From 8e5b7440a15831376080af05cd264d3f96dc2bb3 Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Fri, 10 Oct 2025 08:58:59 -0700
Subject: [PATCH] Fix matrix synapse instance on quasar

---
 hosts/quasar/default.nix                      |  25 ++++++++++++++++--
 .../quasar/secrets/matrix-synapse-secrets.age | Bin 536 -> 0 bytes
 .../secrets/matrix-synapse-secrets.yaml       | Bin 0 -> 542 bytes
 secrets.nix                                   |   2 +-
 4 files changed, 24 insertions(+), 3 deletions(-)
 delete mode 100644 hosts/quasar/secrets/matrix-synapse-secrets.age
 create mode 100644 hosts/quasar/secrets/matrix-synapse-secrets.yaml

diff --git a/hosts/quasar/default.nix b/hosts/quasar/default.nix
index c4d5809..777afc0 100644
--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@@ -25,7 +25,11 @@
   environment.systemPackages = [ pkgs.htop ];
 
   age.secrets = {
-    matrix-synapse-secrets.file = ./secrets/matrix-synapse-secrets.age;
+    matrix-synapse-secrets = {
+      file = ./secrets/matrix-synapse-secrets.yaml;
+      mode = "400";
+      owner = "matrix-synapse";
+    };
   };
 
   services.postgresql.enable = true;
@@ -33,7 +37,23 @@
   services.caddy = {
     enable = true;
     virtualHosts = {
+      "quasar.leaf.ninja".extraConfig = ''
+        respond "quasar is online"
+        header Strict-Transport-Security: "max-age=63072000; includeSubDomains"
+      '';
       "consortium.chat".extraConfig = ''
+        respond /.well-known/matrix/server <<JSON
+          {
+            "m.server": "matrix.consortium.chat:443"
+          }
+          JSON 200
+        respond /.well-known/matrix/client <<JSON
+          {
+            "m.homeserver": {
+              "base_url": "https://matrix.consortium.chat"
+            }
+          }
+          JSON 200
         reverse_proxy localhost:8008
         header Strict-Transport-Security "max-age=63072000; includeSubDomains"
       '';
@@ -52,7 +72,8 @@
     enable = true;
     settings = {
       server_name = "consortium.chat";
-      serve_server_wellknown = true;
+      database_type = "psycopg2";
+      database_args.database = "matrix-synapse";
     };
     extraConfigFiles = [ config.age.secrets.matrix-synapse-secrets.path ];
   };
diff --git a/hosts/quasar/secrets/matrix-synapse-secrets.age b/hosts/quasar/secrets/matrix-synapse-secrets.age
deleted file mode 100644
index 5fba68282a14bb27a4c678752c43893479363b7b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 536
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn(+=<|3REZvD{}D<
z)Gr9jsPgr8OmoS|3Qi8GGBx&#EHh8?$&Ab?$aTqas|a-rPUbQW%t*5ccL`2%%t-X8
z@Nv=CFOGE2s0dCE@$pUfc1|hC^709DHZXTAGeEa3#mhV?-%-KPtUSY{I5HwFGN~Zn
zI3=gb-^4c~!ongyAkaU{)YQq}FvZ=sJhd!1%a<$4*~QBw!!;x=G$^znFVI9gGcY@)
zDBsA%-OwPzD67CLHQCb3%(18}s+dbxS6893ET`1eOFQ4(A|%u##N5LrCB&fEwaT<I
zDc>*2(8aOTxxh6-JHIf(IGJnJ98=ZG8~>+1Q)sZ-o6VE#`S|LwwYO>(7KkrC#xTz~
zW?$;J=^AqsFCWjnm2D@l;FPI5J=)_t*Nqt$tGFMz2S;hW+>%vL|2vskU8W>FYMP_b
zNnOtmKNEG@53_SjxnC0dZGNrY+rw<FXFo38spg#0__@RFxd!)Nr7vane>)vkc<<dV
zFnx9xkNFq*gW)g!sV)B3rO<En@7_)~w}oi|k8az)%DgAj=lGWYfY<5LEv^=~Ht(#x
zpuOiwqyO*dQ~kGdj5FBYmG+8e?k+!lT=IRSX!5p20g;v)qVjJ0{8Lf*8rdc*o^?t|
WVaKGE;<b7O^Pm4)Yp>w2{v7}*JlG2W

diff --git a/hosts/quasar/secrets/matrix-synapse-secrets.yaml b/hosts/quasar/secrets/matrix-synapse-secrets.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..22adf929452acfd50c5f4abd306fee4a44384101
GIT binary patch
literal 542
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn(+=<|3RE!8bqP$f
z)K78rHcc<^bu{-$_X$i7$gA*A4KwnOGH`UWh)i-$3<wV@x8QO~4EFT)%kww(_0I4#
zH_Rw7bPO)caC0k*v^2^q3NbVYN{h5`^*1qh$ws#=#mhV?-%%kjDj*~&(YT^W+qtqT
zFDWU&HQ77eztlfJFv!t6H?t_n-7s4}uQ)v**pn;G(BG*jJiyspyTHxS*|VrB%q67M
zxxy$T(5EQRIK|v8D$ChDE6v|hznDu`S69Kb%*QgyFek4(GdDZjv9vO`(Ayv=(J0d2
zqSU>jD$v*2HQyj5C^5^iDv)cf6svk<spGM&+twMdg#6sU_5QXEuIJw!F->1;<?ywA
z%9bj&87t*3<t_8{YCCyF)^?l2*UOVHZu0eh&6U`6%Xn((eCNWQhLhROL~mkW$Whtl
zd){^8+4vjVU%mS*Vf^ajiS(uI^9}3YZu^(_H|@o#wo_MF>ZaEG|8e8m?tiS^1)uI2
z%(%PPL}^JN@1>JUp>yUQS(bV&XU38CZu4;C2`d_xeq8vCVTY)@;fFi@-w$1x{OY^U
zuRG`8wk%u9R#zVv7&7%qN#~W>{Tq8;S+`_MXyk-ESe6?0hmr5SQ~8Z;Opogig-u>5
f>oZS|@#k`LDb+ilME3>CbWTZ?U4QG)={HdTgE{1l

literal 0
HcmV?d00001

diff --git a/secrets.nix b/secrets.nix
index 1d322d3..58ceb27 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,7 +8,7 @@ let
 in {
   "hosts/marauder/secrets/restic-env.age".publicKeys = [ marauder ];
   "hosts/marauder/secrets/restic-password.age".publicKeys = [ marauder ];
-  "hosts/quasar/secrets/matrix-synapse-secrets.age".publicKeys =
+  "hosts/quasar/secrets/matrix-synapse-secrets.yaml".publicKeys =
     [ marauder quasar ];
   "hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ];
   "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys =