palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix matrix-terranix

Browse source
This commit is contained in:
Ingolf Wagner 2024-06-05 15:43:35 +02:00
parent ee9803c55a
commit 1eb6e1246b
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
nixos/machines/orbi/social-matrix-terranix.nix
View file

@ -11,7 +11,6 @@ let
synapse_port = 8008; synapse_port = 8008;
federation_port = 8448; federation_port = 8448;
shared_secret = config.clanCore.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml"; shared_secret = config.clanCore.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml";
matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" '' matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" ''
@ -53,6 +52,7 @@ in
environment.systemPackages = [ matrix_create_user ]; environment.systemPackages = [ matrix_create_user ];
# todo : remove me
users.users.matrix-synapse = { users.users.matrix-synapse = {
isSystemUser = true; isSystemUser = true;
uid = config.ids.uids.matrix-synapse; uid = config.ids.uids.matrix-synapse;
@ -67,7 +67,7 @@ in
bindMounts = { bindMounts = {
rootpassword = { rootpassword = {
hostPath = shared_secret.path; hostPath = shared_secret.path;
mountPoint = "/run/secrets/matrix-shared-secret"; mountPoint = "/run/secrets/matrix-shared-secret.input";
isReadOnly = true; isReadOnly = true;
}; };
}; };
@ -77,6 +77,16 @@ in
imports = [ ../../components/monitor/container.nix ]; imports = [ ../../components/monitor/container.nix ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
systemd.tmpfiles.settings.nextcloud = {
"/run/secrets/matrix-shared-secret".C = {
type = "C";
user = "matrix-synapse";
group = "matrix-synapse";
mode = "400";
argument = "/run/secrets/matrix-shared-secret.input";
};
};
services.postgresql = { services.postgresql = {
enable = true; enable = true;
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''