nixos/synapse: allow omitting `trusted_key_servers[].verify_keys`

Synapse does not require the `verify_keys` attr/object to be set.
It made sense back in the day, when federation traffic used to use self-signed certificates. But this is no longer the case.

The previous `types.nullOr` didn't actually allow omitting `verify_keys` because Synapse's config parser is unable to parse that.

Not a breaking change.

Upstream docs: https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=verify_keys#trusted_key_servers

1 files changed, 1 insertions, 16 deletions

diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix
index 2a4104a4ec2bc..3dca3ff94f213 100644
--- a/nixos/modules/services/matrix/synapse.nix
+++ b/nixos/modules/services/matrix/synapse.nix
@@ -636,6 +636,7 @@ in {
 
             trusted_key_servers = mkOption {
               type = types.listOf (types.submodule {
+                freeformType = format.type;
                 options = {
                   server_name = mkOption {
                     type = types.str;
@@ -644,22 +645,6 @@ in {
                       Hostname of the trusted server.
                     '';
                   };
-
-                  verify_keys = mkOption {
-                    type = types.nullOr (types.attrsOf types.str);
-                    default = null;
-                    example = literalExpression ''
-                      {
-                        "ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
-                      }
-                    '';
-                    description = lib.mdDoc ''
-                      Attribute set from key id to base64 encoded public key.
-
-                      If specified synapse will check that the response is signed
-                      by at least one of the given keys.
-                    '';
-                  };
                 };
               });
               default = [ {