From 540968627c6d2cd4bc97ddb2eb8d7328e66bffcc Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 11 Mar 2022 17:42:16 +0100
Subject: [PATCH] secrets: move matrix to agenix

---
 hosts/poseidon/default.nix                    |   2 +-
 hosts/poseidon/secrets.nix                    |   4 ++
 .../secrets/matrix-synapse/secret-config.age  | Bin 0 -> 545 bytes
 modules/secrets/secrets.nix                   |   2 +
 secrets/default.nix                           |   2 -
 secrets/matrix-email-config.nix               | Bin 262 -> 0 bytes
 services/matrix.nix                           |  37 ------------------
 7 files changed, 7 insertions(+), 40 deletions(-)
 create mode 100644 modules/secrets/matrix-synapse/secret-config.age
 delete mode 100644 secrets/matrix-email-config.nix

diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index bf708d5..f86e0ad 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -100,7 +100,7 @@ in
 
     matrix = {
       enable = true;
-      emailConfig = secrets.matrixEmailConfig;
+      secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
     };
 
     monitoring = {
diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix
index 59e6393..2c9f9c7 100644
--- a/hosts/poseidon/secrets.nix
+++ b/hosts/poseidon/secrets.nix
@@ -13,6 +13,10 @@
 
           "lohr/shared-secret" = {};
 
+          "matrix-synapse/secret-config" = {
+            owner = "matrix-synapse";
+          };
+
           "users/alarsyo-hashed-password" = {};
           "users/root-hashed-password" = {};
         };
diff --git a/modules/secrets/matrix-synapse/secret-config.age b/modules/secrets/matrix-synapse/secret-config.age
new file mode 100644
index 0000000000000000000000000000000000000000..6268e887723a2bdcb549ce685297d89d27e9d00a
GIT binary patch
literal 545
zcmV++0^a>$XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LdNxIMI8h*L
zZ8t<>NMvnjYG+|?V^J$*HC1<RI8k&kV|YO`OiDLLVox|hWlBMLGj9rUYga>KGcPb=
zHcu-{adS5~WN~+PbVpQaN<w-_b3$@@SyNJNS#?o*Q8WrIJ|KQVOk6ZbT_P=Ka%Ew2
zWgsO^3Rz=OY;HG3b!Jj=Q)(+razbG_ZbE8TQ%F>KVp>5=Rzyg8IeIy0X)|(8YF2AR
zbz@L83N0-yAX8Q|MlmupIdWuTH*t1nO-*h&N_16CRx4_5F>85GS6FdjS#4x=FHLP#
z3Px3UU9z$b$vX()kjUGc07O-fX{XTiO-d7r$q>m(7Ar!}$JVxaLgz;8uA{d~tutF8
zEl*ZMZ~tgAWEVZKpY#(gXMoVQ-h7ze6PdVuTze2%0_r*|euwP|O$85HL}pwY;Nohe
zi>C&EMVC0YlqK@tW>Z3Ou4o>5^Iu{G;^7+1VfeSBcARB6<o+ug$y(h$Bp5^iO5lHJ
zr8dDCJuUsB2g@njRAM`QAHWkx@7t7Ef20Z=yi2kA9Y0;n5SxDK4v(~lx=fodtu6RN
z+!+~>Z=;#nx~K;*3e91TU79=#znJmrR#(-w6L)wl;cdWtxRu-tHBD)>1&|pAU*ho8
j;*DOEsugs0inXjR{azZdn%b%isddPihL-pjeS9+ZL7?4W

literal 0
HcmV?d00001

diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 81720b3..dcf6892 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -15,6 +15,8 @@ in
 
   "lohr/shared-secret.age".publicKeys = [ poseidon ];
 
+  "matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
+
   "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
   "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
   "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
diff --git a/secrets/default.nix b/secrets/default.nix
index d97b4aa..839d586 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -17,7 +17,5 @@ in {
 
     paperless = import ./paperless { inherit lib; };
     restic-backup = import ./restic-backup { inherit lib; };
-
-    matrixEmailConfig = import ./matrix-email-config.nix;
   };
 }
diff --git a/secrets/matrix-email-config.nix b/secrets/matrix-email-config.nix
deleted file mode 100644
index dcdbb060f8b55cdc9710c1825db9050dd34be5e5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 262
zcmV+h0r~y_M@dveQdv+`0AixK;bsfgWEj`H;#9)adT0(^GpR-2b+&$JWde*JmWjrt
zx(m5@z63T+EpBKOxXjIY1Os>?%hl-@He$kl9~#~tDdgqf^fvea%eMWLfXzYs*GGOg
zGC7SFe9+$Ke@b?0*Pkwo)W1{dTl%a+KE;_|=q@kn7g{z*)L+c#O@<@TJ|{%fq?kJL
z0p3NLP;Hec-tuDFX5yv)#YY&sTW)S9_+=;hDpb4VV9H#*rp3OwaE``KS+Nso%l`AY
zdbm4jXcD(pVr$yxWg;Q0x91i9&2h_m%)#gOqP+i3k?8CBd<cH3X`$-y2A`+iF9_am
M=1J=q0<%&P>32VfK>z>%

diff --git a/services/matrix.nix b/services/matrix.nix
index 30a2e68..231723a 100644
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -32,37 +32,6 @@ in {
       example = "/var/run/my_secrets/config.secret";
       description = "Secrets file included in configuration";
     };
-
-    emailConfig = mkOption {
-      type = types.submodule {
-        options = {
-          smtpHost = mkOption {
-            type = types.str;
-            default = "localhost";
-          };
-          smtpPort = mkOption {
-            type = types.port;
-            default = 587;
-            description = ''
-              The port to use to connect to the SMTP host.
-
-              Defaulting to STARTTLS port 587 because TLS port 465 isn't supported by synapse
-              See https://github.com/matrix-org/synapse/issues/8046
-            '';
-          };
-          smtpUser = mkOption {
-            type = types.str;
-          };
-          smtpPass = mkOption {
-            type = types.str;
-          };
-          notifFrom = mkOption {
-            type = types.str;
-            example = "Your Friendly %(app)s homeserver <noreply@example.com>";
-          };
-        };
-      };
-    };
   };
 
   config = mkIf cfg.enable {
@@ -144,13 +113,7 @@ in {
         use_presence = false;
 
         email = {
-          smtp_host = cfg.emailConfig.smtpHost;
-          smtp_port = cfg.emailConfig.smtpPort;
-          smtp_user = cfg.emailConfig.smtpUser;
-          smtp_pass = cfg.emailConfig.smtpPass;
-
           require_transport_security = true;
-          notif_from = cfg.emailConfig.notifFrom;
         };
 
         log_config = pkgs.writeText "log_config.yaml" logConfig;