alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

matrix-synapse: Allow keys to be generated

Browse source 
The matrix-synapse user has `createHome = true;` which runs before the
`preStart` script, so the home directory will always exist and the block
will never execute.

Also don't include default path to keys in the configuration file,
because synapse will choke if it tries to open them before they
exist (even with `--generate-keys`).
This commit is contained in:
Ruben Maher 2016-10-30 12:12:01 +10:30 committed by Robert Helgesson
parent 4ae2a59aaa
commit 08d7fbb42d
No known key found for this signature in database
GPG key ID: C3DB11069E65DC86
1 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -9,11 +9,15 @@ let
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${fromBool l.tls}, x_forwarded: ${fromBool l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
fromBool = x: if x then "true" else "false";
configFile = pkgs.writeText "homeserver.yaml" ''
${optionalString (cfg.tls_certificate_path != null) ''
tls_certificate_path: "${cfg.tls_certificate_path}"
''}
${optionalString (cfg.tls_private_key_path != null) ''
tls_private_key_path: "${cfg.tls_private_key_path}"
''}
${optionalString (cfg.tls_dh_params_path != null) ''
tls_dh_params_path: "${cfg.tls_dh_params_path}"
''}
no_tls: ${fromBool cfg.no_tls}
${optionalString (cfg.bind_port != null) ''
bind_port: ${toString cfg.bind_port}
@ -146,8 +150,9 @@ in {
'';
};
tls_certificate_path = mkOption {
type = types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.crt";
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
description = ''
PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse
@ -158,16 +163,17 @@ in {
};
tls_private_key_path = mkOption {
type = types.nullOr types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.key";
example = null;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.key";
description = ''
PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly.
'';
};
tls_dh_params_path = mkOption {
type = types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.dh";
type = types.nullOr types.str;
default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
description = ''
PEM dh parameters for ephemeral keys
'';
@ -557,12 +563,10 @@ in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
if ! test -e /var/lib/matrix-synapse; then
mkdir -p /var/lib/matrix-synapse
chmod 700 /var/lib/matrix-synapse
chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse
${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory /var/lib/matrix-synapse/ --generate-keys
fi
${cfg.package}/bin/homeserver \
--config-path ${configFile} \
--keys-directory /var/lib/matrix-synapse \
--generate-keys
'';
serviceConfig = {
Type = "simple";
@ -570,7 +574,7 @@ in {
Group = "matrix-synapse";
WorkingDirectory = "/var/lib/matrix-synapse";
PermissionsStartOnly = true;
ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile}";
ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory /var/lib/matrix-synapse";
};
};
};