2 files changed, 33 insertions, 0 deletions
diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix/default.nix
index b6e6d29d..aad9bc90 100644
--- a/hosts/surtr/matrix.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -30,6 +30,12 @@
      tls_certificate_path = "/run/credentials/matrix-synapse/synapse.li.pem";
      tls_private_key_path = "/run/credentials/matrix-synapse/synapse.li.key.pem";
      tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path;
+      extraConfigFiles = ["/run/credentials/matrix-synapse/registration.yaml"];
+    };
+    sops.secrets."matrix-synapse-registration.yaml" = {
+      format = "binary";
+      sopsFile = ./registration.yaml;
    };
    systemd.services.matrix-synapse = {
@@ -37,6 +43,7 @@
        LoadCredential = [
          "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
          "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
+          "registration.yaml:${config.sops.secrets."matrix-synapse-registration.yaml".path}"
        ];
      };
    };
diff --git a/hosts/surtr/matrix/registration.yaml b/hosts/surtr/matrix/registration.yaml
new file mode 100644
index 00000000..44b9ca89
--- /dev/null
+++ b/hosts/surtr/matrix/registration.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-02-24T21:20:09Z",
+                "mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-02-24T21:18:14Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAd77XebsH3fPMPEHxFn2zEVKiHBKkhSsCLESuR2PPRksw\nw8zx2eJsnnW7GnjTF7LH/OPYyDEHgSu73ZFcsUebjESupZKbeu/EL/fkNaVdHfFk\n0l4BC8BYAXh22mgnHYV2ZJp0WAfv2WL0nhemY2uQ8Zs2Zdf9866/j57xvj6RQEXP\nbInXWALV1wdXhnBGlYILdEo7U9RPHRVsbqdiRq7KZVi2gNAn93lBk5qcHsQTgIkz\n=4bf7\n-----END PGP MESSAGE-----\n",
+                                "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+                        },
+                        {
+                                "created_at": "2022-02-24T21:18:14Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi4YnLeLo0H8uz6DbU8knoDxsgxqFcwp1M7kQp4GllFsw\nNjwT3AdoMxCYOOqFF9dNzcEieI4hqwfeN3pxe8hw5TG7EvlUbiY3x7udzoO0+9Tm\n0l4BdV1+kQsB1tldnVo+II7EvP9HWWtNowmZzZgmVRxHt/wTL2VrB3gS7EZFssoV\nDtHpqD7cQ6Pbe+R1bzg1TDmNRamzvMUKYIaJ8tuUgA2HmZI4SiaNBPLX4XML5Zbz\n=9njW\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file

diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix/default.nix index b6e6d29d..aad9bc90 100644 --- a/hosts/surtr/matrix.nix +++ b/hosts/surtr/matrix/default.nix
@@ -30,6 +30,12 @@
30	tls_certificate_path = "/run/credentials/matrix-synapse/synapse.li.pem";	30	tls_certificate_path = "/run/credentials/matrix-synapse/synapse.li.pem";
31	tls_private_key_path = "/run/credentials/matrix-synapse/synapse.li.key.pem";	31	tls_private_key_path = "/run/credentials/matrix-synapse/synapse.li.key.pem";
32	tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path;	32	tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path;
		33
		34	extraConfigFiles = ["/run/credentials/matrix-synapse/registration.yaml"];
		35	};
		36	sops.secrets."matrix-synapse-registration.yaml" = {
		37	format = "binary";
		38	sopsFile = ./registration.yaml;
33	};	39	};
34		40
35	systemd.services.matrix-synapse = {	41	systemd.services.matrix-synapse = {
@@ -37,6 +43,7 @@
37	LoadCredential = [	43	LoadCredential = [
38	"synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"	44	"synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
39	"synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"	45	"synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
		46	"registration.yaml:${config.sops.secrets."matrix-synapse-registration.yaml".path}"
40	];	47	];
41	};	48	};
42	};	49	};


diff --git a/hosts/surtr/matrix/registration.yaml b/hosts/surtr/matrix/registration.yaml new file mode 100644 index 00000000..44b9ca89 --- /dev/null +++ b/hosts/surtr/matrix/registration.yaml
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2022-02-24T21:20:09Z",
		10	"mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2022-02-24T21:18:14Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAd77XebsH3fPMPEHxFn2zEVKiHBKkhSsCLESuR2PPRksw\nw8zx2eJsnnW7GnjTF7LH/OPYyDEHgSu73ZFcsUebjESupZKbeu/EL/fkNaVdHfFk\n0l4BC8BYAXh22mgnHYV2ZJp0WAfv2WL0nhemY2uQ8Zs2Zdf9866/j57xvj6RQEXP\nbInXWALV1wdXhnBGlYILdEo7U9RPHRVsbqdiRq7KZVi2gNAn93lBk5qcHsQTgIkz\n=4bf7\n-----END PGP MESSAGE-----\n",
		15	"fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
		16	},
		17	{
		18	"created_at": "2022-02-24T21:18:14Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi4YnLeLo0H8uz6DbU8knoDxsgxqFcwp1M7kQp4GllFsw\nNjwT3AdoMxCYOOqFF9dNzcEieI4hqwfeN3pxe8hw5TG7EvlUbiY3x7udzoO0+9Tm\n0l4BdV1+kQsB1tldnVo+II7EvP9HWWtNowmZzZgmVRxHt/wTL2VrB3gS7EZFssoV\nDtHpqD7cQ6Pbe+R1bzg1TDmNRamzvMUKYIaJ8tuUgA2HmZI4SiaNBPLX4XML5Zbz\n=9njW\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.1"
		25	}
		26	} \ No newline at end of file