From 17b0f9e3dee0611dbaf3006769b3bdc03f4809b5 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Sun, 10 Jul 2022 18:16:35 +0100
Subject: [PATCH] nixos/chatterbox: Production config

---
 .../vms/shill/containers/chatterbox.nix       |  18 +++++++++++++-----
 .../vms/shill/containers/middleman/vhosts.nix |   1 +
 secrets/chatterbox/nul.ie.signing.key.age     |  11 +++++++++++
 secrets/chatterbox/synapse.yaml.age           | Bin 0 -> 665 bytes
 secrets/synapse.yaml.age                      |  11 -----------
 5 files changed, 25 insertions(+), 16 deletions(-)
 create mode 100644 secrets/chatterbox/nul.ie.signing.key.age
 create mode 100644 secrets/chatterbox/synapse.yaml.age
 delete mode 100644 secrets/synapse.yaml.age

diff --git a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
index 2b983fc..8f0fa2b 100644
--- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
@@ -29,9 +29,15 @@
 
             secrets = {
               key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGx50oGzm5TsaB5R6f/daFPc5QNkmM15uc9/kiBxKaY";
-              files."synapse.yaml" = {
-                owner = "matrix-synapse";
-                group = "matrix-synapse";
+              files = {
+                "chatterbox/synapse.yaml" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
+                "chatterbox/nul.ie.signing.key" = {
+                  owner = "matrix-synapse";
+                  group = "matrix-synapse";
+                };
               };
             };
 
@@ -42,7 +48,6 @@
 
           systemd = {
             network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
-            services.matrix-synapse.enable = false;
           };
 
           services = {
@@ -51,7 +56,7 @@
               enable = true;
               withJemalloc = true;
 
-              extraConfigFiles = [ config.age.secrets."synapse.yaml".path ];
+              extraConfigFiles = [ config.age.secrets."chatterbox/synapse.yaml".path ];
               settings = {
                 server_name = "nul.ie";
                 public_baseurl = "https://matrix.nul.ie";
@@ -108,6 +113,7 @@
                   "198.51.100.0/24"
                   "203.0.113.0/24"
                   "224.0.0.0/4"
+
                   "::1/128"
                   "fe80::/10"
                   "fc00::/7"
@@ -121,6 +127,8 @@
 
                 enable_registration = false;
                 allow_guest_access = false;
+
+                signing_key_path = config.age.secrets."chatterbox/nul.ie.signing.key".path;
               };
             };
           };
diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
index e664ef9..027d143 100644
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -62,6 +62,7 @@ in
           { }
           wellKnown
         ];
+        useACMEHost = lib.my.pubDomain;
       };
       "localhost" = {
         forceSSL = false;
diff --git a/secrets/chatterbox/nul.ie.signing.key.age b/secrets/chatterbox/nul.ie.signing.key.age
new file mode 100644
index 0000000..a13b4e9
--- /dev/null
+++ b/secrets/chatterbox/nul.ie.signing.key.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZB3e6Q o3nZEDuOm/JC/EhJ5uRnbMMHPNwRcKwfsPFNBVCjtHk
+cYKUNgQmkpTRSEm9ZINYlslv9O6MM3ujb1rNO7p7gvc
+-> X25519 TQ2jWod+e0a3ylj+GL8gPoScvzFdBCZcaYauY2gtsDY
+pP5q3ZYkRYqSeOEHxYXzQXCfltBGKi5jMpCfSP7PPSI
+-> `)-v-grease fr R1 W`Y
+pjfwfNM9JTJe0/mYB6OC6LtgJeIvn4RVJogageAl/djWgMVZ4DDr2kakgF3V28xf
+0g
+--- 4b27xLN78GCex7VdHqlJj8g+SuUlOOgZjZ4Qj8/RIsk
+-��N/&��ˀ�v��Eֶ`}�D���O#�`ZV�^D�"&���p
+�p�/ݹ��Ĭ�iq�lￚj@�i57O�,�䇩��$F2�h�S
\ No newline at end of file
diff --git a/secrets/chatterbox/synapse.yaml.age b/secrets/chatterbox/synapse.yaml.age
new file mode 100644
index 0000000000000000000000000000000000000000..4d9b5bec8d8d7da12164b11622e4a2334a4b76d8
GIT binary patch
literal 665
zcmV;K0%rYTXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LT0%2rHc=pG
zW<p0xYjikBP)bl|HB5R`M`J=cb4N%ybYf9@MN(QgK~zUmVR>;!Qc((YO-wgrSWq@v
zQF>%BS!r%eMssFyaBxL<b#YBkMORo=N=#@nG;cF+QF96{J|I{!H8n9gAWd;hZewdm
zIWlB$a7Ax(H&S+Qctm1Kc4Bo*bxlxVc{w(CXH{lVM0r7D3PNs6R7y%$OgA$%Y*9`(
zHEuC$YBWJMP&PtkOG0opbTBh@F;PWrcX(EF3N1b$L_KOqIc-TTXL4m>b7denASPuX
zCVg&9ejra|B2`8t3Tie(L@_H@Z7WGRYEM`zFG4dpQblb{L|8IXX-`a8R5Vp}ax-pE
zO>$OeZc#x=ZckE8I4?LzHg8pKFL`)ncM3FAZck%KNm?^GaC$;jcxGB`R!lflV_|Jt
zYBF(5VJ~lY3N0-yAY)fVLMu^aX-Y|ASbB9;Flbg$WNdC{STks1RaZ(dM@cYwWmI!T
zHD`H63g&`|;n6v)qLV0gln7IEY5#i>>(rRT&qd;<T37NyqmLYIVc=)~Kz>fVyQ$bD
zYk^Vp(Gh#i=$g5_ULeR@Z{*J9e7gO(#?{Wq@o#k-yNF9*p9m)<MTLE|ya<Md6xedj
zTy)8Zcr3{gjC^#jBJQqs<Zy{^DOLMniqP4O4d3R~ND@pzTDX*c+E@ZP1x6jsvGA6y
zuup~abv?FuYDz6qAu&%Vkc?!?rleM_@(_VcJNbmg^=CG=-ugo_fE7H3=5?MFSXxUi
z5SY*FfSQzJ2)jQ(a7SyU06~*C43hS`TdPw>J3`KhvU-2IUury<@vj$yH~-5_b|M1e

literal 0
HcmV?d00001

diff --git a/secrets/synapse.yaml.age b/secrets/synapse.yaml.age
deleted file mode 100644
index 8161f96..0000000
--- a/secrets/synapse.yaml.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 ZB3e6Q AvnSPA+VUhdJUbCuD6Z6+97ARp8C2t5nT/CeHuN5AAc
-WqDw3vXLZKCstp/E6v52khm0oqtdWfF8cawMnQnBrW4
--> X25519 vs4Yt4YWEc6EMzzVhuqrJoP1IJ/uW2gXhe7sYWEyCS0
-ZKHCfOaVxOgAbPRZ8xnfjOmn7bTMN1LFPYS4KViy2j4
--> -.kCW-grease Y@#W[w Xh8i*b1 Mm w-
-DY5V6JpMau3kcPKsbvjrS8URAkbgq8+w4mUryNFZzGhzQlPw3iYh7vl10Qg8JcI
---- gXzJ3T+a7mmUoIOodjGlcXnjuASgXLTR2vFaL28lbp8
-}>j�.�N:+�:N~6$as5�'�ʫ|El�
WO��4�oe_v�0�!o�V�d�q����G�kG2	���&�
-�`�m��+�7`7
-����=M���	,=��{#dq�`��*8*J�����Y�`3���P+�jھ�h�Mګ���}9ސ�]���@�,��������q�~�m�KԮ]a�6x�p-��2����%Ɗ��&Џ��=7����7�
\ No newline at end of file