From 0d8c6a2d45c7b6bbb86f2d4268423578f0995894 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 25 Dec 2022 23:54:55 +0100 Subject: [PATCH] Remove obsolete Matrix TLS keys --- .../app/matrix/config/synapse/homeserver.yaml | 16 ---------------- cluster/prod/app/matrix/deploy/im.hcl | 15 --------------- cluster/prod/app/matrix/secrets.toml | 14 -------------- 3 files changed, 45 deletions(-) diff --git a/cluster/prod/app/matrix/config/synapse/homeserver.yaml b/cluster/prod/app/matrix/config/synapse/homeserver.yaml index b4b7c67..48ae431 100644 --- a/cluster/prod/app/matrix/config/synapse/homeserver.yaml +++ b/cluster/prod/app/matrix/config/synapse/homeserver.yaml @@ -1,22 +1,6 @@ # vim:ft=yaml server_name: "deuxfleurs.fr" -# PEM encoded X509 certificate for TLS. -# You can replace the self-signed certificate that synapse -# autogenerates on launch with your own SSL certificate + key pair -# if you like. Any required intermediary certificates can be -# appended after the primary certificate in hierarchical order. -tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt" - -# PEM encoded private key for TLS -tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key" - -# PEM dh parameters for ephemeral keys -tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh" - -# Don't bind to the https port -no_tls: True - ## Server ## diff --git a/cluster/prod/app/matrix/deploy/im.hcl b/cluster/prod/app/matrix/deploy/im.hcl index bd28feb..339fea7 100644 --- a/cluster/prod/app/matrix/deploy/im.hcl +++ b/cluster/prod/app/matrix/deploy/im.hcl @@ -54,21 +54,6 @@ job "matrix" { } # --- secrets --- - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}" - destination = "secrets/conf/homeserver.tls.crt" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}" - destination = "secrets/conf/homeserver.tls.dh" - } - - template { - data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}" - destination = "secrets/conf/homeserver.tls.key" - } - template { data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}" destination = "secrets/conf/homeserver.signing.key" diff --git a/cluster/prod/app/matrix/secrets.toml b/cluster/prod/app/matrix/secrets.toml index 98b2ddb..8cd1572 100644 --- a/cluster/prod/app/matrix/secrets.toml +++ b/cluster/prod/app/matrix/secrets.toml @@ -33,20 +33,6 @@ description = 'S3 secret access key for Matrix bucket' # Keys & stuff -[secrets."chat/synapse/homeserver.tls.dh"] -type = 'user' -multiline = true -description = 'DH parameters for matrix ssl key? how does this work?' - -[secrets."chat/synapse/homeserver.tls.crt"] -type = 'SSL_CERT' -name = 'synapse' -cert_domains = "['im.deuxfleurs.fr']" - -[secrets."chat/synapse/homeserver.tls.key"] -type = 'SSL_KEY' -name = 'synapse' - [secrets."chat/synapse/homeserver.signing.key"] type = 'user' description = 'Synapse homeserver ed25519 signing key'