1 files changed, 21 insertions, 17 deletions

diff --git a/modules/by-name/ma/matrix/module.nix b/modules/by-name/ma/matrix/module.nix
index 4b730da..aa67276 100644
--- a/modules/by-name/ma/matrix/module.nix
+++ b/modules/by-name/ma/matrix/module.nix
@@ -29,6 +29,7 @@ in {
       description = "The age encrypted shared secret file for synapse, passed to agenix";
     };
   };
+
   config = lib.mkIf cfg.enable {
     age.secrets.matrix-synapse_registration_shared_secret = {
       file = cfg.sharedSecretFile;
@@ -38,27 +39,30 @@ in {
     };
     networking.firewall.allowedTCPPorts = [80 443];
 
-    vhack.persist.directories = [
-      {
-        directory = "/var/lib/matrix";
-        user = "matrix-synapse";
-        group = "matrix-synapse";
-        mode = "0700";
-      }
-      {
-        directory = "/var/lib/mautrix-whatsapp";
-        user = "mautrix-whatsapp";
-        group = "matrix-synapse";
-        mode = "0750";
-      }
-    ];
+    vhack = {
+      persist.directories = [
+        {
+          directory = "/var/lib/matrix";
+          user = "matrix-synapse";
+          group = "matrix-synapse";
+          mode = "0700";
+        }
+        {
+          directory = "/var/lib/mautrix-whatsapp";
+          user = "mautrix-whatsapp";
+          group = "matrix-synapse";
+          mode = "0750";
+        }
+      ];
+
+      postgresql.enable = true;
+      nginx.enable = true;
+    };
+
     systemd.tmpfiles.rules = [
       "d /etc/matrix 0755 matrix-synapse matrix-synapse"
     ];
 
-    vhack.postgresql.enable = true;
-    vhack.nginx.enable = true;
-
     services = {
       postgresql = {
         enable = true;