Synapse: Moved secrets to separate file not synced with Git.

synapse/docker-compose.yaml

@@ -23,7 +23,7 @@ services:
     command: >
       run
       --config-path=/data/homeserver.yaml
-      --config-path=/data/secret.yaml
+      --config-path=/data/secrets.yaml
     environment:
       SYNAPSE_SERVER_NAME: viyurz.fr
       SYNAPSE_REPORT_STATS: "yes"
@@ -36,9 +36,7 @@ services:
     volumes:
       - /mnt/synapsedata:/data
       - ./homeserver.yaml:/data/homeserver.yaml
-      # Content of turn-secret.yaml:
-      # turn_shared_secret: "someSecret"
-      - ../turn-secret.yaml:/data/secret.yaml
+      - ./secrets.yaml:/data/secrets.yaml
 
 networks:
   synapse:

synapse/generate_registration_token.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 rel_path="$(dirname "$0")"
-access_token="$(cat $rel_path/../matrix_access_token.txt)"
+access_token="$(cat $rel_path/./matrix_access_token.txt)"
 
 curl --header "Authorization: Bearer $access_token" \
 	-H "Content-Type: application/json" -w "\n" \

synapse/homeserver.yaml

@@ -35,8 +35,6 @@ media_store_path: /data/media_store
 enable_registration: true
 registration_requires_token: true
 report_stats: true
-macaroon_secret_key: "Ibz1OAyP+:IR_BgLx:*cID82B=pYlDy*76gwh#kQV4,iEUDE~h"
-form_secret: "bj5sv.-B:R.2Z@@cK*rBti&J,v^34.gXNNR*5tNPWTUpkrE+Sv"
 signing_key_path: "/data/viyurz.fr.signing.key"
 trusted_key_servers:
   - server_name: "matrix.org"

synapse/secrets.yaml.example

@@ -0,0 +1,6 @@
+# Generate random secret:
+# $ cat /dev/urandom | tr -dc '[:graph:]' | tr -d '"\\' | head -c 50
+
+turn_shared_secret: "XXX"
+macaroon_secret_key: "XXX"
+form_secret: "XXX"

turn-secret.yaml.example

@@ -1 +0,0 @@
-turn_shared_secret: "XXX"