Add sliding sync proxy for matrix
Sliding sync is a future version of the matrix spec, but the proxy can be
deployed while still allowing us to use a non-proxied version. Sliding
sync allows much faster client load times, etc. as the client no longer
needs to sync everything
also: rip out commented/disabled coturn code
Change-Id: I9026ed7dcaec961f1bc54469f18f04b68f6e3918
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/82
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Maddie H <maddie@clicks.codes>
diff --git a/modules/common/matrix.nix b/modules/common/matrix.nix
index d87732f..9a559f7 100644
--- a/modules/common/matrix.nix
+++ b/modules/common/matrix.nix
@@ -24,7 +24,8 @@
names = [ "client" "federation" ];
compress = true;
}];
- port = 4527;
+ port = 1030;
+ bind_addresses = [ "generic" ];
}];
enable_metrics = true;
database.args.database = "synapse";
@@ -47,16 +48,6 @@
}
];
- turn_uris = [
-
- /* "turn:turn.clicks.codes:3478?transport=udp"
- "turn:turn.clicks.codes:3478?transport=tcp"
- "turns:turn.clicks.codes:5349?transport=udp"
- "turns:turn.clicks.codes:5349?transport=tcp"
- */
- ]; # Please use matrix.org turn
- # turn_shared_secret = "!!turn_shared_secret!!";
-
log_config = lib.pipe {
version = 1;
formatters = {
@@ -85,6 +76,17 @@
room_name = "Announcements";
};
};
+
+ sliding-sync = {
+ enable = true;
+ settings = {
+ SYNCV3_SERVER = "https://matrix-backend.clicks.codes";
+ SYNCV3_BINDADDR = "generic:1031";
+ SYNCV3_LOG_LEVEL = "warn";
+ };
+ environmentFile = config.sops.secrets.matrix_sliding_sync_env.path;
+ createDatabase = true;
+ };
};
networking.firewall.allowedTCPPorts = [ 3478 5349 ];
@@ -119,31 +121,14 @@
managementRoom = "#moderation-commands:clicks.codes";
};
- services.coturn = {
- enable = false;
-
- use-auth-secret = true;
- # static-auth-secret-file = config.sops.secrets.turn_shared_secret.path;
-
- realm = "turn.clicks.codes";
-
- no-tcp-relay = true;
-
- no-cli = true;
-
- extraConfig = ''
- external-ip=turn.clicks.codes
- '';
- };
-
sops.secrets = {
- #turn_shared_secret = {
- # mode = "0440";
- # owner = "turnserver";
- # group = "matrix-synapse";
- # sopsFile = ../../secrets/matrix.json;
- # format = "json";
- #};
+ matrix_sliding_sync_env = {
+ mode = "0600";
+ owner = config.users.users.root.name;
+ group = config.users.users.root.group;
+ sopsFile = ../../secrets/matrix_sliding_sync.env.bin;
+ format = "binary";
+ };
matrix_keycloak_client_secret = {
mode = "0400";
owner = config.users.users.matrix-synapse.name;
@@ -187,8 +172,6 @@
config.sops.secrets.registration_shared_secret.path;
matchers."matrix_keycloak_client_secret".secret =
config.sops.secrets.matrix_keycloak_client_secret.path;
- # matchers."turn_shared_secret".secret =
- # config.sops.secrets.turn_shared_secret.path;
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
mode = "0400";
diff --git a/modules/common/nginx-routes.nix b/modules/common/nginx-routes.nix
index 8db7de7..865a171 100644
--- a/modules/common/nginx-routes.nix
+++ b/modules/common/nginx-routes.nix
@@ -69,8 +69,10 @@
]))
(Hosts ["matrix-backend.clicks.codes" "matrix-backend.coded.codes"] (Compose [
(Path "/_synapse/admin/" (Status 403))
- (ReverseProxy "127.0.0.1:4527")
+ (ReverseProxy "generic:1030")
]))
+ (Hosts ["matrix-sliding-sync.clicks.codes" "matrix-sliding-sync.coded.codes"]
+ (ReverseProxy "generic:1031"))
];
clicks.nginx.serviceAliases = with helpers.nginx; [
(Aliases "nextcloud.clicks.codes" [
diff --git a/modules/common/nginx/clicks.codes/.well-known/matrix b/modules/common/nginx/clicks.codes/.well-known/matrix
index c7ba524..57b6176 100644
--- a/modules/common/nginx/clicks.codes/.well-known/matrix
+++ b/modules/common/nginx/clicks.codes/.well-known/matrix
@@ -3,5 +3,8 @@
"m.homeserver": {
"base_url": "https://matrix-backend.clicks.codes:443",
"server_name": "clicks.codes"
+ },
+ "org.matrix.msc3575.proxy": {
+ "url": "https://matrix-sliding-sync.clicks.codes"
}
}