move secret files to a single json file

This commit is contained in:
Mike Cugini 2021-03-17 16:54:46 -04:00
parent b22e119bb4
commit f3ea03b0ad
2 changed files with 8 additions and 11 deletions

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ matrix_reg_key
slack_client_secret
slack-registration.yaml
*_psql_password
secrets.json

View File

@ -6,11 +6,7 @@ let
storage-dir = "/srv/matrix-data";
matrix-reg-dir = "${storage-dir}/matrix-registration";
slackbridge-dir = "${storage-dir}/slackbridge";
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
fqdn =
@ -47,13 +43,13 @@ in {
dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE DATABASE slack_bridge;
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
CREATE USER slackbridge_user WITH PASSWORD '${secrets.matrix.slack_bridge.psql_password}';
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
'';
};
@ -139,7 +135,7 @@ in {
services.matrix-synapse = {
enable = true;
server_name = config.networking.domain;
registration_shared_secret = matrix-reg-key;
registration_shared_secret = secrets.matrix.registration_secret;
extraConfig = ''
allow_public_rooms_over_federation: true
auto_join_rooms:
@ -180,7 +176,7 @@ in {
server_location: 'https://matrix.waffle.farm:443'
base_url: 'waffle.farm'
server_name: 'waffle.farm'
shared_secret: '${matrix-reg-key}'
shared_secret: '${secrets.matrix.registration_secret}'
riot_instance: 'chat.waffle.farm'
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
host: 'localhost'
@ -238,7 +234,7 @@ username_prefix: "slack_"
db:
engine: "postgres"
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge"
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
@ -253,7 +249,7 @@ inbound_uri_prefix: "https://waffle.farm/slackbridge/"
#
oauth2:
client_id: "4494054004.1702274627236"
client_secret: "${slack-client-secret}"
client_secret: "${secrets.matrix.slack_bridge.client_secret}"
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus