| 19 Mar 2023 |
 motiejus | * hi folks. I am setting up Synapse on my brand new NixOS server (still consider myself new to NixOS, but have been maintaining my synapse for ~2 years). I have a couple of secrets -- registration_shared_secret, turn_shared_secret, macaroon_secret_key, which I am supposed to pass over extraConfigFiles`. Here is how I envision the process exactly:
- The secrets are written on ramfs reachable as root alone.
ExecStartPre reads all secret files and pre-populates the yamls somewhere in /run/synapse via dirty printfs.extraConfigFiles then point to the places wherever the one-step-above generates them.
Am I doing this right? Any other hints/ideas?
| 19:11:48 |
| motiejus | * hi folks. I am setting up Synapse on my brand new NixOS server (still consider myself new to NixOS, but have been maintaining my synapse for ~2 years). I have a couple of secrets -- registration_shared_secret, turn_shared_secret, macaroon_secret_key, which I am supposed to pass over extraConfigFiles\. Here is how I envision the process exactly:
- The secrets are written on ramfs reachable as root alone.
ExecStartPre reads all secret files and pre-populates the yamls somewhere in /run/synapse via dirty printfs.extraConfigFiles then point to the places wherever the one-step-above generates them.
Am I doing this right? Any other hints/ideas?
| 19:12:03 |
| motiejus | also, somewhat related question about mautrix-facebook.nix: I am looking how to pass hs_token and as_token via registrationData, however, I am not clear how to not add the secrets to the nix store. These tokens are in separate files (like in my question below); any ideas how to pass them to the service? | 19:59:06 |
| 21 Mar 2023 |
| motiejus | In reply to @motiejus:jakstys.lt
hi folks. I am setting up Synapse on my brand new NixOS server (still consider myself new to NixOS, but have been maintaining my synapse for ~2 years). I have a couple of secrets -- registration_shared_secret, turn_shared_secret, macaroon_secret_key, which I am supposed to pass over extraConfigFiles\. Here is how I envision the process exactly:
- The secrets are written on ramfs reachable as root alone.
ExecStartPre reads all secret files and pre-populates the yamls somewhere in /run/synapse via dirty printfs.extraConfigFiles then point to the places wherever the one-step-above generates them.
Am I doing this right? Any other hints/ideas?
I did exactly this , and it seems to work (except for a tidbit with signing_key_path, which I suggest a fix in https://github.com/NixOS/nixpkgs/pull/222336 ) | 11:23:28 |
| motiejus | In reply to @motiejus:jakstys.lt
hi folks. I am setting up Synapse on my brand new NixOS server (still consider myself new to NixOS, but have been maintaining my synapse for ~2 years). I have a couple of secrets -- registration_shared_secret, turn_shared_secret, macaroon_secret_key, which I am supposed to pass over extraConfigFiles\. Here is how I envision the process exactly:
- The secrets are written on ramfs reachable as root alone.
ExecStartPre reads all secret files and pre-populates the yamls somewhere in /run/synapse via dirty printfs.extraConfigFiles then point to the places wherever the one-step-above generates them.
Am I doing this right? Any other hints/ideas?
* I did exactly this , and it seems to work (except for a tidbit with signing_key_path, which I suggest a fix in https://github.com/NixOS/nixpkgs/pull/222336 | 11:23:30 |
