motiejus/config
1
Fork 0
Code Packages Releases Activity

enable matrix-synapse

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-03-21 13:43:34 +02:00
parent c09ce8f190
commit 42d615cdb3
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
configuration.nix
View File

@ -374,7 +374,7 @@ in {
# app_service_config_files
matrix-synapse = {
enable = false;
enable = true;
settings = {
server_name = "jakstys.lt";
admin_contact = "motiejus@jakstys.lt";
@ -531,6 +531,10 @@ in {
options = "--delete-older-than 14d";
};
systemd.tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
];
systemd.services = {
"make-snapshot-dirs" = let
vals = builtins.attrValues backup_paths;
@ -562,8 +566,9 @@ in {
];
};
matrix-synapse = {
preStart = ''
matrix-synapse = let
# TODO https://github.com/NixOS/nixpkgs/pull/222336 replace with `preStart`
secretsScript = pkgs.writeShellScript "write-secrets" ''
umask 077
ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key
cat > /run/matrix-synapse/secrets.yaml <<EOF
@ -571,14 +576,13 @@ in {
macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)"
EOF
'';
in {
serviceConfig.ExecStartPre = [ "" secretsScript ];
serviceConfig.LoadCredential = [
"jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key"
"registration_shared_secret:/var/src/secrets/synapse/registration_shared_secret"
"macaroon_secret_key:/var/src/secrets/synapse/macaroon_secret_key"
];
tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
];
};
cert-watcher = {