about summary refs log tree commit diff
path: root/modules/nixos/matrix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-11-25 18:09:05 +0300
committerAzat Bahawi <azat@bahawi.net>2023-11-25 18:09:05 +0300
commite2cc46b37e33643cf3dd017adb8a009bf143e246 (patch)
tree86f24ea544e9ed75bf8736c951a09dfdb2219f5d /modules/nixos/matrix
parent2023-11-23 (diff)
2023-11-25
Diffstat (limited to '')
-rw-r--r--modules/nixos/matrix/dendrite.nix11
-rw-r--r--modules/nixos/matrix/synapse.nix2
2 files changed, 5 insertions, 8 deletions
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index 7528792..d5c9308 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -33,13 +33,14 @@ in {
         "/var/lib/private/dendrite"
       ];
 
+      # FIXME Use systemd secrets/environment for this.
       secrets.dendrite-private-key = {
         file = "${inputs.self}/secrets/dendrite-private-key";
-        mode = "0444"; # The user is dynamic so the file must be world-readable.
+        mode = "0444";
       };
       secrets.dendrite-environment-file = {
         file = "${inputs.self}/secrets/dendrite-environment-file";
-        mode = "0444"; # The user is dynamic so the file must be world-readable.
+        mode = "0444";
       };
 
       nixfiles.modules = {
@@ -77,21 +78,17 @@ in {
           ];
         };
 
-        # Silence annoying errors when connecting to faulty federated
-        # homeservers.
         promtail.filters = [
           {
             match = {
               selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"'';
               action = "drop";
-              drop_counter_reason = "noise";
             };
           }
           {
             match = {
               selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"'';
               action = "drop";
-              drop_counter_reason = "noise";
             };
           }
         ];
@@ -102,7 +99,7 @@ in {
         ensureUsers = [
           {
             name = db;
-            ensurePermissions."DATABASE \"${db}\"" = "ALL";
+            ensureDBOwnership = true;
           }
         ];
       };
diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
index 40595a0..02592de 100644
--- a/modules/nixos/matrix/synapse.nix
+++ b/modules/nixos/matrix/synapse.nix
@@ -83,7 +83,7 @@ in {
           ensureUsers = [
             {
               name = db;
-              ensurePermissions."DATABASE \"${db}\"" = "ALL";
+              ensureDBOwnership = true;
             }
           ];
         };

Consider giving Nix/NixOS a try! <3