qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

modules/sliding-sync: init

Browse Source 
- Enable sliding-sync on h.
This commit is contained in:
Aaron Bieber 2023-03-08 10:12:26 -07:00
parent e39d47c54d
commit 9d84d1c06f
No known key found for this signature in database
2 changed files with 134 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/h/default.nix
View File

@ -6,6 +6,7 @@ let
gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; }; gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; };
icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; }; icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; };
mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; }; mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; };
slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { };
weepushover = weepushover =
python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; }; python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; };
pgBackupDir = "/var/backups/postgresql"; pgBackupDir = "/var/backups/postgresql";
@ -34,6 +35,7 @@ in {
../../modules/yarr.nix ../../modules/yarr.nix
../../modules/tsvnstat.nix ../../modules/tsvnstat.nix
../../modules/golink.nix ../../modules/golink.nix
../../modules/sliding-sync.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -104,6 +106,11 @@ in {
mode = "400"; mode = "400";
sopsFile = config.xin-secrets.h.services; sopsFile = config.xin-secrets.h.services;
}; };
sliding_sync_env = {
owner = config.services.sliding-sync.user;
mode = "400";
sopsFile = config.xin-secrets.h.services;
};
}; };
networking = { networking = {
@ -207,6 +214,11 @@ in {
}; };
services = { services = {
sliding-sync = {
enable = true;
server = "https://tapenet.org";
package = slidingSyncPkg;
};
pots = { pots = {
enable = true; enable = true;
envFile = "${config.sops.secrets.pots_env_file.path}"; envFile = "${config.sops.secrets.pots_env_file.path}";
@ -597,7 +609,27 @@ in {
}"; }";
}; };
}; };
"tapenet.org" = { "tapenet.org" = if config.services.sliding-sync.enable then {
forceSSL = true;
enableACME = true;
root = "/var/www/tapenet.org";
extraConfig = ''
location ~ ^/(client/|_matrix/client/v3/sync|_matrix/client/unstable/org.matrix.msc3575/sync) {
proxy_pass http://${config.services.sliding-sync.address}:${
toString config.services.sliding-sync.port
};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
location ~* ^(\/_matrix|\/_synapse\/client) {
proxy_pass http://127.0.0.1:8009;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
'';
} else {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/tapenet.org"; root = "/var/www/tapenet.org";
@ -638,7 +670,7 @@ in {
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
ensureDatabases = [ "synapse" "gotosocial" ]; ensureDatabases = [ "synapse" "gotosocial" "syncv3" ];
ensureUsers = [ ensureUsers = [
{ {
name = "synapse_user"; name = "synapse_user";
@ -648,6 +680,10 @@ in {
name = "gotosocial"; name = "gotosocial";
ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES"; ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
} }
{
name = "syncv3";
ensurePermissions."DATABASE syncv3" = "ALL PRIVILEGES";
}
]; ];
}; };

96
modules/sliding-sync.nix Normal file
View File

@ -0,0 +1,96 @@
{ lib, config, pkgs, inputs, ... }:
let cfg = config.services.sliding-sync;
in {
options = with lib; {
services.sliding-sync = {
enable = lib.mkEnableOption "Enable sliding-sync";
user = mkOption {
type = with types; oneOf [ str int ];
default = "syncv3";
description = ''
The user the service will use.
'';
};
group = mkOption {
type = with types; oneOf [ str int ];
default = "syncv3";
description = ''
The group the service will use.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/sliding-sync";
description = "Path sliding-sync home directory";
};
package = mkOption {
type = types.package;
default = pkgs.sliding-sync;
defaultText = literalExpression "pkgs.sliding-sync";
description = "The package to use for sliding-sync";
};
port = mkOption {
type = types.int;
default = 8098;
description = "The port sliding-sync should listen on.";
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The address sliding-sync should listen on.";
};
server = mkOption {
type = types.str;
default = "";
description = "The matrix server to talk to.";
};
envFile = mkOption {
type = types.path;
default = "/run/secrets/sliding_sync_env";
description = ''
Path to a file containing the sliding-sync secret information.
'';
};
};
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "sliding-sync service user";
isSystemUser = true;
home = "${cfg.dataDir}";
createHome = true;
group = "${cfg.group}";
};
systemd.services.sliding-sync = {
enable = true;
description = "sliding-sync server";
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" "matrix-synapse.service" ];
environment = {
HOME = "${cfg.dataDir}";
SYNCV3_BINDADDR = "${cfg.address}:${toString cfg.port}";
SYNCV3_SERVER = cfg.server;
};
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/syncv3";
EnvironmentFile = cfg.envFile;
};
};
};
}