I would like to store my database passwords outside of the files in my /etc/nixos
directory. According to the Appendix B of the 22.05 release notes I can now do so like this:
The secrets in your original config should be migrated into a YAML file that is included via
extraConfigFiles
I therefore created /run/keys/matrix-synapse/secrets.yaml
and put the following in it:
services:
matrix-synapse:
settings:
database:
args:
database: synapse
user: some_guy
password: "SoethingClever"
host: localhost
I then deleted the services.matrix-synapse.settings.database.args
settings from my Synapse config file and added a reference to the yaml file like so:
{config, pkgs, lib, ...}:
{
services.matrix-synapse = {
enable = true;
settings = {
server_name = "somethingsomething.wtf";
listeners = [
{
port = 8008;
bind_addresses = [
"::1"
];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
extraConfigFiles = [
"/run/keys/matrix-synapse/secrets.yaml"
];
};
}
I then ran sudo nixos-rebuild switch
, but now the synapse service won’t start.
Is the format of the YAML file correct? Am I missing a step?