Unverified Commit d212ec13 authored by IndeedNotJames's avatar IndeedNotJames
Browse files

nixos/synapse: allow omitting `trusted_key_servers[].verify_keys` 

Synapse does not require the `verify_keys` attr/object to be set.
It made sense back in the day, when federation traffic used to use self-signed certificates. But this is no longer the case.

The previous `types.nullOr` didn't actually allow omitting `verify_keys` because Synapse's config parser is unable to parse that.

Not a breaking change.

Upstream docs: https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=verify_keys#trusted_key_servers
parent 48a0fb7a

nixos/modules/services/matrix/synapse.nix

+1 −16
Original line number Diff line number Diff line
@@ -636,6 +636,7 @@ in { 


            trusted_key_servers = mkOption {

              type = types.listOf (types.submodule {

                freeformType = format.type;

                options = {

                  server_name = mkOption {

                    type = types.str;
@@ -644,22 +645,6 @@ in { 
                      Hostname of the trusted server.

                    '';

                  };



                  verify_keys = mkOption {

                    type = types.nullOr (types.attrsOf types.str);

                    default = null;

                    example = literalExpression ''

                      {

                        "ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";

                      }

                    '';

                    description = lib.mdDoc ''

                      Attribute set from key id to base64 encoded public key.



                      If specified synapse will check that the response is signed

                      by at least one of the given keys.

                    '';

                  };

                };

              });

              default = [ {