Add sliding sync proxy for matrix

Sliding sync is a future version of the matrix spec, but the proxy can be
deployed while still allowing us to use a non-proxied version. Sliding
sync allows much faster client load times, etc. as the client no longer
needs to sync everything

also: rip out commented/disabled coturn code
Change-Id: I9026ed7dcaec961f1bc54469f18f04b68f6e3918
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/82
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Maddie H <maddie@clicks.codes>
diff --git a/modules/common/matrix.nix b/modules/common/matrix.nix
index d87732f..9a559f7 100644
--- a/modules/common/matrix.nix
+++ b/modules/common/matrix.nix
@@ -24,7 +24,8 @@
           names = [ "client" "federation" ];
           compress = true;
         }];
-        port = 4527;
+        port = 1030;
+        bind_addresses = [ "generic" ];
       }];
       enable_metrics = true;
       database.args.database = "synapse";
@@ -47,16 +48,6 @@
         }
       ];
 
-      turn_uris = [
-
-        /* "turn:turn.clicks.codes:3478?transport=udp"
-           "turn:turn.clicks.codes:3478?transport=tcp"
-           "turns:turn.clicks.codes:5349?transport=udp"
-           "turns:turn.clicks.codes:5349?transport=tcp"
-        */
-      ]; # Please use matrix.org turn
-      # turn_shared_secret = "!!turn_shared_secret!!";
-
       log_config = lib.pipe {
         version = 1;
         formatters = {
@@ -85,6 +76,17 @@
         room_name = "Announcements";
       };
     };
+
+    sliding-sync = {
+      enable = true;
+      settings = {
+        SYNCV3_SERVER = "https://matrix-backend.clicks.codes";
+        SYNCV3_BINDADDR = "generic:1031";
+        SYNCV3_LOG_LEVEL = "warn";
+      };
+      environmentFile = config.sops.secrets.matrix_sliding_sync_env.path;
+      createDatabase = true;
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 3478 5349 ];
@@ -119,31 +121,14 @@
     managementRoom = "#moderation-commands:clicks.codes";
   };
 
-  services.coturn = {
-    enable = false;
-
-    use-auth-secret = true;
-    # static-auth-secret-file = config.sops.secrets.turn_shared_secret.path;
-
-    realm = "turn.clicks.codes";
-
-    no-tcp-relay = true;
-
-    no-cli = true;
-
-    extraConfig = ''
-      external-ip=turn.clicks.codes
-    '';
-  };
-
   sops.secrets = {
-    #turn_shared_secret = {
-    #  mode = "0440";
-    #  owner = "turnserver";
-    #  group = "matrix-synapse";
-    #  sopsFile = ../../secrets/matrix.json;
-    #  format = "json";
-    #};
+    matrix_sliding_sync_env = {
+      mode = "0600";
+      owner = config.users.users.root.name;
+      group = config.users.users.root.group;
+      sopsFile = ../../secrets/matrix_sliding_sync.env.bin;
+      format = "binary";
+    };
     matrix_keycloak_client_secret = {
       mode = "0400";
       owner = config.users.users.matrix-synapse.name;
@@ -187,8 +172,6 @@
         config.sops.secrets.registration_shared_secret.path;
       matchers."matrix_keycloak_client_secret".secret =
         config.sops.secrets.matrix_keycloak_client_secret.path;
-      # matchers."turn_shared_secret".secret =
-      #   config.sops.secrets.turn_shared_secret.path;
       owner = config.users.users.matrix-synapse.name;
       group = config.users.users.matrix-synapse.group;
       mode = "0400";