From 4967c6f53366a0429c325783d8d7347b1e83db05 Mon Sep 17 00:00:00 2001 From: b12f Date: Wed, 30 Oct 2024 17:14:47 +0100 Subject: [PATCH] modules/matrix: rename secrets to not include hostnames --- hosts/nachtigall/configuration.nix | 16 +++---- hosts/underground/configuration.nix | 12 ++--- secrets/mastodon-fedifetcher-crew.age | 43 ++++++++++++++++++ ... => matrix-synapse-secret-config.yaml.age} | Bin ...key.age => matrix-synapse-signing-key.age} | Bin ...=> matrix-synapse-sliding-sync-secret.age} | 0 secrets/secrets.nix | 10 ++-- ...hentication-service-secret-config.yml.age} | Bin ...ing-matrix-synapse-secret-config.yaml.age} | Bin 9 files changed, 62 insertions(+), 19 deletions(-) create mode 100644 secrets/mastodon-fedifetcher-crew.age rename secrets/{nachtigall-matrix-synapse-secret-config.yaml.age => matrix-synapse-secret-config.yaml.age} (100%) rename secrets/{nachtigall-matrix-synapse-signing-key.age => matrix-synapse-signing-key.age} (100%) rename secrets/{nachtigall-matrix-synapse-sliding-sync-secret.age => matrix-synapse-sliding-sync-secret.age} (100%) rename secrets/{underground-matrix-authentication-service-secret-config.yml.age => staging-matrix-authentication-service-secret-config.yml.age} (100%) rename secrets/{underground-matrix-synapse-secret-config.yaml.age => staging-matrix-synapse-secret-config.yaml.age} (100%) diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index 69b191c..dac4fc6 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -61,22 +61,22 @@ }; # matrix-synapse - age.secrets."nachtigall-matrix-synapse-signing-key" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age"; + age.secrets."matrix-synapse-signing-key" = { + file = "${flake.self}/secrets/matrix-synapse-signing-key.age"; path = "/run/agenix/matrix-synapse-signing-key"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age"; + age.secrets."matrix-synapse-secret-config.yaml" = { + file = "${flake.self}/secrets/matrix-synapse-secret-config.yaml.age"; path = "/run/agenix/matrix-synapse-secret-config.yaml"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age"; + age.secrets."matrix-synapse-sliding-sync-secret" = { + file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age"; path = "/run/agenix/matrix-synapse-sliding-sync-secret"; mode = "400"; owner = "matrix-synapse"; @@ -85,9 +85,9 @@ pub-solar-os.matrix-synapse = { enable = true; sliding-sync.enable = true; - signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path; + signing_key_path = config.age.secrets."matrix-synapse-signing-key".path; extra-config-files = [ - config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path + config.age.secrets."matrix-synapse-secret-config.yaml".path # The registration file is automatically generated after starting the # appservice for the first time. diff --git a/hosts/underground/configuration.nix b/hosts/underground/configuration.nix index 131cb16..74b1d79 100644 --- a/hosts/underground/configuration.nix +++ b/hosts/underground/configuration.nix @@ -30,14 +30,14 @@ forceSSL = true; }; - age.secrets."underground-matrix-synapse-secret-config.yaml" = { - file = "${flake.self}/secrets/underground-matrix-synapse-secret-config.yaml.age"; + age.secrets."staging-matrix-synapse-secret-config.yaml" = { + file = "${flake.self}/secrets/staging-matrix-synapse-secret-config.yaml.age"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."underground-matrix-authentication-service-secret-config.yml" = { - file = "${flake.self}/secrets/underground-matrix-authentication-service-secret-config.yml.age"; + age.secrets."staging-matrix-authentication-service-secret-config.yml" = { + file = "${flake.self}/secrets/staging-matrix-authentication-service-secret-config.yml.age"; mode = "400"; owner = "matrix-authentication-service"; }; @@ -45,7 +45,7 @@ pub-solar-os.matrix-synapse = { enable = true; extra-config-files = [ - config.age.secrets."underground-matrix-synapse-secret-config.yaml".path + config.age.secrets."staging-matrix-synapse-secret-config.yaml".path # The registration file is automatically generated after starting the # appservice for the first time. @@ -65,7 +65,7 @@ enable = true; createDatabase = true; extraConfigFiles = [ - config.age.secrets."underground-matrix-authentication-service-secret-config.yml".path + config.age.secrets."staging-matrix-authentication-service-secret-config.yml".path ]; settings = { http.public_base = "https://mas.${config.pub-solar-os.networking.domain}"; diff --git a/secrets/mastodon-fedifetcher-crew.age b/secrets/mastodon-fedifetcher-crew.age new file mode 100644 index 0000000..7c004cc --- /dev/null +++ b/secrets/mastodon-fedifetcher-crew.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg bVvnnCPAs+2T/qbjLeAeJcxC/Pj0P1olpX/rK3dUt3c +wSDygptVZPXO4OXCBA1mRjGLJm4rA25wfRi1t/ORK/U +-> ssh-ed25519 uYcDNw 5Ydr3p/Flhv7BBOmcqjZlEQwwnqDtYTSs6L5pn3i4n0 +SEsUpizzqHgnA5zKrGHqehFnzeVUUoO7J1uhLbR9Wr8 +-> ssh-rsa f5THog +DgfyoawF/TPqy7MtY4uAbCZndU9ruOBAwKof3OWLd7+hlVb3KWOJguHXnFUjLwFu +crNQHc8abV1+DgIhCoaXosXzo2jd74xtgGQQ0peIz6Gvbt+NEYDYjOpk5io3wngR +rU38VKCc+sIufJ2LHQTWsawW2QjbLStfg6NYIuNYAYnPTZs0HrykCsRUv5Fuq/XM +EKE2uaGcCT0tTW+wBqPOwTRnX5vl3JFO4jJvnItW4jXxrqmlz0EWS4UK1pHJc/EO +Sj2VvHZIdqhqjIbI22OXNTjrIsHTMEK+R3dEFAdcMaZsdAra7TzaE7vF/nRMJVC6 +JYVxh+nRQo9TUEQM2pHQqMRse9PyMHLt/xzmXfsjYdqeIoY/KKjF+7QTN0P56Ot0 +TI9f5HreZDtlWWkPCHjDbmPcti1aGsuQiK1cfHXtVa95aXOSwnxsxDhAFP2AKu9O +fpHsKD+fp2kzK8/5pMzu4uUZtwDNZKm4X4cCaU+k6YYjn8EvvYTfwJWkGrZbZVeM +ZYat3WDY5ofd7R1glmDJtTR5JzbA8gSn2vHSlhm1QvIxi+WbLK88qY3mM47mzweK +l92WxHluAIAEYyY5aHQ+iBXKWKyWpsDxMLREaH2vw18FSm6HSUACM1f5FtsVKjpp +y2ka+yVZ7uPOn9Rq917S2PT/LFqxW/RcrfuIcveBnh8 +-> ssh-rsa kFDS0A +WMGfDJ4yTL6s1zrum/D6YMtUBO705N1bFFl5vIvJnNSCmoDp0gJ+iY2PXJdSoUFO +hTn8PGGNdcnQ3erPlOBzCdwbztfsj4l6S93Py9DE1ceLeJywdu9ETkYX1oEv4VcH +kZnfOnxu8UlW4685AsgSVSny35/DyyGJV6uIvShYI6tHKdnz+gmygTQUdA8c4dHA +d6tkAZnx3ojLdG3F4RsX0BrY0q5vxju0cAv83sbO9bhqQkl90Lg/xcLWWAtveYlO +ekGWJs+NyTWDmhRL3yiuuRbTDnqu4IUddk3gyITYe2USHoHn+t2Xd174qXfanBGL +jSLyjIj/I0yg6L/sIbzSJtwOMdEOxjXIx/PPGbv/rG3shyczAJUZvCj+Oyo6u6I3 +6MOr8WTyhRZyEkQTKgRoK7JyRl5jUIb3gf5Go75ho6f9cbCoMkllcWeeJoD3EE1d +Xm+9Rtn2dmyzlfIaRedlirmFRSpXNrIKrKTkXnWb+p7gs/8O4+qVzSuhmbDy/LaI +u+GaQhLYdBzV/sLKA3HHDHPcrJAn9CCOMqwz9c/CGoAkrT9vC2VzXH5an76YZbt3 +ZCrdprS5lhnXjKfUFojuJycBuzdcjQpGuEIo1fKsvQWNubmPdAFsfb/AGtkLHGe9 +njwteWBTKPur/YSfY5MqCV+RvMLzQWUVaM29KxiimbY +-> piv-p256 vRzPNw A4sP6HWdCdUOpTk8/Hhc6f4WvFsMvR85rA2Ybi500jXJ +Zz0aRAvpTQe0/bEmU4lvtS/tNaQpu+H1TxQ3uZsCUXM +-> piv-p256 zqq/iw AxETq/EClc12IzxurG0MO+X+0/06Sl9GRKhxFz2qzo7Z +x2cT2X1p9yIWP3XIhBF8/bhjfFKxpy0VEQy2Gl2QGVg +-> ssh-ed25519 YFSOsg ArDaw6BwV87K7ClgP++oGVYhz6/9LwOo1itt/izTD0Q +U/e+4ohVTev8AFSW9pQTdwpy6fUQCe5O4DikA9QqNLU +-> ssh-ed25519 iHV63A X1uzVCb8WrBhvFTkBWggMuoXJnY9BdtbwCM651vnlBo +J+B7JKy2ZAw0uxUhFVZ6ZcLbNK+//gXI9wRRgIN1B/M +-> ssh-ed25519 BVsyTA 21drLE5v+m+jrVPnmZW6SEub/ba7f2RcgeoPp6kTBnE +XwBVAXLFFVdYgczkeyii4VVDVqGYqRjcVpc8Nfxd9ug +-> ssh-ed25519 +3V2lQ UGzANGpj088/z3rzcLgS+EAb9vUBCIKbN1oEozlafwA +sikz5Y2SdCVcfvIZ5tTUDRzr3LszHEOdRxxQbg/8BSg +--- tVhjKUZsg/R0QnO0ZH/0cujm3tXi1GXTWzEn/eqylCg +<Ԇ'(~5%%$xE: ,)kuJ75_6 qJwHS휓Iq^A'` \ No newline at end of file diff --git a/secrets/nachtigall-matrix-synapse-secret-config.yaml.age b/secrets/matrix-synapse-secret-config.yaml.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-secret-config.yaml.age rename to secrets/matrix-synapse-secret-config.yaml.age diff --git a/secrets/nachtigall-matrix-synapse-signing-key.age b/secrets/matrix-synapse-signing-key.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-signing-key.age rename to secrets/matrix-synapse-signing-key.age diff --git a/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age b/secrets/matrix-synapse-sliding-sync-secret.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-sliding-sync-secret.age rename to secrets/matrix-synapse-sliding-sync-secret.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7165ba6..6eaede2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -65,12 +65,12 @@ in "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; - "underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys; - "underground-matrix-authentication-service-secret-config.yml.age".publicKeys = + "staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys; + "staging-matrix-authentication-service-secret-config.yml.age".publicKeys = undergroundKeys ++ adminKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys; diff --git a/secrets/underground-matrix-authentication-service-secret-config.yml.age b/secrets/staging-matrix-authentication-service-secret-config.yml.age similarity index 100% rename from secrets/underground-matrix-authentication-service-secret-config.yml.age rename to secrets/staging-matrix-authentication-service-secret-config.yml.age diff --git a/secrets/underground-matrix-synapse-secret-config.yaml.age b/secrets/staging-matrix-synapse-secret-config.yaml.age similarity index 100% rename from secrets/underground-matrix-synapse-secret-config.yaml.age rename to secrets/staging-matrix-synapse-secret-config.yaml.age