modules: services: matrix: add sliding sync

hosts/nixos/porthos/services.nix

@@ -64,6 +64,9 @@ in
       mailConfigFile = secrets."matrix/mail".path;
       # Only necessary when doing the initial registration
       secretFile = secrets."matrix/secret".path;
+      slidingSync = {
+        secretFile = secrets."matrix/sliding-sync-secret".path;
+      };
     };
     miniflux = {
       enable = true;

modules/services/matrix/default.nix

@@ -26,6 +26,23 @@ in
       description = "Shared secret to register users";
     };
 
+    slidingSync = {
+      enable = my.mkDisableOption "sliding sync";
+
+      port = mkOption {
+        type = types.port;
+        default = 8009;
+        example = 8084;
+        description = "Port used by sliding sync server";
+      };
+
+      secretFile = mkOption {
+        type = types.str;
+        example = "/var/lib/matrix/sliding-sync-secret-file.env";
+        description = "Secret file which contains SYNCV3_SECRET definition";
+      };
+    };
+
     mailConfigFile = mkOption {
       type = types.str;
       example = "/var/lib/matrix/email-config.yaml";
@@ -89,6 +106,17 @@ in
       extraConfigFiles = [
         cfg.mailConfigFile
       ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
+
+      sliding-sync = lib.mkIf cfg.slidingSync.enable {
+        enable = true;
+
+        settings = {
+          SYNCV3_SERVER = "https://${matrixDomain}";
+          SYNCV3_BINDADDR = "127.0.0.1:${cfg.slidingSync.port}";
+        };
+
+        environmentFile = cfg.slidingSync.secretFile;
+      };
     };
 
     my.services.nginx.virtualHosts = [
@@ -139,6 +167,11 @@ in
 
             "/_matrix" = proxyToClientPort;
             "/_synapse/client" = proxyToClientPort;
+
+            # Sliding sync
+            "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+              proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
+            };
           };
 
         listen = [