services.matrix-synapse = {
enable = true;
app_service_config_files = [
# The registration file is automatically generated after starting the appservice for the first time.
# cp /var/lib/mautrix-telegram/telegram-registration.yaml /var/lib/matrix-synapse/
# chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/telegram-registration.yaml
"/var/lib/matrix-synapse/telegram-registration.yaml"
];
# ...
};
Now I am unsure why this file can’t just be generated with the proper permissions or if it’s possible to add something that will change the permissions to the systemd file of matrix-synapse or something along those lines.
Appservice registration files need to be accessible both by the homeserver and the relevant appservice, which are running as different users at the same time.
When using DynamicUser and a state directory managed by systemd, the ownership seems to be reset each time the service starts to take into account any user allocation change.
Synapse is also only one implementation and other homeservers need to be supported (although no other one is packaged yet), making the use of the matrix-synapse group impractical. The appservice and homeserver might as well run on different machines.
Previously, appservice registration files were generated during the evaluation and were stored in the nix store, but this caused some security problems as those files contain secret tokens.
All of this makes sharing the same registration file quite tricky. Making a copy of the file seemed to be the simplest solution (suggested by the developpers of some appservices) at the time the module was written.