1
0
Fork 0
forked from pub-solar/infra

matrix: do not change paths for nachtigall secrets

This commit is contained in:
teutat3s 2024-10-27 17:27:17 +01:00
parent d6cc9c8164
commit 7775ad332e
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
3 changed files with 21 additions and 12 deletions

View file

@ -63,18 +63,21 @@
# matrix-synapse # matrix-synapse
age.secrets."nachtigall-matrix-synapse-signing-key" = { age.secrets."nachtigall-matrix-synapse-signing-key" = {
file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age"; file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
path = "/run/agenix/matrix-synapse-signing-key";
mode = "400"; mode = "400";
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = { age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age"; file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
path = "/run/agenix/matrix-synapse-secret-config.yaml";
mode = "400"; mode = "400";
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = { age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age"; file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
path = "/run/agenix/matrix-synapse-sliding-sync-secret";
mode = "400"; mode = "400";
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
@ -82,6 +85,7 @@
pub-solar-os.matrix-synapse = { pub-solar-os.matrix-synapse = {
enable = true; enable = true;
sliding-sync.enable = true;
signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path; signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
extra-config-files = [ extra-config-files = [
config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path

View file

@ -7,6 +7,7 @@
{ {
age.secrets."nachtigall-coturn-static-auth-secret" = { age.secrets."nachtigall-coturn-static-auth-secret" = {
file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age"; file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age";
path = "/run/agenix/coturn-static-auth-secret";
mode = "400"; mode = "400";
owner = "turnserver"; owner = "turnserver";
}; };
@ -18,7 +19,7 @@
min-port = 49000; min-port = 49000;
max-port = 50000; max-port = 50000;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret-file = "/run/agenix/nachtigall-coturn-static-auth-secret"; static-auth-secret-file = config.age.secrets."nachtigall-coturn-static-auth-secret".path;
realm = "turn.${config.pub-solar-os.networking.domain}"; realm = "turn.${config.pub-solar-os.networking.domain}";
cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";

View file

@ -30,6 +30,10 @@ in
type = lib.types.str; type = lib.types.str;
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key"; default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
}; };
sliding-sync.enable = lib.mkEnableOption {
description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+";
default = false;
};
}; };
config = lib.mkIf config.pub-solar-os.matrix-synapse.enable { config = lib.mkIf config.pub-solar-os.matrix-synapse.enable {
@ -261,17 +265,17 @@ in
plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ];
}; };
#services.matrix-sliding-sync = { services.matrix-sliding-sync = {
# enable = true; enable = config.pub-solar-os.matrix-synapse.sliding-sync.enable;
# settings = { settings = {
# SYNCV3_SERVER = "https://${publicDomain}"; SYNCV3_SERVER = "https://${publicDomain}";
# SYNCV3_BINDADDR = "127.0.0.1:8011"; SYNCV3_BINDADDR = "127.0.0.1:8011";
# # The bind addr for Prometheus metrics, which will be accessible at # The bind addr for Prometheus metrics, which will be accessible at
# # /metrics at this address # /metrics at this address
# SYNCV3_PROM = "127.0.0.1:9100"; SYNCV3_PROM = "127.0.0.1:9100";
# }; };
# environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path; environmentFile = config.age.secrets."nachtigall-matrix-synapse-sliding-sync-secret".path;
#}; };
pub-solar-os.backups.restic.matrix-synapse = { pub-solar-os.backups.restic.matrix-synapse = {
paths = [ paths = [