RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-28 18:47:44 +00:00
Code Issues Activity

fix: remove matrix slidingf sync

Browse source
This commit is contained in:
RGBCube 2025-02-23 15:28:41 +03:00
parent ae4409c455
commit 203496b971
5 changed files with 16 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/cube/forgejo/default.nix
View file

@ -3,7 +3,6 @@
inherit (lib) const enabled genAttrs head merge mkForce; inherit (lib) const enabled genAttrs head merge mkForce;
fqdn = "git.${domain}"; fqdn = "git.${domain}";
port = 8001; port = 8001;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [(self + /modules/nginx.nix)];

1
hosts/cube/grafana/default.nix
View file

@ -3,7 +3,6 @@
inherit (lib) const enabled genAttrs merge; inherit (lib) const enabled genAttrs merge;
fqdn = "metrics.${domain}"; fqdn = "metrics.${domain}";
port = 8000; port = 8000;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [(self + /modules/nginx.nix)];

54
hosts/cube/matrix/default.nix
View file

@ -4,21 +4,19 @@
pathSite = "/var/www/site"; pathSite = "/var/www/site";
domainChat = "chat.${domain}"; fqdn = "chat.${domain}";
domainSync = "sync.${domain}"; port = 8002;
configClient."m.homeserver".base_url = "https://${fqdn}";
configServer."m.server" = "${fqdn}:443";
configWellKnownResponse.locations = let
wellKnownResponse = data: '' wellKnownResponse = data: ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${strings.toJSON data}'; return 200 '${strings.toJSON data}';
''; '';
in {
configClient."m.homeserver".base_url = "https://${domainChat}";
configClient."org.matrix.msc3575.proxy".url = "https://${domainSync}";
configServer."m.server" = "${domainChat}:443";
configWellKnownResponse.locations = {
"= /.well-known/matrix/client".extraConfig = wellKnownResponse configClient; "= /.well-known/matrix/client".extraConfig = wellKnownResponse configClient;
"= /.well-known/matrix/server".extraConfig = wellKnownResponse configServer; "= /.well-known/matrix/server".extraConfig = wellKnownResponse configServer;
}; };
@ -31,9 +29,6 @@
locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
}; };
portSynapse = 8002;
portSync = 8003;
in { in {
imports = [(self + /modules/nginx.nix)]; imports = [(self + /modules/nginx.nix)];
@ -41,15 +36,9 @@ in {
file = ./password.secret.age; file = ./password.secret.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
secrets.matrixSyncPassword = {
file = ./password.sync.age;
owner = "matrix-synapse";
};
services.postgresql.ensure = [ "matrix-synapse" "matrix-sliding-sync" ];
services.restic.backups = genAttrs config.services.restic.hosts <| const { services.restic.backups = genAttrs config.services.restic.hosts <| const {
paths = [ "/var/lib/matrix-synapse" "/var/lib/matrix-sliding-sync" ]; paths = [ "/var/lib/matrix-synapse" ];
}; };
services.matrix-synapse = enabled { services.matrix-synapse = enabled {
@ -85,7 +74,7 @@ in {
extraConfigFiles = [ config.secrets.matrixSecret.path ]; extraConfigFiles = [ config.secrets.matrixSecret.path ];
settings.listeners = [{ settings.listeners = [{
port = portSynapse; inherit port;
bind_addresses = [ "::1" ]; bind_addresses = [ "::1" ];
tls = false; tls = false;
@ -101,29 +90,10 @@ in {
services.nginx.virtualHosts.${domain} = configWellKnownResponse; services.nginx.virtualHosts.${domain} = configWellKnownResponse;
services.nginx.virtualHosts.${domainChat} = merge config.services.nginx.sslTemplate configWellKnownResponse configNotFoundLocation { services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate configWellKnownResponse configNotFoundLocation {
root = "${pathSite}"; root = "${pathSite}";
locations."/_matrix".proxyPass = "http://[::1]:${toString portSynapse}"; locations."/_matrix".proxyPass = "http://[::1]:${toString port}";
locations."/_synapse/client".proxyPass = "http://[::1]:${toString portSynapse}"; locations."/_synapse/client".proxyPass = "http://[::1]:${toString port}";
};
services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets.matrixSyncPassword.path;
settings = {
SYNCV3_SERVER = "https://${domainChat}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
SYNCV3_BINDADDR = "[::1]:${toString portSync}";
};
};
services.nginx.virtualHosts.${domainSync} = merge config.services.nginx.sslTemplate configNotFoundLocation {
root = pathSite;
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
.proxyPass = "http://[::1]:${toString portSynapse}";
locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
.proxyPass = "http://[::1]:${toString portSync}";
}; };
} }

8
hosts/cube/matrix/password.sync.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw txU8aL7ixRa9bTrV+FR5Vs8UrZ/JCNNblezCm/NJLWE
9ucwZW0qvCAc5EilV1B9XC+OA5Ro3FS6KBLGKT6NArI
-> ssh-ed25519 CzqbPQ 5DDlTXg4RIYcTcusedLRkuK3dbtccfQ0HiVFUH5B5XQ
6dW9qE5UMpOSohXIu559wBnPnOrTG/mqtrWvsy5CqYw
--- UO+CkdYt44UO16Yv3+sCJ5IoM2D+Pus7jEPbRFwGyKU
bs¶X¤
Pßt<C39F>å \Twêâ¸ÝŸq{±ÐÑó:ùlö<6C>¶9%˜ç(BdÃ]Øõ<68>ǹÓ|Üþ…SþM¨ÆQ}¼ÿ<>/quüŒ]‡oXE@"Ü‘¨”ÝŸ|ÐH}«\p©åó€­Þìmd«›

1
secrets.nix
View file

@ -6,7 +6,6 @@ in {
"hosts/cube/grafana/password.age".publicKeys = [ cube ] ++ admins; "hosts/cube/grafana/password.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/id.age".publicKeys = [ cube ] ++ admins; "hosts/cube/id.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/matrix/password.secret.age".publicKeys = [ cube ] ++ admins; "hosts/cube/matrix/password.secret.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/matrix/password.sync.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/nextcloud/password.age".publicKeys = [ cube ] ++ admins; "hosts/cube/nextcloud/password.age".publicKeys = [ cube ] ++ admins;
"hosts/cube/password.rgb.age".publicKeys = [ cube ] ++ admins; "hosts/cube/password.rgb.age".publicKeys = [ cube ] ++ admins;