synapse: move secrets to agenix
This commit is contained in:
parent
e7c94b293c
commit
8cc4522153
7 changed files with 17 additions and 33 deletions
|
@ -42,6 +42,12 @@
|
||||||
group = "mastodon";
|
group = "mastodon";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
synapse-extra-config = {
|
||||||
|
file = ./synapse/extraConfig.nix;
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
group = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
freshrss-user-password = {
|
freshrss-user-password = {
|
||||||
file = ./freshrss/userPassword.age;
|
file = ./freshrss/userPassword.age;
|
||||||
owner = "freshrss";
|
owner = "freshrss";
|
||||||
|
|
BIN
agenix/hosts/sail/synapse/extraConfig.age
Normal file
BIN
agenix/hosts/sail/synapse/extraConfig.age
Normal file
Binary file not shown.
|
@ -102,12 +102,12 @@ rec {
|
||||||
};
|
};
|
||||||
dracula-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
dracula-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
||||||
pname = "dracula.nvim";
|
pname = "dracula.nvim";
|
||||||
version = "2023-01-19";
|
version = "2023-02-05";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "Mofiqul";
|
owner = "Mofiqul";
|
||||||
repo = "dracula.nvim";
|
repo = "dracula.nvim";
|
||||||
rev = "a0b129d7dea51b317fa8064f13b29f68004839c4";
|
rev = "798274ba3c454a9aa3cd71f95a86ea55cbbbb142";
|
||||||
sha256 = "0q7ly95hp123z9z8qh4sih5a53dnbxv0jxa80b1s7d6h1wpr2w5j";
|
sha256 = "156g08ab9jghi580b1k88si3bc6h72d77avlpn34dnnn5481anvh";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -116,8 +116,8 @@ rec {
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "nvim-treesitter";
|
owner = "nvim-treesitter";
|
||||||
repo = "nvim-treesitter";
|
repo = "nvim-treesitter";
|
||||||
rev = "720f75f9881cae820cecde23fc2f07affacf2826";
|
rev = "24d5be6e7192a855a0eba21829717614fa1cf54e";
|
||||||
sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
|
sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
Binary file not shown.
|
@ -15,6 +15,8 @@ in
|
||||||
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
|
||||||
|
|
||||||
|
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
|
||||||
|
|
||||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ in
|
||||||
|
|
||||||
(import ../nixos/mastodon.nix (args // { inherit secret; }))
|
(import ../nixos/mastodon.nix (args // { inherit secret; }))
|
||||||
|
|
||||||
(import ../nixos/synapse.nix (args // { inherit secret; }))
|
../nixos/synapse.nix
|
||||||
|
|
||||||
../nixos/websites.nix
|
../nixos/websites.nix
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ secret, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
|
@ -26,28 +26,6 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
database = {
|
|
||||||
name = "psycopg2";
|
|
||||||
args = {
|
|
||||||
host = "10.99.99.3";
|
|
||||||
database = "synapse";
|
|
||||||
inherit (secret.synapse.database) user;
|
|
||||||
inherit (secret.synapse.database) password;
|
|
||||||
cp_min = 5;
|
|
||||||
cp_max = 10;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
email = {
|
|
||||||
smtp_host = "smtp.mailgun.org";
|
|
||||||
smtp_port = 465;
|
|
||||||
smtp_user = secret.synapse.email.user;
|
|
||||||
smtp_pass = secret.synapse.email.password;
|
|
||||||
force_tls = true;
|
|
||||||
notif_from = "%(app)s <matrix@mg.kempkens.io>";
|
|
||||||
app_name = "kempkens_matrix";
|
|
||||||
};
|
|
||||||
|
|
||||||
thumbnail_sizes = [
|
thumbnail_sizes = [
|
||||||
{ width = 32; height = 32; method = "crop"; }
|
{ width = 32; height = 32; method = "crop"; }
|
||||||
{ width = 96; height = 96; method = "crop"; }
|
{ width = 96; height = 96; method = "crop"; }
|
||||||
|
@ -84,10 +62,6 @@
|
||||||
|
|
||||||
enable_registration = false;
|
enable_registration = false;
|
||||||
|
|
||||||
inherit (secret.synapse) registration_shared_secret;
|
|
||||||
inherit (secret.synapse) macaroon_secret_key;
|
|
||||||
inherit (secret.synapse) form_secret;
|
|
||||||
|
|
||||||
enable_metrics = false;
|
enable_metrics = false;
|
||||||
report_stats = false;
|
report_stats = false;
|
||||||
|
|
||||||
|
@ -102,6 +76,8 @@
|
||||||
msc2409_to_device_messages_enabled = true;
|
msc2409_to_device_messages_enabled = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||||
|
|
Loading…
Reference in a new issue