secrets: move matrix to agenix
This commit is contained in:
parent
dad068ed6b
commit
540968627c
|
@ -100,7 +100,7 @@ in
|
||||||
|
|
||||||
matrix = {
|
matrix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
emailConfig = secrets.matrixEmailConfig;
|
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
monitoring = {
|
monitoring = {
|
||||||
|
|
|
@ -13,6 +13,10 @@
|
||||||
|
|
||||||
"lohr/shared-secret" = {};
|
"lohr/shared-secret" = {};
|
||||||
|
|
||||||
|
"matrix-synapse/secret-config" = {
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
BIN
modules/secrets/matrix-synapse/secret-config.age
Normal file
BIN
modules/secrets/matrix-synapse/secret-config.age
Normal file
Binary file not shown.
|
@ -15,6 +15,8 @@ in
|
||||||
|
|
||||||
"lohr/shared-secret.age".publicKeys = [ poseidon ];
|
"lohr/shared-secret.age".publicKeys = [ poseidon ];
|
||||||
|
|
||||||
|
"matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
|
||||||
|
|
||||||
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
|
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
|
||||||
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
|
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
|
|
|
@ -17,7 +17,5 @@ in {
|
||||||
|
|
||||||
paperless = import ./paperless { inherit lib; };
|
paperless = import ./paperless { inherit lib; };
|
||||||
restic-backup = import ./restic-backup { inherit lib; };
|
restic-backup = import ./restic-backup { inherit lib; };
|
||||||
|
|
||||||
matrixEmailConfig = import ./matrix-email-config.nix;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -32,37 +32,6 @@ in {
|
||||||
example = "/var/run/my_secrets/config.secret";
|
example = "/var/run/my_secrets/config.secret";
|
||||||
description = "Secrets file included in configuration";
|
description = "Secrets file included in configuration";
|
||||||
};
|
};
|
||||||
|
|
||||||
emailConfig = mkOption {
|
|
||||||
type = types.submodule {
|
|
||||||
options = {
|
|
||||||
smtpHost = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "localhost";
|
|
||||||
};
|
|
||||||
smtpPort = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 587;
|
|
||||||
description = ''
|
|
||||||
The port to use to connect to the SMTP host.
|
|
||||||
|
|
||||||
Defaulting to STARTTLS port 587 because TLS port 465 isn't supported by synapse
|
|
||||||
See https://github.com/matrix-org/synapse/issues/8046
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
smtpUser = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
smtpPass = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
notifFrom = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "Your Friendly %(app)s homeserver <noreply@example.com>";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -144,13 +113,7 @@ in {
|
||||||
use_presence = false;
|
use_presence = false;
|
||||||
|
|
||||||
email = {
|
email = {
|
||||||
smtp_host = cfg.emailConfig.smtpHost;
|
|
||||||
smtp_port = cfg.emailConfig.smtpPort;
|
|
||||||
smtp_user = cfg.emailConfig.smtpUser;
|
|
||||||
smtp_pass = cfg.emailConfig.smtpPass;
|
|
||||||
|
|
||||||
require_transport_security = true;
|
require_transport_security = true;
|
||||||
notif_from = cfg.emailConfig.notifFrom;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
log_config = pkgs.writeText "log_config.yaml" logConfig;
|
log_config = pkgs.writeText "log_config.yaml" logConfig;
|
||||||
|
|
Loading…
Reference in a new issue