nixos/chatterbox: Production config

2022-07-10 18:16:35 +01:00
parent f6c5a726de
commit 17b0f9e3de
5 changed files with 25 additions and 16 deletions
--- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
@@ -29,9 +29,15 @@

            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGx50oGzm5TsaB5R6f/daFPc5QNkmM15uc9/kiBxKaY";
-              files."synapse.yaml" = {
-                owner = "matrix-synapse";
-                group = "matrix-synapse";
+              files = {
+                "chatterbox/synapse.yaml" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
+                "chatterbox/nul.ie.signing.key" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
              };
            };

@@ -42,7 +48,6 @@

          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
-            services.matrix-synapse.enable = false;
          };

          services = {
@@ -51,7 +56,7 @@
              enable = true;
              withJemalloc = true;

-              extraConfigFiles = [ config.age.secrets."synapse.yaml".path ];
+              extraConfigFiles = [ config.age.secrets."chatterbox/synapse.yaml".path ];
              settings = {
                server_name = "nul.ie";
                public_baseurl = "https://matrix.nul.ie";
@@ -108,6 +113,7 @@
                  "198.51.100.0/24"
                  "203.0.113.0/24"
                  "224.0.0.0/4"
+
                  "::1/128"
                  "fe80::/10"
                  "fc00::/7"
@@ -121,6 +127,8 @@

                enable_registration = false;
                allow_guest_access = false;
+
+                signing_key_path = config.age.secrets."chatterbox/nul.ie.signing.key".path;
              };
            };
          };
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -62,6 +62,7 @@ in
          { }
          wellKnown
        ];
+        useACMEHost = lib.my.pubDomain;
      };
      "localhost" = {
        forceSSL = false;
--- a/secrets/chatterbox/nul.ie.signing.key.age
+++ b/secrets/chatterbox/nul.ie.signing.key.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZB3e6Q o3nZEDuOm/JC/EhJ5uRnbMMHPNwRcKwfsPFNBVCjtHk
+cYKUNgQmkpTRSEm9ZINYlslv9O6MM3ujb1rNO7p7gvc
+-> X25519 TQ2jWod+e0a3ylj+GL8gPoScvzFdBCZcaYauY2gtsDY
+pP5q3ZYkRYqSeOEHxYXzQXCfltBGKi5jMpCfSP7PPSI
+-> `)-v-grease fr R1 W`Y
+pjfwfNM9JTJe0/mYB6OC6LtgJeIvn4RVJogageAl/djWgMVZ4DDr2kakgF3V28xf
+0g
+--- 4b27xLN78GCex7VdHqlJj8g+SuUlOOgZjZ4Qj8/RIsk
+-<2D><>N/&<26><>ˀ<EFBFBD>v<EFBFBD><76>Eֶ`}<7D>D<EFBFBD><44><EFBFBD>O#<23>`ZV<5A>^D<>"&<13><><EFBFBD>p
+<12>p<EFBFBD>/ݹ<12><>Ĭ<EFBFBD>iq<>lￚj@<40>i57O<37>,<2C>䇩<><E487A9>$F2<46>h<03>S
--- a/secrets/chatterbox/synapse.yaml.age
+++ b/secrets/chatterbox/synapse.yaml.age
--- a/secrets/synapse.yaml.age
+++ b/secrets/synapse.yaml.age
@@ -1,11 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 ZB3e6Q AvnSPA+VUhdJUbCuD6Z6+97ARp8C2t5nT/CeHuN5AAc
-WqDw3vXLZKCstp/E6v52khm0oqtdWfF8cawMnQnBrW4
-> X25519 vs4Yt4YWEc6EMzzVhuqrJoP1IJ/uW2gXhe7sYWEyCS0
-ZKHCfOaVxOgAbPRZ8xnfjOmn7bTMN1LFPYS4KViy2j4
-> -.kCW-grease Y@#W[w Xh8i*b1 Mm w-
-DY5V6JpMau3kcPKsbvjrS8URAkbgq8+w4mUryNFZzGhzQlPw3iYh7vl10Qg8JcI
--- gXzJ3T+a7mmUoIOodjGlcXnjuASgXLTR2vFaL28lbp8
-}>j<>.<18>N:+<2B>:N~6$as5<73>'<0B>ʫ|El<45>
-WO<EFBFBD><EFBFBD>4<EFBFBD>oe_v<EFBFBD>0<EFBFBD>!o<>V<EFBFBD>d<EFBFBD>q<><71><EFBFBD><EFBFBD>G<EFBFBD>kG2	<09><><EFBFBD>&<26>
-<EFBFBD>`<13>m<EFBFBD><6D>+<1D>7`7