From dccf6a5a67373c499d89b62e5a9dab9397981a7f Mon Sep 17 00:00:00 2001
From: Grimmauld <soeren@benjos.de>
Date: Wed, 27 Dec 2023 12:20:47 +0000
Subject: [PATCH] fix secret, fix database logins, close registration (for now)

---
 configuration.nix                    |  24 ++++++++++++++----------
 secrets/synapse_db_pass_prepared.age | Bin 891 -> 899 bytes
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 20226b5..7fb7745 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -18,12 +18,11 @@ in {
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "matrix-synapse" ];
+    ensureDatabases = [ "synapse" ];
     package = pkgs.postgresql_15;
     ensureUsers = [
       {
-#        name = "synapse";
-        name = "matrix-synapse";
+        name = "synapse";
         ensureDBOwnership = true;
       }
     ];
@@ -56,7 +55,7 @@ host    replication     all             ::1/128                 md5
       DECLARE password TEXT;
       BEGIN
         password := trim(both from replace(pg_read_file('${password_file_path}'), E'\n', '''));
-        EXECUTE format('ALTER ROLE matrix-synapse WITH PASSWORD '''%s''';', password);
+        EXECUTE format('ALTER ROLE synapse WITH PASSWORD '''%s''';', password);
       END $$;
     EOF
   '';
@@ -75,16 +74,20 @@ host    replication     all             ::1/128                 md5
 
     settings = {
       server_name = root_host;
-      enable_registration = true;
+      enable_registration = false;
+      enable_registration_without_verification = true;
 
-
-      macaroon_secret_key = "supersecretsecretkey";
-      registrations_require_3pid = [ "email" ];
+#      registrations_require_3pid = [ "email" ];
       database = {
         name = "psycopg2";
         args = {
-#          host = "localhost";
-#          user = "synapse";
+          host = "localhost";
+          port = 5432;
+          dbname = "synapse";
+          user = "synapse";
+          cp_min = 5;
+          cp_max = 10;
+          client_encoding = "auto";
           passfile = config.age.secrets.synapse_db_pass_prepared.path;
 #          password = "synapse";
 #          dbname = "synapse";
@@ -118,6 +121,7 @@ host    replication     all             ::1/128                 md5
       file = ./secrets/synapse_db_pass_prepared.age;
       owner = "matrix-synapse";
       group = "matrix-synapse";
+      mode = "0600";
     };
 
 #    duckdns_token.file = ./secrets/duckdns_token.age;
diff --git a/secrets/synapse_db_pass_prepared.age b/secrets/synapse_db_pass_prepared.age
index 184dd2fcf852846c22724a656d1133f67f19691f..40711061dddeb5e1e75f062f1e64f8a2dcc4a55e 100644
GIT binary patch
literal 899
zcmWO1%gfsY003~$;RBI<AgIWPD5#|-X_BTv95zXl=GDBPb4rrt*|d2!O$#2x+YWjX
z6coXOrwKj~FAAP@f;vQ$T}0S%7h#(?P=Eiy&rhOpv<sVK)n(=Gg|bP&9tOsjFWNR8
zH?4n>+reR;018G7x;hDsS*oNU2k!04qZOg|$+Fn$vr_Np`oZ@G^N4wFu1JK;2yJ%K
zIK1Xj+f0BF!I3=EmC`|A;*~WLY9Db#Bg$vqlG+Qq*lj3dF`66OUatjwdprpN1d4K9
z`t59!w!nc#nc7<qRY&t(S!Wc+Xa>BiAvSN-0K@tz@2pk{P7CT023LGlD@VT42SP*_
z5vp*2UyTr&fFONvK*Av`QtutvOf9;lm?Mm5Vw=j+9<-RS;`7O9!slUwz)rv$eG>2W
z5)g{hLBlOnB&TLR<uKG<B<PaD8b=8uzle|$^_n7`Y^NbV-$`U8!J6z+_Bz1pn6)jy
zHEg`d=b{B`D+~!O0b#Vz$4A^LS96m=Dt?op%m0fwlu(nprA;nO;Mm=%Mayj_8UQzj
zJrwSsm|mtvh~h5lrT`((Ix*NR(UMMWb{4sW=QggF38aWFODFO`%F1a?rHTUVJrY{l
z2;91*#Ncs1m%3rynQb4%p2u!Ci&4SOBo^u{E$G4FD6i8V5l}5igULoAFkm^WY&MbX
z%<kC8p>R*uH>t?r>?t+qgm=x7P?oud<eZ`|A}2lx8I)j18TLNL@mvh-VTTI|B9&8F
zbBbY_r9*7G`7G;%DZ{y~&z5y04jApPsg<#nNoQTIV2dVqQ$lK_72rv5Kzj5@irfAq
z+d61W>@~9(Nr!wx97MGfn_2Cpyg|3Xcs#xs5lx%by%>0|w680!(90TMbzLz@eVg6I
zL2$zGf;z~-0(kG*)hC|5@%vk5^x(O_@84#bOD_}eEdF@tYvuN9>a+L%z4qppcVGSS
z$=~$&^I!NMJ~?M^Ji;k2efPosi%YMgICs<d>eI(xdGX<!S3Z2>`maBq{d4d7yB~dg
o_3YMPckX`n&G(N!_S9NC|MRE!H{ae0@0?wJ{=xY(Z;SW-0~#_s`~Uy|

literal 891
zcmV~$JLuzN008jCTY{*QaD(v2HP$wLBrP0wq-l~SZS!i9=F4!B_oI2|`;xYD%ZZ!o
zacEHv2SL!~Km>=|PA7-|Du{!E;N+&_pue9J1%sgQnsWt{vUs;_qG3m1gZnpa8xNY+
zxk(RhPe+(3vyvzn=j1S_QV^5gG=fByk@DKv#+yPA{F&WQAoj+V(nhvJc0%7SJd*~o
z=1)lmOQCew`2wKzO<p%0RSQhhhH3@~XBnuuAoU6pa`MSVLztsIl@Xh6?Rjk`>gu^*
zJ<OKSjzTu0<qf0A+KI6%P6hd_pA0P^v6qo2_a4f+#R}*F*nn(1gSnED5}mI|-5Fvs
z@9d;X$JZv?wV{SbxJv_eH1TaeXM`gTSn)(jAtRu=63pp_=J4ns>1Sil6S2_Zm~>&%
zV60wbNcH<mhsJ0!WZgMGDpi}?3MY4RaxX#Fjx9S++d%VEmOfBML87GNhus>Rttr-D
zR{cSQ%|tne^%2Y_pcB1G?mMtf#JDA5YE`0gI#+<aGUZW40=6#3MC8|Tfst$_?5YJC
zb1CVVtTqw?KrFgM68$FJaNF#hA2d*u5K7Ppw9(F_j7~~N6TU+D&^lx5y_mb?dEw7X
z-eI%}*k?&H;uO8=Q<=r}{>0R{Q*PBdScV}1AS4==L#QZYG1QMZc5JwjFOCp_ABUaD
z#2(_8)fO7KW#ef|7YV@_tvRjJ0%~X@Wl4r$#BR?Q%X2SN#l-AHFiv&dH=U*%R)kB!
z&hBE;1U%v+-Vu+|$w@B@*F*g=21_U+)~nk5xa@F!KZ!4xfnu#_abP%rQ2MrvXFJi$
zt(K)!7$0Veu@Uov&LQ3%vB6+)BOizS)CtG?c)JaV+ErOAU7v*gnwKknyjqs2t#=^_
zSyjb8(Vjeh`1|d{m-M|io~cjYdv>xudjFUB`SY*R4_^1LPvphtk3M_#-p4P_+)vjp
zAN}w$rgh`*o9olZko$3Y|CI-KzWFP8aQE9kK7H%O&;Px{eE;EV{%_U4x7X{hf4+$Z
T)3;aZ-7mho{b%leeaHMCcf~xI