about summary refs log tree commit diff stats
path: root/modules/by-name/ma/matrix/module.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/ma/matrix/module.nix')
-rw-r--r--modules/by-name/ma/matrix/module.nix78
1 files changed, 43 insertions, 35 deletions
diff --git a/modules/by-name/ma/matrix/module.nix b/modules/by-name/ma/matrix/module.nix
index 4b730da..ae3f04e 100644
--- a/modules/by-name/ma/matrix/module.nix
+++ b/modules/by-name/ma/matrix/module.nix
@@ -1,6 +1,5 @@
 {
   config,
-  pkgs,
   lib,
   ...
 }: let
@@ -29,6 +28,7 @@ in {
       description = "The age encrypted shared secret file for synapse, passed to agenix";
     };
   };
+
   config = lib.mkIf cfg.enable {
     age.secrets.matrix-synapse_registration_shared_secret = {
       file = cfg.sharedSecretFile;
@@ -38,45 +38,53 @@ in {
     };
     networking.firewall.allowedTCPPorts = [80 443];
 
-    vhack.persist.directories = [
-      {
-        directory = "/var/lib/matrix";
-        user = "matrix-synapse";
-        group = "matrix-synapse";
-        mode = "0700";
-      }
-      {
-        directory = "/var/lib/mautrix-whatsapp";
-        user = "mautrix-whatsapp";
-        group = "matrix-synapse";
-        mode = "0750";
-      }
-    ];
-    systemd.tmpfiles.rules = [
-      "d /etc/matrix 0755 matrix-synapse matrix-synapse"
-    ];
+    vhack = {
+      persist.directories = [
+        {
+          directory = "/var/lib/matrix";
+          user = "matrix-synapse";
+          group = "matrix-synapse";
+          mode = "0700";
+        }
+        {
+          directory = "/var/lib/mautrix-whatsapp";
+          user = "mautrix-whatsapp";
+          group = "matrix-synapse";
+          mode = "0750";
+        }
+      ];
 
-    vhack.postgresql.enable = true;
-    vhack.nginx.enable = true;
+      postgresql.enable = true;
+      nginx.enable = true;
+    };
+
+    systemd = {
+      tmpfiles.rules = [
+        "d /etc/matrix 0755 matrix-synapse matrix-synapse"
+      ];
+      services.postgresql.postStart = ''
+        $PSQL -tAc "ALTER ROLE \"matrix-synapse\" WITH PASSWORD 'synapse';"
+        $PSQL -tAc "ALTER ROLE \"mautrix-whatsapp\" WITH PASSWORD 'whatsapp';"
+      '';
+    };
 
     services = {
       postgresql = {
         enable = true;
-        initialScript = pkgs.writeText "synapse-init.sql" ''
-          --Matrix:
-          CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-          CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-            TEMPLATE template0
-            LC_COLLATE = "C"
-            LC_CTYPE = "C";
-
-          --Whatsapp-bridge:
-          CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
-          CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
-            TEMPLATE template0
-            LC_COLLATE = "C"
-            LC_CTYPE = "C";
-        '';
+        ensureUsers = [
+          {
+            name = "matrix-synapse";
+            ensureDBOwnership = true;
+          }
+          {
+            name = "mautrix-whatsapp";
+            ensureDBOwnership = true;
+          }
+        ];
+        ensureDatabases = [
+          "matrix-synapse"
+          "mautrix-whatsapp"
+        ];
       };
 
       nginx = {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-30 23:39:46 +0000