diff options
| -rw-r--r-- | hosts/surtr/matrix/default.nix | 40 | 
1 files changed, 20 insertions, 20 deletions
| diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 777f9f84..936a0528 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix | |||
| @@ -37,28 +37,28 @@ with lib; | |||
| 37 | extraConfigFiles = [ | 37 | extraConfigFiles = [ | 
| 38 | "/run/credentials/matrix-synapse.service/registration.yaml" | 38 | "/run/credentials/matrix-synapse.service/registration.yaml" | 
| 39 | "/run/credentials/matrix-synapse.service/turn-secret.yaml" | 39 | "/run/credentials/matrix-synapse.service/turn-secret.yaml" | 
| 40 | ]; | 40 | (pkgs.writeText "homeserver.yaml" (generators.toYAML {} { | 
| 41 | extraConfig = generators.toYAML {} { | 41 | "refreshable_access_token_lifetime" = "5m"; | 
| 42 | "refreshable_access_token_lifetime" = "5m"; | 42 | # "nonrefreshable_access_token_lifetime" = "1w"; # TODO: uncomment once all (relevant) clients have support for refreshable tokens | 
| 43 | # "nonrefreshable_access_token_lifetime" = "1w"; # TODO: uncomment once all (relevant) clients have support for refreshable tokens | 43 | "refresh_token_lifetime" = "1w"; | 
| 44 | "refresh_token_lifetime" = "1w"; | 44 | "registration_requires_token" = true; | 
| 45 | "registration_requires_token" = true; | ||
| 46 | 45 | ||
| 47 | "admin_contact" = "mailto:matrix-admin@yggdrasil.li"; | 46 | "admin_contact" = "mailto:matrix-admin@yggdrasil.li"; | 
| 48 | 47 | ||
| 49 | "url_preview_enabled" = true; | 48 | "url_preview_enabled" = true; | 
| 50 | "url_preview_ip_range_blacklist" = [ | 49 | "url_preview_ip_range_blacklist" = [ | 
| 51 | "127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" | 50 | "127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" | 
| 52 | "100.64.0.0/10" "192.0.0.0/24" "169.254.0.0/16" | 51 | "100.64.0.0/10" "192.0.0.0/24" "169.254.0.0/16" | 
| 53 | "192.88.99.0/24" "198.18.0.0/15" "192.0.2.0/24" | 52 | "192.88.99.0/24" "198.18.0.0/15" "192.0.2.0/24" | 
| 54 | "198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "::1/128" | 53 | "198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "::1/128" | 
| 55 | "fe80::/10" "fc00::/7" "2001:db8::/32" "ff00::/8" | 54 | "fe80::/10" "fc00::/7" "2001:db8::/32" "ff00::/8" | 
| 56 | "fec0::/10" "2a03:4000:52:ada::/64" | 55 | "fec0::/10" "2a03:4000:52:ada::/64" | 
| 57 | ]; | 56 | ]; | 
| 58 | "url_preview_ip_range_whitelist" = [ | 57 | "url_preview_ip_range_whitelist" = [ | 
| 59 | "2a03:4000:52:ada::/128" | 58 | "2a03:4000:52:ada::/128" | 
| 60 | ]; | 59 | ]; | 
| 61 | }; | 60 | })) | 
| 61 | ]; | ||
| 62 | }; | 62 | }; | 
| 63 | sops.secrets."matrix-synapse-registration.yaml" = { | 63 | sops.secrets."matrix-synapse-registration.yaml" = { | 
| 64 | format = "binary"; | 64 | format = "binary"; | 
