synapse: Add registration secret and reduce logging
This commit is contained in:
Moritz 'e1mo' Fromm
parent
49f72f1b89
commit
b68e39dc87
6 changed files with 40 additions and 7 deletions
|
|
@ -5,7 +5,7 @@
|
|||
./hardware-config.nix
|
||||
../../services/mumble.nix
|
||||
../../services/website.nix
|
||||
../../services/matrix.nix
|
||||
../../services/matrix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/dokuwiki.nix
|
||||
../../services/freescout.nix
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
../../services/mumble.nix
|
||||
../../services/website.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/matrix.nix
|
||||
../../services/matrix
|
||||
../../services/dokuwiki.nix
|
||||
../../services/freescout.nix
|
||||
../../services/hedgedoc.nix
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
coturn_static_auth_secret: ENC[AES256_GCM,data:OH5Qhl+hy1Afs2ARKOuXXSlMVy8LOr+q+hDeWMR8UKR1TKH5Cu4IkIp76T8Sep7Xih8OQyZOBScPaa9ftMUok7P0c5DNmV2xsQyVBy+dp0TokYBRqviFLouqZA+yOkm9nt7/Fx6qZ61cxh8PhnHrBHYR7R/7bxurPjRbXApKw6wwE33lzdCJ1bcA1oASZzYLz61ii9Ema0BqaWNsbvG3np+b86bKFnIgI7JSas07nUIKFTZEDtY/XtIQkEfWvyb5DyisPVEdt0w12ceuHrjFXZFnL/uPOUYnmT6U5Mrd5OBk1HUr2GqQp7wtWtquTL0L4niXCXnmX5tQCk0nb1YBWQ==,iv:/36tKe9d+I1eGFNyZrNtlgnrcguDYG4XegcWZCAGhS4=,tag:dlBd2I3OnD1y+tNL0WhnoQ==,type:str]
|
||||
synapse:
|
||||
signing_key: ENC[AES256_GCM,data:/wXjsAY30plaYptGL3SvS4JyP+UWgX7nzvMlMPepbLG5qplq1Ieo5qNTAugWIhtP8z3DkZBnIgTpOg==,iv:WwPs9XHkoHS70b+2oNjxgDdYsDZrudk/U3UgpTpLD2k=,tag:INce/W/Nxbvxz89AvIG2cg==,type:str]
|
||||
registration_shared_secret: ENC[AES256_GCM,data:8mo0Dr06uGOZKDCAHo66VOsU/FC6Az1SjEJX2zLQRDEXQAI1DfjxscQO+m/EJZTAYZ2BgRyo0kCuD7bDpx/qMw==,iv:bV+VLsEwNYapYXcA33clf4CHmAvpmHrjSrWWGRR5nxg=,tag:GG+w1MU617UlTjIu5sC9WQ==,type:str]
|
||||
secret_config: ENC[AES256_GCM,data:kSkRKCFy9TtoBfTWSBzQ65XOQ2WXDCsn0Xgwx3Nvd67+MDLmUmds6BMJREm+dZvqbo3VHjdBSYGHcBrodBtEWJ6JTOVXEwyuUqvrlFbnQm71mvVGFPyKJQW+bm6m3qoXj257cnDSBLAt2sxKSYs5Xb5b/vHSTLJFQ88787Z45f5Kd/29I3khIV+XKZsuwIUsPLe0cTVMlfc/yWmzRk+zR0aXXCHP5/GUn5U5o1xIR/Ok/C/PgrB2CXKb/IiGGsgJK4eA4qDUwiLXBghSlztZXkfp9s/UaFq80hVPfqPRy1UOIG2hgJcNAX9A7EkgLKff2xV9FAfr++rDBuReb8fvb9bzsfXq+wa7wh5hGmCjXgl7Ux+p3LlhAAv7SRx2jAUwKEPcu5+RKpYEdyw4fx1y4hsj8psInMOfPMEV/yPkBmJFDMoaZ9rke3se6iGbP/ZNvzZ0TI8HzltwMbA4jsCfoDOQWZMEXiYzhv49F+Uhc1l7PswjY0GIlL8R2zYotrRwxtf2j2n+1l0kxuuj2yc287YJHRRUAQw0UdF46zxLhTRIaNfsQlPM/l134wGoELYjGrKNrJoonAksEKUAUoIHIt0xTuAG6RbqVXVlMsVg6zeRHUaD1AyN6AoMBIoMxDaO4ga+3g3kbHFx6ZNcGV8mWcG6BR7MmwtnOm3e0JFy8t88YDFXHKAfwtS/Cb1etUJalNyJgSq6TL/LTZmD/cUHBprNw5G7DaWKcy4wANCl3Bj7c/MhNOz6XJKYo6LvxvL7qTYHmMhPcjbVQ7ogeIbNMZNXnJyw75sL4fh7fl21HRfaVbHxpH5ajX5X9e/xg2oC/k1azY8clPYNU74igknk4wiKnvWkq9s5nCJA0zxn1F18GvLlH8WuVTwi9tDxnE1ZVBUs6hT7seUY0rR4BxgDPzfsr9NJiWAJ7lfH9e60tIm8mHfT5dmuEPs3lDC3/RVkNtGYNkDOFcmePEeTvOs29DwuV7P6PlnKOI+iHwRjHhv2UfcbXSbt8ZifzqEw+Mx8dSNS5IenXY68M53y5kBDTF/VZ8IYHjtHqDa45q+EnV/NRvpSTKe85K4GkcW7QvzSCuHw2n1XRg2mq3UwRYpk,iv:tQiBocxEJodi4A0iTpe9Z1sJCJSYI7wHBjOEx7Lhx5w=,tag:Kjx+9hJKnBTbw1flRNnE4w==,type:str]
|
||||
murmur:
|
||||
#ENC[AES256_GCM,data:ionYo3rz6G1ZhOmwBDleXPO7/reeF6tpgA==,iv:4iQ1FYTvxyyNaQDPxHErV0fevsnU5p55wT27nOwMStM=,tag:ynCgbQsvX5ow4+vc2Qz8MQ==,type:comment]
|
||||
|
|
@ -9,7 +10,7 @@ dokuwiki:
|
|||
keycloak_key: ENC[AES256_GCM,data:/6+NWA==,iv:61M+OdGx3lCR3uFWmArpYUm9Q4L+pv656V8g257YMTw=,tag:fOESdHA6+bpMMDRbWRFn+A==,type:str]
|
||||
vaultwarden:
|
||||
env: ENC[AES256_GCM,data:mDqHHAjisl0din/q67+zH7NMKLXld9qC0Si6ZREhRStXr6HEFD/QwaGLN86AvUI7sHNf9l4nrgKOht7uXNJrkjuidGsFEEJWkuUOjBRnrtipNKV2YK7giPQXEhH7wTdGeaqxqi4sk90Oq/FoKi2vPkFyNWGOQ5vOXkKKXjjHnbyKIQkIRWya2Dy6IN0CXU8UK0OiQXY3kgEFOyJoqt4sx/HOScHNKkaLb8U+0rpfzxSVyP3oY4o/DFkE51bnd/CNKg3ZK4Ynp/5m7Rs=,iv:aWpDXSp6Ds7cfdw/vfM3I5wcHz0MytnhpIIWEa24LBE=,tag:5YZKo4ZCT57gji8iyBMAiQ==,type:str]
|
||||
hedgedoc_env: ENC[AES256_GCM,data:MeMyjUNchdUm9gqt7hOZU0xvlZvbUWmgh2iiZjkmb20y9dGt083FbGLNuWLkWd8WFM93dETaOj9WD0mbRK11THXyV61rjrwpBkx2NjCFeHX/JjUe7MzxAhm/7Kn9IFl9As5B++SiD97QxEBpcG0AJDoluXqVpZSIHgG6W5FXSYDgZ+/V8dmfSplF5Nj2cseD5kI=,iv:7l8wNfi9HWc8Ep1Y9bUkdJo+2UQVkTfqW0J3pfPxpNg=,tag:xS+vD73r6rDmeeAB4bstww==,type:str]
|
||||
hedgedoc_env: ENC[AES256_GCM,data:VHIzmq7P1pqS72HbRXRT3k7n6vyPkzkQFJdveseCAHnzdXlEF0lHr+Up7J6XhfhtQXO3ogV2jkGZpOMY0OuEvhLf2yGkBj3W0ZtG7Kx6Rdcbb5rG7Z6Vb1vpL/aT88QFd3VX23M+FPFyWeYKGOvGRuCela+mUX7jDs2W4jOrYOtEGe3+V08DcvtcCvE2L1NqeDQ=,iv:011/ZRdQlkFQ2TZpzQhfRf/OTawnHFQDockLGlOrkmc=,tag:Y66RIBtyjl5VSo23GU4sNg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -25,8 +26,8 @@ sops:
|
|||
QjBmYlNYWlFoWHd0ZFJkWE0xMkpvZzQKJwKap35S2pWGNOtBHe931dRqAQAczbWv
|
||||
/BUEtl900F8YLQCB1/myV0Dk5X9XDlww1yrzw/La3gXANY93Ndu3MA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-24T14:30:13Z"
|
||||
mac: ENC[AES256_GCM,data:UXYfO7Ezx6jhuElF4ncJ3qcm5e9S4dLnIJ6ieELzmwHZEAIf8HCeovJIuubv9UbQeXg3F+jQzUA7xP8cGcx4fh6WzaXZuq+i/GbF79HCbgtYb8KogC7C/nbi7aFgd6euM84txNpIFlBMmcOAaVAdO+9zM6AxaclPq0Am+I+eG2E=,iv:ObMNbl1fI0yFQraR56rxSxBzv++MMdNY6JOZtPqBl5U=,tag:Nu5GZqWutwWxxORWcfLlVQ==,type:str]
|
||||
lastmodified: "2023-08-30T11:23:54Z"
|
||||
mac: ENC[AES256_GCM,data:YG1Te+quE4eFadTJPyHPpJhVbs24bKtGCNS6VNvXK2fwUosd7GngprCIAfCKZ2Jzexjj+71zsfY72n/io952vK4bKoWDzFwE3cr1VJ0QQQ+BEoZjFJYEk4GOrmoEVzfIBqDEFpbOsA7VSvEawRrSeL2RqjHkaF/CNJWZfuH3tD8=,iv:M+t9Qn/Gl4oZwoSX72XeStPpVG3wAX7OKsk3vrJ9wto=,tag:/Tpy/92lUqLMqgIVkpBaFw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-07-23T14:01:56Z"
|
||||
enc: |-
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ murmur:
|
|||
registry_password: ENC[AES256_GCM,data:jgMmirQNhwTQZMyfbbbJku9JDqxtuKepIIpbiloX0qnUnytu1vvjFkGZH5dag/e/EDHszqkALNlUZz7wdlxZn3QDDlv0rQITJtsp,iv:aLIPiHDGC4vNXfNgqR852/jbChv2uu5q0Yy9I4ej5ts=,tag:cy4rs+YCglNKEaq+3arfow==,type:str]
|
||||
dokuwiki:
|
||||
keycloak_key: ENC[AES256_GCM,data:gXCRVg==,iv:BqBPRnD8mIQ97MHfn/KESqe8ABXGaDXEIAGyYcbfXlI=,tag:KhgQX5N3MATmnqXnEIjzBQ==,type:str]
|
||||
synapse:
|
||||
registration_shared_secret: ENC[AES256_GCM,data:h6GwLIrOOvCGRpEHvXt8Kw4uFwOKN86qN/pjjobImnkz3H7J/7v3XIneHnRYRHsFRX0XB53iz6VKN+7b+zuMtg==,iv:kg5hpTQH+MTO7Ocblck0yhgsDiXJIme5OGpcaxERiVc=,tag:goRj0JtTLHnz56Ti8Sumgg==,type:str]
|
||||
vaultwarden:
|
||||
env: ENC[AES256_GCM,data:4zeSpiaJQ8v00EBHrS6IU/1KXCEP6EBpkMacW0mf3ygZxSfUL3oQ11sXOu24OOMnTpaZUPJ68rj1jSNgBoVQ7rLttpCHKy62ART2xi0PcSCpDCBLpBocPdpFydQzwFOrMAYpcS6SB/ijy2ZxvfzVQqykcqfLdwdZs3PCys15OSQT269FmFERT25pTW7d6zxE3eY2YhLf1Y+6MjYHffAEv8RqN35UWyAOh8dJU09lbEsUiBRwN3tNhQ0STOsShhxY/ogMZdAHQwvGjo0=,iv:yK9PBOURtOVBBPwuJSpARvb5eXUIhPypEbEYbX2PqRs=,tag:MG7fcBPMg9eMjtD5V+yjBw==,type:str]
|
||||
hedgedoc_env: ENC[AES256_GCM,data:M/UW8QjiiHU/YsSYsYnZbeA+SPAub53E1FAiSvRFTeQeR0d3+t0g0lfn9Wqcok541NjETs7LN4lCrYBR6cH4EqQ9581pj2Fi5KabypA/2DUNTaAjtCbA2RNM/M/1/ka5n8AFNgzXppb/yEQ2xqQfV7IN/d6ClJzfFi+3FoFa3wRwAajvkH+yP8rfTBkQFamQWTQ=,iv:6vOeJHkNnva92GCrhuIj3HtG6z50UBnxRGg97jv2/gk=,tag:eYN4q7/HL0BtPdYLlbaW+A==,type:str]
|
||||
|
|
@ -20,8 +22,8 @@ sops:
|
|||
Z3FXczZaSUVLY2lCcWJaQklXNHBzczAKQev4noy5ValCq65BhvXl1weY2QNsTe6f
|
||||
f4SUmm5NGbTiGaghOLC1Cio3K8ibA0vszVyySNE1khkvcM7JewIXAQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-07-24T15:00:19Z"
|
||||
mac: ENC[AES256_GCM,data:TqoMFF2XBc1iA/FnwgEwKdTKneHV6AvvPRVR+E7bkpqHQsxcl/wRLUzfQ5bg3YDviB/kB1KDuS25xQn/ztJKoBn7deWF0+9xz5npStQimNWuzgbTCIQS5hbqahgOejnnGVvJ/zms67ZOOG/Ek8W4eE8DUNMlUlNNIxGD8fkRwYI=,iv:FYW3K/QipSCrk0ZrxUhJANB5CBY4K5af4KhUf7GwuYU=,tag:HeLAe/yCZnDXqNHeUDpylQ==,type:str]
|
||||
lastmodified: "2023-08-30T11:25:43Z"
|
||||
mac: ENC[AES256_GCM,data:Yvd2DHOKJJr0hm/nt6nO8RgG4nMUtfBa5M1KPlQYjzul8UVNdX7WvgYwbMlERifiVVirAjCeB0DybvWBozpPcAhPcZ6+8AlUQg77wQt+PgqaVCXvFMBeGFqPNaCi1JPVDjKvAEC/A+mvUDL52JH0c2PCoRCl/W1WXq7TfXRjzis=,iv:k930uOJRCxddz86vCu16SiWHZXSiLD5htVnGd73aIZk=,tag:ouMgLZqZ/e35P1we1mCsVw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-07-23T14:01:46Z"
|
||||
enc: |-
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ in {
|
|||
mode = "0600";
|
||||
};
|
||||
"synapse/secret_config".owner = "matrix-synapse";
|
||||
"synapse/registration_shared_secret".owner = "matrix-synapse";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
|
|
@ -78,6 +79,8 @@ in {
|
|||
public_baseurl = "https://matrix.${baseDomain}";
|
||||
allow_public_rooms_over_federation = true;
|
||||
enable_registration = false;
|
||||
registration_shared_secret_path = config.sops.secrets."synapse/registration_shared_secret".path;
|
||||
log_config = ./synapse-log_config.yaml;
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args.database = "matrix-synapse";
|
||||
27
services/matrix/synapse-log_config.yaml
Normal file
27
services/matrix/synapse-log_config.yaml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# Based on https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/matrix/synapse-log_config.yaml
|
||||
# Just with a log-level of notice
|
||||
version: 1
|
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||
# from the message text.
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
root:
|
||||
level: WARNING
|
||||
handlers: [journal]
|
||||
|
||||
disable_existing_loggers: False
|
||||
Loading…
Reference in a new issue