matrix: use shared secret

This commit is contained in:
Antoine Martin 2021-02-02 01:20:31 +01:00
parent 76ceb26707
commit d5eb537b5e
4 changed files with 20 additions and 3 deletions

5
.gitignore vendored
View file

@ -1,2 +1,3 @@
borg-backup-repo /secrets/borg-backup-repo
miniflux-admin-credentials /secrets/miniflux-admin-credentials
/secrets/matrix-registration-shared-secret

View file

@ -88,7 +88,13 @@
privatePort = 8080; privatePort = 8080;
}; };
matrix.enable = true; matrix = {
enable = true;
registration_shared_secret =
(lib.removeSuffix "\n" (
builtins.readFile ./secrets/matrix-registration-shared-secret
));
};
monitoring = { monitoring = {
enable = true; enable = true;

View file

@ -0,0 +1 @@
0000000000000000000000000000000000000000000000000000000000000000

View file

@ -21,6 +21,13 @@ let
in { in {
options.my.services.matrix = { options.my.services.matrix = {
enable = lib.mkEnableOption "Matrix Synapse"; enable = lib.mkEnableOption "Matrix Synapse";
registration_shared_secret = lib.mkOption {
type = types.str;
default = null;
example = "deadbeef";
description = "Shared secret to register users";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -38,6 +45,8 @@ in {
server_name = domain; server_name = domain;
public_baseurl = "https://matrix.${domain}"; public_baseurl = "https://matrix.${domain}";
registration_shared_secret = cfg.registration_shared_secret;
listeners = [ listeners = [
# Federation # Federation
{ {