From 9f2dc96557a26bbdca9b01d2bb2e055e744b5ff7 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige.mcwhirter@iohk.io>
Date: Thu, 21 Jan 2021 11:32:24 +1000
Subject: [PATCH] matrix: Added nginx to matrix-synapse group

This allowed reading of ACME certs.
---
 roles/matrix.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/matrix.nix b/roles/matrix.nix
index f3806f0..b04ebcd 100644
--- a/roles/matrix.nix
+++ b/roles/matrix.nix
@@ -109,9 +109,6 @@
         "chat.mcwhirter.io" = {
           forceSSL = true;
           enableACME = true;
-          serverAliases = [
-            "chat.${config.networking.domain}"
-          ];
           root = pkgs.element-web;   # Install RIOT web in the nginx root
         };
       };
@@ -149,7 +146,7 @@
         email = "acme@mcwhirter.io";
       };
       "synapse.mcwhirter.io" = {
-        group = "matrix-synapse";
+        #group = "matrix-synapse";
         postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service";
         email = "acme@mcwhirter.io";
       };
@@ -164,4 +161,6 @@
     ];
   };
 
+  users.groups.matrix-synapse.members = [ "nginx" ];   # Added for keys permissions
+
 }