matrix-synapse: use registration_shared_secret_path instead
This commit is contained in:
parent
24b0d72d96
commit
79b5ad0754
@ -38,7 +38,7 @@
|
|||||||
z.mode = "0700";
|
z.mode = "0700";
|
||||||
};
|
};
|
||||||
"/etc/secrets/synapse-registration_shared_secret" = {
|
"/etc/secrets/synapse-registration_shared_secret" = {
|
||||||
f.argument = "registration_shared_secret: supersecret";
|
f.argument = "supersecret";
|
||||||
z = {
|
z = {
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
user = "root";
|
user = "root";
|
||||||
|
@ -102,6 +102,7 @@ in
|
|||||||
"turn:turn.matrix.org?transport=udp"
|
"turn:turn.matrix.org?transport=udp"
|
||||||
"turn:turn.matrix.org?transport=tcp"
|
"turn:turn.matrix.org?transport=tcp"
|
||||||
];
|
];
|
||||||
|
registration_shared_secret_path = "/run/synapse-registration-shared-secret";
|
||||||
listeners = [
|
listeners = [
|
||||||
{
|
{
|
||||||
port = 8008;
|
port = 8008;
|
||||||
@ -122,11 +123,10 @@ in
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
extraConfigFiles = [ "/run/synapse-registration-shared-secret.yaml" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.settings."01-matrix" = {
|
systemd.tmpfiles.settings."01-matrix" = {
|
||||||
"/run/synapse-registration-shared-secret.yaml" = {
|
"/run/synapse-registration-shared-secret" = {
|
||||||
C.argument =
|
C.argument =
|
||||||
config.clanCore.facts.services.matrix-synapse.secret.synapse-registration_shared_secret.path;
|
config.clanCore.facts.services.matrix-synapse.secret.synapse-registration_shared_secret.path;
|
||||||
z = {
|
z = {
|
||||||
@ -154,7 +154,7 @@ in
|
|||||||
pwgen
|
pwgen
|
||||||
];
|
];
|
||||||
generator.script = ''
|
generator.script = ''
|
||||||
echo "registration_shared_secret: $(pwgen -s 32 1)" > "$secrets"/synapse-registration_shared_secret
|
echo -n "$(pwgen -s 32 1)" > "$secrets"/synapse-registration_shared_secret
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@ -182,7 +182,7 @@ in
|
|||||||
trap 'rm -f "$headers"' EXIT
|
trap 'rm -f "$headers"' EXIT
|
||||||
|
|
||||||
cat > "$headers" <<EOF
|
cat > "$headers" <<EOF
|
||||||
Authorization: Bearer $(cat /run/synapse-registration-shared-secret.yaml| sed -n 's/registration_shared_secret: //p')
|
Authorization: Bearer $(cat /run/synapse-registration-shared-secret)
|
||||||
EOF
|
EOF
|
||||||
''
|
''
|
||||||
+ lib.concatMapStringsSep "\n" (user: ''
|
+ lib.concatMapStringsSep "\n" (user: ''
|
||||||
|
Loading…
Reference in New Issue
Block a user