enforce new flake schema. formatting.

modules/nixos/matrix-synapse/default.nix

@@ -84,77 +84,74 @@ in
   };
 
   config = mkIf cfg.enable {
-    services.postgresql = {
-      enable = true;
-      initialScript = pkgs.writeText "synapse-init.sql" ''
-        CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-          TEMPLATE template0
-          LC_COLLATE = 'C'
-          LC_CTYPE = 'C';
-      '';
-    };
+    services = {
+      postgresql = {
+        enable = true;
+        initialScript = pkgs.writeText "synapse-init.sql" ''
+          CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+          CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+            TEMPLATE template0
+            LC_COLLATE = 'C'
+            LC_CTYPE = 'C';
+        '';
+      };
 
-    services.matrix-synapse = mkMerge [
-      {
-        settings = {
-          registration_shared_secret_path =
-            mkIf cfg.sops
-              config.sops.secrets."matrix/registration-shared-secret".path;
-          server_name = config.networking.domain;
-          public_baseurl = baseUrl;
-          listeners = [
-            {
-              inherit (cfg) port;
-              bind_addresses = [ "127.0.0.1" ];
-              resources = [
-                {
-                  compress = true;
-                  names = [ "client" ];
-                }
-                {
-                  compress = false;
-                  names = [ "federation" ];
-                }
-              ];
-              tls = false;
-              type = "http";
-              x_forwarded = true;
-            }
-          ];
+      matrix-synapse = mkMerge [
+        {
+          settings = {
+            registration_shared_secret_path = mkIf cfg.sops config.sops.secrets."matrix/registration-shared-secret".path;
+            server_name = config.networking.domain;
+            public_baseurl = baseUrl;
+            listeners = [
+              {
+                inherit (cfg) port;
+                bind_addresses = [ "127.0.0.1" ];
+                resources = [
+                  {
+                    compress = true;
+                    names = [ "client" ];
+                  }
+                  {
+                    compress = false;
+                    names = [ "federation" ];
+                  }
+                ];
+                tls = false;
+                type = "http";
+                x_forwarded = true;
+              }
+            ];
+          };
+        }
+        (mkIf cfg.coturn.enable {
+          settings = {
+            turn_uris = with cfg.coturn; [
+              "turn:${realm}:${toString listening-port}?transport=udp"
+              "turn:${realm}:${toString listening-port}?transport=tcp"
+              "turn:${realm}:${toString tls-listening-port}?transport=udp"
+              "turn:${realm}:${toString tls-listening-port}?transport=tcp"
+              "turn:${realm}:${toString alt-listening-port}?transport=udp"
+              "turn:${realm}:${toString alt-listening-port}?transport=tcp"
+              "turn:${realm}:${toString alt-tls-listening-port}?transport=udp"
+              "turn:${realm}:${toString alt-tls-listening-port}?transport=tcp"
+            ];
+            extraConfigFiles = mkIf cfg.sops [ config.sops.templates."coturn/static-auth-secret.env".path ];
+            turn_user_lifetime = "1h";
+          };
+        })
+      ];
+
+      nginx.virtualHosts."${cfg.settings.server_name}" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations = {
+          "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+          "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+          "/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+          "/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}";
         };
-      }
-      (mkIf cfg.coturn.enable {
-        settings = {
-          turn_uris = with cfg.coturn; [
-            "turn:${realm}:${toString listening-port}?transport=udp"
-            "turn:${realm}:${toString listening-port}?transport=tcp"
-            "turn:${realm}:${toString tls-listening-port}?transport=udp"
-            "turn:${realm}:${toString tls-listening-port}?transport=tcp"
-            "turn:${realm}:${toString alt-listening-port}?transport=udp"
-            "turn:${realm}:${toString alt-listening-port}?transport=tcp"
-            "turn:${realm}:${toString alt-tls-listening-port}?transport=udp"
-            "turn:${realm}:${toString alt-tls-listening-port}?transport=tcp"
-          ];
-          extraConfigFiles = mkIf cfg.sops [ config.sops.templates."coturn/static-auth-secret.env".path ];
-          turn_user_lifetime = "1h";
-        };
-      })
-    ];
-
-    environment.shellAliases = mkIf cfg.sops {
-      register_new_matrix_user = "${cfg.package}/bin/register_new_matrix_user -k $(sudo cat ${cfg.settings.registration_shared_secret_path})";
-    };
-
-    services.nginx.virtualHosts."${cfg.settings.server_name}" = {
-      enableACME = true;
-      forceSSL = true;
-
-      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-
-      locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
-      locations."/_synapse".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
     };
 
     sops = mkIf cfg.sops {