alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

secrets: move matrix to agenix

Browse source
This commit is contained in:
Antoine Martin 2022-03-11 17:42:16 +01:00
parent dad068ed6b
commit 540968627c
7 changed files with 7 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/poseidon/default.nix
View file

@ -100,7 +100,7 @@ in
matrix = { matrix = {
enable = true; enable = true;
emailConfig = secrets.matrixEmailConfig; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
}; };
monitoring = { monitoring = {

4
hosts/poseidon/secrets.nix
View file

@ -13,6 +13,10 @@
"lohr/shared-secret" = {}; "lohr/shared-secret" = {};
"matrix-synapse/secret-config" = {
owner = "matrix-synapse";
};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };

BIN
modules/secrets/matrix-synapse/secret-config.age Normal file
View file

Binary file not shown.

2
modules/secrets/secrets.nix
View file

@ -15,6 +15,8 @@ in
"lohr/shared-secret.age".publicKeys = [ poseidon ]; "lohr/shared-secret.age".publicKeys = [ poseidon ];
"matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];

2
secrets/default.nix
View file

@ -17,7 +17,5 @@ in {
paperless = import ./paperless { inherit lib; }; paperless = import ./paperless { inherit lib; };
restic-backup = import ./restic-backup { inherit lib; }; restic-backup = import ./restic-backup { inherit lib; };
matrixEmailConfig = import ./matrix-email-config.nix;
}; };
} }

BIN
secrets/matrix-email-config.nix
View file

Binary file not shown.

37
services/matrix.nix
View file

@ -32,37 +32,6 @@ in {
example = "/var/run/my_secrets/config.secret"; example = "/var/run/my_secrets/config.secret";
description = "Secrets file included in configuration"; description = "Secrets file included in configuration";
}; };
emailConfig = mkOption {
type = types.submodule {
options = {
smtpHost = mkOption {
type = types.str;
default = "localhost";
};
smtpPort = mkOption {
type = types.port;
default = 587;
description = ''
The port to use to connect to the SMTP host.
Defaulting to STARTTLS port 587 because TLS port 465 isn't supported by synapse
See https://github.com/matrix-org/synapse/issues/8046
'';
};
smtpUser = mkOption {
type = types.str;
};
smtpPass = mkOption {
type = types.str;
};
notifFrom = mkOption {
type = types.str;
example = "Your Friendly %(app)s homeserver <noreply@example.com>";
};
};
};
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -144,13 +113,7 @@ in {
use_presence = false; use_presence = false;
email = { email = {
smtp_host = cfg.emailConfig.smtpHost;
smtp_port = cfg.emailConfig.smtpPort;
smtp_user = cfg.emailConfig.smtpUser;
smtp_pass = cfg.emailConfig.smtpPass;
require_transport_security = true; require_transport_security = true;
notif_from = cfg.emailConfig.notifFrom;
}; };
log_config = pkgs.writeText "log_config.yaml" logConfig; log_config = pkgs.writeText "log_config.yaml" logConfig;