Add recaptcha and turn back on registration

This commit is contained in:
Nathan McCarty 2022-05-22 23:00:16 -04:00
parent 32106c4c56
commit 24f696ae12
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
5 changed files with 63 additions and 41 deletions

View File

@ -69,18 +69,15 @@
}; };
}) })
]; ];
coreModules = baseModules ++ [ sopsModules = [
./modules/common.nix
./modules/ssh.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
## Setup sops ## Setup sops
({ pkgs, config, ... }: { ({ pkgs, config, ... }: {
# Add default secrets # Add default secrets
sops.defaultSopsFile = ./secrets/nathan.yaml; sops.defaultSopsFile = ./secrets/nathan.yaml;
# Use system ssh key as an age key # Use system ssh key as an age key
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Load up lastfm scrobbling secret # Load up lastfm scrobbling secret
sops.secrets.lastfm-conf = { sops.secrets.lastfm-conf = {
owner = "nathan"; owner = "nathan";
format = "binary"; format = "binary";
@ -88,6 +85,11 @@
}; };
}) })
]; ];
coreModules = baseModules ++ sopsModules ++ [
./modules/common.nix
./modules/ssh.nix
home-manager.nixosModules.home-manager
];
setHomeManagerVersions = ({ pkgs, config, unstable, ... }: { setHomeManagerVersions = ({ pkgs, config, unstable, ... }: {
home-manager.users.nathan.programs = { home-manager.users.nathan.programs = {
starship.package = unstable.starship; starship.package = unstable.starship;

View File

@ -57,8 +57,8 @@
]; ];
# Add noisetorch for microphone noise canceling # Add noisetorch for microphone noise canceling
#programs.noisetorch = { #programs.noisetorch = {
# enable = true; TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 # enable = true; TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
# Use latest noisetorch, its a fast moving target # Use latest noisetorch, its a fast moving target
#package = unstable.noisetorch; #package = unstable.noisetorch;
#}; #};
} }

View File

@ -0,0 +1,40 @@
{
"data": "ENC[AES256_GCM,data:UB2N8XWfhEE1zB8f6YPGD+cOFl2jUUMTQrByBiQG3xyWcMxe8EIl8SUasQVWhkfPbmCj/GoBJxqhuLX5obpNtEUjwfa7ZEw7C8QhqXKyxQJgXqEvLDZLU5ruPJMhvOOX7SkQ3VJi9S8xCjzE8XEE2iUna6R6AGSAaXMn2xz5z1wIT1wrZ9Xt4TGaBYZBz9lJRWAbAvmnCmcLpnlLPezrBKkHuZ2OxcHa,iv:0Ztry4JaGMWdSKvmaeFAn/ljGyC8MMnE0qbGKpCVOVE=,tag:KcgEsJ1tHsetGPRsXRxY/g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQnZCRDhHUjg5eG0yWnZx\nYXJFcU8rVE4vMXlyUDZReEVncGxDR0Z2d0RFCjBOcmYvSkUxdVdSZTc5VGhRMEtt\nSnRtNGFqNlI0Z1pIekZ5aTFQb3o2ZU0KLS0tIHVkekxoVFM1b0FLUXJoN3Q5VGlv\ndWova0NweTBpQ01uZzRwbzJ2ak0weGMKAuR63tTq2Fkmxm/9K+yPRlZ9GGbfb0q3\nZCp8tbuy2vqxYP4Ndp+VwS75I0k+sIqH8N+O6O3iDH2PLaruDTs7OQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTzBlZDNxVGlYTnZpdGh1\nQlpDalJQb25HWVl4NlBVQWowaml6eEN1SEJNCnJwQmh4cm10N0NFUVpzcnZFb3d6\nb1UxRHlvNVFCZDZjTktKM0pySjdkZW8KLS0tIHl0SHVtamFoTjBaeFlrNDQwSk1U\nZFhCeU12Z2FqZ0lmY25aSnNFOHlYaDQKvzdGDlKy2aGD23qGSw8qJc54S4DSfY8J\n+Op31cW3poALYglQ8C0LuExCE4GS6iJIroRVbL+x0OssiN6cFgfUqQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkpjanI4bkRVSlcycVp6\ndDd2dnQrRVlSMEtSaFlXQ1FTTHliRURGMUZjCi9iUHV5OXVJNU5IYStrVnlpZ0hM\na2pNQytHcktIMi9OaTU4aURXcG5NcEkKLS0tIGxOL0k5a2IrWjNEYStiSHNnWjg4\nU1hmb1ZNa1JKSnJOc05QaTRFQ2RMYmMKmk0Uoz7B2Qh0IuX9RhDq5RSnn8HW5k9F\n1OZHeyf6wfkn+g9AN5d/3CWXBbj34CV1BJnLQ9RFPgR0geLMtM5N9g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdm53WWpzQzJTSktoUkVQ\neFY3cEJaTnpTMkJRaU9JY2tNbzhaeXRIUVdnClI4RkdYSzZlM2dPNmpVVzRsNnlI\ncE1PWkMxYnRCajNwdlJGc2NPQkhwdncKLS0tIG41Y3dacHNHYWRjS1BQTnl4Vzh3\nc0dMZEpITFBqK3pYdnBZR09OOGd1eTgKbp6Hjc0XhCaRXO3k+fmuSRfcnHGZ7SSS\nZXAJIrwLx6X1GK0xfDsdbUuvHMN5hxfRaOXODCF3u/EvjWLNJVvEXw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc2xNVjA5Z0VySUxrMjFs\ncGF5Wlk1cW44Zyt4NktzT0xIa3E1OG0xS1VzClZ1NmFnSzErZjBQTVVDdG5NMTlL\nR0p6a2JCbE9qRG1sQ1dBYU1tOWF1SlkKLS0tIEtCdmxpcWl3aVJTb2ZBMjhEY1px\ndnpUdTVMMGtFRWh1K1ZJV2llUnZBYmcKb0RaR2jMemxbc0hQqdhEydV4NUTbx141\nVkbDsoU3mQERyx2pUWUx4HiOt7LpegdmkZduI/Qi2w/qv/ts4xdiXQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUUVzTzRsdHROVVUzdlAx\ncEFTckNLMzFjTGYrblp5V09OMUs5TVM5L3hNClowVkFjaGFqdStSNjlQN2pSMGdC\nVFF1ZHh0aDB6RnM5QTNjcDBuTU9BaTAKLS0tIFdQZXhGZ2c2UC96NXVaTFlkbVBw\nYkU1cFB5djBGYkROVFdtWWQzVGVkTGcKcbXpTXupE1xmE2GSHvYjxTPb4G2cNmk3\nbTDcGetBChLZFl29pa6fdQEdp+eFQ6ctUOAHMu3o2W6XxlMjnbiRCw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-05-23T03:59:56Z",
"mac": "ENC[AES256_GCM,data:NENsER5bRswiwXaPfy0Tlc2wAetvqg9NXBVePX8Zkddv/40L5uhPzMmZUbS66AxtmlGMEZ9PNr7KQnmvFzpzHiGzft55sTOFAboAVcv3xFL+GFsQd3f853daHjGrj51d554eGY4tmrtNoOQI1ctPdoQ8rVGfnmjAnzRwQjHttLs=,iv:Y24nW2eINCeK4UTf7RcP8zhkUNvdNGlLEQqgTTUlTsw=,tag:ccIl1aKJhMVlhheS/sEXwA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View File

@ -1,31 +0,0 @@
community_recaptcha_public_key: ENC[AES256_GCM,data:+0EKbzHODlj5y0zFyDpx3YTCnoWAx0c9SeYE5xLG0MvaRDR9hhL+2Q==,iv:pe1qqcGm1ZTDkBIbn/7sz9SwrGD3/d0W53aablJOhps=,tag:yilfX0hlGfAjHTqxjMXc0A==,type:str]
community_recaptcha_secret_key: ENC[AES256_GCM,data:G0AqjIH5HVG/1BMqDvfU0q4Fctm485AfFBIFH87qDFRKvak+Nz18Qg==,iv:X/AGgV2rCHfFEwAbFLrNH3gWenpOb17xDnbzIDN2Ca4=,tag:cU/kN+mOvsUx+yXRMM+lgA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjl1amRmWnNoMVc0ZHBl
d01SenFsM25lR014SFNRaDVVWDNRSGlyV2hNCm1Ibk9rK0EvUWo3SGFBTHlzZEFL
N3U1R0Rrb25telhjR0NVQmk3TG9FazgKLS0tIEJIZ3M4cmdPUVliSGxuMm1ydGNM
SThSOGVIVjcvR1VUcnUvQTdKQkcxa28KsrE00JbE2w18zSeijAqmhKXuvZdfVqWI
A5RoXDz9yOE2TNaojaRFBIudbNAJWiCy8J6Y2iFKKFvPLo9ChigfGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaGhab2d1cFFmK1VMUjhQ
c0RTOTkrTis1djh3a3k1RkkwQmpUYk83M2dVCnlNY3pyM2JSakNydjlTSkdUOFVJ
Y2NlV0ZaZ0NWZkR3UmVvQXpnOEE1ekkKLS0tIDhWOTl6Wm8xekZhZUdmcnRFY1ha
ZThRbXh6UnljZFhNVGczUjU1a280R2cKq1pY/Ju1d1mYFuZaTivsvCefhtL3E69R
jBCLqwVPlK64meXI8hP1XDEV3KLGgiWbS5oAlx7VSF1OW+nwrOzSUw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-05-23T02:42:32Z"
mac: ENC[AES256_GCM,data:zKKeZO1IjxSavd9ocvPzX46Tvl5rTDo5UPJ+s0aqOeO3LucV/JICXEWtk7AWbgJY/BWc27jw/k8zpKsbkh1EPwMeMMFniY3YAt/lwov187fVM+rSZ1YtiE0xxgN8oBJQ3QMZJCt4QfAmVOMRokH2YO3kWEipEGjnuY9tFfd/kAo=,iv:jy0ReVsFNbrTHnVJk8Hyd/7l6Px48xlhFNdtTANL6rE=,tag:rMoYC47W+z4I8Eh5DYrEWg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1

View File

@ -395,6 +395,15 @@ in
}; };
}; };
# Matrix recaptcha keys
sops.secrets."matrix-secrets.yaml" = {
owner = config.users.users.nobody.name;
group = config.users.users.nobody.name;
mode = "0440";
format = "binary";
sopsFile = ../../secrets/matrix-community-recaptcha;
};
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
server_name = config.networking.domain; server_name = config.networking.domain;
@ -413,7 +422,8 @@ in
]; ];
} }
]; ];
enable_registration = false; enable_registration = true;
enable_registration_captcha = true;
allow_guest_access = false; allow_guest_access = false;
extraConfig = '' extraConfig = ''
allow_public_rooms_over_federation: true allow_public_rooms_over_federation: true
@ -421,7 +431,8 @@ in
auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ] auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ]
''; '';
turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ]; turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ];
turn_shared_secret = "5C1rbLi5pPJhEGTzkVR1";
turn_user_lifetime = "1h"; turn_user_lifetime = "1h";
# Configure secrets
extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
}; };
} }