Add signing key to secrets

Less state to manage is always good
This commit is contained in:
Daniel Olsen 2022-12-09 06:24:28 +01:00
parent 6fad2c7854
commit 8b73e54beb
2 changed files with 10 additions and 2 deletions

View File

@ -2,6 +2,7 @@ matrix:
synapse: synapse:
dbconfig: ENC[AES256_GCM,data:a0Bq2ilDZM0GddHZS1WcaSY3kdFDbau4BNMu+rumisYZy5/VQOE6LT/gq3vdwH2T7D3r1/cj7YSRcdjq+SRYHiJ9xgb1m3tx+ZlvNrY8PMaYvtmOpMoXyYlJ2iT7/IiMk5UW50cSZEcww7zS8NknZMzjiNEq3+D88J57J6WRmQqj/w==,iv:BsbOLl/hlQIjOLnik8lZWO3+jhMEZ//fisxLon7HdE0=,tag:WqMGflg5+Sh2zx5QFnjy4A==,type:str] dbconfig: ENC[AES256_GCM,data:a0Bq2ilDZM0GddHZS1WcaSY3kdFDbau4BNMu+rumisYZy5/VQOE6LT/gq3vdwH2T7D3r1/cj7YSRcdjq+SRYHiJ9xgb1m3tx+ZlvNrY8PMaYvtmOpMoXyYlJ2iT7/IiMk5UW50cSZEcww7zS8NknZMzjiNEq3+D88J57J6WRmQqj/w==,iv:BsbOLl/hlQIjOLnik8lZWO3+jhMEZ//fisxLon7HdE0=,tag:WqMGflg5+Sh2zx5QFnjy4A==,type:str]
turnconfig: ENC[AES256_GCM,data:lHySrJUpQKAUXsl9LzYlxu4YSCz4qJF6MRLr+LprTEdhGvrnk7U=,iv:Jz7LEOUwTI8LCMOKqB2vN/0Zs+S0IJkHY3wpAC0q5YI=,tag:8KR7duN+Qqpl6B40hSEndw==,type:str] turnconfig: ENC[AES256_GCM,data:lHySrJUpQKAUXsl9LzYlxu4YSCz4qJF6MRLr+LprTEdhGvrnk7U=,iv:Jz7LEOUwTI8LCMOKqB2vN/0Zs+S0IJkHY3wpAC0q5YI=,tag:8KR7duN+Qqpl6B40hSEndw==,type:str]
signing_key: ENC[AES256_GCM,data:6RDZWsrRKDGTefIeZZ6UVlcoqVV3fdRas/sox4WkEgtouCh7lwwrSzpuM5R1H0cNVxA/8wBsaHG1xQ==,iv:TDfAdYROu7o7FIwn6oOs60surQ7zFy0+9bqhx8LtwXg=,tag:RNzcTYkDuyz6nz2z43CJwQ==,type:str]
coturn: coturn:
static-auth-secret: ENC[AES256_GCM,data:tPz4GUvJwB2osO2vwyyThms=,iv:MVoFWgqHm88JXaCYa5l57SkX3fSmP97Z7IzvwumHWY8=,tag:af7Qs4qiSYQ/OBLJbZGk2A==,type:str] static-auth-secret: ENC[AES256_GCM,data:tPz4GUvJwB2osO2vwyyThms=,iv:MVoFWgqHm88JXaCYa5l57SkX3fSmP97Z7IzvwumHWY8=,tag:af7Qs4qiSYQ/OBLJbZGk2A==,type:str]
registrations: registrations:
@ -30,8 +31,8 @@ sops:
cGFFU3RzU200b0x3M2dkbFJWU0ZVSzAKSg7ZlRvgJshAJxXiXgT+b4nhFe4MjVRY cGFFU3RzU200b0x3M2dkbFJWU0ZVSzAKSg7ZlRvgJshAJxXiXgT+b4nhFe4MjVRY
n7+Ld+SdXJvGtZsH4IObkVYgj16d3SFBs87yWA+NExUoEuQb97fa7Q== n7+Ld+SdXJvGtZsH4IObkVYgj16d3SFBs87yWA+NExUoEuQb97fa7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-07T08:40:22Z" lastmodified: "2022-12-09T05:16:09Z"
mac: ENC[AES256_GCM,data:u7XsunuwsjzqkSH/IFP28ijvzGavxZgB8wU5ai8SoBlTyHpUBt/WQ1kcVbqPtsb6xMb9b+7o1MdWOz0yy8P4Jpj0/AalgNI1Rh84I1M/Vurn1fXnUZoM86v3OfLwO1iMExafh7PLiOxH/W1fNjaLJYdVbU6FhDI6Od25yF1W4PI=,iv:Vk2AFkt5p39y20UoWR9HP1iYJCqYVtYHBMnY+lDa9FQ=,tag:6WWSNvt0g7Vtickb7c6dUQ==,type:str] mac: ENC[AES256_GCM,data:MSKUQkCDCEOcl9Eh2VH9ccZ3Ux0eIyJFyjFVaJZ5WQA4fIB1J6Y/EoK/q7iaLFIH8YkeVPIvXVu9eCXjIyQkSugJwQXk+gSFtssjegUBTcZkRJJ0Lo48IWO4yVFXnDYzyFjcgH4TBmL0uco3BkWHfLHR46fQUJIco9yYlVKtsFU=,iv:d3uWCTVV8o1Nx6WJCF/YQHOeGjTzJk6xaDxMTWeUINU=,tag:KOi1naN2Uhe0NcMl6oW/6A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

View File

@ -11,6 +11,11 @@ in {
group = config.users.users.matrix-synapse.group; group = config.users.users.matrix-synapse.group;
}; };
sops.secrets."matrix/synapse/signing_key" = {
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
};
services.matrix-synapse-next = { services.matrix-synapse-next = {
enable = true; enable = true;
@ -29,6 +34,8 @@ in {
server_name = "pvv.ntnu.no"; server_name = "pvv.ntnu.no";
public_baseurl = "https://matrix.pvv.ntnu.no"; public_baseurl = "https://matrix.pvv.ntnu.no";
signing_key_path = config.sops.secrets."matrix/synapse/signing_key".path;
media_store_path = "${cfg.dataDir}/media"; media_store_path = "${cfg.dataDir}/media";
autocreate_auto_join_rooms = false; autocreate_auto_join_rooms = false;