synapse: move secrets to agenix

2023-02-05 23:25:57 +01:00 · 2023-02-05 23:25:57 +01:00 · 8cc4522153
commit 8cc4522153
parent e7c94b293c
7 changed files with 17 additions and 33 deletions
--- a/agenix/hosts/sail/config.nix
+++ b/agenix/hosts/sail/config.nix
@ -42,6 +42,12 @@
      group = "mastodon";
    };
    synapse-extra-config = {
      file = ./synapse/extraConfig.nix;
      owner = "matrix-synapse";
      group = "matrix-synapse";
    };
    freshrss-user-password = {
      file = ./freshrss/userPassword.age;
      owner = "freshrss";
--- a/agenix/hosts/sail/synapse/extraConfig.age
+++ b/agenix/hosts/sail/synapse/extraConfig.age
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@ -102,12 +102,12 @@ rec {
  };
  dracula-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
    pname = "dracula.nvim";
-    version = "2023-01-19";
+    version = "2023-02-05";
    src = pkgs.fetchFromGitHub {
      owner = "Mofiqul";
      repo = "dracula.nvim";
-      rev = "a0b129d7dea51b317fa8064f13b29f68004839c4";
+      rev = "798274ba3c454a9aa3cd71f95a86ea55cbbbb142";
-      sha256 = "0q7ly95hp123z9z8qh4sih5a53dnbxv0jxa80b1s7d6h1wpr2w5j";
+      sha256 = "156g08ab9jghi580b1k88si3bc6h72d77avlpn34dnnn5481anvh";
      fetchSubmodules = false;
    };
  };
@ -116,8 +116,8 @@ rec {
    src = pkgs.fetchFromGitHub {
      owner = "nvim-treesitter";
      repo = "nvim-treesitter";
-      rev = "720f75f9881cae820cecde23fc2f07affacf2826";
+      rev = "24d5be6e7192a855a0eba21829717614fa1cf54e";
-      sha256 = "16rh90skmhs2qr9v39l7f0kmml8n7f8c36vsp96pwkd9rw1j99ki";
+      sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx";
      fetchSubmodules = false;
    };
  });
--- a/secret/hosts/sail.nix
+++ b/secret/hosts/sail.nix
--- a/secrets.nix
+++ b/secrets.nix
@ -15,6 +15,8 @@ in
  "agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
  "agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;
  "agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
  "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
  "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
 }
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@ -20,7 +20,7 @@ in
    (import ../nixos/mastodon.nix (args // { inherit secret; }))
-    (import ../nixos/synapse.nix (args // { inherit secret; }))
+    ../nixos/synapse.nix
    ../nixos/websites.nix
--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@ -1,4 +1,4 @@
-{ secret, ... }:
+{ config, ... }:
 {
  services.matrix-synapse = {
@ -26,28 +26,6 @@
        }
      ];
      database = {
        name = "psycopg2";
        args = {
          host = "10.99.99.3";
          database = "synapse";
          inherit (secret.synapse.database) user;
          inherit (secret.synapse.database) password;
          cp_min = 5;
          cp_max = 10;
        };
      };
      email = {
        smtp_host = "smtp.mailgun.org";
        smtp_port = 465;
        smtp_user = secret.synapse.email.user;
        smtp_pass = secret.synapse.email.password;
        force_tls = true;
        notif_from = "%(app)s <matrix@mg.kempkens.io>";
        app_name = "kempkens_matrix";
      };
      thumbnail_sizes = [
        { width = 32; height = 32; method = "crop"; }
        { width = 96; height = 96; method = "crop"; }
@ -84,10 +62,6 @@
      enable_registration = false;
      inherit (secret.synapse) registration_shared_secret;
      inherit (secret.synapse) macaroon_secret_key;
      inherit (secret.synapse) form_secret;
      enable_metrics = false;
      report_stats = false;
@ -102,6 +76,8 @@
        msc2409_to_device_messages_enabled = true;
      };
    };
    extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
  };
  networking.firewall.allowedTCPPorts = [ 8008 ];