{ config, ... }: let inherit (import ./lib.nix config) hostRule havenisms; syncRule = "(PathPrefix(`/client/`) || PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`))"; wellKnownRule = "PathPrefix(`/.well-known`)"; in { sops.secrets = { "matrix/syncv3/db-password" = { restartUnits = [ "podman-matrix-sliding-sync.service" ]; }; "matrix/syncv3/secret" = { restartUnits = [ "podman-matrix-sliding-sync.service" ]; }; }; sops.templates."matrix-sliding-sync.env".content = '' SYNCV3_SERVER=http://synapse:8008 SYNCV3_DB=postgres://syncv3:${ config.sops.placeholder."matrix/syncv3/db-password" }@db:5432/syncv3?sslmode=disable SYNCV3_SECRET=${config.sops.placeholder."matrix/syncv3/secret"} SYNCV3_BINDADDR=:8009 ''; virtualisation.oci-containers.containers = { synapse = { image = "docker.io/matrixdotorg/synapse:latest"; autoStart = true; dependsOn = [ "db" ]; volumes = [ "/tank/config/synapse/data:/data" ]; ports = [ "8008:8008/tcp" ]; extraOptions = [ "-l=traefik.enable=true" "-l=traefik.http.routers.synapse.rule=${hostRule "chat" havenisms} && !(${syncRule} || ${wellKnownRule})" "-l=traefik.http.services.synapse.loadbalancer.server.port=8008" ]; }; matrix-sliding-sync = { image = "ghcr.io/matrix-org/sliding-sync:latest"; dependsOn = [ "db" "synapse" ]; ports = [ "8009:8009" ]; environmentFiles = [ config.sops.templates."matrix-sliding-sync.env".path ]; extraOptions = [ "-l=traefik.enable=true" "-l=traefik.http.routers.syncv3.rule=${hostRule "chat" havenisms} && ${syncRule}" "-l=traefik.http.services.syncv3.loadbalancer.server.port=8009" ]; }; # This server helps to serve the .well-known files that are required by clients to find the sync server. matrix-well-known = { image = "nginx"; ports = [ "80" ]; dependsOn = [ "synapse" ]; volumes = [ "/tank/config/synapse/static-files:/usr/share/nginx/html:ro" ]; extraOptions = [ "-l=traefik.enable=true" "-l=traefik.http.routers.matrix-static.rule=${hostRule "chat" havenisms} && ${wellKnownRule}" "-l=traefik.http.services.matrix-static.loadbalancer.server.port=80" ]; }; }; }