bicep/synapse: Move database configuration out of secrets

This commit is contained in:
Daniel Olsen 2023-09-15 06:41:49 +02:00
parent d4bcdeb3b3
commit f53c0c6eb5
2 changed files with 13 additions and 15 deletions

View File

@ -8,14 +8,6 @@ let
imap0Attrs = with lib; f: set: imap0Attrs = with lib; f: set:
listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set)); listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
in { in {
sops.secrets."matrix/synapse/dbconfig" = {
sopsFile = ../../../../secrets/bicep/matrix.yaml;
key = "synapse/dbconfig";
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
restartUnits = [ "matrix-synapse.target" ];
};
sops.secrets."matrix/synapse/signing_key" = { sops.secrets."matrix/synapse/signing_key" = {
key = "synapse/signing_key"; key = "synapse/signing_key";
sopsFile = ../../../../secrets/bicep/matrix.yaml; sopsFile = ../../../../secrets/bicep/matrix.yaml;
@ -44,10 +36,6 @@ in {
enableNginx = true; enableNginx = true;
extraConfigFiles = [
config.sops.secrets."matrix/synapse/dbconfig".path
];
settings = { settings = {
server_name = "pvv.ntnu.no"; server_name = "pvv.ntnu.no";
public_baseurl = "https://matrix.pvv.ntnu.no"; public_baseurl = "https://matrix.pvv.ntnu.no";
@ -56,6 +44,17 @@ in {
media_store_path = "${cfg.dataDir}/media"; media_store_path = "${cfg.dataDir}/media";
database = {
name = "psycopg2";
args = {
host = "/var/run/postgresql";
dbname = "synapse";
user = "matrix-synapse";
cp_min = 1;
cp_max = 5;
};
};
presence.enabled = false; presence.enabled = false;
event_cache_size = "20K"; # Default is 10K but I can't find the factor for this cache event_cache_size = "20K"; # Default is 10K but I can't find the factor for this cache

View File

@ -1,5 +1,4 @@
synapse: synapse:
dbconfig: ENC[AES256_GCM,data:DzbYi9TUfdxJ9Y/dC26TBvXMu/3rnbuv/jKKcW7RfUORZFIMPYz9ZcL1nl5RwTIAI65PJEDDz9UXkynjiteJppfS1g09vF+UerUg6BWDFi+JLpXwwg3EtTA3WLCX/nZKsoR1rOzT8+wsXghozIs9KhRNQlvBP0t2qcahKrrnznR+cLXBcimmwmgX,iv:VKimpBPerhTaJYgJ9hVfNBAZO8xLCWpwuRqdWx4/DqY=,tag:wxh0qrTHMLSBoTnqDpqV5A==,type:str]
turnconfig: ENC[AES256_GCM,data:mASRjYa4C9WRow4x0XYRrlCE5LMJUYaId+o62r1qhsyJPa2LzrI=,iv:5vYdubvMDjLS6soiWx2DzkEAATb9NFbSS/Jhuuz1yI8=,tag:wOW07CQMDbOiZNervee/pg==,type:str] turnconfig: ENC[AES256_GCM,data:mASRjYa4C9WRow4x0XYRrlCE5LMJUYaId+o62r1qhsyJPa2LzrI=,iv:5vYdubvMDjLS6soiWx2DzkEAATb9NFbSS/Jhuuz1yI8=,tag:wOW07CQMDbOiZNervee/pg==,type:str]
user_registration: ENC[AES256_GCM,data:ZDZfEEvyw8pg0WzhrdC8747ed+ZR2ZA8/WypJd/iDkmIy2RmxOeI0sE=,iv:l61mOlvzpCql4fC/eubBSU6px21et2WcpxQ6rFl14iw=,tag:sVDEAa3xipKIi/6isCjWew==,type:str] user_registration: ENC[AES256_GCM,data:ZDZfEEvyw8pg0WzhrdC8747ed+ZR2ZA8/WypJd/iDkmIy2RmxOeI0sE=,iv:l61mOlvzpCql4fC/eubBSU6px21et2WcpxQ6rFl14iw=,tag:sVDEAa3xipKIi/6isCjWew==,type:str]
signing_key: ENC[AES256_GCM,data:6UpfiRlX9pRM7zhdm7Mc8y8EItLzugWkHSgE0tGpEmudCTa1wc60oNbYfhKDWU81DT/U148pZOoX1A==,iv:UlqCPicPm5eNBz1xBMI3A3Rn4t/GtldNIDdMH5MMnLw=,tag:HHaw6iMjEAv5b9mjHSVpwA==,type:str] signing_key: ENC[AES256_GCM,data:6UpfiRlX9pRM7zhdm7Mc8y8EItLzugWkHSgE0tGpEmudCTa1wc60oNbYfhKDWU81DT/U148pZOoX1A==,iv:UlqCPicPm5eNBz1xBMI3A3Rn4t/GtldNIDdMH5MMnLw=,tag:HHaw6iMjEAv5b9mjHSVpwA==,type:str]
@ -42,8 +41,8 @@ sops:
cGxZVnFhdXRka2drTGdkVk1iM0pFL1kK2ry7b2cLYPfntWi/BV3K2O+mHt3242Ef cGxZVnFhdXRka2drTGdkVk1iM0pFL1kK2ry7b2cLYPfntWi/BV3K2O+mHt3242Ef
sI2JLLQYHeAhxjFdCzP1RDR+Wu/pRxZje6xuTZ9I9TKNmm+LhAXHQw== sI2JLLQYHeAhxjFdCzP1RDR+Wu/pRxZje6xuTZ9I9TKNmm+LhAXHQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-13T09:02:19Z" lastmodified: "2023-09-15T04:40:21Z"
mac: ENC[AES256_GCM,data:zmRZCDBwF9h/o9qAdWII4DPjoX+2b1d5+qigIizaXQrRORdlvQHHeRx72uIIcIr6Oi06YJ+nCLuKp3t5YyB2KrFtTHaW0+h7OybfnAt1Xs8LEPKPhoN90isHNr/7V6cZrVQAGg8nWUDP183vkXkADxeYHRHGxydqLKUJ5Mif1E8=,iv:kBQmskPQFVi+T/THmtj0ifbP5VsQMAxGz92Mi0Xu9RY=,tag:g4MYOAhQZHRo4rdg7emC1Q==,type:str] mac: ENC[AES256_GCM,data:ZJVHLbpSu/nIzl5FJfRdg2ymRN5M+zJXNUpi1hBt2MBmvK+1ed2ElhMe5x7pyasSDdaUtXDo7ghkUF7vE46Wo6Z9dvlAvhwWm7Y2AWfUe5SFVwzqlOCjSKRPFrQrL7PcDBtMj4twtwhc4XsfJoUSuigWW2m21BKtEZSuuxLRqLA=,iv:ufFbfMaNHydbkwq6lxN1dQJldkAbtqais/CZFkoDhb4=,tag:uMj0LaiU0obIlw/+HJJdKg==,type:str]
pgp: pgp:
- created_at: "2023-05-06T21:31:39Z" - created_at: "2023-05-06T21:31:39Z"
enc: | enc: |