Add sliding sync proxy to Matrix

modules/services/matrix/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  inputs,
   ...
 }:
 
@@ -33,6 +34,9 @@ in {
       default = "vimium.com";
       example = "vimium.com";
     };
+    slidingSync = {
+      enable = lib.mkEnableOption "sliding-sync";
+    };
     usePostgresql = lib.mkEnableOption "postgresql";
   };
 
@@ -45,6 +49,9 @@ in {
         server_name = cfg.serverName;
       };
       "m.identity_server" = {};
+      "org.matrix.msc3575.proxy" = if cfg.slidingSync.enable then {
+        "url" = "https://${matrixSubdomain}";
+      } else { };
     };
     matrixServerConfig."m.server" = "${matrixSubdomain}:443";
     commonBridgeSettings = bridge: {
@@ -133,6 +140,13 @@ in {
             '';
           };
           "/_synapse/client".proxyPass = "http://localhost:8008";
+          "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable {
+            priority = 100;
+            proxyPass = "http://localhost:8009";
+            extraConfig = ''
+              proxy_set_header X-Forwarded-For $remote_addr;
+            '';
+          };
         };
       };
       "${cfg.serverName}" = let
@@ -181,6 +195,18 @@ in {
       (lib.optional cfg.bridges.whatsapp
         config.systemd.services.mautrix-whatsapp.serviceConfig.Group);
 
+    age.secrets = if cfg.slidingSync.enable then {
+      "files/services/matrix/sliding-sync" = {
+        file = "${inputs.secrets}/files/services/matrix/sliding-sync.age";
+      };
+    } else {};
+
+    services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable {
+      enable = true;
+      environmentFile = config.age.secrets."files/services/matrix/sliding-sync".path;
+      settings = { SYNCV3_SERVER = "https://${matrixSubdomain}"; };
+    };
+
     services.postgresql = lib.mkIf cfg.usePostgresql {
       ensureUsers = [
         {