summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-27 17:15:34 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-27 17:15:34 +0100
commitac7290dc3ca3db1047ce3857df0032d506db9f1e (patch)
tree2c160e8e630a0bd38973f364cf80c5e4e1cd82a5
parent02636f76e947148ef5edbe516d78a937d54119b7 (diff)
downloadnixos-ac7290dc3ca3db1047ce3857df0032d506db9f1e.tar
nixos-ac7290dc3ca3db1047ce3857df0032d506db9f1e.tar.gz
nixos-ac7290dc3ca3db1047ce3857df0032d506db9f1e.tar.bz2
nixos-ac7290dc3ca3db1047ce3857df0032d506db9f1e.tar.xz
nixos-ac7290dc3ca3db1047ce3857df0032d506db9f1e.zip
surtr: matrix: remove synapse-admin
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/keys/admin.synapse.li_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/li.synapse.soa6
-rw-r--r--hosts/surtr/matrix/default.nix24
-rw-r--r--hosts/surtr/tls/tsig_keys/admin.synapse.li26
5 files changed, 2 insertions, 82 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 0115412c..0a754a86 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -171,7 +171,7 @@ in {
171 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; 171 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; };
172 } 172 }
173 { domain = "synapse.li"; 173 { domain = "synapse.li";
174 acmeDomains = ["element.synapse.li" "turn.synapse.li" "admin.synapse.li" "synapse.li"]; 174 acmeDomains = ["element.synapse.li" "turn.synapse.li" "synapse.li"];
175 } 175 }
176 { domain = "dirty-haskell.org"; 176 { domain = "dirty-haskell.org";
177 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; 177 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; };
diff --git a/hosts/surtr/dns/keys/admin.synapse.li_acme.yaml b/hosts/surtr/dns/keys/admin.synapse.li_acme.yaml
deleted file mode 100644
index d13a9403..00000000
--- a/hosts/surtr/dns/keys/admin.synapse.li_acme.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
1{
2 "data": "ENC[AES256_GCM,data:cs9r+cwKJ8JBoab7hXISz3R1YBoN17RXGMN8Wnnc27sarStdIkjsqL+/VwcVIIZVX34qGREp/OIAd6In98f2YZbBm4yWKlXePYPCENW0E0T7/KWRbaokbfcSKtpjvfjS+pzHPo2gMtnCJCFyYFQF9x3+v2VRA8CT/oU3vRqgodJtsODrhRO/oV96ACglIJC5ih398XsMdVZ5zMDlp9fAYFF0LlFA/p7FZqcF+otpcMJ+cQ6VGUrypxKBoRoA6iP3BNBMF7fy+vLLhqoTFLxM+w==,iv:DlGxtoLZXDAe5mUK4LJ4fvXzLuAc+9OoWRouh1sWGQs=,tag:S0//TWWd5A8fySEH6Kfurg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-27T15:49:29Z",
10 "mac": "ENC[AES256_GCM,data:LnRMVfrAZpiK2WYswCC2xYdv6RsX8/QAFQaB8tVhcBjLWh0N6gcPUe+FLI7hnARb5lmWSf7pgaeG86C1Ub1lYv9G/UO2cQzEOBjinV3/5KoDlQiWhPBW43OVDU5E+5gttQ1Pg78gwBJNrhIC4W0ldhXMQ0M4UiAH2nAvvb9vvgA=,iv:Ynryxx9ChY2xd7L0bDqZa7X8yVwtbOQqjUyNhwIuAD4=,tag:HCWrf+bjLwrX9WOoINuVmg==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-27T15:49:29Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAbHBgl300+9u9JbBwMpVa5shoc3xFohBUenBEbci+uWgw\nLGNtcsUAoZaiXyqiRVOFRMSFVE2Fu9oKT87Vqj/PVzNk68+ZRrU/TML4O5idIjiO\n0l4BwcsSwdF3eMObmBLkLqE5O+To0quuh/bPdjmJJPxEfoNUcl7obnmV+zaeDY6u\nzJcjFxiO/SV9WufkPu2Nvo1cpW85X608k0Fhx6yh3NB3txprO8wAjL+PrIFOdcXp\n=Aw7d\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-27T15:49:29Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdADXyBezsuvZOZE8WdeRPbuX3Jywzue+IAV1aBfEFTF3kw\n+kN4BNcjGEs/uzZXH2E9gWQOoIy+pXhzGYipBxQr9UTZx0kGjNnzxYSp2spidHlv\n0l4BckHPI6IKEhcm1LLiLpE/Jb2RU8JVSP1EYa0uB+43QLKPZ6BV6IRx+yyV+ae9\n5c0oQPbe1XVVLcaLYbN9Os0UZAtpaWvqacXfWfF5V2IPj1j1bEe7VrK9HNnslCi6\n=eCXw\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa
index 8991b8ea..17e5c40a 100644
--- a/hosts/surtr/dns/zones/li.synapse.soa
+++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -1,7 +1,7 @@
1$ORIGIN synapse.li. 1$ORIGIN synapse.li.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022022700 ; serial 4 2022022701 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -27,10 +27,6 @@ element IN A 202.61.241.61
27element IN AAAA 2a03:4000:52:ada:: 27element IN AAAA 2a03:4000:52:ada::
28_acme-challenge.element IN NS ns.yggdrasil.li. 28_acme-challenge.element IN NS ns.yggdrasil.li.
29 29
30admin IN A 202.61.241.61
31admin IN AAAA 2a03:4000:52:ada::
32_acme-challenge.admin IN NS ns.yggdrasil.li.
33
34turn IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" 30turn IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01"
35turn IN CAA 128 issue "sectigo.com; validationmethods=dns-01" 31turn IN CAA 128 issue "sectigo.com; validationmethods=dns-01"
36turn IN CAA 128 iodef "mailto:caa@yggdrasil.li" 32turn IN CAA 128 iodef "mailto:caa@yggdrasil.li"
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 24a78853..842c6c56 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -141,18 +141,6 @@ with lib;
141 }; 141 };
142 }; 142 };
143 }; 143 };
144
145 virtualHosts."admin.synapse.li" = {
146 forceSSL = true;
147 sslCertificate = "/run/credentials/nginx.service/admin.synapse.li.pem";
148 sslCertificateKey = "/run/credentials/nginx.service/admin.synapse.li.key.pem";
149 sslTrustedCertificate = "/run/credentials/nginx.service/admin.synapse.li.chain.pem";
150 extraConfig = ''
151 add_header Strict-Transport-Security "max-age=63072000" always;
152 '';
153
154 root = pkgs.synapse-admin;
155 };
156 }; 144 };
157 145
158 security.acme.domains = { 146 security.acme.domains = {
@@ -164,14 +152,6 @@ with lib;
164 ''; 152 '';
165 }; 153 };
166 }; 154 };
167 "admin.synapse.li" = {
168 zone = "synapse.li";
169 certCfg = {
170 postRun = ''
171 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
172 '';
173 };
174 };
175 "turn.synapse.li" = { 155 "turn.synapse.li" = {
176 zone = "synapse.li"; 156 zone = "synapse.li";
177 certCfg = { 157 certCfg = {
@@ -201,10 +181,6 @@ with lib;
201 "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem" 181 "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
202 "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem" 182 "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
203 "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem" 183 "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
204
205 "admin.synapse.li.key.pem:${config.security.acme.certs."admin.synapse.li".directory}/key.pem"
206 "admin.synapse.li.pem:${config.security.acme.certs."admin.synapse.li".directory}/fullchain.pem"
207 "admin.synapse.li.chain.pem:${config.security.acme.certs."admin.synapse.li".directory}/chain.pem"
208 ]; 184 ];
209 }; 185 };
210 }; 186 };
diff --git a/hosts/surtr/tls/tsig_keys/admin.synapse.li b/hosts/surtr/tls/tsig_keys/admin.synapse.li
deleted file mode 100644
index c8494ef7..00000000
--- a/hosts/surtr/tls/tsig_keys/admin.synapse.li
+++ /dev/null
@@ -1,26 +0,0 @@
1{
2 "data": "ENC[AES256_GCM,data:x40OWMJpkH4Zf0xdIS2KacFLNS0QM9jCqP5MbwyK4oAVXbWeoTx9zd3wc6Z1,iv:R1bkvNX7OhBoXD6K//PJUMbq3bRXgxD3mGR+tYtuN/8=,tag:WEntGxQqfY9KwYm9CKTqFw==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-27T15:49:30Z",
10 "mac": "ENC[AES256_GCM,data:IoRbn3SZP65wbUcmImB8dnvGZhtXi0Uij6Fwa1rgEagEgtlWGn/LysiYVfGQSrh6fNyOydh4QHRRiDdnIWUtXLSnm2N0Ku++y46cgg5RQgVLW4Uy0vKg5ywlsY0NICvSvMCLx0TvZJjH4hTEJ7ozjGNvVzT4KI3xMBlgfszP6HY=,iv:zIvNyk1EXS39y+nDXUvJ4+OF/N1RXqmDr+kPrCliPpI=,tag:HHqf66wwRNc9gcsh1PA2Qw==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-27T15:49:30Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA3iu70kCdXfhjVwRNJeaLlIrpM3hMqustidyhWkDAJj8w\nuhC5ryHB59ar8yVrng73UeTr7t/vAX2V9yAXZm+JyaMUGqmBrLjl8ggw9ZkVTEn9\n0l4BTLuihTCGIaXY8uKFJy5Ld14y5kHF4DpvRk78ShnNc8L+c54+59DjUOqxdc2p\n6QN4S87nnpWnpHT8GTEGOQ8VoCWVVrrkTwvYrBrhdXouCunKT5jA8i58sw4SQR8L\n=h2aC\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-27T15:49:30Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcSCm4IdskoSE21H7zGYii6icIEwy/7JLeg0o/eNBbnww\nMwq/d53JaXIJpM/fJyYqDUh//1jaLVzOsqOCKGBCScoYYAFGvzFo2IAWeO28D5XO\n0l4Bc6uDRC93MvuhGd/FEKrYTvmzCyHNWUfuHVKOE8SILzaMMQAslvAoXEz2Lesx\naZioIa+c5bOzWa8TFxeOcYH+bVlX+FyymHdSwV6IOMis/NJXLuk8K8OkSXOxQOLi\n=bi97\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file