modules/matrix: rename secrets to not include hostnames

2024-10-30 17:14:47 +01:00 · 2024-10-30 17:14:47 +01:00 · 4967c6f533
parent 15eca411ba
commit 4967c6f533
9 changed files with 62 additions and 19 deletions
--- a/hosts/nachtigall/configuration.nix
+++ b/hosts/nachtigall/configuration.nix
@ -61,22 +61,22 @@
  };

  # matrix-synapse
-  age.secrets."nachtigall-matrix-synapse-signing-key" = {
-    file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age";
+  age.secrets."matrix-synapse-signing-key" = {
+    file = "${flake.self}/secrets/matrix-synapse-signing-key.age";
    path = "/run/agenix/matrix-synapse-signing-key";
    mode = "400";
    owner = "matrix-synapse";
  };

-  age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = {
-    file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age";
+  age.secrets."matrix-synapse-secret-config.yaml" = {
+    file = "${flake.self}/secrets/matrix-synapse-secret-config.yaml.age";
    path = "/run/agenix/matrix-synapse-secret-config.yaml";
    mode = "400";
    owner = "matrix-synapse";
  };

-  age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = {
-    file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age";
+  age.secrets."matrix-synapse-sliding-sync-secret" = {
+    file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age";
    path = "/run/agenix/matrix-synapse-sliding-sync-secret";
    mode = "400";
    owner = "matrix-synapse";
@ -85,9 +85,9 @@
  pub-solar-os.matrix-synapse = {
    enable = true;
    sliding-sync.enable = true;
-    signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path;
+    signing_key_path = config.age.secrets."matrix-synapse-signing-key".path;
    extra-config-files = [
-      config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path
+      config.age.secrets."matrix-synapse-secret-config.yaml".path

      # The registration file is automatically generated after starting the
      # appservice for the first time.
--- a/hosts/underground/configuration.nix
+++ b/hosts/underground/configuration.nix
@ -30,14 +30,14 @@
    forceSSL = true;
  };

-  age.secrets."underground-matrix-synapse-secret-config.yaml" = {
-    file = "${flake.self}/secrets/underground-matrix-synapse-secret-config.yaml.age";
+  age.secrets."staging-matrix-synapse-secret-config.yaml" = {
+    file = "${flake.self}/secrets/staging-matrix-synapse-secret-config.yaml.age";
    mode = "400";
    owner = "matrix-synapse";
  };

-  age.secrets."underground-matrix-authentication-service-secret-config.yml" = {
-    file = "${flake.self}/secrets/underground-matrix-authentication-service-secret-config.yml.age";
+  age.secrets."staging-matrix-authentication-service-secret-config.yml" = {
+    file = "${flake.self}/secrets/staging-matrix-authentication-service-secret-config.yml.age";
    mode = "400";
    owner = "matrix-authentication-service";
  };
@ -45,7 +45,7 @@
  pub-solar-os.matrix-synapse = {
    enable = true;
    extra-config-files = [
-      config.age.secrets."underground-matrix-synapse-secret-config.yaml".path
+      config.age.secrets."staging-matrix-synapse-secret-config.yaml".path

      # The registration file is automatically generated after starting the
      # appservice for the first time.
@ -65,7 +65,7 @@
    enable = true;
    createDatabase = true;
    extraConfigFiles = [
-      config.age.secrets."underground-matrix-authentication-service-secret-config.yml".path
+      config.age.secrets."staging-matrix-authentication-service-secret-config.yml".path
    ];
    settings = {
      http.public_base = "https://mas.${config.pub-solar-os.networking.domain}";
--- a/secrets/mastodon-fedifetcher-crew.age
+++ b/secrets/mastodon-fedifetcher-crew.age
@ -0,0 +1,43 @@
+age-encryption.org/v1
+-> ssh-ed25519 iDKjwg bVvnnCPAs+2T/qbjLeAeJcxC/Pj0P1olpX/rK3dUt3c
+wSDygptVZPXO4OXCBA1mRjGLJm4rA25wfRi1t/ORK/U
+-> ssh-ed25519 uYcDNw 5Ydr3p/Flhv7BBOmcqjZlEQwwnqDtYTSs6L5pn3i4n0
+SEsUpizzqHgnA5zKrGHqehFnzeVUUoO7J1uhLbR9Wr8
+-> ssh-rsa f5THog
+DgfyoawF/TPqy7MtY4uAbCZndU9ruOBAwKof3OWLd7+hlVb3KWOJguHXnFUjLwFu
+crNQHc8abV1+DgIhCoaXosXzo2jd74xtgGQQ0peIz6Gvbt+NEYDYjOpk5io3wngR
+rU38VKCc+sIufJ2LHQTWsawW2QjbLStfg6NYIuNYAYnPTZs0HrykCsRUv5Fuq/XM
+EKE2uaGcCT0tTW+wBqPOwTRnX5vl3JFO4jJvnItW4jXxrqmlz0EWS4UK1pHJc/EO
+Sj2VvHZIdqhqjIbI22OXNTjrIsHTMEK+R3dEFAdcMaZsdAra7TzaE7vF/nRMJVC6
+JYVxh+nRQo9TUEQM2pHQqMRse9PyMHLt/xzmXfsjYdqeIoY/KKjF+7QTN0P56Ot0
+TI9f5HreZDtlWWkPCHjDbmPcti1aGsuQiK1cfHXtVa95aXOSwnxsxDhAFP2AKu9O
+fpHsKD+fp2kzK8/5pMzu4uUZtwDNZKm4X4cCaU+k6YYjn8EvvYTfwJWkGrZbZVeM
+ZYat3WDY5ofd7R1glmDJtTR5JzbA8gSn2vHSlhm1QvIxi+WbLK88qY3mM47mzweK
+l92WxHluAIAEYyY5aHQ+iBXKWKyWpsDxMLREaH2vw18FSm6HSUACM1f5FtsVKjpp
+y2ka+yVZ7uPOn9Rq917S2PT/LFqxW/RcrfuIcveBnh8
+-> ssh-rsa kFDS0A
+WMGfDJ4yTL6s1zrum/D6YMtUBO705N1bFFl5vIvJnNSCmoDp0gJ+iY2PXJdSoUFO
+hTn8PGGNdcnQ3erPlOBzCdwbztfsj4l6S93Py9DE1ceLeJywdu9ETkYX1oEv4VcH
+kZnfOnxu8UlW4685AsgSVSny35/DyyGJV6uIvShYI6tHKdnz+gmygTQUdA8c4dHA
+d6tkAZnx3ojLdG3F4RsX0BrY0q5vxju0cAv83sbO9bhqQkl90Lg/xcLWWAtveYlO
+ekGWJs+NyTWDmhRL3yiuuRbTDnqu4IUddk3gyITYe2USHoHn+t2Xd174qXfanBGL
+jSLyjIj/I0yg6L/sIbzSJtwOMdEOxjXIx/PPGbv/rG3shyczAJUZvCj+Oyo6u6I3
+6MOr8WTyhRZyEkQTKgRoK7JyRl5jUIb3gf5Go75ho6f9cbCoMkllcWeeJoD3EE1d
+Xm+9Rtn2dmyzlfIaRedlirmFRSpXNrIKrKTkXnWb+p7gs/8O4+qVzSuhmbDy/LaI
+u+GaQhLYdBzV/sLKA3HHDHPcrJAn9CCOMqwz9c/CGoAkrT9vC2VzXH5an76YZbt3
+ZCrdprS5lhnXjKfUFojuJycBuzdcjQpGuEIo1fKsvQWNubmPdAFsfb/AGtkLHGe9
+njwteWBTKPur/YSfY5MqCV+RvMLzQWUVaM29KxiimbY
+-> piv-p256 vRzPNw A4sP6HWdCdUOpTk8/Hhc6f4WvFsMvR85rA2Ybi500jXJ
+Zz0aRAvpTQe0/bEmU4lvtS/tNaQpu+H1TxQ3uZsCUXM
+-> piv-p256 zqq/iw AxETq/EClc12IzxurG0MO+X+0/06Sl9GRKhxFz2qzo7Z
+x2cT2X1p9yIWP3XIhBF8/bhjfFKxpy0VEQy2Gl2QGVg
+-> ssh-ed25519 YFSOsg ArDaw6BwV87K7ClgP++oGVYhz6/9LwOo1itt/izTD0Q
+U/e+4ohVTev8AFSW9pQTdwpy6fUQCe5O4DikA9QqNLU
+-> ssh-ed25519 iHV63A X1uzVCb8WrBhvFTkBWggMuoXJnY9BdtbwCM651vnlBo
+J+B7JKy2ZAw0uxUhFVZ6ZcLbNK+//gXI9wRRgIN1B/M
+-> ssh-ed25519 BVsyTA 21drLE5v+m+jrVPnmZW6SEub/ba7f2RcgeoPp6kTBnE
+XwBVAXLFFVdYgczkeyii4VVDVqGYqRjcVpc8Nfxd9ug
+-> ssh-ed25519 +3V2lQ UGzANGpj088/z3rzcLgS+EAb9vUBCIKbN1oEozlafwA
+sikz5Y2SdCVcfvIZ5tTUDRzr3LszHEOdRxxQbg/8BSg
+--- tVhjKUZsg/R0QnO0ZH/0cujm3tXi1GXTWzEn/eqylCg
+<Ô†ø<E280A0>'(~«¶5%¢À%$³xá·Eþ¤:
,)kÿòì‰uJ7¡É5›†_6 «qJþ™wÍHSñíœ“êIqç¿^“˜Aó'õ`ë
--- a/secrets/nachtigall-matrix-synapse-secret-config.yaml.age
+++ b/secrets/nachtigall-matrix-synapse-secret-config.yaml.age
--- a/secrets/nachtigall-matrix-synapse-signing-key.age
+++ b/secrets/nachtigall-matrix-synapse-signing-key.age
--- a/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age
+++ b/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -65,12 +65,12 @@ in
  "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;

  "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
-  "nachtigall-matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
-  "nachtigall-matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
-  "nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
+  "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
+  "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
+  "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;

-  "underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
-  "underground-matrix-authentication-service-secret-config.yml.age".publicKeys =
+  "staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
+  "staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
    undergroundKeys ++ adminKeys;

  "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
--- a/secrets/underground-matrix-authentication-service-secret-config.yml.age
+++ b/secrets/underground-matrix-authentication-service-secret-config.yml.age
--- a/secrets/underground-matrix-synapse-secret-config.yaml.age
+++ b/secrets/underground-matrix-synapse-secret-config.yaml.age