From e2cc46b37e33643cf3dd017adb8a009bf143e246 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 25 Nov 2023 18:09:05 +0300 Subject: 2023-11-25 --- modules/nixos/matrix/dendrite.nix | 11 ++++------- modules/nixos/matrix/synapse.nix | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'modules/nixos/matrix') diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 7528792..d5c9308 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -33,13 +33,14 @@ in { "/var/lib/private/dendrite" ]; + # FIXME Use systemd secrets/environment for this. secrets.dendrite-private-key = { file = "${inputs.self}/secrets/dendrite-private-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; secrets.dendrite-environment-file = { file = "${inputs.self}/secrets/dendrite-environment-file"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + mode = "0444"; }; nixfiles.modules = { @@ -77,21 +78,17 @@ in { ]; }; - # Silence annoying errors when connecting to faulty federated - # homeservers. promtail.filters = [ { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*Failed to fetch key for server.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } { match = { selector = ''{syslog_identifier="dendrite"} |~ ".*could not download key for.*"''; action = "drop"; - drop_counter_reason = "noise"; }; } ]; @@ -102,7 +99,7 @@ in { ensureUsers = [ { name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; + ensureDBOwnership = true; } ]; }; diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 40595a0..02592de 100644 --- a/modules/nixos/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix @@ -83,7 +83,7 @@ in { ensureUsers = [ { name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; + ensureDBOwnership = true; } ]; }; -- cgit v1.2.3