From 1eb6e1246b28a57159491e5bd84d654fe110bc93 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Wed, 5 Jun 2024 15:43:35 +0200
Subject: [PATCH] fix matrix-terranix

---
 nixos/machines/orbi/social-matrix-terranix.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/nixos/machines/orbi/social-matrix-terranix.nix b/nixos/machines/orbi/social-matrix-terranix.nix
index 3fa3bdc..73604bc 100644
--- a/nixos/machines/orbi/social-matrix-terranix.nix
+++ b/nixos/machines/orbi/social-matrix-terranix.nix
@@ -11,7 +11,6 @@ let
   synapse_port = 8008;
   federation_port = 8448;
 
-
   shared_secret = config.clanCore.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml";
 
   matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" ''
@@ -53,6 +52,7 @@ in
 
   environment.systemPackages = [ matrix_create_user ];
 
+  # todo : remove me
   users.users.matrix-synapse = {
     isSystemUser = true;
     uid = config.ids.uids.matrix-synapse;
@@ -67,7 +67,7 @@ in
     bindMounts = {
       rootpassword = {
         hostPath = shared_secret.path;
-        mountPoint = "/run/secrets/matrix-shared-secret";
+        mountPoint = "/run/secrets/matrix-shared-secret.input";
         isReadOnly = true;
       };
     };
@@ -77,6 +77,16 @@ in
       imports = [ ../../components/monitor/container.nix ];
       system.stateVersion = "23.11";
 
+      systemd.tmpfiles.settings.nextcloud = {
+        "/run/secrets/matrix-shared-secret".C = {
+          type = "C";
+          user = "matrix-synapse";
+          group = "matrix-synapse";
+          mode = "400";
+          argument = "/run/secrets/matrix-shared-secret.input";
+        };
+      };
+
       services.postgresql = {
         enable = true;
         initialScript = pkgs.writeText "synapse-init.sql" ''