From 8b73e54beb5fdf1ecf728ada0bc3626d695271d3 Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Fri, 9 Dec 2022 06:24:28 +0100 Subject: [PATCH] Add signing key to secrets Less state to manage is always good --- secrets/jokum/jokum.yaml | 5 +++-- services/matrix/synapse.nix | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/secrets/jokum/jokum.yaml b/secrets/jokum/jokum.yaml index bbb8f1f..d3f4114 100644 --- a/secrets/jokum/jokum.yaml +++ b/secrets/jokum/jokum.yaml @@ -2,6 +2,7 @@ matrix: synapse: dbconfig: ENC[AES256_GCM,data:a0Bq2ilDZM0GddHZS1WcaSY3kdFDbau4BNMu+rumisYZy5/VQOE6LT/gq3vdwH2T7D3r1/cj7YSRcdjq+SRYHiJ9xgb1m3tx+ZlvNrY8PMaYvtmOpMoXyYlJ2iT7/IiMk5UW50cSZEcww7zS8NknZMzjiNEq3+D88J57J6WRmQqj/w==,iv:BsbOLl/hlQIjOLnik8lZWO3+jhMEZ//fisxLon7HdE0=,tag:WqMGflg5+Sh2zx5QFnjy4A==,type:str] turnconfig: ENC[AES256_GCM,data:lHySrJUpQKAUXsl9LzYlxu4YSCz4qJF6MRLr+LprTEdhGvrnk7U=,iv:Jz7LEOUwTI8LCMOKqB2vN/0Zs+S0IJkHY3wpAC0q5YI=,tag:8KR7duN+Qqpl6B40hSEndw==,type:str] + signing_key: ENC[AES256_GCM,data:6RDZWsrRKDGTefIeZZ6UVlcoqVV3fdRas/sox4WkEgtouCh7lwwrSzpuM5R1H0cNVxA/8wBsaHG1xQ==,iv:TDfAdYROu7o7FIwn6oOs60surQ7zFy0+9bqhx8LtwXg=,tag:RNzcTYkDuyz6nz2z43CJwQ==,type:str] coturn: static-auth-secret: ENC[AES256_GCM,data:tPz4GUvJwB2osO2vwyyThms=,iv:MVoFWgqHm88JXaCYa5l57SkX3fSmP97Z7IzvwumHWY8=,tag:af7Qs4qiSYQ/OBLJbZGk2A==,type:str] registrations: @@ -30,8 +31,8 @@ sops: cGFFU3RzU200b0x3M2dkbFJWU0ZVSzAKSg7ZlRvgJshAJxXiXgT+b4nhFe4MjVRY n7+Ld+SdXJvGtZsH4IObkVYgj16d3SFBs87yWA+NExUoEuQb97fa7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-07T08:40:22Z" - mac: ENC[AES256_GCM,data:u7XsunuwsjzqkSH/IFP28ijvzGavxZgB8wU5ai8SoBlTyHpUBt/WQ1kcVbqPtsb6xMb9b+7o1MdWOz0yy8P4Jpj0/AalgNI1Rh84I1M/Vurn1fXnUZoM86v3OfLwO1iMExafh7PLiOxH/W1fNjaLJYdVbU6FhDI6Od25yF1W4PI=,iv:Vk2AFkt5p39y20UoWR9HP1iYJCqYVtYHBMnY+lDa9FQ=,tag:6WWSNvt0g7Vtickb7c6dUQ==,type:str] + lastmodified: "2022-12-09T05:16:09Z" + mac: ENC[AES256_GCM,data:MSKUQkCDCEOcl9Eh2VH9ccZ3Ux0eIyJFyjFVaJZ5WQA4fIB1J6Y/EoK/q7iaLFIH8YkeVPIvXVu9eCXjIyQkSugJwQXk+gSFtssjegUBTcZkRJJ0Lo48IWO4yVFXnDYzyFjcgH4TBmL0uco3BkWHfLHR46fQUJIco9yYlVKtsFU=,iv:d3uWCTVV8o1Nx6WJCF/YQHOeGjTzJk6xaDxMTWeUINU=,tag:KOi1naN2Uhe0NcMl6oW/6A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/services/matrix/synapse.nix b/services/matrix/synapse.nix index 9c93795..36335c3 100644 --- a/services/matrix/synapse.nix +++ b/services/matrix/synapse.nix @@ -11,6 +11,11 @@ in { group = config.users.users.matrix-synapse.group; }; + sops.secrets."matrix/synapse/signing_key" = { + owner = config.users.users.matrix-synapse.name; + group = config.users.users.matrix-synapse.group; + }; + services.matrix-synapse-next = { enable = true; @@ -29,6 +34,8 @@ in { server_name = "pvv.ntnu.no"; public_baseurl = "https://matrix.pvv.ntnu.no"; + signing_key_path = config.sops.secrets."matrix/synapse/signing_key".path; + media_store_path = "${cfg.dataDir}/media"; autocreate_auto_join_rooms = false;