nixos/synapse: allow omitting trusted_key_servers[].verify_keys

Synapse does not require the `verify_keys` attr/object to be set. It made sense back in the day, when federation traffic used to use self-signed certificates. But this is no longer the case. The previous `types.nullOr` didn't actually allow omitting `verify_keys` because Synapse's config parser is unable to parse that. Not a breaking change. Upstream docs: https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=verify_keys#trusted_key_servers
2023-05-19 15:38:07 +02:00 · 2023-05-19 15:38:07 +02:00 · d212ec13b8
commit d212ec13b8
parent 48a0fb7aab
1 changed files with 1 additions and 16 deletions
--- a/nixos/modules/services/matrix/synapse.nix
+++ b/nixos/modules/services/matrix/synapse.nix
@ -636,6 +636,7 @@ in {

            trusted_key_servers = mkOption {
              type = types.listOf (types.submodule {
+                freeformType = format.type;
                options = {
                  server_name = mkOption {
                    type = types.str;
@ -644,22 +645,6 @@ in {
                      Hostname of the trusted server.
                    '';
                  };
-
-                  verify_keys = mkOption {
-                    type = types.nullOr (types.attrsOf types.str);
-                    default = null;
-                    example = literalExpression ''
-                      {
-                        "ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
-                      }
-                    '';
-                    description = lib.mdDoc ''
-                      Attribute set from key id to base64 encoded public key.
-
-                      If specified synapse will check that the response is signed
-                      by at least one of the given keys.
-                    '';
-                  };
                };
              });
              default = [ {