diff options
Diffstat (limited to 'modules/nixos/matrix/dendrite.nix')
-rw-r--r-- | modules/nixos/matrix/dendrite.nix | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 7528792..d5c9308 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -33,13 +33,14 @@ in { "/var/lib/private/dendrite" ]; + # FIXME Use systemd secrets/environment for this. secrets.dendrite-private-key = { file = "${inputs.self}/secrets/dendrite-private-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; secrets.dendrite-environment-file = { file = "${inputs.self}/secrets/dendrite-environment-file"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; nixfiles.modules = { @@ -77,21 +78,17 @@ in { ]; }; - # Silence annoying errors when connecting to faulty federated - # homeservers. promtail.filters = [ { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } ]; @@ -102,7 +99,7 @@ in { ensureUsers = [ { name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; + ensureDBOwnership = true; } ]; }; |