diff options
author | Alex Auvolat <alex@adnab.me> | 2022-12-25 23:54:55 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-12-25 23:54:55 +0100 |
commit | 0d8c6a2d45c7b6bbb86f2d4268423578f0995894 (patch) | |
tree | a6bb9e1084d88e8a846d02164f294ce45948be0a | |
parent | 0becfc25717f659945a104d26209f63e573c4789 (diff) | |
download | nixcfg-0d8c6a2d45c7b6bbb86f2d4268423578f0995894.tar.gz nixcfg-0d8c6a2d45c7b6bbb86f2d4268423578f0995894.zip |
Remove obsolete Matrix TLS keysnew-secretmgr
-rw-r--r-- | cluster/prod/app/matrix/config/synapse/homeserver.yaml | 16 | ||||
-rw-r--r-- | cluster/prod/app/matrix/deploy/im.hcl | 15 | ||||
-rw-r--r-- | cluster/prod/app/matrix/secrets.toml | 14 |
3 files changed, 0 insertions, 45 deletions
diff --git a/cluster/prod/app/matrix/config/synapse/homeserver.yaml b/cluster/prod/app/matrix/config/synapse/homeserver.yaml index b4b7c67..48ae431 100644 --- a/cluster/prod/app/matrix/config/synapse/homeserver.yaml +++ b/cluster/prod/app/matrix/config/synapse/homeserver.yaml @@ -1,22 +1,6 @@ # vim:ft=yaml server_name: "deuxfleurs.fr" -# PEM encoded X509 certificate for TLS. -# You can replace the self-signed certificate that synapse -# autogenerates on launch with your own SSL certificate + key pair -# if you like. Any required intermediary certificates can be -# appended after the primary certificate in hierarchical order. -tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt" - -# PEM encoded private key for TLS -tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key" - -# PEM dh parameters for ephemeral keys -tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh" - -# Don't bind to the https port -no_tls: True - ## Server ## diff --git a/cluster/prod/app/matrix/deploy/im.hcl b/cluster/prod/app/matrix/deploy/im.hcl index bd28feb..339fea7 100644 --- a/cluster/prod/app/matrix/deploy/im.hcl +++ b/cluster/prod/app/matrix/deploy/im.hcl @@ -55,21 +55,6 @@ job "matrix" { # --- secrets --- template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" - destination = "secrets/conf/homeserver.tls.crt" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" - destination = "secrets/conf/homeserver.tls.dh" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" - destination = "secrets/conf/homeserver.tls.key" - } - - template { data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" destination = "secrets/conf/homeserver.signing.key" } diff --git a/cluster/prod/app/matrix/secrets.toml b/cluster/prod/app/matrix/secrets.toml index 98b2ddb..8cd1572 100644 --- a/cluster/prod/app/matrix/secrets.toml +++ b/cluster/prod/app/matrix/secrets.toml @@ -33,20 +33,6 @@ description = 'S3 secret access key for Matrix bucket' # Keys & stuff -[secrets."chat/synapse/homeserver.tls.dh"] -type = 'user' -multiline = true -description = 'DH parameters for matrix ssl key? how does this work?' - -[secrets."chat/synapse/homeserver.tls.crt"] -type = 'SSL_CERT' -name = 'synapse' -cert_domains = "['im.deuxfleurs.fr']" - -[secrets."chat/synapse/homeserver.tls.key"] -type = 'SSL_KEY' -name = 'synapse' - [secrets."chat/synapse/homeserver.signing.key"] type = 'user' description = 'Synapse homeserver ed25519 signing key' |