modules: services: matrix: use 'settings'

The unstructured attributes are hard-deprecated.
2022-03-08 11:56:32 +01:00 · 2022-03-08 11:56:32 +01:00 · 0db2c0a13c
parent ba6c8bff2e
commit 0db2c0a13c
1 changed files with 34 additions and 30 deletions
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@ -19,10 +19,10 @@ in
  options.my.services.matrix = with lib; {
    enable = mkEnableOption "Matrix Synapse";

-    secret = mkOption {
+    secretFile = mkOption {
      type = with types; nullOr str;
      default = null;
-      example = "deadbeef";
+      example = "/var/lib/matrix/shared-secret-config.yaml";
      description = "Shared secret to register users";
    };

@ -50,42 +50,46 @@ in
    services.matrix-synapse = {
      enable = true;
      dataDir = "/var/lib/matrix-synapse";
-      server_name = domain;
-      public_baseurl = "https://matrix.${domain}";

-      enable_registration = false;
-      registration_shared_secret = cfg.secret;
+      settings = {
+        server_name = domain;
+        public_baseurl = "https://matrix.${domain}";

-      listeners = [
-        # Federation
-        {
-          bind_address = "::1";
-          port = federationPort.private;
-          tls = false; # Terminated by nginx.
-          x_forwarded = true;
-          resources = [{ names = [ "federation" ]; compress = false; }];
-        }
+        enable_registration = false;
+        # registration_shared_secret = cfg.secret; # FIXME: use a secret file for this

-        # Client
-        {
-          bind_address = "::1";
-          port = clientPort.private;
-          tls = false; # Terminated by nginx.
-          x_forwarded = true;
-          resources = [{ names = [ "client" ]; compress = false; }];
-        }
-      ];
+        listeners = [
+          # Federation
+          {
+            bind_addresses = [ "::1" ];
+            port = federationPort.private;
+            tls = false; # Terminated by nginx.
+            x_forwarded = true;
+            resources = [{ names = [ "federation" ]; compress = false; }];
+          }

-      account_threepid_delegates.msisdn = "https://vector.im";
+          # Client
+          {
+            bind_addresses = [ "::1" ];
+            port = clientPort.private;
+            tls = false; # Terminated by nginx.
+            x_forwarded = true;
+            resources = [{ names = [ "client" ]; compress = false; }];
+          }
+        ];

-      extraConfig = ''
-        experimental_features:
-          spaces_enabled: true
-      '';
+        account_threepid_delegates = {
+          msisdn = "https://vector.im";
+        };
+
+        experimental_features = {
+          spaces_enabled = true;
+        };
+      };

      extraConfigFiles = [
        cfg.mailConfigFile
-      ];
+      ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
    };

    my.services.nginx.virtualHosts = [