Add recaptcha and turn back on registration
This commit is contained in:
parent
32106c4c56
commit
24f696ae12
12
flake.nix
12
flake.nix
|
@ -69,18 +69,15 @@
|
|||
};
|
||||
})
|
||||
];
|
||||
coreModules = baseModules ++ [
|
||||
./modules/common.nix
|
||||
./modules/ssh.nix
|
||||
sopsModules = [
|
||||
sops-nix.nixosModules.sops
|
||||
home-manager.nixosModules.home-manager
|
||||
## Setup sops
|
||||
({ pkgs, config, ... }: {
|
||||
# Add default secrets
|
||||
sops.defaultSopsFile = ./secrets/nathan.yaml;
|
||||
# Use system ssh key as an age key
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
# Load up lastfm scrobbling secret
|
||||
# Load up lastfm scrobbling secret
|
||||
sops.secrets.lastfm-conf = {
|
||||
owner = "nathan";
|
||||
format = "binary";
|
||||
|
@ -88,6 +85,11 @@
|
|||
};
|
||||
})
|
||||
];
|
||||
coreModules = baseModules ++ sopsModules ++ [
|
||||
./modules/common.nix
|
||||
./modules/ssh.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
];
|
||||
setHomeManagerVersions = ({ pkgs, config, unstable, ... }: {
|
||||
home-manager.users.nathan.programs = {
|
||||
starship.package = unstable.starship;
|
||||
|
|
|
@ -57,8 +57,8 @@
|
|||
];
|
||||
# Add noisetorch for microphone noise canceling
|
||||
#programs.noisetorch = {
|
||||
# enable = true; TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
|
||||
# Use latest noisetorch, its a fast moving target
|
||||
#package = unstable.noisetorch;
|
||||
# enable = true; TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
|
||||
# Use latest noisetorch, its a fast moving target
|
||||
#package = unstable.noisetorch;
|
||||
#};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:UB2N8XWfhEE1zB8f6YPGD+cOFl2jUUMTQrByBiQG3xyWcMxe8EIl8SUasQVWhkfPbmCj/GoBJxqhuLX5obpNtEUjwfa7ZEw7C8QhqXKyxQJgXqEvLDZLU5ruPJMhvOOX7SkQ3VJi9S8xCjzE8XEE2iUna6R6AGSAaXMn2xz5z1wIT1wrZ9Xt4TGaBYZBz9lJRWAbAvmnCmcLpnlLPezrBKkHuZ2OxcHa,iv:0Ztry4JaGMWdSKvmaeFAn/ljGyC8MMnE0qbGKpCVOVE=,tag:KcgEsJ1tHsetGPRsXRxY/g==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQnZCRDhHUjg5eG0yWnZx\nYXJFcU8rVE4vMXlyUDZReEVncGxDR0Z2d0RFCjBOcmYvSkUxdVdSZTc5VGhRMEtt\nSnRtNGFqNlI0Z1pIekZ5aTFQb3o2ZU0KLS0tIHVkekxoVFM1b0FLUXJoN3Q5VGlv\ndWova0NweTBpQ01uZzRwbzJ2ak0weGMKAuR63tTq2Fkmxm/9K+yPRlZ9GGbfb0q3\nZCp8tbuy2vqxYP4Ndp+VwS75I0k+sIqH8N+O6O3iDH2PLaruDTs7OQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTzBlZDNxVGlYTnZpdGh1\nQlpDalJQb25HWVl4NlBVQWowaml6eEN1SEJNCnJwQmh4cm10N0NFUVpzcnZFb3d6\nb1UxRHlvNVFCZDZjTktKM0pySjdkZW8KLS0tIHl0SHVtamFoTjBaeFlrNDQwSk1U\nZFhCeU12Z2FqZ0lmY25aSnNFOHlYaDQKvzdGDlKy2aGD23qGSw8qJc54S4DSfY8J\n+Op31cW3poALYglQ8C0LuExCE4GS6iJIroRVbL+x0OssiN6cFgfUqQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkpjanI4bkRVSlcycVp6\ndDd2dnQrRVlSMEtSaFlXQ1FTTHliRURGMUZjCi9iUHV5OXVJNU5IYStrVnlpZ0hM\na2pNQytHcktIMi9OaTU4aURXcG5NcEkKLS0tIGxOL0k5a2IrWjNEYStiSHNnWjg4\nU1hmb1ZNa1JKSnJOc05QaTRFQ2RMYmMKmk0Uoz7B2Qh0IuX9RhDq5RSnn8HW5k9F\n1OZHeyf6wfkn+g9AN5d/3CWXBbj34CV1BJnLQ9RFPgR0geLMtM5N9g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdm53WWpzQzJTSktoUkVQ\neFY3cEJaTnpTMkJRaU9JY2tNbzhaeXRIUVdnClI4RkdYSzZlM2dPNmpVVzRsNnlI\ncE1PWkMxYnRCajNwdlJGc2NPQkhwdncKLS0tIG41Y3dacHNHYWRjS1BQTnl4Vzh3\nc0dMZEpITFBqK3pYdnBZR09OOGd1eTgKbp6Hjc0XhCaRXO3k+fmuSRfcnHGZ7SSS\nZXAJIrwLx6X1GK0xfDsdbUuvHMN5hxfRaOXODCF3u/EvjWLNJVvEXw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc2xNVjA5Z0VySUxrMjFs\ncGF5Wlk1cW44Zyt4NktzT0xIa3E1OG0xS1VzClZ1NmFnSzErZjBQTVVDdG5NMTlL\nR0p6a2JCbE9qRG1sQ1dBYU1tOWF1SlkKLS0tIEtCdmxpcWl3aVJTb2ZBMjhEY1px\ndnpUdTVMMGtFRWh1K1ZJV2llUnZBYmcKb0RaR2jMemxbc0hQqdhEydV4NUTbx141\nVkbDsoU3mQERyx2pUWUx4HiOt7LpegdmkZduI/Qi2w/qv/ts4xdiXQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUUVzTzRsdHROVVUzdlAx\ncEFTckNLMzFjTGYrblp5V09OMUs5TVM5L3hNClowVkFjaGFqdStSNjlQN2pSMGdC\nVFF1ZHh0aDB6RnM5QTNjcDBuTU9BaTAKLS0tIFdQZXhGZ2c2UC96NXVaTFlkbVBw\nYkU1cFB5djBGYkROVFdtWWQzVGVkTGcKcbXpTXupE1xmE2GSHvYjxTPb4G2cNmk3\nbTDcGetBChLZFl29pa6fdQEdp+eFQ6ctUOAHMu3o2W6XxlMjnbiRCw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2022-05-23T03:59:56Z",
|
||||
"mac": "ENC[AES256_GCM,data:NENsER5bRswiwXaPfy0Tlc2wAetvqg9NXBVePX8Zkddv/40L5uhPzMmZUbS66AxtmlGMEZ9PNr7KQnmvFzpzHiGzft55sTOFAboAVcv3xFL+GFsQd3f853daHjGrj51d554eGY4tmrtNoOQI1ctPdoQ8rVGfnmjAnzRwQjHttLs=,iv:Y24nW2eINCeK4UTf7RcP8zhkUNvdNGlLEQqgTTUlTsw=,tag:ccIl1aKJhMVlhheS/sEXwA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
community_recaptcha_public_key: ENC[AES256_GCM,data:+0EKbzHODlj5y0zFyDpx3YTCnoWAx0c9SeYE5xLG0MvaRDR9hhL+2Q==,iv:pe1qqcGm1ZTDkBIbn/7sz9SwrGD3/d0W53aablJOhps=,tag:yilfX0hlGfAjHTqxjMXc0A==,type:str]
|
||||
community_recaptcha_secret_key: ENC[AES256_GCM,data:G0AqjIH5HVG/1BMqDvfU0q4Fctm485AfFBIFH87qDFRKvak+Nz18Qg==,iv:X/AGgV2rCHfFEwAbFLrNH3gWenpOb17xDnbzIDN2Ca4=,tag:cU/kN+mOvsUx+yXRMM+lgA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjl1amRmWnNoMVc0ZHBl
|
||||
d01SenFsM25lR014SFNRaDVVWDNRSGlyV2hNCm1Ibk9rK0EvUWo3SGFBTHlzZEFL
|
||||
N3U1R0Rrb25telhjR0NVQmk3TG9FazgKLS0tIEJIZ3M4cmdPUVliSGxuMm1ydGNM
|
||||
SThSOGVIVjcvR1VUcnUvQTdKQkcxa28KsrE00JbE2w18zSeijAqmhKXuvZdfVqWI
|
||||
A5RoXDz9yOE2TNaojaRFBIudbNAJWiCy8J6Y2iFKKFvPLo9ChigfGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaGhab2d1cFFmK1VMUjhQ
|
||||
c0RTOTkrTis1djh3a3k1RkkwQmpUYk83M2dVCnlNY3pyM2JSakNydjlTSkdUOFVJ
|
||||
Y2NlV0ZaZ0NWZkR3UmVvQXpnOEE1ekkKLS0tIDhWOTl6Wm8xekZhZUdmcnRFY1ha
|
||||
ZThRbXh6UnljZFhNVGczUjU1a280R2cKq1pY/Ju1d1mYFuZaTivsvCefhtL3E69R
|
||||
jBCLqwVPlK64meXI8hP1XDEV3KLGgiWbS5oAlx7VSF1OW+nwrOzSUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-05-23T02:42:32Z"
|
||||
mac: ENC[AES256_GCM,data:zKKeZO1IjxSavd9ocvPzX46Tvl5rTDo5UPJ+s0aqOeO3LucV/JICXEWtk7AWbgJY/BWc27jw/k8zpKsbkh1EPwMeMMFniY3YAt/lwov187fVM+rSZ1YtiE0xxgN8oBJQ3QMZJCt4QfAmVOMRokH2YO3kWEipEGjnuY9tFfd/kAo=,iv:jy0ReVsFNbrTHnVJk8Hyd/7l6Px48xlhFNdtTANL6rE=,tag:rMoYC47W+z4I8Eh5DYrEWg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
|
@ -395,6 +395,15 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# Matrix recaptcha keys
|
||||
sops.secrets."matrix-secrets.yaml" = {
|
||||
owner = config.users.users.nobody.name;
|
||||
group = config.users.users.nobody.name;
|
||||
mode = "0440";
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/matrix-community-recaptcha;
|
||||
};
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
server_name = config.networking.domain;
|
||||
|
@ -413,7 +422,8 @@ in
|
|||
];
|
||||
}
|
||||
];
|
||||
enable_registration = false;
|
||||
enable_registration = true;
|
||||
enable_registration_captcha = true;
|
||||
allow_guest_access = false;
|
||||
extraConfig = ''
|
||||
allow_public_rooms_over_federation: true
|
||||
|
@ -421,7 +431,8 @@ in
|
|||
auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ]
|
||||
'';
|
||||
turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ];
|
||||
turn_shared_secret = "5C1rbLi5pPJhEGTzkVR1";
|
||||
turn_user_lifetime = "1h";
|
||||
# Configure secrets
|
||||
extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue