use the signing key

configuration.nix

@@ -377,7 +377,6 @@ in {
     # - turn_shared_secret
     # TODO:
     # app_service_config_files
-    # signing_key_path
     matrix-synapse = {
       enable = true;
       settings = {
@@ -566,6 +565,16 @@ in {
       ];
     };
 
+    matrix-synapse = {
+      preStart = ''
+        mkdir -p /run/matrix-synapse/
+        ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key
+      '';
+      serviceConfig.LoadCredential = [
+        "jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key"
+      ];
+    };
+
     cert-watcher = {
       description = "Restart coturn when tls key/cert changes";
       wantedBy = ["multi-user.target"];