synapse: move secrets to agenix
This commit is contained in:
parent
e7c94b293c
commit
8cc4522153
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
|
|
@ -42,6 +42,12 @@
|
|||
group = "mastodon";
|
||||
};
|
||||
|
||||
synapse-extra-config = {
|
||||
file = ./synapse/extraConfig.nix;
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
freshrss-user-password = {
|
||||
file = ./freshrss/userPassword.age;
|
||||
owner = "freshrss";
|
||||
|
|
|
|||
BIN
agenix/hosts/sail/synapse/extraConfig.age
Normal file
BIN
agenix/hosts/sail/synapse/extraConfig.age
Normal file
Binary file not shown.
|
|
@ -102,12 +102,12 @@ rec {
|
|||
};
|
||||
dracula-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
||||
pname = "dracula.nvim";
|
||||
version = "2023-01-19";
|
||||
version = "2023-02-05";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "Mofiqul";
|
||||
repo = "dracula.nvim";
|
||||
rev = "a0b129d7dea51b317fa8064f13b29f68004839c4";
|
||||
sha256 = "0q7ly95hp123z9z8qh4sih5a53dnbxv0jxa80b1s7d6h1wpr2w5j";
|
||||
rev = "798274ba3c454a9aa3cd71f95a86ea55cbbbb142";
|
||||
sha256 = "156g08ab9jghi580b1k88si3bc6h72d77avlpn34dnnn5481anvh";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
|
@ -116,8 +116,8 @@ rec {
|
|||
src = pkgs.fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter";
|
||||
rev = "720f75f9881cae820cecde23fc2f07affacf2826";
|
||||
sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
|
||||
rev = "24d5be6e7192a855a0eba21829717614fa1cf54e";
|
||||
sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
});
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -15,6 +15,8 @@ in
|
|||
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ in
|
|||
|
||||
(import ../nixos/mastodon.nix (args // { inherit secret; }))
|
||||
|
||||
(import ../nixos/synapse.nix (args // { inherit secret; }))
|
||||
../nixos/synapse.nix
|
||||
|
||||
../nixos/websites.nix
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ secret, ... }:
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
|
|
@ -26,28 +26,6 @@
|
|||
}
|
||||
];
|
||||
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args = {
|
||||
host = "10.99.99.3";
|
||||
database = "synapse";
|
||||
inherit (secret.synapse.database) user;
|
||||
inherit (secret.synapse.database) password;
|
||||
cp_min = 5;
|
||||
cp_max = 10;
|
||||
};
|
||||
};
|
||||
|
||||
email = {
|
||||
smtp_host = "smtp.mailgun.org";
|
||||
smtp_port = 465;
|
||||
smtp_user = secret.synapse.email.user;
|
||||
smtp_pass = secret.synapse.email.password;
|
||||
force_tls = true;
|
||||
notif_from = "%(app)s <matrix@mg.kempkens.io>";
|
||||
app_name = "kempkens_matrix";
|
||||
};
|
||||
|
||||
thumbnail_sizes = [
|
||||
{ width = 32; height = 32; method = "crop"; }
|
||||
{ width = 96; height = 96; method = "crop"; }
|
||||
|
|
@ -84,10 +62,6 @@
|
|||
|
||||
enable_registration = false;
|
||||
|
||||
inherit (secret.synapse) registration_shared_secret;
|
||||
inherit (secret.synapse) macaroon_secret_key;
|
||||
inherit (secret.synapse) form_secret;
|
||||
|
||||
enable_metrics = false;
|
||||
report_stats = false;
|
||||
|
||||
|
|
@ -102,6 +76,8 @@
|
|||
msc2409_to_device_messages_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||
|
|
|
|||
Loading…
Reference in a new issue