;
+          enableACME = true;
+          root = "/var/www/tapenet.org";
+          extraConfig = ''
+            location ~ ^/(client/|_matrix/client/v3/sync|_matrix/client/unstable/org.matrix.msc3575/sync) {
+                proxy_pass http://${config.services.sliding-sync.address}:${
+                  toString config.services.sliding-sync.port
+                };
+                proxy_set_header X-Forwarded-For $remote_addr;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header Host $host;
+            }
+            location ~* ^(\/_matrix|\/_synapse\/client) {
+                proxy_pass http://127.0.0.1:8009;
+                proxy_set_header X-Forwarded-For $remote_addr;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header Host $host;
+            }
+          '';
+        } else {
          forceSSL = true;
          enableACME = true;
          root = "/var/www/tapenet.org";
@ -638,7 +670,7 @@ in {
          LC_COLLATE = "C"
          LC_CTYPE = "C";
      '';
-      ensureDatabases = [ "synapse" "gotosocial" ];
+      ensureDatabases = [ "synapse" "gotosocial" "syncv3" ];
      ensureUsers = [
        {
          name = "synapse_user";
@ -648,6 +680,10 @@ in {
          name = "gotosocial";
          ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
        }
+        {
+          name = "syncv3";
+          ensurePermissions."DATABASE syncv3" = "ALL PRIVILEGES";
+        }
      ];
    };

--- a/modules/sliding-sync.nix
+++ b/modules/sliding-sync.nix
@ -0,0 +1,96 @@
+{ lib, config, pkgs, inputs, ... }:
+let cfg = config.services.sliding-sync;
+in {
+  options = with lib; {
+    services.sliding-sync = {
+      enable = lib.mkEnableOption "Enable sliding-sync";
+
+      user = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "syncv3";
+        description = ''
+          The user the service will use.
+        '';
+      };
+
+      group = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "syncv3";
+        description = ''
+          The group the service will use.
+        '';
+      };
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/sliding-sync";
+        description = "Path sliding-sync home directory";
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.sliding-sync;
+        defaultText = literalExpression "pkgs.sliding-sync";
+        description = "The package to use for sliding-sync";
+      };
+
+      port = mkOption {
+        type = types.int;
+        default = 8098;
+        description = "The port sliding-sync should listen on.";
+      };
+
+      address = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "The address sliding-sync should listen on.";
+      };
+
+      server = mkOption {
+        type = types.str;
+        default = "";
+        description = "The matrix server to talk to.";
+      };
+
+      envFile = mkOption {
+        type = types.path;
+        default = "/run/secrets/sliding_sync_env";
+        description = ''
+          Path to a file containing the sliding-sync secret information.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.groups.${cfg.group} = { };
+    users.users.${cfg.user} = {
+      description = "sliding-sync service user";
+      isSystemUser = true;
+      home = "${cfg.dataDir}";
+      createHome = true;
+      group = "${cfg.group}";
+    };
+
+    systemd.services.sliding-sync = {
+      enable = true;
+      description = "sliding-sync server";
+      wantedBy = [ "network-online.target" ];
+      after = [ "network-online.target" "matrix-synapse.service" ];
+
+      environment = {
+        HOME = "${cfg.dataDir}";
+        SYNCV3_BINDADDR = "${cfg.address}:${toString cfg.port}";
+        SYNCV3_SERVER = cfg.server;
+      };
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        ExecStart = "${cfg.package}/bin/syncv3";
+        EnvironmentFile = cfg.envFile;
+      };
+    };
+  };
+}