nixcfg/cluster/prod/app/matrix/secrets.toml

[service_users."matrix"]
description = 'Matrix service user'
dn_secret = 'chat/synapse/ldap_binddn'
password_secret = 'chat/synapse/ldap_bindpw'


# Postgresql DB

[secrets."chat/synapse/postgres_db"]
type = 'constant'
value = 'synapse'

[secrets."chat/synapse/postgres_user"]
type = 'service_username'
service = 'matrix'

[secrets."chat/synapse/postgres_pwd"]
type = 'service_password'
service = 'matrix'


# S3 access

[secrets."chat/synapse/s3_access_key"]
type = 'user'
description = 'S3 access key ID for Matrix bucket'

[secrets."chat/synapse/s3_secret_key"]
type = 'user'
description = 'S3 secret access key for Matrix bucket'


# Keys & stuff

[secrets."chat/synapse/homeserver.tls.dh"]
type = 'user'
multiline = true
description = 'DH parameters for matrix ssl key? how does this work?'

[secrets."chat/synapse/homeserver.tls.crt"]
type = 'SSL_CERT'
name = 'synapse'
cert_domains = "['im.deuxfleurs.fr']"

[secrets."chat/synapse/homeserver.tls.key"]
type = 'SSL_KEY'
name = 'synapse'

[secrets."chat/synapse/homeserver.signing.key"]
type = 'user'
description = 'Synapse homeserver ed25519 signing key'

[secrets."chat/synapse/registration_shared_secret"]
type = 'command'
rotate = true
command = 'head -c 32 /dev/urandom | base64'


# ----------- COTURN -----------

[secrets."chat/coturn/static-auth"]
type = 'user'
description = 'coturn static-auth (what is this?)'

[secrets."chat/coturn/static_auth_secret_zinzdev"]
type = 'user'
description = "Serveur coturn (TURN/STUN) d'Adrien, c'est un jeton d'identification."


# ----------- EASYBRIDGE (we will remove this one day) -----------

[service_users."easybridge"]
description = 'Easybridge service user'
password_secret = 'chat/easybridge/db_pass'
username_secret = 'chat/easybridge/db_user'


[secrets."chat/easybridge/as_token"]
type = 'command'
rotate = true
command = 'openssl rand -hex 32'

[secrets."chat/easybridge/web_session_key"]
type = 'command'
rotate = true
command = 'openssl rand -hex 32'

[secrets."chat/easybridge/hs_token"]
type = 'command'
rotate = true
command = 'openssl rand -hex 32'