forked from pub-solar/infra
matrix: do not change paths for nachtigall secrets
This commit is contained in:
parent
d6cc9c8164
commit
7775ad332e
|
@ -63,18 +63,21 @@
|
||||||
# matrix-synapse
|
# matrix-synapse
|
||||||
age.secrets."nachtigall-matrix-synapse-signing-key" = {
|
age.secrets."nachtigall-matrix-synapse-signing-key" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
|
file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
|
||||||
|
path = "/run/agenix/matrix-synapse-signing-key";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
|
age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
|
file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
|
||||||
|
path = "/run/agenix/matrix-synapse-secret-config.yaml";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
|
age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
|
file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
|
||||||
|
path = "/run/agenix/matrix-synapse-sliding-sync-secret";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
@ -82,6 +85,7 @@
|
||||||
|
|
||||||
pub-solar-os.matrix-synapse = {
|
pub-solar-os.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
sliding-sync.enable = true;
|
||||||
signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
|
signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
|
||||||
extra-config-files = [
|
extra-config-files = [
|
||||||
config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path
|
config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
{
|
{
|
||||||
age.secrets."nachtigall-coturn-static-auth-secret" = {
|
age.secrets."nachtigall-coturn-static-auth-secret" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age";
|
file = "${flake.self}/secrets/nachtigall-coturn-static-auth-secret.age";
|
||||||
|
path = "/run/agenix/coturn-static-auth-secret";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "turnserver";
|
owner = "turnserver";
|
||||||
};
|
};
|
||||||
|
@ -18,7 +19,7 @@
|
||||||
min-port = 49000;
|
min-port = 49000;
|
||||||
max-port = 50000;
|
max-port = 50000;
|
||||||
use-auth-secret = true;
|
use-auth-secret = true;
|
||||||
static-auth-secret-file = "/run/agenix/nachtigall-coturn-static-auth-secret";
|
static-auth-secret-file = config.age.secrets."nachtigall-coturn-static-auth-secret".path;
|
||||||
realm = "turn.${config.pub-solar-os.networking.domain}";
|
realm = "turn.${config.pub-solar-os.networking.domain}";
|
||||||
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
||||||
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
||||||
|
|
|
@ -30,6 +30,10 @@ in
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
|
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
|
||||||
};
|
};
|
||||||
|
sliding-sync.enable = lib.mkEnableOption {
|
||||||
|
description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+";
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf config.pub-solar-os.matrix-synapse.enable {
|
config = lib.mkIf config.pub-solar-os.matrix-synapse.enable {
|
||||||
|
@ -261,17 +265,17 @@ in
|
||||||
plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ];
|
plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ];
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.matrix-sliding-sync = {
|
services.matrix-sliding-sync = {
|
||||||
# enable = true;
|
enable = config.pub-solar-os.matrix-synapse.sliding-sync.enable;
|
||||||
# settings = {
|
settings = {
|
||||||
# SYNCV3_SERVER = "https://${publicDomain}";
|
SYNCV3_SERVER = "https://${publicDomain}";
|
||||||
# SYNCV3_BINDADDR = "127.0.0.1:8011";
|
SYNCV3_BINDADDR = "127.0.0.1:8011";
|
||||||
# # The bind addr for Prometheus metrics, which will be accessible at
|
# The bind addr for Prometheus metrics, which will be accessible at
|
||||||
# # /metrics at this address
|
# /metrics at this address
|
||||||
# SYNCV3_PROM = "127.0.0.1:9100";
|
SYNCV3_PROM = "127.0.0.1:9100";
|
||||||
# };
|
};
|
||||||
# environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path;
|
environmentFile = config.age.secrets."nachtigall-matrix-synapse-sliding-sync-secret".path;
|
||||||
#};
|
};
|
||||||
|
|
||||||
pub-solar-os.backups.restic.matrix-synapse = {
|
pub-solar-os.backups.restic.matrix-synapse = {
|
||||||
paths = [
|
paths = [
|
||||||
|
|
Loading…
Reference in a new issue