From 6bfa421112c2b2b96da72e0f488a3e69cef3ebd5 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 4 Feb 2021 16:46:39 +0100
Subject: [PATCH] services: matrix: use shared registration secret

---
 configuration.nix         |   5 ++++-
 secrets/matrix/secret.txt | Bin 0 -> 55 bytes
 services/matrix.nix       |  11 +++++++++--
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 secrets/matrix/secret.txt

diff --git a/configuration.nix b/configuration.nix
index e71ea65..8678af8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -77,7 +77,10 @@
     # Jellyfin media server
     jellyfin.enable = true;
     # Matrix backend and Element chat front-end
-    matrix.enable = true;
+    matrix = {
+      enable = true;
+      secret = lib.fileContents ./secrets/matrix/secret.txt;
+    };
     # The whole *arr software suite
     pirate.enable = true;
     # Usenet client
diff --git a/secrets/matrix/secret.txt b/secrets/matrix/secret.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ce6473097f692e7cf3cdfb3e2ae76ccdf5f5c5ad
GIT binary patch
literal 55
zcmV-70LcFUM@dveQdv+`0HPx|-_TAPHJs+4;2K0qq26q-+(-JzVrkFLV}S;W!wH+h
NMl@J4xgHRR)LDw)7>ob_

literal 0
HcmV?d00001

diff --git a/services/matrix.nix b/services/matrix.nix
index 965e303..f6782e8 100644
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -16,8 +16,13 @@ let
   domain = config.networking.domain;
 in
 {
-  options.my.services.matrix = {
-    enable = lib.mkEnableOption "Matrix Synapse";
+  options.my.services.matrix = with lib; {
+    enable = mkEnableOption "Matrix Synapse";
+    secret = mkOption {
+      type = types.str;
+      example = "deadbeef";
+      description = "Shared secret to register users";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -45,6 +50,8 @@ in
       server_name = domain;
       public_baseurl = "https://matrix.${domain}";
 
+      registration_shared_secret = cfg.secret;
+
       listeners = [
         # Federation
         {