summaryrefslogtreecommitdiff
path: root/modules/nixos/matrix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/matrix')
-rw-r--r--modules/nixos/matrix/dendrite.nix11
-rw-r--r--modules/nixos/matrix/synapse.nix2
2 files changed, 5 insertions, 8 deletions
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index 7528792..d5c9308 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -33,13 +33,14 @@ in {
"/var/lib/private/dendrite"
];
+ # FIXME Use systemd secrets/environment for this.
secrets.dendrite-private-key = {
file = "${inputs.self}/secrets/dendrite-private-key";
- mode = "0444"; # The user is dynamic so the file must be world-readable.
+ mode = "0444";
};
secrets.dendrite-environment-file = {
file = "${inputs.self}/secrets/dendrite-environment-file";
- mode = "0444"; # The user is dynamic so the file must be world-readable.
+ mode = "0444";
};
nixfiles.modules = {
@@ -77,21 +78,17 @@ in {
];
};
- # Silence annoying errors when connecting to faulty federated
- # homeservers.
promtail.filters = [
{
match = {
selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"'';
action = "drop";
- drop_counter_reason = "noise";
};
}
{
match = {
selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"'';
action = "drop";
- drop_counter_reason = "noise";
};
}
];
@@ -102,7 +99,7 @@ in {
ensureUsers = [
{
name = db;
- ensurePermissions."DATABASE \"${db}\"" = "ALL";
+ ensureDBOwnership = true;
}
];
};
diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
index 40595a0..02592de 100644
--- a/modules/nixos/matrix/synapse.nix
+++ b/modules/nixos/matrix/synapse.nix
@@ -83,7 +83,7 @@ in {
ensureUsers = [
{
name = db;
- ensurePermissions."DATABASE \"${db}\"" = "ALL";
+ ensureDBOwnership = true;
}
];
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 08:44:16 +0000