v0.5.0

This is mostly a maintainance release to be compatible with nixos-23.11 but comes with some small improvements as well

MIGRATIONS.MD

@@ -0,0 +1,10 @@
+# Migrations
+
+This is a best effort document descibing neccecary changes you might have to do when updating
+
+## 0.5.0
+
+* The module has been renamed from `synapse` to `default`
+* The synapse module now expects a wrapper-style package. This means the module is now incompatible with nixpkgs < 23.11.
+
+

README.MD

@@ -36,3 +36,19 @@ With matrix.YOURDOMAIN pointing at the server:
 ```
 
 is ~enough to get a functional matrix-server running with some workers
+
+## Sliding Sync (Element X)
+
+Just add the following to your config and point `slidingsync.YOURDOMAIN` at the server
+
+```
+services.matrix-synapse-next = {
+  enableSlidingSync = true;
+};
+
+services.matrix-synapse.sliding-sync.environmentFile = "/some/file/containing/SYNCV3_SECRET=<some secret>";
+
+```
+
+If using [well-known delagation](https://matrix-org.github.io/synapse/v1.37/delegate.html) make sure `YOURDOMAIN/.well-known/matrix/client` matches
+what's in `matrix.YOURDOMAIN/.well-known/matrix/client`

flake.nix

@@ -7,7 +7,7 @@
 
   outputs = { self, nixpkgs-lib }: {
     nixosModules = {
-      synapse = import ./synapse-module;
+      default = import ./module.nix;
     };
     lib = import ./lib.nix { lib = nixpkgs-lib.lib; };
   };

module.nix

@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports = [
+    ./synapse-module
+    ./sliding-sync
+  ];
+}

sliding-sync/default.nix

@@ -0,0 +1,117 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.matrix-synapse.sliding-sync;
+in
+{
+  disabledModules = [ "services/matrix/matrix-sliding-sync.nix" ];
+
+  options.services.matrix-synapse.sliding-sync = {
+    enable = lib.mkEnableOption (lib.mdDoc "sliding sync");
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.matrix-sliding-sync;
+      description = "What package to use for the sliding-sync proxy.";
+    };
+
+    enableNginx = lib.mkEnableOption (lib.mdDoc "autogenerated nginx config");
+    publicBaseUrl = lib.mkOption {
+      type = lib.types.str;
+      description = "The domain where clients connect, only has an effect with enableNginx";
+      example = "slidingsync.matrix.org";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = with lib.types; attrsOf str;
+        options = {
+          SYNCV3_SERVER = lib.mkOption {
+            type = lib.types.str;
+            description = lib.mdDoc ''
+              The destination homeserver to talk to not including `/_matrix/` e.g `https://matrix.example.org`.
+            '';
+          };
+
+          SYNCV3_DB = lib.mkOption {
+            type = lib.types.str;
+            default = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
+            description = lib.mdDoc ''
+              The postgres connection string.
+              Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>.
+            '';
+          };
+
+          SYNCV3_BINDADDR = lib.mkOption {
+            type = lib.types.str;
+            default = "127.0.0.1:8009";
+            example = "[::]:8008";
+            description = lib.mdDoc "The interface and port to listen on.";
+          };
+
+          SYNCV3_LOG_LEVEL = lib.mkOption {
+            type = lib.types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
+            default = "info";
+            description = lib.mdDoc "The level of verbosity for messages logged.";
+          };
+        };
+      };
+      default = { };
+      description = ''
+        Freeform environment variables passed to the sliding sync proxy.
+        Refer to <https://github.com/matrix-org/sliding-sync#setup> for all supported values.
+      '';
+    };
+
+    createDatabase = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = lib.mdDoc ''
+        Whether to enable and configure `services.postgres` to ensure that the database user `matrix-sliding-sync`
+        and the database `matrix-sliding-sync` exist.
+      '';
+    };
+
+    environmentFile = lib.mkOption {
+      type = lib.types.str;
+      description = lib.mdDoc ''
+        Environment file as defined in {manpage}`systemd.exec(5)`.
+
+        This must contain the {env}`SYNCV3_SECRET` variable which should
+        be generated with {command}`openssl rand -hex 32`.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.postgresql = lib.optionalAttrs cfg.createDatabase {
+      enable = true;
+      ensureDatabases = [ "matrix-sliding-sync" ];
+      ensureUsers = [ rec {
+        name = "matrix-sliding-sync";
+        ensurePermissions."DATABASE \"${name}\"" = "ALL PRIVILEGES";
+      } ];
+    };
+
+    systemd.services.matrix-sliding-sync = {
+      after = lib.optional cfg.createDatabase "postgresql.service";
+      wantedBy = [ "multi-user.target" ];
+      environment = cfg.settings;
+      serviceConfig = {
+        DynamicUser = true;
+        EnvironmentFile = cfg.environmentFile;
+        ExecStart = lib.getExe cfg.package;
+        StateDirectory = "matrix-sliding-sync";
+        WorkingDirectory = "%S/matrix-sliding-sync";
+      };
+    };
+
+    services.nginx.virtualHosts.${cfg.publicBaseUrl} = lib.mkIf cfg.enableNginx {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = lib.replaceStrings [ "0.0.0.0" "::" ] [ "127.0.0.1" "::1" ] "http://${cfg.settings.SYNCV3_BINDADDR}";
+      };
+    };
+  };
+}

synapse-module/default.nix

@@ -11,8 +11,22 @@ let
 
   format = pkgs.formats.yaml {};
   matrix-synapse-common-config = format.generate "matrix-synapse-common-config.yaml" cfg.settings;
-  pluginsEnv = cfg.package.python.buildEnv.override {
-    extraLibs = cfg.plugins;
+
+  # TODO: Align better with the upstream module
+  wrapped = cfg.package.override { 
+    inherit (cfg) plugins;
+    extras = [
+      "postgres"
+      "saml2"
+      "oidc"
+      "systemd"
+      "url-preview"
+      "sentry"
+      "jwt"
+      "redis"
+      "cache-memory"
+      "user-search"
+    ];
   };
 
   inherit (lib)
@@ -33,7 +47,7 @@ in
   imports = [
     ./nginx.nix
     (import ./workers.nix {
-      inherit matrix-lib throw' format matrix-synapse-common-config pluginsEnv;
+      inherit matrix-lib throw' format matrix-synapse-common-config wrapped;
     })
   ];
 
@@ -84,6 +98,8 @@ in
       description = "A yaml python logging config file";
     };
 
+    enableSlidingSync = mkEnableOption (lib.mdDoc "automatic Sliding Sync setup at `slidingsync.<domain>`");
+
     settings = mkOption {
       type = types.submodule {
         freeformType = format.type;
@@ -374,9 +390,6 @@ in
           };
         in "${cfg.package}/bin/synapse_homeserver ${flags}";
 
-        environment.PYTHONPATH =
-          lib.makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
-
         serviceConfig = {
           Type = "notify";
           User = "matrix-synapse";
@@ -388,11 +401,25 @@ in
               config-path = [ matrix-synapse-common-config ] ++ cfg.extraConfigFiles;
               keys-directory = cfg.dataDir;
             };
-          in "${cfg.package}/bin/synapse_homeserver ${flags}";
+          in "${wrapped}/bin/synapse_homeserver ${flags}";
           ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
           Restart = "on-failure";
         };
       };
     };
+
+    services.matrix-synapse-next.settings.extra_well_known_client_content."org.matrix.msc3575.proxy" = mkIf cfg.enableSlidingSync {
+      url = "https://${config.services.matrix-synapse.sliding-sync.publicBaseUrl}";
+    };
+    services.matrix-synapse.sliding-sync = mkIf cfg.enableSlidingSync {
+      enable = true;
+      enableNginx = lib.mkDefault cfg.enableNginx;
+      publicBaseUrl = lib.mkDefault "slidingsync.${cfg.settings.server_name}";
+
+      settings = {
+        SYNCV3_SERVER = lib.mkDefault "https://${cfg.public_baseurl}";
+        SYNCV3_PROM = lib.mkIf cfg.settings.enable_metrics (lib.mkDefault "127.0.0.1:9001");
+      };
+    };
   };
 }

synapse-module/nginx.nix

@@ -230,6 +230,9 @@ in
       locations."/_synapse/client" = {
         proxyPass = "http://$synapse_backend";
       };
+      locations."/.well-known/matrix" = {
+        proxyPass = "http://$synapse_backend";
+      };
     };
   };
 }

synapse-module/workers.nix

@@ -1,6 +1,6 @@
 { matrix-synapse-common-config,
   matrix-lib,
-  pluginsEnv,
+  wrapped,
   throw',
   format
 }:
@@ -333,29 +333,24 @@ in {
         wantedBy = [ "matrix-synapse.target" ];
         after = [ "matrix-synapse.service" ];
         requires = [ "matrix-synapse.service" ];
-        environment = {
-          PYTHONPATH = lib.makeSearchPathOutput "lib" cfg.package.python.sitePackages [
-            pluginsEnv
-          ];
-        };
         serviceConfig = {
           Type = "notify";
           User = "matrix-synapse";
           Group = "matrix-synapse";
           Slice = "system-matrix-synapse.slice";
           WorkingDirectory = cfg.dataDir;
-          # ExecStartPre = pkgs.writers.writeBash "wait-for-synapse" ''
-          #   # From https://md.darmstadt.ccc.de/synapse-at-work
-          #   while ! systemctl is-active -q matrix-synapse.service; do
-          #       sleep 1
-          #   done
-          # '';
+          ExecStartPre = pkgs.writers.writeBash "wait-for-synapse" ''
+            # From https://md.darmstadt.ccc.de/synapse-at-work
+            while ! systemctl is-active -q matrix-synapse.service; do
+                sleep 1
+            done
+          '';
           ExecStart = let
             flags = lib.cli.toGNUCommandLineShell {} {
               config-path = [ matrix-synapse-common-config (workerConfig worker) ] ++ cfg.extraConfigFiles;
               keys-directory = cfg.dataDir;
             };
-          in "${cfg.package}/bin/synapse_worker ${flags}";
+          in "${wrapped}/bin/synapse_worker ${flags}";
         };
       };
     }));