From bbc964b8b139450e1da054c8635718d9b9e01290 Mon Sep 17 00:00:00 2001 From: b12f Date: Wed, 30 Oct 2024 17:14:47 +0100 Subject: [PATCH] modules/matrix: rename secrets to not include hostnames --- hosts/nachtigall/configuration.nix | 16 ++++++++-------- hosts/underground/configuration.nix | 12 ++++++------ ...ge => matrix-synapse-secret-config.yaml.age} | Bin ...g-key.age => matrix-synapse-signing-key.age} | Bin ...e => matrix-synapse-sliding-sync-secret.age} | 0 secrets/secrets.nix | 10 +++++----- ...uthentication-service-secret-config.yml.age} | Bin ...aging-matrix-synapse-secret-config.yaml.age} | Bin 8 files changed, 19 insertions(+), 19 deletions(-) rename secrets/{nachtigall-matrix-synapse-secret-config.yaml.age => matrix-synapse-secret-config.yaml.age} (100%) rename secrets/{nachtigall-matrix-synapse-signing-key.age => matrix-synapse-signing-key.age} (100%) rename secrets/{nachtigall-matrix-synapse-sliding-sync-secret.age => matrix-synapse-sliding-sync-secret.age} (100%) rename secrets/{underground-matrix-authentication-service-secret-config.yml.age => staging-matrix-authentication-service-secret-config.yml.age} (100%) rename secrets/{underground-matrix-synapse-secret-config.yaml.age => staging-matrix-synapse-secret-config.yaml.age} (100%) diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index 69b191c..dac4fc6 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -61,22 +61,22 @@ }; # matrix-synapse - age.secrets."nachtigall-matrix-synapse-signing-key" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-signing-key.age"; + age.secrets."matrix-synapse-signing-key" = { + file = "${flake.self}/secrets/matrix-synapse-signing-key.age"; path = "/run/agenix/matrix-synapse-signing-key"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."nachtigall-matrix-synapse-secret-config.yaml" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-secret-config.yaml.age"; + age.secrets."matrix-synapse-secret-config.yaml" = { + file = "${flake.self}/secrets/matrix-synapse-secret-config.yaml.age"; path = "/run/agenix/matrix-synapse-secret-config.yaml"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."nachtigall-matrix-synapse-sliding-sync-secret" = { - file = "${flake.self}/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age"; + age.secrets."matrix-synapse-sliding-sync-secret" = { + file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age"; path = "/run/agenix/matrix-synapse-sliding-sync-secret"; mode = "400"; owner = "matrix-synapse"; @@ -85,9 +85,9 @@ pub-solar-os.matrix-synapse = { enable = true; sliding-sync.enable = true; - signing_key_path = config.age.secrets."nachtigall-matrix-synapse-signing-key".path; + signing_key_path = config.age.secrets."matrix-synapse-signing-key".path; extra-config-files = [ - config.age.secrets."nachtigall-matrix-synapse-secret-config.yaml".path + config.age.secrets."matrix-synapse-secret-config.yaml".path # The registration file is automatically generated after starting the # appservice for the first time. diff --git a/hosts/underground/configuration.nix b/hosts/underground/configuration.nix index 131cb16..74b1d79 100644 --- a/hosts/underground/configuration.nix +++ b/hosts/underground/configuration.nix @@ -30,14 +30,14 @@ forceSSL = true; }; - age.secrets."underground-matrix-synapse-secret-config.yaml" = { - file = "${flake.self}/secrets/underground-matrix-synapse-secret-config.yaml.age"; + age.secrets."staging-matrix-synapse-secret-config.yaml" = { + file = "${flake.self}/secrets/staging-matrix-synapse-secret-config.yaml.age"; mode = "400"; owner = "matrix-synapse"; }; - age.secrets."underground-matrix-authentication-service-secret-config.yml" = { - file = "${flake.self}/secrets/underground-matrix-authentication-service-secret-config.yml.age"; + age.secrets."staging-matrix-authentication-service-secret-config.yml" = { + file = "${flake.self}/secrets/staging-matrix-authentication-service-secret-config.yml.age"; mode = "400"; owner = "matrix-authentication-service"; }; @@ -45,7 +45,7 @@ pub-solar-os.matrix-synapse = { enable = true; extra-config-files = [ - config.age.secrets."underground-matrix-synapse-secret-config.yaml".path + config.age.secrets."staging-matrix-synapse-secret-config.yaml".path # The registration file is automatically generated after starting the # appservice for the first time. @@ -65,7 +65,7 @@ enable = true; createDatabase = true; extraConfigFiles = [ - config.age.secrets."underground-matrix-authentication-service-secret-config.yml".path + config.age.secrets."staging-matrix-authentication-service-secret-config.yml".path ]; settings = { http.public_base = "https://mas.${config.pub-solar-os.networking.domain}"; diff --git a/secrets/nachtigall-matrix-synapse-secret-config.yaml.age b/secrets/matrix-synapse-secret-config.yaml.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-secret-config.yaml.age rename to secrets/matrix-synapse-secret-config.yaml.age diff --git a/secrets/nachtigall-matrix-synapse-signing-key.age b/secrets/matrix-synapse-signing-key.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-signing-key.age rename to secrets/matrix-synapse-signing-key.age diff --git a/secrets/nachtigall-matrix-synapse-sliding-sync-secret.age b/secrets/matrix-synapse-sliding-sync-secret.age similarity index 100% rename from secrets/nachtigall-matrix-synapse-sliding-sync-secret.age rename to secrets/matrix-synapse-sliding-sync-secret.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7165ba6..6eaede2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -65,12 +65,12 @@ in "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys; - "nachtigall-matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys; + "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys; - "underground-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys; - "underground-matrix-authentication-service-secret-config.yml.age".publicKeys = + "staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys; + "staging-matrix-authentication-service-secret-config.yml.age".publicKeys = undergroundKeys ++ adminKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys; diff --git a/secrets/underground-matrix-authentication-service-secret-config.yml.age b/secrets/staging-matrix-authentication-service-secret-config.yml.age similarity index 100% rename from secrets/underground-matrix-authentication-service-secret-config.yml.age rename to secrets/staging-matrix-authentication-service-secret-config.yml.age diff --git a/secrets/underground-matrix-synapse-secret-config.yaml.age b/secrets/staging-matrix-synapse-secret-config.yaml.age similarity index 100% rename from secrets/underground-matrix-synapse-secret-config.yaml.age rename to secrets/staging-matrix-synapse-secret-config.yaml.age