nixos/synapse: allow omitting trusted_key_servers[].verify_keys
Synapse does not require the `verify_keys` attr/object to be set. It made sense back in the day, when federation traffic used to use self-signed certificates. But this is no longer the case. The previous `types.nullOr` didn't actually allow omitting `verify_keys` because Synapse's config parser is unable to parse that. Not a breaking change. Upstream docs: https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=verify_keys#trusted_key_servers
This commit is contained in:
parent
48a0fb7aab
commit
d212ec13b8
@ -636,6 +636,7 @@ in {
|
||||
|
||||
trusted_key_servers = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
freeformType = format.type;
|
||||
options = {
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
@ -644,22 +645,6 @@ in {
|
||||
Hostname of the trusted server.
|
||||
'';
|
||||
};
|
||||
|
||||
verify_keys = mkOption {
|
||||
type = types.nullOr (types.attrsOf types.str);
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
{
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
}
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
Attribute set from key id to base64 encoded public key.
|
||||
|
||||
If specified synapse will check that the response is signed
|
||||
by at least one of the given keys.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ {
|
||||
|
Loading…
Reference in New Issue
Block a user