diff options
| author | Silas Schöffel <sils@sils.li> | 2025-01-25 22:12:04 +0100 |
|---|---|---|
| committer | Silas Schöffel <sils@sils.li> | 2025-01-25 22:12:04 +0100 |
| commit | 87b0880423e4306e156af709a63ab1b565970204 (patch) | |
| tree | 5f66ae2e06474ac4c6cda6469cd5b51eeb6d0a84 | |
| parent | feat(mastodon): make secrets configurable (diff) | |
| download | nixos-server-migration.zip | |
feat(matrix): make secrets configurable migration
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/matrix/passwd.age (renamed from modules/by-name/ma/matrix/passwd.age) | 0 | ||||
| -rw-r--r-- | modules/by-name/ma/matrix/module.nix | 6 | ||||
| -rw-r--r-- | secrets.nix | 3 |
4 files changed, 7 insertions, 3 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 2afc79f..ec6a39f 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -23,6 +23,7 @@ enable = true; fqdn = "matrix.vhack.eu"; url = "vhack.eu"; + sharedSecretFile = ./secrets/matrix/passwd.age; }; miniflux = { enable = true; diff --git a/modules/by-name/ma/matrix/passwd.age b/hosts/by-name/server3/secrets/matrix/passwd.age index 6386ed6..6386ed6 100644 --- a/modules/by-name/ma/matrix/passwd.age +++ b/hosts/by-name/server3/secrets/matrix/passwd.age diff --git a/modules/by-name/ma/matrix/module.nix b/modules/by-name/ma/matrix/module.nix index a73fd13..4b730da 100644 --- a/modules/by-name/ma/matrix/module.nix +++ b/modules/by-name/ma/matrix/module.nix @@ -24,10 +24,14 @@ in { type = lib.types.str; description = "The url the matrix-server should be known under."; }; + sharedSecretFile = lib.mkOption { + type = lib.types.path; + description = "The age encrypted shared secret file for synapse, passed to agenix"; + }; }; config = lib.mkIf cfg.enable { age.secrets.matrix-synapse_registration_shared_secret = { - file = ./passwd.age; + file = cfg.sharedSecretFile; mode = "700"; owner = "matrix-synapse"; group = "matrix-synapse"; diff --git a/secrets.nix b/secrets.nix index 10608f4..819e9c3 100644 --- a/secrets.nix +++ b/secrets.nix @@ -17,8 +17,6 @@ let server3HostKey ]; in { - "./modules/by-name/ma/matrix/passwd.age".publicKeys = server3; - "./hosts/by-name/server2/secrets/backuppass.age".publicKeys = server2; "./hosts/by-name/server2/secrets/backupssh.age".publicKeys = server2; "./hosts/by-name/server2/secrets/etesync/secret_file.age".publicKeys = server2; @@ -26,6 +24,7 @@ in { "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3; "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3; "./hosts/by-name/server3/secrets/mastodon/mail.age".publicKeys = server3; + "./hosts/by-name/server3/secrets/matrix/passwd.age".publicKeys = server3; "./hosts/by-name/server3/secrets/miniflux/secrets/admin.age".publicKeys = server3; "./hosts/by-name/server3/secrets/peertube/general.age".publicKeys = server3; "./hosts/by-name/server3/secrets/peertube/smtp.age".publicKeys = server3; |