betamike
/
betamike-infra
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

move secret files to a single json file

Browse Source
pull/1/head
Mike Cugini 3 years ago
parent b22e119bb4
commit f3ea03b0ad
2 changed files with 8 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 18
      nixos_configs/matrix.nix

1
.gitignore vendored
Unescape View File

@ -4,3 +4,4 @@ matrix_reg_key
slack_client_secret
slack-registration.yaml
*_psql_password
secrets.json

18
nixos_configs/matrix.nix
Unescape View File

@ -6,11 +6,7 @@ let
storage-dir = "/srv/matrix-data";
matrix-reg-dir = "${storage-dir}/matrix-registration";
slackbridge-dir = "${storage-dir}/slackbridge";
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
fqdn =
@ -47,13 +43,13 @@ in {
dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE DATABASE slack_bridge;
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
CREATE USER slackbridge_user WITH PASSWORD '${secrets.matrix.slack_bridge.psql_password}';
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
'';
};
@ -139,7 +135,7 @@ in {
services.matrix-synapse = {
enable = true;
server_name = config.networking.domain;
registration_shared_secret = matrix-reg-key;
registration_shared_secret = secrets.matrix.registration_secret;
extraConfig = ''
allow_public_rooms_over_federation: true
auto_join_rooms:
@ -180,7 +176,7 @@ in {
server_location: 'https://matrix.waffle.farm:443'
base_url: 'waffle.farm'
server_name: 'waffle.farm'
shared_secret: '${matrix-reg-key}'
shared_secret: '${secrets.matrix.registration_secret}'
riot_instance: 'chat.waffle.farm'
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
host: 'localhost'
@ -238,7 +234,7 @@ username_prefix: "slack_"
db:
engine: "postgres"
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge"
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
@ -253,7 +249,7 @@ inbound_uri_prefix: "https://waffle.farm/slackbridge/"
#
oauth2:
client_id: "4494054004.1702274627236"
client_secret: "${slack-client-secret}"
client_secret: "${secrets.matrix.slack_bridge.client_secret}"
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus

Write Preview
Loading…
Cancel
Save