cluster/prod/app/matrix/secrets.toml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

[service_users."matrix"]
description = 'Matrix service user'
dn_secret = 'chat/synapse/ldap_binddn'
password_secret = 'chat/synapse/ldap_bindpw'


# Postgresql DB

[secrets."chat/synapse/postgres_db"]
type = 'user'
description = 'Synapse PostgrSQL database name'
example = 'synapse'

[secrets."chat/synapse/postgres_user"]
type = 'service_username'
service = 'matrix'

[secrets."chat/synapse/postgres_pwd"]
type = 'service_password'
service = 'matrix'


# S3 access

[secrets."chat/synapse/s3_access_key"]
type = 'user'
description = 'S3 access key ID for Matrix bucket'

[secrets."chat/synapse/s3_secret_key"]
type = 'user'
description = 'S3 secret access key for Matrix bucket'


# Keys & stuff

[secrets."chat/synapse/homeserver.tls.dh"]
type = 'user'
multiline = true
description = 'DH parameters for matrix ssl key? how does this work?'

[secrets."chat/synapse/homeserver.tls.crt"]
type = 'SSL_CERT'
name = 'synapse'
cert_domains = "['im.deuxfleurs.fr']"

[secrets."chat/synapse/homeserver.tls.key"]
type = 'SSL_KEY'
name = 'synapse'

[secrets."chat/synapse/homeserver.signing.key"]
type = 'user'
description = 'Synapse homeserver ed25519 signing key'

[secrets."chat/synapse/registration_shared_secret"]
type = 'command'
rotate = true
command = 'head -c 32 /dev/urandom | base64'


# ===== OLD STUFF, KEPT FOR REFERENCE ====

# ----------- COTURN -----------

# [secrets."chat/coturn/static-auth"]
# type = 'user'
# description = 'coturn static-auth (what is this?)'
# 
# [secrets."chat/coturn/static_auth_secret_zinzdev"]
# type = 'user'
# description = "Serveur coturn (TURN/STUN) d'Adrien, c'est un jeton d'identification."


# ----------- EASYBRIDGE -----------

# [service_users."easybridge"]
# description = 'Easybridge service user'
# password_secret = 'chat/easybridge/db_pass'
# username_secret = 'chat/easybridge/db_user'
# 
# 
# [secrets."chat/easybridge/as_token"]
# type = 'command'
# rotate = true
# command = 'openssl rand -hex 32'
# 
# [secrets."chat/easybridge/web_session_key"]
# type = 'command'
# rotate = true
# command = 'openssl rand -hex 32'
# 
# [secrets."chat/easybridge/hs_token"]
# type = 'command'
# rotate = true
# command = 'openssl rand -hex 32'
#