From d352bb7ff8c0c8ea416cba0ee65bdfef6850bacd Mon Sep 17 00:00:00 2001
From: Viyurz <128215328+Viyurz@users.noreply.github.com>
Date: Mon, 8 Jan 2024 16:56:56 +0100
Subject: [PATCH] Synapse: Moved secrets to separate file not synced with Git.

---
 synapse/docker-compose.yaml                                 | 6 ++----
 synapse/generate_registration_token.sh                      | 2 +-
 synapse/homeserver.yaml                                     | 2 --
 .../matrix_access_token.txt.example                         | 0
 synapse/secrets.yaml.example                                | 6 ++++++
 turn-secret.yaml.example                                    | 1 -
 6 files changed, 9 insertions(+), 8 deletions(-)
 rename matrix_access_token.txt.example => synapse/matrix_access_token.txt.example (100%)
 create mode 100644 synapse/secrets.yaml.example
 delete mode 100644 turn-secret.yaml.example

diff --git a/synapse/docker-compose.yaml b/synapse/docker-compose.yaml
index 75f8829..8ba659b 100644
--- a/synapse/docker-compose.yaml
+++ b/synapse/docker-compose.yaml
@@ -23,7 +23,7 @@ services:
     command: >
       run
       --config-path=/data/homeserver.yaml
-      --config-path=/data/secret.yaml
+      --config-path=/data/secrets.yaml
     environment:
       SYNAPSE_SERVER_NAME: viyurz.fr
       SYNAPSE_REPORT_STATS: "yes"
@@ -36,9 +36,7 @@ services:
     volumes:
       - /mnt/synapsedata:/data
       - ./homeserver.yaml:/data/homeserver.yaml
-      # Content of turn-secret.yaml:
-      # turn_shared_secret: "someSecret"
-      - ../turn-secret.yaml:/data/secret.yaml
+      - ./secrets.yaml:/data/secrets.yaml
 
 networks:
   synapse:
diff --git a/synapse/generate_registration_token.sh b/synapse/generate_registration_token.sh
index 607784f..66a3f4f 100755
--- a/synapse/generate_registration_token.sh
+++ b/synapse/generate_registration_token.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 rel_path="$(dirname "$0")"
-access_token="$(cat $rel_path/../matrix_access_token.txt)"
+access_token="$(cat $rel_path/./matrix_access_token.txt)"
 
 curl --header "Authorization: Bearer $access_token" \
 	-H "Content-Type: application/json" -w "\n" \
diff --git a/synapse/homeserver.yaml b/synapse/homeserver.yaml
index 3248fd0..4502b6f 100644
--- a/synapse/homeserver.yaml
+++ b/synapse/homeserver.yaml
@@ -35,8 +35,6 @@ media_store_path: /data/media_store
 enable_registration: true
 registration_requires_token: true
 report_stats: true
-macaroon_secret_key: "Ibz1OAyP+:IR_BgLx:*cID82B=pYlDy*76gwh#kQV4,iEUDE~h"
-form_secret: "bj5sv.-B:R.2Z@@cK*rBti&J,v^34.gXNNR*5tNPWTUpkrE+Sv"
 signing_key_path: "/data/viyurz.fr.signing.key"
 trusted_key_servers:
   - server_name: "matrix.org"
diff --git a/matrix_access_token.txt.example b/synapse/matrix_access_token.txt.example
similarity index 100%
rename from matrix_access_token.txt.example
rename to synapse/matrix_access_token.txt.example
diff --git a/synapse/secrets.yaml.example b/synapse/secrets.yaml.example
new file mode 100644
index 0000000..84063dd
--- /dev/null
+++ b/synapse/secrets.yaml.example
@@ -0,0 +1,6 @@
+# Generate random secret:
+# $ cat /dev/urandom | tr -dc '[:graph:]' | tr -d '"\\' | head -c 50
+
+turn_shared_secret: "XXX"
+macaroon_secret_key: "XXX"
+form_secret: "XXX"
diff --git a/turn-secret.yaml.example b/turn-secret.yaml.example
deleted file mode 100644
index 8adc960..0000000
--- a/turn-secret.yaml.example
+++ /dev/null
@@ -1 +0,0 @@
-turn_shared_secret: "XXX"