jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

synapse cert logic

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-05 06:30:45 -06:00
parent d14a7ba395
commit 2ef113bc0e
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/servers/synapse.nix
View File

@@ -43,11 +43,6 @@ in
owner = "matrix-synapse"; owner = "matrix-synapse";
group = "matrix-synapse"; group = "matrix-synapse";
}; };
"iqQCY4iAWO-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
"matrix/key" = { "matrix/key" = {
sopsFile = ../../secrets/certs.yaml; sopsFile = ../../secrets/certs.yaml;
owner = "matrix-synapse"; owner = "matrix-synapse";
@@ -102,7 +97,15 @@ in
}; };
}) })
(lib.mkIf (cfg.enableProxy && config.my.enableProxy) { (lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
my.servers.synapse.useDefaultProxy = false; sops.secrets."iqQCY4iAWO-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
my.servers.synapse = {
useDefaultProxy = false;
certPath = config.sops.secrets."iqQCY4iAWO-ca/pem".path;
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${cfgE.host}" = { "${cfgE.host}" = {
enableACME = true; enableACME = true;
@@ -128,11 +131,6 @@ in
"/_matrix".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}"; "/_matrix".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}";
"/_synapse/client".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}"; "/_synapse/client".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}";
}; };
# extraConfig = ''
# ssl_verify_client on;
# ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path};
# error_page 403 /403.html;
# '';
}; };
}; };
}) })