matrix: use shared secret

This commit is contained in:
Antoine Martin 2021-02-02 01:20:31 +01:00
parent 76ceb26707
commit d5eb537b5e
4 changed files with 20 additions and 3 deletions

5
.gitignore vendored
View file

@ -1,2 +1,3 @@
borg-backup-repo
miniflux-admin-credentials
/secrets/borg-backup-repo
/secrets/miniflux-admin-credentials
/secrets/matrix-registration-shared-secret

View file

@ -88,7 +88,13 @@
privatePort = 8080;
};
matrix.enable = true;
matrix = {
enable = true;
registration_shared_secret =
(lib.removeSuffix "\n" (
builtins.readFile ./secrets/matrix-registration-shared-secret
));
};
monitoring = {
enable = true;

View file

@ -0,0 +1 @@
0000000000000000000000000000000000000000000000000000000000000000

View file

@ -21,6 +21,13 @@ let
in {
options.my.services.matrix = {
enable = lib.mkEnableOption "Matrix Synapse";
registration_shared_secret = lib.mkOption {
type = types.str;
default = null;
example = "deadbeef";
description = "Shared secret to register users";
};
};
config = lib.mkIf cfg.enable {
@ -38,6 +45,8 @@ in {
server_name = domain;
public_baseurl = "https://matrix.${domain}";
registration_shared_secret = cfg.registration_shared_secret;
listeners = [
# Federation
{