From 1eb6e1246b28a57159491e5bd84d654fe110bc93 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Wed, 5 Jun 2024 15:43:35 +0200 Subject: [PATCH] fix matrix-terranix --- nixos/machines/orbi/social-matrix-terranix.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nixos/machines/orbi/social-matrix-terranix.nix b/nixos/machines/orbi/social-matrix-terranix.nix index 3fa3bdc..73604bc 100644 --- a/nixos/machines/orbi/social-matrix-terranix.nix +++ b/nixos/machines/orbi/social-matrix-terranix.nix @@ -11,7 +11,6 @@ let synapse_port = 8008; federation_port = 8448; - shared_secret = config.clanCore.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml"; matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" '' @@ -53,6 +52,7 @@ in environment.systemPackages = [ matrix_create_user ]; + # todo : remove me users.users.matrix-synapse = { isSystemUser = true; uid = config.ids.uids.matrix-synapse; @@ -67,7 +67,7 @@ in bindMounts = { rootpassword = { hostPath = shared_secret.path; - mountPoint = "/run/secrets/matrix-shared-secret"; + mountPoint = "/run/secrets/matrix-shared-secret.input"; isReadOnly = true; }; }; @@ -77,6 +77,16 @@ in imports = [ ../../components/monitor/container.nix ]; system.stateVersion = "23.11"; + systemd.tmpfiles.settings.nextcloud = { + "/run/secrets/matrix-shared-secret".C = { + type = "C"; + user = "matrix-synapse"; + group = "matrix-synapse"; + mode = "400"; + argument = "/run/secrets/matrix-shared-secret.input"; + }; + }; + services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" ''