Remove obsolete Matrix TLS keys

2022-12-25 23:54:55 +01:00 · 2022-12-25 23:54:55 +01:00 · 0d8c6a2d45
commit 0d8c6a2d45
parent 0becfc2571
3 changed files with 0 additions and 45 deletions
--- a/cluster/prod/app/matrix/config/synapse/homeserver.yaml
+++ b/cluster/prod/app/matrix/config/synapse/homeserver.yaml
@ -1,22 +1,6 @@
 # vim:ft=yaml

 server_name: "deuxfleurs.fr"
-# PEM encoded X509 certificate for TLS.
-# You can replace the self-signed certificate that synapse
-# autogenerates on launch with your own SSL certificate + key pair
-# if you like.  Any required intermediary certificates can be
-# appended after the primary certificate in hierarchical order.
-tls_certificate_path: "/etc/matrix-synapse/homeserver.tls.crt"
-
-# PEM encoded private key for TLS
-tls_private_key_path: "/etc/matrix-synapse/homeserver.tls.key"
-
-# PEM dh parameters for ephemeral keys
-tls_dh_params_path: "/etc/matrix-synapse/homeserver.tls.dh"
-
-# Don't bind to the https port
-no_tls: True
-

 ## Server ##

--- a/cluster/prod/app/matrix/deploy/im.hcl
+++ b/cluster/prod/app/matrix/deploy/im.hcl
@ -54,21 +54,6 @@ job "matrix" {
      }

      # --- secrets ---
-      template {
-        data = "{{ key \"secrets/chat/synapse/homeserver.tls.crt\" }}"
-        destination = "secrets/conf/homeserver.tls.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/chat/synapse/homeserver.tls.dh\" }}"
-        destination = "secrets/conf/homeserver.tls.dh"
-      }
-
-      template {
-        data = "{{ key \"secrets/chat/synapse/homeserver.tls.key\" }}"
-        destination = "secrets/conf/homeserver.tls.key"
-      }
-
      template {
        data = "{{ key \"secrets/chat/synapse/homeserver.signing.key\" }}"
        destination = "secrets/conf/homeserver.signing.key"
--- a/cluster/prod/app/matrix/secrets.toml
+++ b/cluster/prod/app/matrix/secrets.toml
@ -33,20 +33,6 @@ description = 'S3 secret access key for Matrix bucket'

 # Keys & stuff

-[secrets."chat/synapse/homeserver.tls.dh"]
-type = 'user'
-multiline = true
-description = 'DH parameters for matrix ssl key? how does this work?'
-
-[secrets."chat/synapse/homeserver.tls.crt"]
-type = 'SSL_CERT'
-name = 'synapse'
-cert_domains = "['im.deuxfleurs.fr']"
-
-[secrets."chat/synapse/homeserver.tls.key"]
-type = 'SSL_KEY'
-name = 'synapse'
-
 [secrets."chat/synapse/homeserver.signing.key"]
 type = 'user'
 description = 'Synapse homeserver ed25519 signing key'