From 2649599a5a0d053c701d8a5be02c0f0b1d57b2f2 Mon Sep 17 00:00:00 2001
From: tzlil <tzlils@protonmail.com>
Date: Fri, 21 Apr 2023 16:49:37 +0300
Subject: trying now

---
 hosts/vps/matrix.nix | 69 ++++++++++++++++++++++++++++------------------------
 1 file changed, 37 insertions(+), 32 deletions(-)

(limited to 'hosts/vps/matrix.nix')

diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix
index 26095e1..c2f4c5b 100644
--- a/hosts/vps/matrix.nix
+++ b/hosts/vps/matrix.nix
@@ -25,21 +25,20 @@
     # };
     # networking.firewall.allowedTCPPorts = [80 443];
 
-    age.secrets = {
-      matrix = {
+    age.secrets.matrix = {
         file = ../secrets/matrix.age;
         mode = "600";
         owner = "root";
         group = "root";
       };
-    };
 
     services.dendrite = let
-  database_config = {
-    connection_string = "postgresql:///dendrite?host=/run/postgresql";
-    max_open_conns = 10;
-    max_idle_conns = 5;
-  }; in {
+      database_config = {
+        connection_string = "postgresql:///dendrite?host=/run/postgresql";
+        max_open_conns = 10;
+        max_idle_conns = 5;
+      };
+    in {
       enable = true;
 
       tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt";
@@ -74,8 +73,14 @@
           {
             server_name = "matrix.org";
             keys = [
-              { key_id = "ed25519:auto"; public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; }
-              { key_id = "ed25519:a_RXGa"; public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; }
+              {
+                key_id = "ed25519:auto";
+                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
+              }
+              {
+                key_id = "ed25519:a_RXGa";
+                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
+              }
             ];
           }
         ];
@@ -92,7 +97,8 @@
       };
     };
 
-    postgresql = {
+    services.postgresql = {
+      package = pkgs.postgresql_11;
       ensureUsers = [
         {
           name = "dendrite";
@@ -102,29 +108,28 @@
         }
       ];
 
-      ensureDatabases = [ "dendrite" ];
+      ensureDatabases = ["dendrite"];
     };
-  };
-
-  # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-  # systemd.services.dendrite.serviceConfig.User = "dendrite";
-  # systemd.services.dendrite.serviceConfig.Group = "dendrite";
-  environment.persistence."/nix/persist".directories = [
-    {
-      directory = /var/lib/postgresql/${config.services.postgresql.package.psqlSchema};
-      user = "postgres";
-      group = "postgres";
-    }
 
-    {
-      directory = /var/lib/private/dendrite;
-      user = "root";
-      group = "root";
-    }
-  ];
-
-  systemd.services.dendrite.after = [ "postgresql.service" ];
+    # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
+    # systemd.services.dendrite.serviceConfig.User = "dendrite";
+    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        user = "postgres";
+        group = "postgres";
+      }
+
+      {
+        directory = "/var/lib/private/dendrite";
+        user = "root";
+        group = "root";
+      }
+    ];
 
-  networking.firewall.allowedTCPPorts = [8448];
+    systemd.services.dendrite.after = ["postgresql.service"];
 
+    networking.firewall.allowedTCPPorts = [8448];
+  };
 }
-- 
cgit 1.4.1