From 847677fc2ff554b6b2c96e75a89ca800d8a9b969 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Fri, 6 Dec 2024 20:50:09 +0000
Subject: [PATCH] refactor(matrix.nix): centralize matrix-synapse secrets and
 remove hardcoded database name

- Added `age.secrets.matrix` to manage secrets in a centralized `.age` file
- Removed hardcoded `db_name` and used `extraConfigFiles` to include the database configuration from the `.age` file
- Updated comments to reflect changes
---
 hosts/architect/matrix.nix | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix
index 5ef476f..f861e06 100644
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@@ -2,18 +2,22 @@
 
 let
   domain = "runas.rocks";
-  db_name = "matrix-synapse-runas.rocks";
-
   utilities = import ./utilities.nix { inherit lib config; };
   inherit (utilities) architectInterfaceAddress;
 in
 {
+  age.secrets.matrix = {
+    file = ../../secrets/matrix-synapse.age;
+    owner = "matrix-synapse";
+  };
+
   services = {
     matrix-synapse = {
       enable = true;
+      # Database config is in the .age file
+      extraConfigFiles = [ config.age.secrets.matrix.path ];
       settings = {
         server_name = "${domain}";
-        database.args.database = db_name;
         public_baseurl = "https://${domain}";
         registration_shared_secret = "runas!";
         url_preview_enabled = true;