From 71acf32da38a3ac0296b33157d52fde15c445800 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Tue, 19 Dec 2023 21:39:04 +0800
Subject: [PATCH] vps7: enable second synapse instance

---
 flake.nix                                       |  9 ++++++---
 modules/services/nginx/applications/element.nix |  2 +-
 modules/services/synapse.nix                    |  1 +
 modules/system/user.nix                         |  1 +
 secrets/vps7/default.yaml                       | 12 ++++++++++--
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/flake.nix b/flake.nix
index b3de377a..2485a904 100644
--- a/flake.nix
+++ b/flake.nix
@@ -256,7 +256,7 @@
                     [ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
                   // (builtins.listToAttrs (builtins.map
                     (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
-                    [ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" "api" "git" "grafana" ]));
+                    [ "xn--s8w913fdga" "misskey" "synapse" "matrix" "send" "kkmeeting" "api" "git" "grafana" ]));
                   applications =
                   {
                     element.instances."element.chn.moe" = {};
@@ -325,7 +325,11 @@
                   misskey.hostname = "xn--s8w913fdga.chn.moe";
                   misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
                 };
-                synapse.instances.synapse.matrixHostname = "synapse.chn.moe";
+                synapse.instances =
+                {
+                  synapse.matrixHostname = "synapse.chn.moe";
+                  matrix = { port = 8009; redisPort = 6380; hostname = "matrix.chn.moe"; };
+                };
                 xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
                 vaultwarden.enable = true;
                 beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
@@ -349,7 +353,6 @@
                   wireguardIp = "192.168.83.2";
                   externalIp = "95.111.228.40";
                 };
-                akkoma.enable = true;
               };
             };
             nas =
diff --git a/modules/services/nginx/applications/element.nix b/modules/services/nginx/applications/element.nix
index 8230d796..05f9d4a2 100644
--- a/modules/services/nginx/applications/element.nix
+++ b/modules/services/nginx/applications/element.nix
@@ -5,7 +5,7 @@ inputs:
     type = types.attrsOf (types.submodule (submoduleInputs: { options =
     {
       hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-      defaultServer = mkOption { type = types.nullOr types.nonEmptyStr; default = "element.chn.moe"; };
+      defaultServer = mkOption { type = types.nullOr types.nonEmptyStr; default = "matrix.chn.moe"; };
     };}));
     default = {};
   };
diff --git a/modules/services/synapse.nix b/modules/services/synapse.nix
index 23d7fa9e..4f50312a 100644
--- a/modules/services/synapse.nix
+++ b/modules/services/synapse.nix
@@ -10,6 +10,7 @@ inputs:
       redisPort = mkOption { type = types.ints.unsigned; default = 6379; };
       hostname = mkOption { type = types.nonEmptyStr; default = "synapse.chn.moe"; };
       matrixHostname = mkOption { type = types.nonEmptyStr; default = "chn.moe"; };
+      # , synapse_homeserver --config-path homeserver.yaml --generate-config --report-stats=yes --server-name xxx
     };});
     default = {};
   };
diff --git a/modules/system/user.nix b/modules/system/user.nix
index 09467717..fd48bfb1 100644
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@@ -23,6 +23,7 @@ inputs:
         v2ray = 2007;
         fz-new-order = 2008;
         synapse-synapse = 2009;
+        synapse-matrix = 2010;
       };
     };
     group = mkOption
diff --git a/secrets/vps7/default.yaml b/secrets/vps7/default.yaml
index 1a2f38a1..ac8546bf 100644
--- a/secrets/vps7/default.yaml
+++ b/secrets/vps7/default.yaml
@@ -14,6 +14,7 @@ redis:
     send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
     mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
     synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
+    synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
 postgresql:
     wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
     misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
@@ -25,6 +26,7 @@ postgresql:
     gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
     grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
     akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
+    synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
 meilisearch:
     misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
 rsshub:
@@ -43,6 +45,12 @@ synapse:
         macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
         form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
         signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
+    matrix:
+        coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
+        registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
+        macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
+        form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
+        signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
 nebula:
     key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
 vaultwarden:
@@ -119,8 +127,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-17T14:39:51Z"
-    mac: ENC[AES256_GCM,data:W07NZGIKm0sx1g/DBB5IRZItomTKjj5m+AnWYT1lck11hwH20kjH21zm++VtNpS4j+ay/5Y3e9zkWSFpk3C8AFxvB/2r8gVhcNF5stCGCj4Exc2OTE+g2m6yp4ZMkgXZDidlc1by6pNah6nf7lk1W/sZ5ViMdlMonERCoOiOmf0=,iv:sFEs5FSKp29bXZQPBWoQ71ippu2XxLPl8b5hSzG0Gbk=,tag:/Jio9+sysSrpFKMYBVWGpw==,type:str]
+    lastmodified: "2023-12-19T13:41:44Z"
+    mac: ENC[AES256_GCM,data:+tj7+Q4bTzKNRY5N8Okj2DIl4YRSAO9SC1pzJ3hkp+dBF7uNnyVK+QOyN4cxoAQorPhH2lETHu4aK9Zmi6A4YiGUBCgnvBwvXpZw+iy2hmIDBISi9Y34wmTNAx8PW6BI2E+8d5dFFXiQbULjLbV4TolYyZVbvnCVHWTYff0ht8E=,iv:gpT+s6K+ey3yUzI+ShH1dOV+S/1o1PIRiNv4K0mBqXk=,tag:lupDndxajL01QsHL51r7Nw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1