nixos/chatterbox: Production config

2022-07-10 18:16:35 +01:00 · 2022-07-10 18:16:35 +01:00 · 17b0f9e3de
commit 17b0f9e3de
parent f6c5a726de
5 changed files with 25 additions and 16 deletions
--- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix
@ -29,10 +29,16 @@
            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGx50oGzm5TsaB5R6f/daFPc5QNkmM15uc9/kiBxKaY";
-              files."synapse.yaml" = {
+              files = {
                "chatterbox/synapse.yaml" = {
                  owner = "matrix-synapse";
                  group = "matrix-synapse";
                };
                "chatterbox/nul.ie.signing.key" = {
                  owner = "matrix-synapse";
                  group = "matrix-synapse";
                };
              };
            };
            firewall = {
@ -42,7 +48,6 @@
          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
            services.matrix-synapse.enable = false;
          };
          services = {
@ -51,7 +56,7 @@
              enable = true;
              withJemalloc = true;
-              extraConfigFiles = [ config.age.secrets."synapse.yaml".path ];
+              extraConfigFiles = [ config.age.secrets."chatterbox/synapse.yaml".path ];
              settings = {
                server_name = "nul.ie";
                public_baseurl = "https://matrix.nul.ie";
@ -108,6 +113,7 @@
                  "198.51.100.0/24"
                  "203.0.113.0/24"
                  "224.0.0.0/4"
                  "::1/128"
                  "fe80::/10"
                  "fc00::/7"
@ -121,6 +127,8 @@
                enable_registration = false;
                allow_guest_access = false;
                signing_key_path = config.age.secrets."chatterbox/nul.ie.signing.key".path;
              };
            };
          };
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -62,6 +62,7 @@ in
          { }
          wellKnown
        ];
        useACMEHost = lib.my.pubDomain;
      };
      "localhost" = {
        forceSSL = false;
--- a/secrets/chatterbox/nul.ie.signing.key.age
+++ b/secrets/chatterbox/nul.ie.signing.key.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZB3e6Q o3nZEDuOm/JC/EhJ5uRnbMMHPNwRcKwfsPFNBVCjtHk
 cYKUNgQmkpTRSEm9ZINYlslv9O6MM3ujb1rNO7p7gvc
 -> X25519 TQ2jWod+e0a3ylj+GL8gPoScvzFdBCZcaYauY2gtsDY
 pP5q3ZYkRYqSeOEHxYXzQXCfltBGKi5jMpCfSP7PPSI
 -> `)-v-grease fr R1 W`Y
 pjfwfNM9JTJe0/mYB6OC6LtgJeIvn4RVJogageAl/djWgMVZ4DDr2kakgF3V28xf
 0g
 --- 4b27xLN78GCex7VdHqlJj8g+SuUlOOgZjZ4Qj8/RIsk
 -‹ŹN/&±ÖË€ŮvÖĚEÖ¶`}śD˛ áO#ü`ZV·^DÂ"&<13>ŻÇp
 špĐ/ÝąäáÄ¬–iqĆlďżšj@÷i57O×,ëä‡©ř”$F2ôhŹS
--- a/secrets/chatterbox/synapse.yaml.age
+++ b/secrets/chatterbox/synapse.yaml.age
--- a/secrets/synapse.yaml.age
+++ b/secrets/synapse.yaml.age
@ -1,11 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 ZB3e6Q AvnSPA+VUhdJUbCuD6Z6+97ARp8C2t5nT/CeHuN5AAc
 WqDw3vXLZKCstp/E6v52khm0oqtdWfF8cawMnQnBrW4
 -> X25519 vs4Yt4YWEc6EMzzVhuqrJoP1IJ/uW2gXhe7sYWEyCS0
 ZKHCfOaVxOgAbPRZ8xnfjOmn7bTMN1LFPYS4KViy2j4
 -> -.kCW-grease Y@#W[w Xh8i*b1 Mm w-
 DY5V6JpMau3kcPKsbvjrS8URAkbgq8+w4mUryNFZzGhzQlPw3iYh7vl10Qg8JcI
 --- gXzJ3T+a7mmUoIOodjGlcXnjuASgXLTR2vFaL28lbp8
 }>jÆ.ŠN:+í:N~6$as5œ'÷Ê«|Elô
WO“À4‚oe_vé0¦!oÜV¡dÑq ùŒßGûkG2	“Æû&ó
 <EFBFBD>`µm<C2B5>Â+›7`7
 ˜•Æå=M¼ðù	,=³Û{#dqÉ`œŽ*8*JÄ”µ´ÜY„`3‚½ˆP+„jÚ¾µh†MÚ«ƒª–}9Þ<39>¹]ÀýÊ@×,®Œ½þó÷¤†q¯~šm£KÔ®]a<>6xä—p-·2¾¼µ°%ÆŠ½<C5A0>&Ð<>²Ú=7ªÔë…¢7Ü