secrets: move matrix to agenix

2022-03-11 17:42:16 +01:00 · 2022-03-11 17:42:16 +01:00 · 540968627c
parent dad068ed6b
commit 540968627c
7 changed files with 7 additions and 40 deletions
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@ -100,7 +100,7 @@ in

    matrix = {
      enable = true;
-      emailConfig = secrets.matrixEmailConfig;
+      secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
    };

    monitoring = {
--- a/hosts/poseidon/secrets.nix
+++ b/hosts/poseidon/secrets.nix
@ -13,6 +13,10 @@

          "lohr/shared-secret" = {};

+          "matrix-synapse/secret-config" = {
+            owner = "matrix-synapse";
+          };
+
          "users/alarsyo-hashed-password" = {};
          "users/root-hashed-password" = {};
        };
--- a/modules/secrets/matrix-synapse/secret-config.age
+++ b/modules/secrets/matrix-synapse/secret-config.age
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -15,6 +15,8 @@ in

  "lohr/shared-secret.age".publicKeys = [ poseidon ];

+  "matrix-synapse/secret-config.age".publicKeys = [ poseidon ];
+
  "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
  "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
  "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -17,7 +17,5 @@ in {

    paperless = import ./paperless { inherit lib; };
    restic-backup = import ./restic-backup { inherit lib; };
-
-    matrixEmailConfig = import ./matrix-email-config.nix;
  };
 }
--- a/secrets/matrix-email-config.nix
+++ b/secrets/matrix-email-config.nix
--- a/services/matrix.nix
+++ b/services/matrix.nix
@ -32,37 +32,6 @@ in {
      example = "/var/run/my_secrets/config.secret";
      description = "Secrets file included in configuration";
    };
-
-    emailConfig = mkOption {
-      type = types.submodule {
-        options = {
-          smtpHost = mkOption {
-            type = types.str;
-            default = "localhost";
-          };
-          smtpPort = mkOption {
-            type = types.port;
-            default = 587;
-            description = ''
-              The port to use to connect to the SMTP host.
-
-              Defaulting to STARTTLS port 587 because TLS port 465 isn't supported by synapse
-              See https://github.com/matrix-org/synapse/issues/8046
-            '';
-          };
-          smtpUser = mkOption {
-            type = types.str;
-          };
-          smtpPass = mkOption {
-            type = types.str;
-          };
-          notifFrom = mkOption {
-            type = types.str;
-            example = "Your Friendly %(app)s homeserver <noreply@example.com>";
-          };
-        };
-      };
-    };
  };

  config = mkIf cfg.enable {
@ -144,13 +113,7 @@ in {
        use_presence = false;

        email = {
-          smtp_host = cfg.emailConfig.smtpHost;
-          smtp_port = cfg.emailConfig.smtpPort;
-          smtp_user = cfg.emailConfig.smtpUser;
-          smtp_pass = cfg.emailConfig.smtpPass;
-
          require_transport_security = true;
-          notif_from = cfg.emailConfig.notifFrom;
        };

        log_config = pkgs.writeText "log_config.yaml" logConfig;