fix(etna): add old keys to dendrite and delegate ssl to vesuvio
This commit is contained in:
parent
e5ea6401fe
commit
dfb0ce2f2e
SSH key fingerprint:
SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
2 changed files with 38 additions and 4 deletions
|
|
@ -9,8 +9,6 @@ in
|
||||||
{
|
{
|
||||||
imports = [ secretKey.generate ];
|
imports = [ secretKey.generate ];
|
||||||
|
|
||||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
|
||||||
|
|
||||||
systemd.services.dendrite = {
|
systemd.services.dendrite = {
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
serviceConfig.RestartSec = 10;
|
serviceConfig.RestartSec = 10;
|
||||||
|
|
@ -32,16 +30,43 @@ in
|
||||||
loadCredential = [ "private_key:${secretKey.path}" ];
|
loadCredential = [ "private_key:${secretKey.path}" ];
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
version = 2;
|
||||||
|
|
||||||
global = {
|
global = {
|
||||||
|
inherit database;
|
||||||
server_name = "m.uku.moe";
|
server_name = "m.uku.moe";
|
||||||
private_key = "$CREDENTIALS_DIRECTORY/private_key";
|
private_key = "$CREDENTIALS_DIRECTORY/private_key";
|
||||||
inherit database;
|
|
||||||
|
old_private_keys = [
|
||||||
|
{
|
||||||
|
public_key = "69NNU6gjAz4C3++7iX6fA1iiL/JXkOu1HtTqFeoKshU";
|
||||||
|
key_id = "ed25519:ShsA0qVs";
|
||||||
|
expired_at = 1713201107547;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
public_key = "dWYWgSsaatJQgEV+Q4tuRDl4UYmN7F75Gp3NPaZN5kY";
|
||||||
|
key_id = "ed25519:a_bDJQ";
|
||||||
|
expired_at = 1712706212704;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
public_key = "7W8BJr3pPH1XOhwB9YmvpShnDhnEj8svaEVePrTt4gE";
|
||||||
|
key_id = "ed25519:a_QYIk";
|
||||||
|
expired_at = 1712705368930;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
client_api = {
|
client_api = {
|
||||||
registration_disabled = true;
|
registration_disabled = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
logging = [
|
||||||
|
{
|
||||||
|
type = "std";
|
||||||
|
level = "info";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
app_service_api = { inherit database; };
|
app_service_api = { inherit database; };
|
||||||
federation_api = { inherit database; };
|
federation_api = { inherit database; };
|
||||||
key_server = { inherit database; };
|
key_server = { inherit database; };
|
||||||
|
|
@ -58,7 +83,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
postgresql = {
|
postgresql = {
|
||||||
enable = true;
|
|
||||||
ensureDatabases = [ "dendrite" ];
|
ensureDatabases = [ "dendrite" ];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -24,5 +24,15 @@
|
||||||
send_timeout 600s;
|
send_timeout 600s;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# dendrite
|
||||||
|
"m.uku.moe" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://etna:80";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue