initial commit

2026-04-01 08:50:01 +03:00 · 2026-04-01 08:50:01 +03:00 · 30ce0dafc2
commit 30ce0dafc2
195 changed files with 8902 additions and 0 deletions
--- a/services/synapse/secrets.nix
+++ b/services/synapse/secrets.nix
@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (config.machine.synapse)
+    enable
+    ;
+in
+with lib; mkIf enable {
+  sops.secrets = {
+    "matrix/registrationSharedSecret" = {
+      sopsFile = ./../../secrets/common.yaml;
+      owner = config.users.users.matrix-synapse.name;
+      inherit (config.users.users.matrix-synapse) group;
+      restartUnits = [ "matrix-synapse.service" ];
+    };
+    "matrix/signingKey" = {
+      sopsFile = ./../../secrets/common.yaml;
+      owner = config.users.users.matrix-synapse.name;
+      inherit (config.users.users.matrix-synapse) group;
+      restartUnits = [ "matrix-synapse.service" ];
+    };
+    "turn/authSecret" = {
+      sopsFile = ./../../secrets/common.yaml;
+      owner = config.users.users.turnserver.name;
+      inherit (config.users.users.turnserver) group;
+      restartUnits = [ "coturn.service" ];
+    };
+  };
+  sops.templates.matrix-synapse-config = {
+    owner = config.users.users.matrix-synapse.name;
+    inherit (config.users.users.matrix-synapse) group;
+    restartUnits = [ "matrix-synapse.service" ];
+    content = ''
+      registration_shared_secret: ${config.sops.placeholder."matrix/registrationSharedSecret"}
+      turn_shared_secret: ${config.sops.placeholder."turn/authSecret"}
+      mail:
+        smtp_pass: ${config.sops.placeholder."mail/servicePassword"}
+    '';
+  };
+  services.matrix-synapse.extraConfigFiles = with lib; mkIf config.machine.synapse.enable [
+    config.sops.templates.matrix-synapse-config.path
+  ];
+}