motiejus/config
1
Fork 0
Code Packages Releases Activity

enable matrix-synapse

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-03-21 13:43:34 +02:00
parent c09ce8f190
commit 42d615cdb3
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
configuration.nix
View File

@ -374,7 +374,7 @@ in {
# app_service_config_files # app_service_config_files
matrix-synapse = { matrix-synapse = {
enable = false; enable = true;
settings = { settings = {
server_name = "jakstys.lt"; server_name = "jakstys.lt";
admin_contact = "motiejus@jakstys.lt"; admin_contact = "motiejus@jakstys.lt";
@ -531,6 +531,10 @@ in {
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
systemd.tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
];
systemd.services = { systemd.services = {
"make-snapshot-dirs" = let "make-snapshot-dirs" = let
vals = builtins.attrValues backup_paths; vals = builtins.attrValues backup_paths;
@ -562,23 +566,23 @@ in {
]; ];
}; };
matrix-synapse = { matrix-synapse = let
preStart = '' # TODO https://github.com/NixOS/nixpkgs/pull/222336 replace with `preStart`
umask 077 secretsScript = pkgs.writeShellScript "write-secrets" ''
ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key umask 077
cat > /run/matrix-synapse/secrets.yaml <<EOF ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key
registration_shared_secret: "$(cat ''${CREDENTIALS_DIRECTORY}/registration_shared_secret)" cat > /run/matrix-synapse/secrets.yaml <<EOF
macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)" registration_shared_secret: "$(cat ''${CREDENTIALS_DIRECTORY}/registration_shared_secret)"
EOF macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)"
''; EOF
'';
in {
serviceConfig.ExecStartPre = [ "" secretsScript ];
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key" "jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key"
"registration_shared_secret:/var/src/secrets/synapse/registration_shared_secret" "registration_shared_secret:/var/src/secrets/synapse/registration_shared_secret"
"macaroon_secret_key:/var/src/secrets/synapse/macaroon_secret_key" "macaroon_secret_key:/var/src/secrets/synapse/macaroon_secret_key"
]; ];
tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
];
}; };
cert-watcher = { cert-watcher = {