Grimmauld/grimm-nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix secret, fix database logins, close registration (for now)

Browse source
This commit is contained in:
Grimmauld 2023-12-27 12:20:47 +00:00
parent f846ca8dd0
commit dccf6a5a67
2 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
configuration.nix
View file

@ -18,12 +18,11 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "matrix-synapse" ]; ensureDatabases = [ "synapse" ];
package = pkgs.postgresql_15; package = pkgs.postgresql_15;
ensureUsers = [ ensureUsers = [
{ {
# name = "synapse"; name = "synapse";
name = "matrix-synapse";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
]; ];
@ -56,7 +55,7 @@ host replication all ::1/128 md5
DECLARE password TEXT; DECLARE password TEXT;
BEGIN BEGIN
password := trim(both from replace(pg_read_file('${password_file_path}'), E'\n', ''')); password := trim(both from replace(pg_read_file('${password_file_path}'), E'\n', '''));
EXECUTE format('ALTER ROLE matrix-synapse WITH PASSWORD '''%s''';', password); EXECUTE format('ALTER ROLE synapse WITH PASSWORD '''%s''';', password);
END $$; END $$;
EOF EOF
''; '';
@ -75,16 +74,20 @@ host replication all ::1/128 md5
settings = { settings = {
server_name = root_host; server_name = root_host;
enable_registration = true; enable_registration = false;
enable_registration_without_verification = true;
# registrations_require_3pid = [ "email" ];
macaroon_secret_key = "supersecretsecretkey";
registrations_require_3pid = [ "email" ];
database = { database = {
name = "psycopg2"; name = "psycopg2";
args = { args = {
# host = "localhost"; host = "localhost";
# user = "synapse"; port = 5432;
dbname = "synapse";
user = "synapse";
cp_min = 5;
cp_max = 10;
client_encoding = "auto";
passfile = config.age.secrets.synapse_db_pass_prepared.path; passfile = config.age.secrets.synapse_db_pass_prepared.path;
# password = "synapse"; # password = "synapse";
# dbname = "synapse"; # dbname = "synapse";
@ -118,6 +121,7 @@ host replication all ::1/128 md5
file = ./secrets/synapse_db_pass_prepared.age; file = ./secrets/synapse_db_pass_prepared.age;
owner = "matrix-synapse"; owner = "matrix-synapse";
group = "matrix-synapse"; group = "matrix-synapse";
mode = "0600";
}; };
# duckdns_token.file = ./secrets/duckdns_token.age; # duckdns_token.file = ./secrets/duckdns_token.age;

BIN
secrets/synapse_db_pass_prepared.age
View file

Binary file not shown.