movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

matrix-synapse: Allow keys to be generated

Browse source 
The matrix-synapse user has `createHome = true;` which runs before the
`preStart` script, so the home directory will always exist and the block
will never execute.

Also don't include default path to keys in the configuration file,
because synapse will choke if it tries to open them before they
exist (even with `--generate-keys`).
This commit is contained in:
Ruben Maher 2016-10-30 12:12:01 +10:30 committed by Robert Helgesson
parent 4ae2a59aaa
commit 08d7fbb42d
No known key found for this signature in database
GPG key ID: C3DB11069E65DC86
1 changed files with 17 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

30
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -9,11 +9,15 @@ let
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${fromBool l.tls}, x_forwarded: ${fromBool l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}''; mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${fromBool l.tls}, x_forwarded: ${fromBool l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
fromBool = x: if x then "true" else "false"; fromBool = x: if x then "true" else "false";
configFile = pkgs.writeText "homeserver.yaml" '' configFile = pkgs.writeText "homeserver.yaml" ''
${optionalString (cfg.tls_certificate_path != null) ''
tls_certificate_path: "${cfg.tls_certificate_path}" tls_certificate_path: "${cfg.tls_certificate_path}"
''}
${optionalString (cfg.tls_private_key_path != null) '' ${optionalString (cfg.tls_private_key_path != null) ''
tls_private_key_path: "${cfg.tls_private_key_path}" tls_private_key_path: "${cfg.tls_private_key_path}"
''} ''}
${optionalString (cfg.tls_dh_params_path != null) ''
tls_dh_params_path: "${cfg.tls_dh_params_path}" tls_dh_params_path: "${cfg.tls_dh_params_path}"
''}
no_tls: ${fromBool cfg.no_tls} no_tls: ${fromBool cfg.no_tls}
${optionalString (cfg.bind_port != null) '' ${optionalString (cfg.bind_port != null) ''
bind_port: ${toString cfg.bind_port} bind_port: ${toString cfg.bind_port}
@ -146,8 +150,9 @@ in {
''; '';
}; };
tls_certificate_path = mkOption { tls_certificate_path = mkOption {
type = types.str; type = types.nullOr types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.crt"; default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
description = '' description = ''
PEM encoded X509 certificate for TLS. PEM encoded X509 certificate for TLS.
You can replace the self-signed certificate that synapse You can replace the self-signed certificate that synapse
@ -158,16 +163,17 @@ in {
}; };
tls_private_key_path = mkOption { tls_private_key_path = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.key"; default = null;
example = null; example = "/var/lib/matrix-synapse/homeserver.tls.key";
description = '' description = ''
PEM encoded private key for TLS. Specify null if synapse is not PEM encoded private key for TLS. Specify null if synapse is not
speaking TLS directly. speaking TLS directly.
''; '';
}; };
tls_dh_params_path = mkOption { tls_dh_params_path = mkOption {
type = types.str; type = types.nullOr types.str;
default = "/var/lib/matrix-synapse/homeserver.tls.dh"; default = null;
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
description = '' description = ''
PEM dh parameters for ephemeral keys PEM dh parameters for ephemeral keys
''; '';
@ -557,12 +563,10 @@ in {
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
if ! test -e /var/lib/matrix-synapse; then ${cfg.package}/bin/homeserver \
mkdir -p /var/lib/matrix-synapse --config-path ${configFile} \
chmod 700 /var/lib/matrix-synapse --keys-directory /var/lib/matrix-synapse \
chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse --generate-keys
${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory /var/lib/matrix-synapse/ --generate-keys
fi
''; '';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
@ -570,7 +574,7 @@ in {
Group = "matrix-synapse"; Group = "matrix-synapse";
WorkingDirectory = "/var/lib/matrix-synapse"; WorkingDirectory = "/var/lib/matrix-synapse";
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile}"; ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory /var/lib/matrix-synapse";
}; };
}; };
}; };