nixos/chatterbox: Production config

2022-07-10 18:16:35 +01:00 · 2022-07-10 18:16:35 +01:00 · 17b0f9e3de
commit 17b0f9e3de
parent f6c5a726de
5 changed files with 25 additions and 16 deletions
--- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
@ -29,9 +29,15 @@

            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGx50oGzm5TsaB5R6f/daFPc5QNkmM15uc9/kiBxKaY";
-              files."synapse.yaml" = {
-                owner = "matrix-synapse";
-                group = "matrix-synapse";
+              files = {
+                "chatterbox/synapse.yaml" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
+                "chatterbox/nul.ie.signing.key" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
              };
            };

@ -42,7 +48,6 @@

          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
-            services.matrix-synapse.enable = false;
          };

          services = {
@ -51,7 +56,7 @@
              enable = true;
              withJemalloc = true;

-              extraConfigFiles = [ config.age.secrets."synapse.yaml".path ];
+              extraConfigFiles = [ config.age.secrets."chatterbox/synapse.yaml".path ];
              settings = {
                server_name = "nul.ie";
                public_baseurl = "https://matrix.nul.ie";
@ -108,6 +113,7 @@
                  "198.51.100.0/24"
                  "203.0.113.0/24"
                  "224.0.0.0/4"
+
                  "::1/128"
                  "fe80::/10"
                  "fc00::/7"
@ -121,6 +127,8 @@

                enable_registration = false;
                allow_guest_access = false;
+
+                signing_key_path = config.age.secrets."chatterbox/nul.ie.signing.key".path;
              };
            };
          };
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -62,6 +62,7 @@ in
          { }
          wellKnown
        ];
+        useACMEHost = lib.my.pubDomain;
      };
      "localhost" = {
        forceSSL = false;
--- a/secrets/chatterbox/nul.ie.signing.key.age
+++ b/secrets/chatterbox/nul.ie.signing.key.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZB3e6Q o3nZEDuOm/JC/EhJ5uRnbMMHPNwRcKwfsPFNBVCjtHk
+cYKUNgQmkpTRSEm9ZINYlslv9O6MM3ujb1rNO7p7gvc
+-> X25519 TQ2jWod+e0a3ylj+GL8gPoScvzFdBCZcaYauY2gtsDY
+pP5q3ZYkRYqSeOEHxYXzQXCfltBGKi5jMpCfSP7PPSI
+-> `)-v-grease fr R1 W`Y
+pjfwfNM9JTJe0/mYB6OC6LtgJeIvn4RVJogageAl/djWgMVZ4DDr2kakgF3V28xf
+0g
+--- 4b27xLN78GCex7VdHqlJj8g+SuUlOOgZjZ4Qj8/RIsk
+-‹ŹN/&±ÖË€ŮvÖĚEÖ¶`}śD˛ áO#ü`ZV·^DÂ"&<13>ŻÇp
+špĐ/ÝąäáÄ¬–iqĆlďżšj@÷i57O×,ëä‡©ř”$F2ôhŹS
--- a/secrets/chatterbox/synapse.yaml.age
+++ b/secrets/chatterbox/synapse.yaml.age
--- a/secrets/synapse.yaml.age
+++ b/secrets/synapse.yaml.age
@ -1,11 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 ZB3e6Q AvnSPA+VUhdJUbCuD6Z6+97ARp8C2t5nT/CeHuN5AAc
-WqDw3vXLZKCstp/E6v52khm0oqtdWfF8cawMnQnBrW4
-> X25519 vs4Yt4YWEc6EMzzVhuqrJoP1IJ/uW2gXhe7sYWEyCS0
-ZKHCfOaVxOgAbPRZ8xnfjOmn7bTMN1LFPYS4KViy2j4
-> -.kCW-grease Y@#W[w Xh8i*b1 Mm w-
-DY5V6JpMau3kcPKsbvjrS8URAkbgq8+w4mUryNFZzGhzQlPw3iYh7vl10Qg8JcI
--- gXzJ3T+a7mmUoIOodjGlcXnjuASgXLTR2vFaL28lbp8
-}>jÆ.ŠN:+í:N~6$as5œ'÷Ê«|Elô
WO“À4‚oe_vé0¦!oÜV¡dÑq ùŒßGûkG2	“Æû&ó
-<EFBFBD>`µm<C2B5>Â+›7`7
-˜•Æå=M¼ðù	,=³Û{#dqÉ`œŽ*8*JÄ”µ´ÜY„`3‚½ˆP+„jÚ¾µh†MÚ«ƒª–}9Þ<39>¹]ÀýÊ@×,®Œ½þó÷¤†q¯~šm£KÔ®]a<>6xä—p-·2¾¼µ°%ÆŠ½<C5A0>&Ð<>²Ú=7ªÔë…¢7Ü