1 files changed, 15 insertions, 2 deletions

diff --git a/modules/services/matrix-bridge/default.nix b/modules/services/matrix-bridge/default.nix
index 9668336..6fb0cd2 100644
--- a/modules/services/matrix-bridge/default.nix
+++ b/modules/services/matrix-bridge/default.nix
@@ -353,7 +353,7 @@ in
         # };
         auth.usePrivilegedIntents = true;
         database = {
-          connString = "postgresql://matrix-appservice-discord?host=/run/postgresql";
+          connString = "postgresql:///matrix-appservice-discord?host=/run/postgresql";
           filename = "";
         };
 
@@ -372,6 +372,19 @@ in
       @system-service @pkey ~@privileged @resources @chown
     '';
 
+    systemd.services.matrix-appservice-discord.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      PrivateTmp = lib.mkForce false;
+      User = "matrix-appservice-discord";
+      Group = "matrix-appservice-discord";
+    };
+
+    users.groups.matrix-appservice-discord = {};
+    users.users.matrix-appservice-discord = {
+      description = "Service user for the Matrix-Discord bridge";
+      group = "matrix-appservice-discord";
+      isSystemUser = true;
+    };
 
     modules.persistence.directories = [
       "/var/lib/private/mautrix-telegram"
@@ -426,7 +439,7 @@ in
       "mautrix-discord:/var/lib/mautrix-discord/discord-registration.yaml"
       "double-puppet:${config.sops.templates."double-puppet-registration.yaml".path}"
       "appservice-irc:/var/lib/matrix-appservice-irc/registration.yml"
-      "appservice-discord:/var/lib/private/matrix-appservice-discord/discord-registration.yaml"
+      "appservice-discord:/var/lib/matrix-appservice-discord/discord-registration.yaml"
     ];
 
     services.matrix-synapse.settings.app_service_config_files = [