From f53c0c6eb5c08415c7ffc7d9a2ba2a3c65b380a7 Mon Sep 17 00:00:00 2001
From: Daniel Olsen <daniel.olsen99@gmail.com>
Date: Fri, 15 Sep 2023 06:41:49 +0200
Subject: [PATCH] bicep/synapse: Move database configuration out of secrets

---
 hosts/bicep/services/matrix/synapse.nix | 23 +++++++++++------------
 secrets/bicep/matrix.yaml               |  5 ++---
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/hosts/bicep/services/matrix/synapse.nix b/hosts/bicep/services/matrix/synapse.nix
index 8475c58e..76f5bd2d 100644
--- a/hosts/bicep/services/matrix/synapse.nix
+++ b/hosts/bicep/services/matrix/synapse.nix
@@ -8,14 +8,6 @@ let
   imap0Attrs = with lib; f: set:
     listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
 in {
-  sops.secrets."matrix/synapse/dbconfig" = {
-    sopsFile = ../../../../secrets/bicep/matrix.yaml;
-    key = "synapse/dbconfig";
-    owner = config.users.users.matrix-synapse.name;
-    group = config.users.users.matrix-synapse.group;
-    restartUnits = [ "matrix-synapse.target" ];
-  };
-
   sops.secrets."matrix/synapse/signing_key" = {
     key = "synapse/signing_key";
     sopsFile = ../../../../secrets/bicep/matrix.yaml;
@@ -44,10 +36,6 @@ in {
 
     enableNginx = true;
 
-    extraConfigFiles = [
-      config.sops.secrets."matrix/synapse/dbconfig".path
-    ];
-
     settings = {
       server_name = "pvv.ntnu.no";
       public_baseurl = "https://matrix.pvv.ntnu.no";
@@ -56,6 +44,17 @@ in {
 
       media_store_path =  "${cfg.dataDir}/media";
 
+      database = {
+        name = "psycopg2";
+        args = {
+          host = "/var/run/postgresql";
+          dbname = "synapse";
+          user = "matrix-synapse";
+          cp_min = 1;
+          cp_max = 5;
+        };
+      };
+
       presence.enabled = false;
 
       event_cache_size = "20K"; # Default is 10K but I can't find the factor for this cache
diff --git a/secrets/bicep/matrix.yaml b/secrets/bicep/matrix.yaml
index d2f44631..876357d6 100644
--- a/secrets/bicep/matrix.yaml
+++ b/secrets/bicep/matrix.yaml
@@ -1,5 +1,4 @@
 synapse:
-    dbconfig: ENC[AES256_GCM,data:DzbYi9TUfdxJ9Y/dC26TBvXMu/3rnbuv/jKKcW7RfUORZFIMPYz9ZcL1nl5RwTIAI65PJEDDz9UXkynjiteJppfS1g09vF+UerUg6BWDFi+JLpXwwg3EtTA3WLCX/nZKsoR1rOzT8+wsXghozIs9KhRNQlvBP0t2qcahKrrnznR+cLXBcimmwmgX,iv:VKimpBPerhTaJYgJ9hVfNBAZO8xLCWpwuRqdWx4/DqY=,tag:wxh0qrTHMLSBoTnqDpqV5A==,type:str]
     turnconfig: ENC[AES256_GCM,data:mASRjYa4C9WRow4x0XYRrlCE5LMJUYaId+o62r1qhsyJPa2LzrI=,iv:5vYdubvMDjLS6soiWx2DzkEAATb9NFbSS/Jhuuz1yI8=,tag:wOW07CQMDbOiZNervee/pg==,type:str]
     user_registration: ENC[AES256_GCM,data:ZDZfEEvyw8pg0WzhrdC8747ed+ZR2ZA8/WypJd/iDkmIy2RmxOeI0sE=,iv:l61mOlvzpCql4fC/eubBSU6px21et2WcpxQ6rFl14iw=,tag:sVDEAa3xipKIi/6isCjWew==,type:str]
     signing_key: ENC[AES256_GCM,data:6UpfiRlX9pRM7zhdm7Mc8y8EItLzugWkHSgE0tGpEmudCTa1wc60oNbYfhKDWU81DT/U148pZOoX1A==,iv:UlqCPicPm5eNBz1xBMI3A3Rn4t/GtldNIDdMH5MMnLw=,tag:HHaw6iMjEAv5b9mjHSVpwA==,type:str]
@@ -42,8 +41,8 @@ sops:
             cGxZVnFhdXRka2drTGdkVk1iM0pFL1kK2ry7b2cLYPfntWi/BV3K2O+mHt3242Ef
             sI2JLLQYHeAhxjFdCzP1RDR+Wu/pRxZje6xuTZ9I9TKNmm+LhAXHQw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-13T09:02:19Z"
-    mac: ENC[AES256_GCM,data:zmRZCDBwF9h/o9qAdWII4DPjoX+2b1d5+qigIizaXQrRORdlvQHHeRx72uIIcIr6Oi06YJ+nCLuKp3t5YyB2KrFtTHaW0+h7OybfnAt1Xs8LEPKPhoN90isHNr/7V6cZrVQAGg8nWUDP183vkXkADxeYHRHGxydqLKUJ5Mif1E8=,iv:kBQmskPQFVi+T/THmtj0ifbP5VsQMAxGz92Mi0Xu9RY=,tag:g4MYOAhQZHRo4rdg7emC1Q==,type:str]
+    lastmodified: "2023-09-15T04:40:21Z"
+    mac: ENC[AES256_GCM,data:ZJVHLbpSu/nIzl5FJfRdg2ymRN5M+zJXNUpi1hBt2MBmvK+1ed2ElhMe5x7pyasSDdaUtXDo7ghkUF7vE46Wo6Z9dvlAvhwWm7Y2AWfUe5SFVwzqlOCjSKRPFrQrL7PcDBtMj4twtwhc4XsfJoUSuigWW2m21BKtEZSuuxLRqLA=,iv:ufFbfMaNHydbkwq6lxN1dQJldkAbtqais/CZFkoDhb4=,tag:uMj0LaiU0obIlw/+HJJdKg==,type:str]
     pgp:
         - created_at: "2023-05-06T21:31:39Z"
           enc: |