aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-25 23:54:55 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-25 23:54:55 +0100
commit0d8c6a2d45c7b6bbb86f2d4268423578f0995894 (patch)
treea6bb9e1084d88e8a846d02164f294ce45948be0a
parent0becfc25717f659945a104d26209f63e573c4789 (diff)
downloadnixcfg-0d8c6a2d45c7b6bbb86f2d4268423578f0995894.tar.gz
nixcfg-0d8c6a2d45c7b6bbb86f2d4268423578f0995894.zip
Remove obsolete Matrix TLS keysnew-secretmgr
-rw-r--r--cluster/prod/app/matrix/config/synapse/homeserver.yaml16
-rw-r--r--cluster/prod/app/matrix/deploy/im.hcl15
-rw-r--r--cluster/prod/app/matrix/secrets.toml14
3 files changed, 0 insertions, 45 deletions
diff --git a/cluster/prod/app/matrix/config/synapse/homeserver.yaml b/cluster/prod/app/matrix/config/synapse/homeserver.yaml
index b4b7c67..48ae431 100644
--- a/cluster/prod/app/matrix/config/synapse/homeserver.yaml
+++ b/cluster/prod/app/matrix/config/synapse/homeserver.yaml
@@ -1,22 +1,6 @@
# vim:ft=yaml
server_name: "deuxfleurs.fr"
-# PEM encoded X509 certificate for TLS.
-# You can replace the self-signed certificate that synapse
-# autogenerates on launch with your own SSL certificate + key pair
-# if you like. Any required intermediary certificates can be
-# appended after the primary certificate in hierarchical order.
-tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
-
-# PEM encoded private key for TLS
-tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
-
-# PEM dh parameters for ephemeral keys
-tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
-
-# Don't bind to the https port
-no_tls: True
-
## Server ##
diff --git a/cluster/prod/app/matrix/deploy/im.hcl b/cluster/prod/app/matrix/deploy/im.hcl
index bd28feb..339fea7 100644
--- a/cluster/prod/app/matrix/deploy/im.hcl
+++ b/cluster/prod/app/matrix/deploy/im.hcl
@@ -55,21 +55,6 @@ job "matrix" {
# --- secrets ---
template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}"
- destination = "secrets/conf/homeserver.tls.crt"
- }
-
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}"
- destination = "secrets/conf/homeserver.tls.dh"
- }
-
- template {
- data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}"
- destination = "secrets/conf/homeserver.tls.key"
- }
-
- template {
data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}"
destination = "secrets/conf/homeserver.signing.key"
}
diff --git a/cluster/prod/app/matrix/secrets.toml b/cluster/prod/app/matrix/secrets.toml
index 98b2ddb..8cd1572 100644
--- a/cluster/prod/app/matrix/secrets.toml
+++ b/cluster/prod/app/matrix/secrets.toml
@@ -33,20 +33,6 @@ description = 'S3 secret access key for Matrix bucket'
# Keys & stuff
-[secrets."chat/synapse/homeserver.tls.dh"]
-type = 'user'
-multiline = true
-description = 'DH parameters for matrix ssl key? how does this work?'
-
-[secrets."chat/synapse/homeserver.tls.crt"]
-type = 'SSL_CERT'
-name = 'synapse'
-cert_domains = "['im.deuxfleurs.fr']"
-
-[secrets."chat/synapse/homeserver.tls.key"]
-type = 'SSL_KEY'
-name = 'synapse'
-
[secrets."chat/synapse/homeserver.signing.key"]
type = 'user'
description = 'Synapse homeserver ed25519 signing key'