From cfc871cce6aefaa0ff64619780a807cba761c6b2 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 30 Jan 2023 12:20:23 +0100 Subject: ... --- hosts/surtr/matrix/coturn-auth-secret | 16 ++++++++-------- hosts/surtr/matrix/coturn-auth-secret.yaml | 26 -------------------------- hosts/surtr/matrix/coturn-auth-secret_yaml | 26 ++++++++++++++++++++++++++ hosts/surtr/matrix/default.nix | 26 +++++++------------------- hosts/surtr/matrix/registration.yaml | 26 -------------------------- hosts/surtr/matrix/registration_yaml | 26 ++++++++++++++++++++++++++ 6 files changed, 67 insertions(+), 79 deletions(-) delete mode 100644 hosts/surtr/matrix/coturn-auth-secret.yaml create mode 100644 hosts/surtr/matrix/coturn-auth-secret_yaml delete mode 100644 hosts/surtr/matrix/registration.yaml create mode 100644 hosts/surtr/matrix/registration_yaml (limited to 'hosts/surtr/matrix') diff --git a/hosts/surtr/matrix/coturn-auth-secret b/hosts/surtr/matrix/coturn-auth-secret index 95e4b21a..1fdccfc3 100644 --- a/hosts/surtr/matrix/coturn-auth-secret +++ b/hosts/surtr/matrix/coturn-auth-secret @@ -5,18 +5,18 @@ "gcp_kms": null, "azure_kv": null, "hc_vault": null, - "age": null, + "age": [ + { + "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3c3BHcjdMQ0FQRy9JREFq\nUi8rNW55NXFIcUN6a056QXZ6MGUrYWdRNGxVCjA1ZnF3ME1YbitxS2h2RU1EU1Vs\ndUorVGpqaFMzRWY0cHIxdFRiMmhwR2sKLS0tIFBZWjIzWjk0ekFjb0FUcExPcmI2\ndlQ1cjFPZ3pGVHduSEVZbFRnU2RYUzAK78yGOcKO3IZlf2d1zBr9hVix/FPIH/+0\nQr3RstH8WG4z92zJcjWVoSyOZ76t3p1nyL7VbCtEewU1miU1S+VKdQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], "lastmodified": "2022-02-25T10:32:29Z", "mac": "ENC[AES256_GCM,data:R671lXt7nS3uUElvpVOJPLVZJH7FTYPUH5Qz54kKhrMdReFei5dSXr7XwaxhloCMnEppM4+cTr+7xn++j9I9H5S3/bo1rxxPRSRa/AbO8w9VjGXzYIe+SA/VLx6vY8B2zjizWroZnL+SdZuYkUDzoBYIYm6MrLZDuK6m2AYLiK4=,iv:dAl5o087g/KV4l3EJN1okXqN5dDRb3qK3JOZD9S7o8o=,tag:XgFta6DXWgn5pXS5Cm2vzA==,type:str]", "pgp": [ { - "created_at": "2022-02-25T10:32:28Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdArxQlwu//uFR3wnA2qvHaHxH1Nmi2273msPeSK5xnpEow\nVZyeSzDzbXL/EIICUVmvnPaEvQ+hwgSRs6UQ2WUvj4KNTSQkLlcc5DSUF2hI220H\n0l4BMzQzLS9WqZvFDHWxM4A550s/kT8XOknr6EtmNpcUX+Iqxev+nJtIiawrAY2d\nb5UYgOm8daPdfkuph/ckD8fz8lRpAiaOA6c9BAxwcygR9rA5LrTISr06gDegKTyU\n=qnpg\n-----END PGP MESSAGE-----\n", - "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" - }, - { - "created_at": "2022-02-25T10:32:28Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAn2Nv11If4PfUagCEXFjiVaqTlFRVyz+CY7PXuyV5iCQw\ng+nkSlqpiEGh33xCVFXFlOzrsfzc7N5oAwvXHdKi6mk1J4nXTE48q3r8ngP87F2U\n0l4BdHhdgp02XXXXRj3Z81rTG1PEOOhjWHTO3fE3SsSk7VB1HTI+3HiaQdkZK31J\nZ0jUT/WOEXDP/0v6jMWspCjSayzYqNW7z+iY0V0qzm/ny1Hc+3/fazsmVMDu45Oe\n=f9au\n-----END PGP MESSAGE-----\n", + "created_at": "2023-01-30T11:01:22Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAEbTqeFLafUwkP+hejHgyHA4q5Tv5YOYac8Ds/BwS6Dcw\n07oIsxZUH+v7e1FmnF1+CJvXLkEwgCVvtOUp2g5vaDoRK8c862NuQmsVnBnthOnc\n0l4BE9p07QwAhBKcRl9SW1ltkjVs1fl1hwY5IyJJ0iX/4n0LgJSdDv6NbWS/bRhC\neq63pYNg0Wr/3t5DXoGgbJjOlG6bR9QeKXNYLP0qNmVy9/mC0zuoj81Lw6U0WW6r\n=dukm\n-----END PGP MESSAGE-----\n", "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" } ], diff --git a/hosts/surtr/matrix/coturn-auth-secret.yaml b/hosts/surtr/matrix/coturn-auth-secret.yaml deleted file mode 100644 index b6d08fb7..00000000 --- a/hosts/surtr/matrix/coturn-auth-secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:IkOhX6yVHpcgEPF1lsSe+ZJ4E6X5eHQNRD5Epub9zQMRBsiVH+Kqdw6zOZcWHXXfcSE72Q44Hv1Xy2qjlC4i9T9K/w==,iv:1nVKgOVpYVMpK/XexGcVEww8GRP6ydpjcVxFyzTJcUs=,tag:j98GvQMrV171Q/2lj4jR+g==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-02-25T10:33:27Z", - "mac": "ENC[AES256_GCM,data:3vHGQ14yM2M5q9h3P6OYnJmyBTJ7CsawjBoNeooNwfSMAQfqsUH5NOSNV66L7q42XsBXgD0+U9XB5+FIYNl1wkqAY3Q84S/hlYKdLYc80nhT1YvG8+o+6YLJCNj51ZvL2kN6V3qwk15XpSVXqK5dS5NSllCm+AXyaGQg3s6gyPI=,iv:Vg1R+UU6vvOL2NM3SREvc/jBILqWshQjc+lz17j9njE=,tag:lqSzXErc6Y319E+yJ4H5UA==,type:str]", - "pgp": [ - { - "created_at": "2022-02-25T10:33:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAT7ONJCB0zAFZsBxJaltYzG2C7PMvrfihMZFVn55SbXYw\nY6UFWL26pF3Rt+8nwGBUFvS8nW1Oqez7zGRDc5cJOZlf2OfL1tlMYWWf7diEc910\n0l4BNdcLviLG/GShe2d/fYu7UkLnaLEyKsrecF2T8ezF6k3/G/P1qI8T8lIGSMF5\nkfqCO70okg3qdLDxVV75beHOtOVWdT+O3MrteEHCv54Yu4TFe7nwVj41lVYEIaZd\n=67a3\n-----END PGP MESSAGE-----\n", - "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" - }, - { - "created_at": "2022-02-25T10:33:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAK8sRxj63lDfEn661bNR5YkC8kMpeM06/h+0/ONH5dA4w\nAkZcicFVb++DsYK6W+ixEZO5c8r/TJ57KfeL/Q+oWwPKPfp+wsSJMtRVh+u+1wfO\n0l4BxR8kpEJCtBHU+zdiUNEvS4sAPQaGaUj40lUMmPCYqh30ehGWXJsZcsUfSeV5\n40ArIdljVy+MFK8SJHpH18U+1cRu7cD350Gtt0QRPiTWGbN0u/c6ihIAe29BLZdb\n=GTZL\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/hosts/surtr/matrix/coturn-auth-secret_yaml b/hosts/surtr/matrix/coturn-auth-secret_yaml new file mode 100644 index 00000000..a59aee14 --- /dev/null +++ b/hosts/surtr/matrix/coturn-auth-secret_yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:IkOhX6yVHpcgEPF1lsSe+ZJ4E6X5eHQNRD5Epub9zQMRBsiVH+Kqdw6zOZcWHXXfcSE72Q44Hv1Xy2qjlC4i9T9K/w==,iv:1nVKgOVpYVMpK/XexGcVEww8GRP6ydpjcVxFyzTJcUs=,tag:j98GvQMrV171Q/2lj4jR+g==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGRYV3RFYVc4c0FiZU1z\nSEhMbVR2OFFKTjVUbFBUOVl4aEhVRUtMbFRnCnNjTUxiNnhWeUNBVC8yc1AzSXNN\nQUdkZ3plMXNDeHZxWElaV0VlVWlINjAKLS0tIGRUM2Q0Qi9EK3pQNW5qYW8wdUNW\nM05HejN0QkxjR2t4TnVWR1hud0N0cmMK3crZ+0zqkeMf7y3KJ5Q2qDXOLbAoREim\nq1hlTTU1vbHMpS3ZFdOpsx1aj7zkday7WqIgOTl3Uro5KT02uI0y3Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-02-25T10:33:27Z", + "mac": "ENC[AES256_GCM,data:3vHGQ14yM2M5q9h3P6OYnJmyBTJ7CsawjBoNeooNwfSMAQfqsUH5NOSNV66L7q42XsBXgD0+U9XB5+FIYNl1wkqAY3Q84S/hlYKdLYc80nhT1YvG8+o+6YLJCNj51ZvL2kN6V3qwk15XpSVXqK5dS5NSllCm+AXyaGQg3s6gyPI=,iv:Vg1R+UU6vvOL2NM3SREvc/jBILqWshQjc+lz17j9njE=,tag:lqSzXErc6Y319E+yJ4H5UA==,type:str]", + "pgp": [ + { + "created_at": "2023-01-30T11:16:04Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA/y2slhvN579NGaAU+tJW5h9XhM56LcYiF4DjlEXJpmcw\n92MlQtinGuYhSyuJEIWuvi0oRPqGM5S+aUrYB2JzW0Qr57xXZh/cDliF0ZwzyEZ1\n0l4B1O9m3dpny69edGuUo+dBlembo+CljXSFQcQ5/cyYk9e1aZC1cpqoMLjkqiDN\nycyjObhTmwh3hq5+93azbmu8GbRAs0UGObt6nzT4YK1GuDnV4hlqM3vF0Y44blg8\n=AAhr\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index df044622..5b89e321 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix @@ -77,11 +77,11 @@ with lib; }; sops.secrets."matrix-synapse-registration.yaml" = { format = "binary"; - sopsFile = ./registration.yaml; + sopsFile = ./registration_yaml; }; sops.secrets."matrix-synapse-turn-secret.yaml" = { format = "binary"; - sopsFile = ./coturn-auth-secret.yaml; + sopsFile = ./coturn-auth-secret_yaml; }; systemd.services.matrix-synapse = { @@ -222,27 +222,15 @@ with lib; }; }; - security.acme.domains = { + security.acme.rfc2136Domains = { "element.synapse.li" = { - zone = "synapse.li"; - certCfg = { - postRun = '' - ${pkgs.systemd}/bin/systemctl try-restart nginx.service - ''; - }; + restartUnits = ["nginx.service"]; }; "turn.synapse.li" = { - zone = "synapse.li"; - certCfg = { - postRun = '' - ${pkgs.systemd}/bin/systemctl try-restart coturn.service - ''; - }; + restartUnits = ["coturn.service"]; }; - "synapse.li".certCfg = { - postRun = '' - ${pkgs.systemd}/bin/systemctl try-restart nginx.service - ''; + "synapse.li" = { + restartUnits = ["nginx.service"]; }; }; diff --git a/hosts/surtr/matrix/registration.yaml b/hosts/surtr/matrix/registration.yaml deleted file mode 100644 index 44b9ca89..00000000 --- a/hosts/surtr/matrix/registration.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-02-24T21:20:09Z", - "mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]", - "pgp": [ - { - "created_at": "2022-02-24T21:18:14Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAd77XebsH3fPMPEHxFn2zEVKiHBKkhSsCLESuR2PPRksw\nw8zx2eJsnnW7GnjTF7LH/OPYyDEHgSu73ZFcsUebjESupZKbeu/EL/fkNaVdHfFk\n0l4BC8BYAXh22mgnHYV2ZJp0WAfv2WL0nhemY2uQ8Zs2Zdf9866/j57xvj6RQEXP\nbInXWALV1wdXhnBGlYILdEo7U9RPHRVsbqdiRq7KZVi2gNAn93lBk5qcHsQTgIkz\n=4bf7\n-----END PGP MESSAGE-----\n", - "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" - }, - { - "created_at": "2022-02-24T21:18:14Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAi4YnLeLo0H8uz6DbU8knoDxsgxqFcwp1M7kQp4GllFsw\nNjwT3AdoMxCYOOqFF9dNzcEieI4hqwfeN3pxe8hw5TG7EvlUbiY3x7udzoO0+9Tm\n0l4BdV1+kQsB1tldnVo+II7EvP9HWWtNowmZzZgmVRxHt/wTL2VrB3gS7EZFssoV\nDtHpqD7cQ6Pbe+R1bzg1TDmNRamzvMUKYIaJ8tuUgA2HmZI4SiaNBPLX4XML5Zbz\n=9njW\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/hosts/surtr/matrix/registration_yaml b/hosts/surtr/matrix/registration_yaml new file mode 100644 index 00000000..690d6624 --- /dev/null +++ b/hosts/surtr/matrix/registration_yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:RrFw7leN405vBuzzDi8HMMsZ68gGRNuEJ7tuPjgIsGbcI1eYQwaV1+81J3TUMFhqsgpsF3OuPEVcTEBAAaSSPJbPMiUo2dbS1AzZ,iv:+sfQ9yW+rbSDQiRlaPF5plMxwgKI6qa9o/FzLVeVHV0=,tag:Y1dnxQgFDUeRoELbSCiQBg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZFpSL2VkY0tJN2oyYmRk\naWZPOUNNZmJHUi9CbmwxcUdKcko1RFlMY2xvCmd0YXB1K3JGTGdWeDhpVkl3cjlC\nM3orWDNrQXlDT3E1YlVhMnBPV213U1UKLS0tIHZqY0pxckFwd1BNbHAvcDZLS1dn\nN2V5bHNzWVdTekdDRFlXNUNLSElQYTQKzUaW39wz2nQGeektGar+s7tGAS+2mT1w\n0qcB87XMc7rTIRd/BEg1eaP7gkPGOg1MjnQ08f1yMi3bEcaQTIUK1A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-02-24T21:20:09Z", + "mac": "ENC[AES256_GCM,data:llCJ+LjuyaPhslNPzdARtBt67R7EcllGER9u/w8NEPd1kC2RyGGsUiO2y+LywO1SY4OO0JG5M3FAIYuXEefKofzeDMCzFlmDjPRdjts9N6e6ObGyVSppOCcRIn7J1lyy+Ml+qbxuV0VrP0DN6OxLGO/dOcvtsYjftPKxcUiplNQ=,iv:ZtBLC4Tl++1yNGK07/4GL+Qzq+Hy25gfRNRxJTvL53U=,tag:V6NyCT/1ZN0qNd1tc+NRQg==,type:str]", + "pgp": [ + { + "created_at": "2023-01-30T11:16:07Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzZvOhQPLBqBlDLWEuWvuVHRVLlFWpPrM2pmNcnGr5VEw\nok3er4p7bzIvWcUIX+7hifHaDpGIN7K9eJmDN3RSfdmDZhL82KaFwizHBNfYJzf6\n0l4BgUkKJeakv7qCUBuI8rp3z/b/puMp+hy4N7bgbMEOZ4m2y+ZWdZs9L6xTR9bX\nYhq/9wz0p1QAgNcamt8f/lMH7ef/bn/7qaS6byIeblveWIYnhPQS/h0Dpay5khkX\n=JPSD\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file -- cgit v1.2.3