forked from pub-solar/infra
modules/matrix: rename secrets to not include hostnames
This commit is contained in:
parent
472f9aa68b
commit
4434a90136
|
@ -61,22 +61,22 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# matrix-synapse
|
# matrix-synapse
|
||||||
age.secrets."nachtigall-matrix-synapse-signing-key" = {
|
age.secrets."matrix-synapse-signing-key" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
|
file = "${flake.self}/secrets/matrix-synapse-signing-key.age";
|
||||||
path = "/run/agenix/matrix-synapse-signing-key";
|
path = "/run/agenix/matrix-synapse-signing-key";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
|
age.secrets."matrix-synapse-secret-config.yaml" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
|
file = "${flake.self}/secrets/matrix-synapse-secret-config.yaml.age";
|
||||||
path = "/run/agenix/matrix-synapse-secret-config.yaml";
|
path = "/run/agenix/matrix-synapse-secret-config.yaml";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
|
age.secrets."matrix-synapse-sliding-sync-secret" = {
|
||||||
file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
|
file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age";
|
||||||
path = "/run/agenix/matrix-synapse-sliding-sync-secret";
|
path = "/run/agenix/matrix-synapse-sliding-sync-secret";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
|
@ -85,9 +85,9 @@
|
||||||
pub-solar-os.matrix-synapse = {
|
pub-solar-os.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
sliding-sync.enable = true;
|
sliding-sync.enable = true;
|
||||||
signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
|
signing_key_path = config.age.secrets."matrix-synapse-signing-key".path;
|
||||||
extra-config-files = [
|
extra-config-files = [
|
||||||
config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path
|
config.age.secrets."matrix-synapse-secret-config.yaml".path
|
||||||
|
|
||||||
# The registration file is automatically generated after starting the
|
# The registration file is automatically generated after starting the
|
||||||
# appservice for the first time.
|
# appservice for the first time.
|
||||||
|
|
|
@ -30,14 +30,14 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."underground-matrix-synapse-secret-config.yaml" = {
|
age.secrets."staging-matrix-synapse-secret-config.yaml" = {
|
||||||
file = "${flake.self}/secrets/underground-matrix-synapse-secret-config.yaml.age";
|
file = "${flake.self}/secrets/staging-matrix-synapse-secret-config.yaml.age";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."underground-matrix-authentication-service-secret-config.yml" = {
|
age.secrets."staging-matrix-authentication-service-secret-config.yml" = {
|
||||||
file = "${flake.self}/secrets/underground-matrix-authentication-service-secret-config.yml.age";
|
file = "${flake.self}/secrets/staging-matrix-authentication-service-secret-config.yml.age";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "matrix-authentication-service";
|
owner = "matrix-authentication-service";
|
||||||
};
|
};
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
pub-solar-os.matrix-synapse = {
|
pub-solar-os.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extra-config-files = [
|
extra-config-files = [
|
||||||
config.age.secrets."underground-matrix-synapse-secret-config.yaml".path
|
config.age.secrets."staging-matrix-synapse-secret-config.yaml".path
|
||||||
|
|
||||||
# The registration file is automatically generated after starting the
|
# The registration file is automatically generated after starting the
|
||||||
# appservice for the first time.
|
# appservice for the first time.
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
extraConfigFiles = [
|
extraConfigFiles = [
|
||||||
config.age.secrets."underground-matrix-authentication-service-secret-config.yml".path
|
config.age.secrets."staging-matrix-authentication-service-secret-config.yml".path
|
||||||
];
|
];
|
||||||
settings = {
|
settings = {
|
||||||
http.public_base = "https://mas.${config.pub-solar-os.networking.domain}";
|
http.public_base = "https://mas.${config.pub-solar-os.networking.domain}";
|
||||||
|
|
|
@ -65,12 +65,12 @@ in
|
||||||
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nachtigall-matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nachtigall-matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
|
"staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
|
||||||
"underground-matrix-authentication-service-secret-config.yml.age".publicKeys =
|
"staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
|
||||||
undergroundKeys ++ adminKeys;
|
undergroundKeys ++ adminKeys;
|
||||||
|
|
||||||
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue