3 files changed, 48 insertions, 4 deletions
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa
index 2f4e8160..50c341a7 100644
--- a/hosts/surtr/dns/zones/li.synapse.soa
+++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -1,7 +1,7 @@
 $ORIGIN synapse.li.
 $TTL 3600
 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2022022500 ; serial
+  2022022502 ; serial
  10800      ; refresh
  3600       ; retry
  604800     ; expire
@@ -21,10 +21,21 @@ $TTL 3600
 @                       IN      MX      0 ymir.yggdrasil.li
 @                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_matrix._tcp            IN      SRV     5 0 443 synapse.li.
+_matrix-identity._tcp   IN      SRV     5 0 443 synapse.li.
 element                 IN      CNAME   synapse.li.
 _acme-challenge.element IN      NS      ns.yggdrasil.li.
 turn                    IN      CNAME   synapse.li.
 _acme-challenge.turn    IN      NS      ns.yggdrasil.li.
+_stun._udp              IN      SRV     5 0 3478 turn.synapse.li.
+_stun._tcp              IN      SRV     5 0 3478 turn.synapse.li.
+_stuns._tcp             IN      SRV     5 0 5349 turn.synapse.li.
+_turn._udp              IN      SRV     5 0 3478 turn.synapse.li.
+_turn._tcp              IN      SRV     5 0 3478 turn.synapse.li.
+_turns._tcp             IN      SRV     5 0 5349 turn.synapse.li.
 _acme-challenge         IN      NS      ns.yggdrasil.li.
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index c35153e5..f55872c0 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -62,9 +62,16 @@
    services.nginx = {
      recommendedProxySettings = true;
-      upstreams."matrix-synapse" = {
+      upstreams = {
-        servers = {
+        "matrix-synapse" = {
-          "127.0.0.1:8008" = {};
+          servers = {
+            "127.0.0.1:8008" = {};
+          };
+        };
+        "mxisd" = {
+          servers = {
+            "127.0.0.1:8090" = {};
+          };
        };
      };
@@ -91,6 +98,7 @@
          '';
        in {
          "/_matrix".proxyPass = "http://matrix-synapse";
+          "/_matrix/identity".proxyPass = "http://mxisd";
          "/_synapse/client".proxyPass = "http://matrix-synapse";
          "= /.well-known/matrix/server" = {
            extraConfig = ''
@@ -232,5 +240,25 @@
      owner = "turnserver";
      group = "turnserver";
    };
+    services.mxisd = {
+      enable = true;
+      matrix.domain = "synapse.li";
+      server = {
+        name = "localhost";
+        port = 8090;
+      };
+      extraConfig = {
+        server.publicUrl = "https://synapse.li";
+        storage = {
+          backend = "postgresql";
+          provider.postgresql = {
+            database = "//localhost:5432/ma1sd";
+            username = "ma1sd";
+          };
+        };
+        forward.servers = ["matrix.org"];
+      };
+    };
  };
 }
diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix
index a34bc675..88430823 100644
--- a/hosts/surtr/postgresql.nix
+++ b/hosts/surtr/postgresql.nix
@@ -9,6 +9,11 @@
        CREATE USER "matrix-synapse";
        GRANT ALL PRIVILEGES ON DATABASE "matrix-synapse" TO "matrix-synapse";
        GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "matrix-synapse";
+        CREATE DATABASE "ma1sd" WITH TEMPLATE "template0" ENCODING "UTF8" LOCALE "C";
+        CREATE USER "ma1sd";
+        GRANT ALL PRIVILEGES ON DATABASE "ma1sd" TO "ma1sd";
+        GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "ma1sd";
      '';
    };
  };

diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 2f4e8160..50c341a7 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -1,7 +1,7 @@
1	$ORIGIN synapse.li.	1	$ORIGIN synapse.li.
2	$TTL 3600	2	$TTL 3600
3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4	2022022500 ; serial	4	2022022502 ; serial
5	10800 ; refresh	5	10800 ; refresh
6	3600 ; retry	6	3600 ; retry
7	604800 ; expire	7	604800 ; expire
@@ -21,10 +21,21 @@ $TTL 3600
21	@ IN MX 0 ymir.yggdrasil.li	21	@ IN MX 0 ymir.yggdrasil.li
22	@ IN TXT "v=spf1 redirect=yggdrasil.li"	22	@ IN TXT "v=spf1 redirect=yggdrasil.li"
23		23
		24	_matrix._tcp IN SRV 5 0 443 synapse.li.
		25	_matrix-identity._tcp IN SRV 5 0 443 synapse.li.
		26
24	element IN CNAME synapse.li.	27	element IN CNAME synapse.li.
25	_acme-challenge.element IN NS ns.yggdrasil.li.	28	_acme-challenge.element IN NS ns.yggdrasil.li.
26		29
27	turn IN CNAME synapse.li.	30	turn IN CNAME synapse.li.
28	_acme-challenge.turn IN NS ns.yggdrasil.li.	31	_acme-challenge.turn IN NS ns.yggdrasil.li.
29		32
		33	_stun._udp IN SRV 5 0 3478 turn.synapse.li.
		34	_stun._tcp IN SRV 5 0 3478 turn.synapse.li.
		35	_stuns._tcp IN SRV 5 0 5349 turn.synapse.li.
		36
		37	_turn._udp IN SRV 5 0 3478 turn.synapse.li.
		38	_turn._tcp IN SRV 5 0 3478 turn.synapse.li.
		39	_turns._tcp IN SRV 5 0 5349 turn.synapse.li.
		40
30	_acme-challenge IN NS ns.yggdrasil.li.	41	_acme-challenge IN NS ns.yggdrasil.li.


diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index c35153e5..f55872c0 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix
@@ -62,9 +62,16 @@
62	services.nginx = {	62	services.nginx = {
63	recommendedProxySettings = true;	63	recommendedProxySettings = true;
64		64
65	upstreams."matrix-synapse" = {	65	upstreams = {
66	servers = {	66	"matrix-synapse" = {
67	"127.0.0.1:8008" = {};	67	servers = {
		68	"127.0.0.1:8008" = {};
		69	};
		70	};
		71	"mxisd" = {
		72	servers = {
		73	"127.0.0.1:8090" = {};
		74	};
68	};	75	};
69	};	76	};
70		77
@@ -91,6 +98,7 @@
91	'';	98	'';
92	in {	99	in {
93	"/_matrix".proxyPass = "http://matrix-synapse";	100	"/_matrix".proxyPass = "http://matrix-synapse";
		101	"/_matrix/identity".proxyPass = "http://mxisd";
94	"/_synapse/client".proxyPass = "http://matrix-synapse";	102	"/_synapse/client".proxyPass = "http://matrix-synapse";
95	"= /.well-known/matrix/server" = {	103	"= /.well-known/matrix/server" = {
96	extraConfig = ''	104	extraConfig = ''
@@ -232,5 +240,25 @@
232	owner = "turnserver";	240	owner = "turnserver";
233	group = "turnserver";	241	group = "turnserver";
234	};	242	};
		243
		244	services.mxisd = {
		245	enable = true;
		246	matrix.domain = "synapse.li";
		247	server = {
		248	name = "localhost";
		249	port = 8090;
		250	};
		251	extraConfig = {
		252	server.publicUrl = "https://synapse.li";
		253	storage = {
		254	backend = "postgresql";
		255	provider.postgresql = {
		256	database = "//localhost:5432/ma1sd";
		257	username = "ma1sd";
		258	};
		259	};
		260	forward.servers = ["matrix.org"];
		261	};
		262	};
235	};	263	};
236	}	264	}


diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix index a34bc675..88430823 100644 --- a/hosts/surtr/postgresql.nix +++ b/hosts/surtr/postgresql.nix
@@ -9,6 +9,11 @@
9	CREATE USER "matrix-synapse";	9	CREATE USER "matrix-synapse";
10	GRANT ALL PRIVILEGES ON DATABASE "matrix-synapse" TO "matrix-synapse";	10	GRANT ALL PRIVILEGES ON DATABASE "matrix-synapse" TO "matrix-synapse";
11	GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "matrix-synapse";	11	GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "matrix-synapse";
		12
		13	CREATE DATABASE "ma1sd" WITH TEMPLATE "template0" ENCODING "UTF8" LOCALE "C";
		14	CREATE USER "ma1sd";
		15	GRANT ALL PRIVILEGES ON DATABASE "ma1sd" TO "ma1sd";
		16	GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "ma1sd";
12	'';	17	'';
13	};	18	};
14	};	19	};