diff options
author | tzlil <tzlils@protonmail.com> | 2023-04-21 16:49:37 +0300 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2023-04-21 16:49:37 +0300 |
commit | 2649599a5a0d053c701d8a5be02c0f0b1d57b2f2 (patch) | |
tree | fd10b61a5b10ebce42a32ca40c65f2ea4616dcc7 /hosts/vps/matrix.nix | |
parent | a65eb5d9197bc36bd95a58158347c110e4e864b2 (diff) |
trying now
Diffstat (limited to 'hosts/vps/matrix.nix')
-rw-r--r-- | hosts/vps/matrix.nix | 69 |
1 files changed, 37 insertions, 32 deletions
diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix index 26095e1..c2f4c5b 100644 --- a/hosts/vps/matrix.nix +++ b/hosts/vps/matrix.nix @@ -25,21 +25,20 @@ # }; # networking.firewall.allowedTCPPorts = [80 443]; - age.secrets = { - matrix = { + age.secrets.matrix = { file = ../secrets/matrix.age; mode = "600"; owner = "root"; group = "root"; }; - }; services.dendrite = let - database_config = { - connection_string = "postgresql:///dendrite?host=/run/postgresql"; - max_open_conns = 10; - max_idle_conns = 5; - }; in { + database_config = { + connection_string = "postgresql:///dendrite?host=/run/postgresql"; + max_open_conns = 10; + max_idle_conns = 5; + }; + in { enable = true; tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt"; @@ -74,8 +73,14 @@ { server_name = "matrix.org"; keys = [ - { key_id = "ed25519:auto"; public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; } - { key_id = "ed25519:a_RXGa"; public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; } + { + key_id = "ed25519:auto"; + public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; + } + { + key_id = "ed25519:a_RXGa"; + public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; + } ]; } ]; @@ -92,7 +97,8 @@ }; }; - postgresql = { + services.postgresql = { + package = pkgs.postgresql_11; ensureUsers = [ { name = "dendrite"; @@ -102,29 +108,28 @@ } ]; - ensureDatabases = [ "dendrite" ]; + ensureDatabases = ["dendrite"]; }; - }; - - # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service - # systemd.services.dendrite.serviceConfig.User = "dendrite"; - # systemd.services.dendrite.serviceConfig.Group = "dendrite"; - environment.persistence."/nix/persist".directories = [ - { - directory = /var/lib/postgresql/${config.services.postgresql.package.psqlSchema}; - user = "postgres"; - group = "postgres"; - } - { - directory = /var/lib/private/dendrite; - user = "root"; - group = "root"; - } - ]; - - systemd.services.dendrite.after = [ "postgresql.service" ]; + # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service + # systemd.services.dendrite.serviceConfig.User = "dendrite"; + # systemd.services.dendrite.serviceConfig.Group = "dendrite"; + environment.persistence."/nix/persist".directories = [ + { + directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + user = "postgres"; + group = "postgres"; + } + + { + directory = "/var/lib/private/dendrite"; + user = "root"; + group = "root"; + } + ]; - networking.firewall.allowedTCPPorts = [8448]; + systemd.services.dendrite.after = ["postgresql.service"]; + networking.firewall.allowedTCPPorts = [8448]; + }; } |