about summary refs log tree commit diff
path: root/modules/nixos/matrix/dendrite.nix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-11-25 18:09:05 +0300
committerAzat Bahawi <azat@bahawi.net>2023-11-25 18:09:05 +0300
commite2cc46b37e33643cf3dd017adb8a009bf143e246 (patch)
tree86f24ea544e9ed75bf8736c951a09dfdb2219f5d /modules/nixos/matrix/dendrite.nix
parent2023-11-23 (diff)
2023-11-25
Diffstat (limited to 'modules/nixos/matrix/dendrite.nix')
-rw-r--r--modules/nixos/matrix/dendrite.nix11
1 files changed, 4 insertions, 7 deletions
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index 7528792..d5c9308 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -33,13 +33,14 @@ in {
         "/var/lib/private/dendrite"
       ];
 
+      # FIXME Use systemd secrets/environment for this.
       secrets.dendrite-private-key = {
         file = "${inputs.self}/secrets/dendrite-private-key";
-        mode = "0444"; # The user is dynamic so the file must be world-readable.
+        mode = "0444";
       };
       secrets.dendrite-environment-file = {
         file = "${inputs.self}/secrets/dendrite-environment-file";
-        mode = "0444"; # The user is dynamic so the file must be world-readable.
+        mode = "0444";
       };
 
       nixfiles.modules = {
@@ -77,21 +78,17 @@ in {
           ];
         };
 
-        # Silence annoying errors when connecting to faulty federated
-        # homeservers.
         promtail.filters = [
           {
             match = {
               selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"'';
               action = "drop";
-              drop_counter_reason = "noise";
             };
           }
           {
             match = {
               selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"'';
               action = "drop";
-              drop_counter_reason = "noise";
             };
           }
         ];
@@ -102,7 +99,7 @@ in {
         ensureUsers = [
           {
             name = db;
-            ensurePermissions."DATABASE \"${db}\"" = "ALL";
+            ensureDBOwnership = true;
           }
         ];
       };

Consider giving Nix/NixOS a try! <3