walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

🔒️ registration shared secret for matrix

Browse Source
This commit is contained in:
James Walker 2021-11-14 14:16:56 -05:00
parent 91b3d32222
commit f135df56b3
Signed by: walkah
GPG Key ID: 3C127179D6086E93
4 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/plato/configuration.nix
View File

@ -13,6 +13,7 @@ in {
../../modules/gitea
../../modules/home-assistant
../../modules/matrix
../../modules/sops
];
# Use the systemd-boot EFI boot loader.

8
modules/matrix/default.nix
View File

@ -22,7 +22,6 @@
enable_registration = false;
database_type = "psycopg2";
database_args = { database = "matrix"; };
listeners = [{
port = 8008;
type = "http";
@ -33,6 +32,9 @@
names = [ "client" "federation" ];
}];
}];
extraConfigFiles = [
config.sops.secrets.matrix_registration_secret.path
];
account_threepid_delegates = {
email = "https://vector.im";
@ -40,4 +42,8 @@
};
};
};
sops.secrets.matrix_registration_secret = {
owner = "matrix-synapse";
};
}

9
modules/sops/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
let
sources = import ../../nix/sources.nix;
in
{
imports = [ "${sources.sops-nix}/modules/sops" ];
sops.defaultSopsFile = ../../secrets/secrets.yaml;
}

6
secrets/secrets.yaml
View File

@ -1,4 +1,4 @@
testing: ENC[AES256_GCM,data:L7u7KRH74FPLtYi/,iv:yloHuSqAbxz95L3Bpye8VRJFR87dVGMkArTBj5GFVtA=,tag:pKbC5EsdBM4zqrUwzb0abA==,type:str]
matrix_registration_secret: ENC[AES256_GCM,data:QPLarOeOr5Il2Q8I5RB8VWHwM/H0f7McV7du50WPe9HGRVYla2jbWNtWTTrDGQndso7YimQl8qNA4w9AYPpbcwX36JYGhWkWZFcEg3XAeNHcSJ1Z5BgCTOPvdn4=,iv:lYXyERKhmX2sww56gyZR2JVSvpVv+Y4yWqnRufZsN98=,tag:hTg4T/nzjKwfGV/kHjKTdg==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,8 +23,8 @@ sops:
QXJkUkFMS1ZCcXl1ZCsvUmdqeVVvc0EK9xP+VkSN61gLwMwwlOFCpLsfL6Jzk7CB
5LfW5lsyWCMqnw00W52h177kHZdf/nLmnoLDz2jZ7hPXiDpS7G9MrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2021-11-12T04:16:10Z"
mac: ENC[AES256_GCM,data:o4Pbvl/ry70zqKZnQ95I0zff/8Vzz1g+5i5PrrClmAlrq4OKiXKhmAyriMSknYzcBA4JnHqjfyHWzB7VpIPCAfiT5jmSjQgMaixVkFvtjDKNtuVXP9ECSY1sb3EeKBnlkR4Ev9aodkoJGxeaiTChadadkG09M6pjSwwyn6r1yNM=,iv:6GjWlgSHRDqwqeAI2J8IgGFo7/cTwKLcxz2h8tj+iYY=,tag:T3W+cvDk0t3G/c/mkcqoyw==,type:str]
lastmodified: "2021-11-14T19:03:58Z"
mac: ENC[AES256_GCM,data:H+rHU+hAt/zGbIq5unUVKnYnHJgRfekGADokELgPdUppmIS1aIOSk+Y+sJG6v3xPeLeys+gD1KkAH0nbPpuU5R3b2JSTGxQmSe37gWSKksZ8yNmqN3vI74nUfoI6IJlPfUfe7RhPLpEihfKJOIs5k47jyjYXH1VKoi6/v5UpL3M=,iv:vnkHmekuvRI1LAgzGxAfbM5eMDBajLOB8PP74LDbGyE=,tag:+GrWMOYQ0+MVqiSraQxoqA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1