diff --git a/configuration.nix b/configuration.nix index 20226b5..7fb7745 100644 --- a/configuration.nix +++ b/configuration.nix @@ -18,12 +18,11 @@ in { services.postgresql = { enable = true; - ensureDatabases = [ "matrix-synapse" ]; + ensureDatabases = [ "synapse" ]; package = pkgs.postgresql_15; ensureUsers = [ { -# name = "synapse"; - name = "matrix-synapse"; + name = "synapse"; ensureDBOwnership = true; } ]; @@ -56,7 +55,7 @@ host replication all ::1/128 md5 DECLARE password TEXT; BEGIN password := trim(both from replace(pg_read_file('${password_file_path}'), E'\n', ''')); - EXECUTE format('ALTER ROLE matrix-synapse WITH PASSWORD '''%s''';', password); + EXECUTE format('ALTER ROLE synapse WITH PASSWORD '''%s''';', password); END $$; EOF ''; @@ -75,16 +74,20 @@ host replication all ::1/128 md5 settings = { server_name = root_host; - enable_registration = true; + enable_registration = false; + enable_registration_without_verification = true; - - macaroon_secret_key = "supersecretsecretkey"; - registrations_require_3pid = [ "email" ]; +# registrations_require_3pid = [ "email" ]; database = { name = "psycopg2"; args = { -# host = "localhost"; -# user = "synapse"; + host = "localhost"; + port = 5432; + dbname = "synapse"; + user = "synapse"; + cp_min = 5; + cp_max = 10; + client_encoding = "auto"; passfile = config.age.secrets.synapse_db_pass_prepared.path; # password = "synapse"; # dbname = "synapse"; @@ -118,6 +121,7 @@ host replication all ::1/128 md5 file = ./secrets/synapse_db_pass_prepared.age; owner = "matrix-synapse"; group = "matrix-synapse"; + mode = "0600"; }; # duckdns_token.file = ./secrets/duckdns_token.age; diff --git a/secrets/synapse_db_pass_prepared.age b/secrets/synapse_db_pass_prepared.age index 184dd2f..4071106 100644 Binary files a/secrets/synapse_db_pass_prepared.age and b/secrets/synapse_db_pass_prepared.age differ