jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added matrix registration password

Browse source
This commit is contained in:
Jurn Wubben 2025-05-25 11:34:55 +02:00
parent fd9edd1b2f
commit d36eef7e1a
4 changed files with 23 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
secrets/default.nix
View file

@ -13,5 +13,6 @@
}; };
password.file = ./password.age; password.file = ./password.age;
matrix-priv.file = ./matrix-priv.age; matrix-priv.file = ./matrix-priv.age;
matrix-registration.file = ./matrix-registration.age;
}; };
} }

11
secrets/matrix-registration.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 WCPLrA XGZXUAx6d4swnmjGCMKtUnTmyyjUlHJwWweJLACKXHw
O7tDm8+1DJlEg2dmjiwZmBoirEK71I2GMA5JbkF3c14
-> ssh-ed25519 7/ziYw qWvGzM3dxCa31M4qp3VUHfYuoALGYC0nBCbYRlU/XBA
o+4UqGeenrH+dkWglWIY95aInDq/zybiJZzv3Qhoevk
-> ssh-ed25519 GQzYWA UbICRYTkeCqHM6Qzl50xBSlCgEl1BvMCSqAjusjfowQ
raXFAddeBL4AhViLzGxviy6kd9F6U4QlMI2SABuEQ08
-> ssh-ed25519 MfR7VA tIIPAbmPo1e9SH5gWhQQn5fqEgDlLDmZUBVkWVsvAVY
D03pcUpy06ptfRRG1PfaqMQLuxEGQN/AGdmjVFop8Ko
--- UQs52nFPmuzoQ8C++6tSE5ib+YQ1ap57ZrrzDeTxSL4
¯Ì zí ¹\0äãŒ9¹u´T¡$ö±/˜?“3€ ½~Ô!iL]¢£å§{SXgÀ;7â½8аnRâÖšØa2¸ÐÈ0W!@? ´E\¤ùZ[

1
secrets/secrets.nix
View file

@ -11,4 +11,5 @@ in {
"password.age".publicKeys = systems; "password.age".publicKeys = systems;
"dcbot.age".publicKeys = systems; "dcbot.age".publicKeys = systems;
"matrix-priv.age".publicKeys = systems; "matrix-priv.age".publicKeys = systems;
"matrix-registration.age".publicKeys = systems;
} }

20
system/server/matrix.nix
View file

@ -15,13 +15,20 @@ in {
dendrite = { dendrite = {
enable = true; enable = true;
httpPort = 9003; httpPort = 9003;
loadCredential = [
# $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key'
"matrix-server-key:${config.age.secrets.matrix-priv.path}"
];
environmentFile = config.age.secrets.matrix-registration.path; # Contains: `REGISTRATION_SHARED_SECRET=verysecretpassword`
# openRegistration = true;
settings = { settings = {
global = { global = {
inherit database;
server_name = "matrix.jsw.tf"; server_name = "matrix.jsw.tf";
private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key"; #nix shell nixpkgs#dendrite; generate-keys --private-key matrix_key.pem private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key"; #nix shell nixpkgs#dendrite; generate-keys --private-key matrix_key.pem
}; };
client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
global.database = database;
app_service_api.database = database; app_service_api.database = database;
federation_api.database = database; federation_api.database = database;
key_server.database = database; key_server.database = database;
@ -52,13 +59,6 @@ in {
reverse_proxy /_matrix/* localhost:9003 reverse_proxy /_matrix/* localhost:9003
''; '';
}; };
systemd.services.dendrite.after = ["postgresql.service"];
systemd.services.dendrite = {
serviceConfig.LoadCredential = [
# $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key'
"matrix-server-key:${config.age.secrets.matrix-priv.path}"
];
after = ["postgresql.service"];
};
}; };
} }