motiejus/config
1
Fork 0
Code Packages Releases Activity

a few more secrets

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-03-19 21:50:34 +02:00
parent 315f7e5f75
commit 9c474327ff
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
configuration.nix
View File

@ -371,11 +371,6 @@ in {
''; '';
}; };
# TODO secrets:
# - registration_shared_secret
# - macaroon_secret_key
# - turn_shared_secret
# TODO:
# app_service_config_files # app_service_config_files
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
@ -385,6 +380,7 @@ in {
enable_registration = false; enable_registration = false;
report_stats = true; report_stats = true;
signing_key_path = "/run/matrix-synapse/jakstys.lt.signing.key"; signing_key_path = "/run/matrix-synapse/jakstys.lt.signing.key";
extraConfigFiles = [ "/run/matrix-synapse/secrets.yaml" ];
log_config = pkgs.writeText "log.config" '' log_config = pkgs.writeText "log.config" ''
version: 1 version: 1
formatters: formatters:
@ -569,9 +565,15 @@ in {
preStart = '' preStart = ''
mkdir -p /run/matrix-synapse/ mkdir -p /run/matrix-synapse/
ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key ln -sf ''${CREDENTIALS_DIRECTORY}/jakstys.lt.signing.key /run/matrix-synapse/jakstys.lt.signing.key
cat > /run/matrix-synapse/secrets.yaml <<EOF
registration_shared_secret: "$(cat ''${CREDENTIALS_DIRECTORY}/registration_shared_secret)"
macaroon_secret_key: "$(cat ''${CREDENTIALS_DIRECTORY}/macaroon_secret_key)"
EOF
''; '';
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key" "jakstys.lt.signing.key:/var/src/secrets/synapse/jakstys.lt.signing.key"
"registration_shared_secret:/var/src/secrets/synapse/registration_shared_secret"
"macaroon_secret_key:/var/src/secrets/synapse/macaroon_secret_key"
]; ];
}; };