rnhmjoj/maxwell
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

matrix: move secrets to extra YAML files

Browse Source
This commit is contained in:
Michele Guerini Rocco 2022-08-10 11:42:58 +02:00
parent cc3f5a7f03
commit ca994395ba
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
5 changed files with 77 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
matrix.nix
View File

@ -127,13 +127,16 @@ in
event_cache_size = "2K"; event_cache_size = "2K";
max_upload_size = "1000M"; max_upload_size = "1000M";
turn_user_lifetime = "1d"; turn_user_lifetime = "1d";
# Needed to restrict access to the TURN
# server to only our matrix users.
turn_shared_secret = config.secrets.matrix.turn;
# Needed by the register_new_matrix_user script
registration_shared_secret = config.secrets.matrix.registration;
}; };
services.matrix-synapse.extraConfigFiles =
[
# Needed to restrict access to the TURN
# server to only our matrix users.
config.secrets.matrix.turn.conf
# Needed by the register_new_matrix_user script
config.secrets.matrix.registration
];
### Database ### Database
@ -157,9 +160,9 @@ in
# Only allow users vouched for # Only allow users vouched for
# by the Matrix server. # by the Matrix server.
lt-cred-mech = true; lt-cred-mech = true;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret = config.secrets.matrix.turn; static-auth-secret-file = config.secrets.matrix.turn.secret;
# Use maxwell certificate for TLS # Use maxwell certificate for TLS
realm = config.var.hostname; realm = config.var.hostname;

115
secrets/default.nix
View File

@ -1,56 +1,59 @@
U2FsdGVkX1+tNQ2MrBDObxfvhpH7naoPAoH7vyfycbutpD/9CBa8+4WwGQShIYNR U2FsdGVkX191uk0AhtEdICnhkSv/so8qXU0ks2TsF9Hu6c9V7Urd0N5f2XtmJJSx
51lwkWPQLdrNkY9+sDOgCEuHTmTmbw0lTWk80D7oHaCrPZUURdl4xNoQcCE3NEYH dTVFxbpLY4AS/j5hFF+L/9YtCuvE9clJfpvNy1H32t4PPGLCiivqeLcb17BMsBro
zbYUpgTstVn4XqnyMepUQ3wwMwUvMaqdJA1lBjUKlv1QaMi9en6Qcxy/RQtZC4R8 yD/n5kgPnJMbdtZnvp4xboomk0xdJcJ3PdgEY95pr2U14gHeLrTVvXtEsUvjmg3U
mdFLWpVfu8+lb9c4Yl/K/Zmuf7qSYmyXZEdeG/kufcdBCBk/Ctd5wMk7AmyW19tg 0Z1e0/oj8r5piKSHJ7gMcKDUl60QkQSMqAzewAFNqW0BQzqev8dJaA8wAidxmYCY
FDJAlMV07GMmybtwjRzAUkuDhnWz7TJqAlhrn6+hAu21RZAaZgNcWnVBLM4qpQ9x zEDIi+yt8RmGiIPP3hUS2hCH6UT1rCwcPJDPpHfPcKsYds5zxUdD3htrtBvndzhj
cMmW5+SPh6qMSq4TiucXQR9U0V9cbahPKSyYTx8y0THtVGaNcsm/t3woysvaO3r7 WFmMe25q3pfTWNSZg7pqNa+V0a1wLhVaA63SwWnuwxOs2VFik5vKEzmnDpmXv8SM
YRnv3wKDeVb4O2oFvm1q4QutMViMYygIOhs7zgP0+BlvrnQm/Gljod79WQMH8EP5 Fs4LV+8l2UrmWvY83JD4sFKK2oDkeH8apuqKhjDmgFfDkNzAwxbzoqePccNPnlec
sIr1W7JSNcRNfpADl3ZroNJnrGtnVRFmrjkGXCI9lbNZannpDiDcLUy7QQ5RpGSo 7UbMpUOdwTGKN6Ps0aQabmbG/kXmLKJHUGGO+dwDICrCb5/HM+1+7/1rboceZCxL
4Y88TFRcP0WnL8rB+SNzafj2rHIiKaQo/RDPzhIafP+Vy9JrPUBbznl4UgyRip86 qrAfIDB2CIiGJrk6DxYboLbZIwECVc7htZHsOy9uhtuhAPwF5MYb/z81j351rqV4
rq6UEPKITP2EOVOC86FoYR+tpj/4tNJgjzQ5v7wkcV0NyBpv4sljAqApM8mJwQ3W JvV126EFdVfFDDxfTGdbXxly3a+0TF72grxat+1fLpc3X+uDzlHWnD1kLNNGuK60
N0yPCck4L1L5qa8ru2FB5AOryPmhYWyzXJhziM+XWccQa1k4+VyKH/+ItlMkMxnb YvbvJNPtJlDIVt1e4aDtJVN1NlFbEZpvt4dPteYdseqtR2IQPZ8pw44VUVAk5mq+
sEHn8R2YhoBAiD2Cn9m1qF/xNHsk0Xe7jDMP/JYeO/uJx0FPwXKoHENnO795uSez tAuwvnTGi45DL9EAP62OyFMVpotXxhDm/tZU6Ym/9NvyVaFQ9XpBzdfrGRYPM7Nn
+1UI4tpPHQlj2FMxSyDOI70d2Q+TL7H9pal6j3p+NijX1ve2glst/O14O24fUa0L wp3TLms+JeX5f/PcaCJka0DY/wAMXPOt3/0GeqZkgJkTsyYV8olCLvxxaQMZfoiV
pKkXb5wZsN0NBgskrOg+6181JAKtuGbF+bAXqP0MqGzwEcfADFeSgIOArRDBEWkF 0hXEYD4FVU7mZ9cpEwcPtvQ5yYdbIqY73VzoSRzdq6BXpP1AtglC/kqq73xnxZ2a
QeeqUCCTdXj2Xk33oN7tJur2g6ovpgywHWNa12rRiiPUxdelzeI0I+JE1knKPFti Yy2ZqLFdwrWgV0Elq5u2kjSAhOMEuVQLqsSb/ukxtRTFcpt/PpTYCaNIU8XkZayt
f4wKVFJArbuOzKd1tHvL4eXAUO5OHS6/yqK2mQHUx36HldWTnGjqsZ5cRMcbue0c s7/KK6KBqb5RWjo5awRy6q8fn91zwzjLZE5HuEsm14HHOzEW17aAidf9Ul4/6nPD
hF2+saCkbEGOSrH3PBWC2+bNoczPzAHHXM62525Z5wTecHGCYZSPn37XNj9+hpV8 A69oOZYMocDzrywi8DpOqv/s7Ow1i6yPztCitH3ZxBP0e1qZFPqq0GN3c4Sbn9uS
Qr9WEExfuMnmzeWD9VjZ+IyA4kD2Kb8sS2ri/N72UHL6L64rPFhe/5CVHbsjJybu haqZWzAn7/tybV9oMKcjkgEP7eUIrAMyG7MyUY0DdI/zUj8xLU3TTPOfXNl7PL8S
rg/puzYY2gTmvz4HYSG9ixjM6SZ09a1l2ciWqjRaOTndFbIQpnY+5/c3U+nF6O6D iwfTMqG39d/m1xqRjDYzJfQ+BFkEOWENor4OKYaGXTXL1OVSRWwSISpUuXcFxygm
Y01oPmToW+FE6PMdjQXfwH59EHFmtM9P/DbWJTbinYUGlJSo6Z4CnVV+1Lou3wwb FTgQwnNE9u2il2Jy6kAHH6aUQsvlQ6tp7XZncWDLYUXLRV0CZZGVG/CCnhsIYVmq
i2MpMPV2r8zcWxoJip/kEz61TqCjjkhVfY8wHt0tx2ng2TvG3RA7JZdpBbGLN8bx SZMFU0oFKpuB1KgVtjXvKQWF4CBBWxE1dIk2oXpfQIGyt7kD7JaK9M952gOWYUkr
ZR3pnKLTJddXcRuwE45kz/9wXRfWit7HKryvC3S4Ju2NcvA/ikMpdlb3ZuZ5F62g olOwdqT24MkW9hU7jifqQhmauFeSo0u0/YBYaLcfiexlUrCQ7DUsGIxs6ETQI3tk
a5NJMotgbfSyEggqS4KA4nUVU2cG7EZCTiyQKX/nB1q3qpob2WCYif6fLusOF9ze F6gYayT4bGoujLK+1hSIkVAH66WZQxXHJgu/ggDuuI8M/1VK1K+rbUBSOXhI8C76
CYhdZycvK/EuQ1vrx8euJNpZQ9ESQbt6R+HD9dWMPj+1ffxYx6Q+D2YWqG/UPqiQ mePHxGYsotOoErO4UOxu8OJLIccelzNZ90TjdJWyigoyjB4Tn5o+VKXTMGXcJVgA
qCSuDLSvAWmcSsyk00uobR+clRQe8qUuGGw4Ic/WG2S62LKhPNl2EJv0vVP7Gb9A bmtrOxmMJbFaxs2kT7RX0vP+jFtSE6GEzvKyxLmYlH8yD/aI3rXY8ImfDYz7kPBt
du0rKbobyxDGyKfXnHJz49uUiGUiFlnPGcBuu2s0TC7a+sc7/0fsSHZQGe4PBbj+ 7Zfd/36UAGNbNb4C8kri9LIChSk7oPhIy0c/569MVodWjDTJ5NLYDDOwMjcoVDvu
pu9w1LJe0dAJmaJjsuJub421zcwdw0PzS1W5/TsqrHuWqU5jMVptMTV3jJ/ajwAa CLK3EB3wZ5Hl8IkHp3v3NWn+JdjyO/wdrCig7zdVY/GC7qgT7s+EGLkIVUVII4F3
LoxZg+el1BGKcNnRSn/o7qVTqaY+k7QuzJ+fqjRq7nMEAvhbvynVYBoqK4WODTvG l4WbAqMT2DKnWp0XLSg0RDnnB73j3p97depfYPy9/KcqUSjNPl4jCchb/117/4MZ
8PPm3gb9KppdeSy3l/jtmWMgsXIsBgFtJixnYWrbEPHmt7eKzg1tBEk1udTj9wTJ 5baMkYmL8q1BXB3QfjIUNGMcfPTgWh/pnzhIRmh9WdYi4M8iNd6OHt5ScBj4rOdu
VI3pok4xsjsFy88AdmFnEDJeVoe+0mOiSa+gNZ5jlZDSMheiNsxlqhy0WQ1CCRCg Rlxe1Pg2lbXNF+4e3i7gNWKOnONfviNcJ8oWIRe5bX0zfB1cHu1UaRzS+iD4oekT
8ktI6Uy6oSaRG6PDXr50peRjxJmZKJ3lhaCNGnSMksDnpkjxxiwIf5YsQPYv8rBP evbq7DkisBICTzCG9miF/33WXFYGaANhuSPy6W83MAdd4R17gBKhk1hOL7vhHUeu
sXztgwjhQ4SP/l8Palvmusu6XbC0yag3hPnb6SQ1rV6JhbJwMRRyqJfa1A1nIILK p+hFzEewmgWF5sePr9iMam8j49lej168b5zxOT0+Hkm1GRdFljiN1751Ld0IVV78
N8NKIA86AhUkSj6XxmH/AE5rI4XP60VHiwzXDdNeFWvHJ/UFSmAxJL5OMNRkcrK3 Sy0HHJp0zKuje/ivlYf1xb3YB48uELdOq2kaq9OAYVzHXX076ZP0cAxt2SAVp1vn
u9LMrbt/tRALgliwUbXjX5q5p2ag7SWIkGT1tIJ1ZSpNugE+WvBhLqGQmJd1JnD9 /ETw1ElG0G8z/nZOuISXlSLEbbaKTCW2b0a25TVZtFTfhGoKoweDyge8JKOI9zj2
imTY0vzF68bZPX88Xf/119L9KmU627iqYkbgWkiSnMqH4VypxP6Yj+Mm86fOSSZ2 j5YsLV7MGp56vc21kWEI3/LIZnve0slvsO6SA5j+N5R/oL+g8YuS626J4aJ7dpqr
I/tcG0QOlJ5QMx0PDXJ6bfY16BnJh0FjqrtV4MMEkcYGEJsGVYyi7uILMEfnMhZF pNByU+83bqEApLC9hG7veYOnZ22JIRo2JNoaqZTCr5MtFHMVYnb+J2+bG/RKTuGD
vHfz8A6TuW904al6zxMkQTzkDCMeviDXsHkyUb+a6qXiHMmpvBaOjNuHU+svKTDy JwWiXxSGMMcqgnmm/xswijXefDQ2YRBsXmhhVZrS3Dl/4RHoEH39pLRkmH1ABf9W
CYP7AGtlB4fwyBhfWnO3nvpKwZMbuCW9SzHH0J51BuxDWcd9Dm90TnptReLu0AJt 6CH+2SKnteryBXXwlRzOlqqFzmQ3WPq9xmxGumygWtKp4yNV4kuKV7qO/1Jk897R
n8m5lfI040oMYkp1du8mAVglAQ/9Ymm3mxj26ZA4f8o+iR9ZC0fH4X3ClpI60gUh tQrOakxPdjwyFL2cYl5zBi40LKoEPe6L8YUG9qAvhKVul19vV+T+/R/sz7cBCudP
FkhQAn3j/30h5xQQJheV/yPKycJhx1JEfEmFTdAvD9ZIFqftP2mWZH3iK2igNLmF JbuyxJlC46gf6W1WzAj1ql2HJzot/Tcc0PtZ9lrbZYp7YgBYVwfHK2JnIerGLuAP
ABHqOfp/IJ26u4jv535vVfMjML4MCfw0388+7PB9+MHrQ3pX4EMA6VHRcZjWmN45 6GhRc8DmNZa2eHryWj8Sc89CJnVKQ3qWvsqiYfPDjrobvaQekW2PGNaqJ40lv/s4
li2+HMFbddC49BLeDG1kbT5IE+nu4+oCGeepU366gL9u37GiSQQ8VCYx5GtmKwa+ E0RL7U7JFBMyDDcx+hmtWqqoTC7wyXLnrimGMwisbVWMYq/hDiUokYvyiDEK+BTf
5lu5h/HRrVR82JNm03BvLEI5b86QF7aJw/n/5rT0OLMWcEUsZeghd9p3FSWR+YZA VNDjI2u6YtiWId9+sIfY3VlOpTzk5HuG6pfmgi1C4XLoAppFbjZED9cV+tIshML2
Gv5w/NidK9dScIfb2VP9d+5qjrLGEXkx3FOp9VFKOaM+WYdm/zyvMZhx3X6ome2m vMJRED4c0cvFbAbxbbpvs6i6FrsDQmAiOXmeV4ffu/P5Vk+pPY+70NZmFQZnKlGc
yK4zpOUQNyzfd5HCMAVEpKysu6EZelY5bDtdUMgFVON6gbkQf2frmFPkT3Q3wxTV i9+xRK575uATh0mClB7A6jPi2SQVsntXaW5uDhsWY+h0pec3i6lsUWyak9dz3biv
bjfGfvEmO14PEHbSzSzLThjZs94HHMD8V1VNZBnfhoMENXRSph1a3ZZkty5fAWal CVYi2TS/qSPnOXAgukcnFdBHld+28RslzIq4zhahMVfRDL87jfFSNNd78GuzOG9E
sX8bNH1+beRNdsXBhumi1V1UbzQ6xS+by7nR3cDLv8ikC6H5A/n6ZpZ8prmPBV6z nC266G8knEGFFqJ0FAwFkJakoPGxaWU/50wAbQLM/K7QrM3VQ4is+vbO8xv3BklR
2HBwbCcbb5CMdnlaUi4oqDOJEl+QBNp6Z73oj2pzl5rQEUhi3uq2oPAhZRtNtjzE NohBBt6Maeok86e0mL8os5SQ79TC7XRPgcBjIwHKFlirgnI9mEZhQzH0QEx5K8l6
GFBzyTg1R6PgdTS9Edm4YmJPCyTsgnYPYjODEckWADkzZnlLSTHl7irQFxjbaEKq RHuKvs1r+gnQ5yIy9mWYtjWHX6CoURSDbZ4WY3nkKO/7lkIyy68kom+c9wSj5+ce
MH6iLBzx5N/j8TxCxBqGlKhIxoLaMteSA3LPoiKE22S4SFLEZFz3L01TEtLh4+t0 G4ygySMUOcYrFxYcqpeJjhYOiBs1TVXyC8jzqLmiUZyUBgSE2L4T07jeX+xaiCtM
7sk8Fu+zIVB/wZYPH/Q8COUOvfNwR6XyAI3/Vfb2otyNg3OygLNxq8p1UAKoxWSm l0W7q0UQch5a70cDdfEtYDlInZM05aBELC60q2opBAvuNws28JhAoU7oFmBXFL6G
MS+LbWaxF7sFZmeoF8PmOMYHKEfwjiQzY7RugIFJK8FBbhmfrrQz6ITaEBNPPpL5 H7acBc6OESva96/Sdxb85Ftib7BOBaTiKhhvbmPRXUnwJv5DQjwe6zwgF6Mr3ar5
tQzYzp2jVtWASOItZlsmtJiAurCahTyn+3fVK6H79UtWaA4h3r6whx8V8ig9o+Lw D+QMGTg4kyQS2IXQ2fDJG1vxHmcecuBP+vU3w1XDv+NJUe4O+Ij81YdEuW2mMCPK
TJMWiUs+QhoWkoHzibCLxzNW7Ni8UzJSkOu6m/5TcqZMhnTJVwRDxb500NumZVkE UWyQeIdGnnv/RkA72otFuC5GRL/M6N5jIoB6LxeNZFghZfG+vVDgwcKBJidXK9Wh
S/aIPfuTNrFDAnCC7GC8vkVQ/ZtCkZEw1srFySa8oZInTpnl2+D3Gfn4dwujCVNL 11pr8HTHPvjAwhz3JTzNbFJIBIYpJTIe7qIenqy5mN9l+auyywsO9jrKJ6gAK9uK
glJyBMH0x5FlXZ/mhFMAfXZWOHgj MsFett/LgyJInZcbzIC/Z7hpqLGJ6LKFp8AeKjYTOHmicWctKNi87T6T63sTtd8g
CDkCkLy3XABG5KCHt1WZH09kHVlyG4x8duDmGrgnXBEHhGbzAxmksE4p5nTUv7VM
NvYPKk+Af1HU8U8agMag+7Ku4k6OEeEDktQMh2GuDXDCXvhcDe+gVVMxx1LTeVzD
JPKdqLMj1yxMEjd0uA==

2
secrets/matrix/registration.yaml Normal file
View File

@ -0,0 +1,2 @@
U2FsdGVkX1+llDB5VqCr1IypfnYvO/G6YP0LZIcGXf5rJXiD7yFgmfag9uqoLpUS
OdevSmwuZRxQf7OMJC//qWZBnKt6RQgtebhWYgecmbJpXkI=

2
secrets/matrix/turn.sec Normal file
View File

@ -0,0 +1,2 @@
U2FsdGVkX1/LQEXVW9522X9Wk7X9Rjn4vTSUguvsQH7S3hXHFZp440yYE0bWElPm
Bn+iWLLaZNQ=

2
secrets/matrix/turn.yaml Normal file
View File

@ -0,0 +1,2 @@
U2FsdGVkX1/+v3zwfqsp7i87S5sGEoBaJoWzXDh8hUGn9gRs7KUGFgfE66GwOwjG
1ZfgMEiT3NA8mzboyEA/V+4aX5sl8ATnRVvkojoF