From 18d47f2e8af5bc444e6d78c9f633a7649d7e1f2b Mon Sep 17 00:00:00 2001 From: "xyno (Philipp Hochkamp)" Date: Fri, 30 Jun 2023 22:53:46 +0200 Subject: [PATCH] localhost --- nixos-modules/services/synapse.nix | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/nixos-modules/services/synapse.nix b/nixos-modules/services/synapse.nix index 567f4c2c..a11faf0a 100644 --- a/nixos-modules/services/synapse.nix +++ b/nixos-modules/services/synapse.nix @@ -49,12 +49,12 @@ in }; ragon.agenix.secrets."matrixSecrets" = { owner = "matrix-synapse"; }; - users.users.slidingsync = { isSystemUser = true; group = "slidingsync"; }; - users.groups.slidingsync = { }; + users.users.slidingsync = { isSystemUser = true; group = "slidingsync"; uid = 990; }; + users.groups.slidingsync = { gid = 988; }; virtualisation.oci-containers.containers."matrix-sliding-sync" = { image = "ghcr.io/matrix-org/sliding-sync:latest"; - ports = [ "8008:localhost:8008" ]; - user = "slidingsync"; + ports = [ "127.0.0.1:8009:8008" ]; + user = "${toString config.users.users.slidingsync.uid}:${toString config.users.groups.slidingsync.gid}"; volumes = [ "/run/postgresql:/run/postgresql" ]; @@ -62,10 +62,17 @@ in environment = { SYNCV3_SERVER = "https://m.ragon.xyz"; SYNCV3_BINDADDR = ":8008"; - SYNCV3_DB = "user=slidingsync dbname=slidingsync"; + SYNCV3_DB = "host=/run/postgresql user=slidingsync dbname=slidingsync password=slidingsync"; }; }; services.postgresql = { + ensureDatabases = [ "slidingsync" ]; + ensureUsers = [ + { + name = "slidingsync"; + ensurePermissions."DATABASE slidingsync" = "ALL PRIVILEGES"; + } + ]; enable = true; }; services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' @@ -142,6 +149,9 @@ in "slidingsync.${domain}" = { forceSSL = true; useACMEHost = "${domain}"; + locations."/" = { + proxyPass = "http://127.0.0.1:8009"; + }; };