🔒️ registration shared secret for matrix

2021-11-14 14:16:56 -05:00
parent 91b3d32222
commit f135df56b3
4 changed files with 20 additions and 4 deletions
--- a/modules/matrix/default.nix
+++ b/modules/matrix/default.nix
@ -22,7 +22,6 @@
      enable_registration = false;
      database_type = "psycopg2";
      database_args = { database = "matrix"; };
-
      listeners = [{
        port = 8008;
        type = "http";
@ -33,6 +32,9 @@
          names = [ "client" "federation" ];
        }];
      }];
+      extraConfigFiles = [
+        config.sops.secrets.matrix_registration_secret.path
+      ];

      account_threepid_delegates = {
        email = "https://vector.im";
@ -40,4 +42,8 @@
      };
    };
  };
+
+  sops.secrets.matrix_registration_secret = { 
+    owner = "matrix-synapse";
+  };
 }
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@ -0,0 +1,9 @@
+{ config, lib, pkgs, ... }:
+
+let
+  sources = import ../../nix/sources.nix;
+in
+{
+  imports = [ "${sources.sops-nix}/modules/sops" ];
+  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+}