diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-11-25 18:09:05 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-11-25 18:09:05 +0300 |
commit | e2cc46b37e33643cf3dd017adb8a009bf143e246 (patch) | |
tree | 86f24ea544e9ed75bf8736c951a09dfdb2219f5d /modules/nixos/matrix | |
parent | 2023-11-23 (diff) |
2023-11-25
Diffstat (limited to 'modules/nixos/matrix')
-rw-r--r-- | modules/nixos/matrix/dendrite.nix | 11 | ||||
-rw-r--r-- | modules/nixos/matrix/synapse.nix | 2 |
2 files changed, 5 insertions, 8 deletions
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 7528792..d5c9308 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -33,13 +33,14 @@ in { "/var/lib/private/dendrite" ]; + # FIXME Use systemd secrets/environment for this. secrets.dendrite-private-key = { file = "${inputs.self}/secrets/dendrite-private-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; secrets.dendrite-environment-file = { file = "${inputs.self}/secrets/dendrite-environment-file"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; nixfiles.modules = { @@ -77,21 +78,17 @@ in { ]; }; - # Silence annoying errors when connecting to faulty federated - # homeservers. promtail.filters = [ { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } ]; @@ -102,7 +99,7 @@ in { ensureUsers = [ { name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; + ensureDBOwnership = true; } ]; }; diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 40595a0..02592de 100644 --- a/modules/nixos/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix @@ -83,7 +83,7 @@ in { ensureUsers = [ { name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; + ensureDBOwnership = true; } ]; }; |