bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
}
```
## Registering Matrix users {#module-services-matrix-register-users}
If you want to run a server with public registration by anybody, you can
then enable `services.matrix-synapse.settings.enable_registration = true;`.
Otherwise, or you can generate a registration secret with
{command}`pwgen -s 64 1` and set it with
[](#opt-services.matrix-synapse.settings.registration_shared_secret).
To create a new user or admin from the terminal your client listener
must be configured to use TCP sockets. Then you can run the following
after you have set the secret and have rebuilt NixOS:
```ShellSession
$ nix-shell -p matrix-synapse
$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008
New user localpart: your-username
Password:
Confirm password:
Make admin [no]:
Success!
```
In the example, this would create a user with the Matrix Identifier
`@your-username:example.org`.
::: {.warning}
When using [](#opt-services.matrix-synapse.settings.registration_shared_secret), the secret
will end up in the world-readable store. Instead it's recommended to deploy the secret
in an additional file like this:
- Create a file with the following contents:
```
registration_shared_secret: your-very-secret-secret
```
- Deploy the file with a secret-manager such as
[{option}`deployment.keys`](https://nixops.readthedocs.io/en/latest/overview.html#managing-keys)
from {manpage}`nixops(1)` or [sops-nix](https://github.com/Mic92/sops-nix/) to
e.g. {file}`/run/secrets/matrix-shared-secret` and ensure that it's readable
by `matrix-synapse`.
- Include the file like this in your configuration:
```nix
{
services.matrix-synapse.extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ];
}
```
:::
::: {.note}
It's also possible to user alternative authentication mechanism such as