forked from betamike/betamike-infra
move secret files to a single json file
This commit is contained in:
parent
b22e119bb4
commit
f3ea03b0ad
1
.gitignore
vendored
1
.gitignore
vendored
@ -4,3 +4,4 @@ matrix_reg_key
|
|||||||
slack_client_secret
|
slack_client_secret
|
||||||
slack-registration.yaml
|
slack-registration.yaml
|
||||||
*_psql_password
|
*_psql_password
|
||||||
|
secrets.json
|
||||||
|
@ -6,11 +6,7 @@ let
|
|||||||
storage-dir = "/srv/matrix-data";
|
storage-dir = "/srv/matrix-data";
|
||||||
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
matrix-reg-dir = "${storage-dir}/matrix-registration";
|
||||||
slackbridge-dir = "${storage-dir}/slackbridge";
|
slackbridge-dir = "${storage-dir}/slackbridge";
|
||||||
remove-newline = string: builtins.replaceStrings [ "\n" ] [ "" ] string;
|
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
|
||||||
matrix-reg-key = remove-newline (builtins.readFile ./matrix_reg_key);
|
|
||||||
matrix-psql-password = remove-newline (builtins.readFile ./matrix_psql_password);
|
|
||||||
slackbridge-psql-password = remove-newline (builtins.readFile ./slackbridge_psql_password);
|
|
||||||
slack-client-secret = remove-newline (builtins.readFile ./slack_client_secret);
|
|
||||||
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
|
slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
|
||||||
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
|
slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
|
||||||
fqdn =
|
fqdn =
|
||||||
@ -47,13 +43,13 @@ in {
|
|||||||
dataDir = "${storage-dir}/db";
|
dataDir = "${storage-dir}/db";
|
||||||
|
|
||||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${matrix-psql-password}';
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
|
||||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||||
TEMPLATE template0
|
TEMPLATE template0
|
||||||
LC_COLLATE = "C"
|
LC_COLLATE = "C"
|
||||||
LC_CTYPE = "C";
|
LC_CTYPE = "C";
|
||||||
CREATE DATABASE slack_bridge;
|
CREATE DATABASE slack_bridge;
|
||||||
CREATE USER slackbridge_user WITH PASSWORD '${slackbridge-psql-password}';
|
CREATE USER slackbridge_user WITH PASSWORD '${secrets.matrix.slack_bridge.psql_password}';
|
||||||
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
|
GRANT ALL PRIVILEGES ON DATABASE slack_bridge to slackbridge_user;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -139,7 +135,7 @@ in {
|
|||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
server_name = config.networking.domain;
|
server_name = config.networking.domain;
|
||||||
registration_shared_secret = matrix-reg-key;
|
registration_shared_secret = secrets.matrix.registration_secret;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
allow_public_rooms_over_federation: true
|
allow_public_rooms_over_federation: true
|
||||||
auto_join_rooms:
|
auto_join_rooms:
|
||||||
@ -180,7 +176,7 @@ in {
|
|||||||
server_location: 'https://matrix.waffle.farm:443'
|
server_location: 'https://matrix.waffle.farm:443'
|
||||||
base_url: 'waffle.farm'
|
base_url: 'waffle.farm'
|
||||||
server_name: 'waffle.farm'
|
server_name: 'waffle.farm'
|
||||||
shared_secret: '${matrix-reg-key}'
|
shared_secret: '${secrets.matrix.registration_secret}'
|
||||||
riot_instance: 'chat.waffle.farm'
|
riot_instance: 'chat.waffle.farm'
|
||||||
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
|
db: 'sqlite:///${matrix-reg-dir}/db.sqlite3'
|
||||||
host: 'localhost'
|
host: 'localhost'
|
||||||
@ -238,7 +234,7 @@ username_prefix: "slack_"
|
|||||||
|
|
||||||
db:
|
db:
|
||||||
engine: "postgres"
|
engine: "postgres"
|
||||||
connectionString: "postgresql://slackbridge_user:${slackbridge-psql-password}@localhost/slack_bridge"
|
connectionString: "postgresql://slackbridge_user:${secrets.matrix.slack_bridge.psql_password}@localhost/slack_bridge"
|
||||||
|
|
||||||
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
|
matrix_admin_room: "!tuUJADDNODYliJTxYK:waffle.farm"
|
||||||
|
|
||||||
@ -253,7 +249,7 @@ inbound_uri_prefix: "https://waffle.farm/slackbridge/"
|
|||||||
#
|
#
|
||||||
oauth2:
|
oauth2:
|
||||||
client_id: "4494054004.1702274627236"
|
client_id: "4494054004.1702274627236"
|
||||||
client_secret: "${slack-client-secret}"
|
client_secret: "${secrets.matrix.slack_bridge.client_secret}"
|
||||||
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
|
#redirect_prefix: "https://waffle.farm/slackbridge/oauth"
|
||||||
|
|
||||||
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
|
# Optional. Enable metrics reporting on http://0.0.0.0:bridgePort/metrics which can be scraped by prometheus
|
||||||
|
Loading…
Reference in New Issue
Block a user