From 4d0ddf6fb19f397d3a1d8e4eb0c2a031cc272eae Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sat, 28 Oct 2023 18:49:09 +0200 Subject: [PATCH 1/3] remove unnecessary spaces --- secrets/secrets.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c988a21..bcbe694 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,17 +20,11 @@ let nachtigall-host ]; in { - "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys; - "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys; - "mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys; - "mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ baseKeys; - "mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ baseKeys; - "mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; From b8431f595e00799c1273b0d08bca5ee103b93002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:21:34 +0200 Subject: [PATCH 2/3] nachtigall: Configure matrix-synapse with telegram integration --- hosts/nachtigall/apps/matrix-log-config.yaml | 40 +++ hosts/nachtigall/apps/matrix.nix | 236 ++++++++++++++++++ hosts/nachtigall/apps/mautrix-telegram.nix | 211 ++++++++++++++++ hosts/nachtigall/default.nix | 3 + secrets/matrix-mautrix-telegram-env-file.age | Bin 0 -> 2013 bytes secrets/matrix-synapse-secret-config.yaml.age | Bin 0 -> 2833 bytes secrets/matrix-synapse-signing-key.age | 28 +++ secrets/secrets.nix | 5 +- 8 files changed, 522 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/matrix-log-config.yaml create mode 100644 hosts/nachtigall/apps/matrix.nix create mode 100644 hosts/nachtigall/apps/mautrix-telegram.nix create mode 100644 secrets/matrix-mautrix-telegram-env-file.age create mode 100644 secrets/matrix-synapse-secret-config.yaml.age create mode 100644 secrets/matrix-synapse-signing-key.age diff --git a/hosts/nachtigall/apps/matrix-log-config.yaml b/hosts/nachtigall/apps/matrix-log-config.yaml new file mode 100644 index 0000000..555f3aa --- /dev/null +++ b/hosts/nachtigall/apps/matrix-log-config.yaml @@ -0,0 +1,40 @@ +version: 1 + +formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + +filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + +handlers: + console: + class: logging.StreamHandler + formatter: precise + filters: [context] + +loggers: + synapse: + level: WARNING + + synapse.storage.SQL: + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + level: WARNING + + synapse.http.matrixfederationclient: + level: CRITICAL + synapse.federation.sender.per_destination_queue: + level: CRITICAL + synapse.handlers.device: + level: CRITICAL + synapse.replication.tcp.handler: + level: CRITICAL + shared_secret_authenticator: + level: INFO + +root: + level: WARNING + handlers: [console] diff --git a/hosts/nachtigall/apps/matrix.nix b/hosts/nachtigall/apps/matrix.nix new file mode 100644 index 0000000..d0b2fe2 --- /dev/null +++ b/hosts/nachtigall/apps/matrix.nix @@ -0,0 +1,236 @@ +{ flake, config, pkgs, ... }: +let + publicDomain = "matrix.test.pub.solar"; + serverDomain = "test.pub.solar"; +in { + age.secrets."matrix-synapse-signing-key" = { + file = "${flake.self}/secrets/matrix-synapse-signing-key.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + + age.secrets."matrix-synapse-secret-config.yaml" = { + file = "${flake.self}/secrets/matrix-synapse-secret-config.yaml.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + + services.matrix-synapse = { + enable = true; + settings = { + server_name = serverDomain; + public_baseurl = "https://matrix.test.pub.solar/"; + database = { + name = "psycopg2"; + args = { + host = "/run/postgresql"; + cp_max = 10; + cp_min = 5; + database = "matrix"; + }; + allow_unsafe_locale = false; + txn_limit = 0; + }; + + account_threepid_delegates.msisdn = ""; + alias_creation_rules = [{ + action = "allow"; + alias= "*"; + room_id = "*" ; + user_id = "*"; + }]; + allow_guest_access = false; + allow_public_rooms_over_federation = false; + allow_public_rooms_without_auth = false; + auto_join_rooms = [ + "#community:${serverDomain}" + "#general:${serverDomain}" + ]; + + autocreate_auto_join_rooms = true; + caches.global_factor = 0.5; + + default_room_version = "10"; + disable_msisdn_registration = true; + email = { + app_name = "Matrix"; + client_base_url = "https://chat.pub.solar"; + enable_notifs = true; + enable_tls = true; + # FUTUREWORK: Maybe we should change this + invite_client_location = "https://app.element.io"; + notif_for_new_users = true; + notif_from = "Matrix "; + require_transport_security = false; + smtp_host = "matrix-mailer"; + smtp_port = 8025; + }; + + enable_media_repo = true; + enable_metrics = true; + enable_registration = false; + enable_registration_captcha = false; + enable_registration_without_verification = false; + enable_room_list_search = true; + encryption_enabled_by_default_for_room_type = "off"; + event_cache_size = "100K"; + federation_rr_transactions_per_room_per_second = 50; + forget_rooms_on_leave = true; + include_profile_data_on_invite = true; + instance_map = {}; + limit_profile_requests_to_users_who_share_rooms = false; + + log_config = ./matrix-log-config.yaml; + + max_spider_size = "10M"; + max_upload_size = "50M"; + media_storage_providers = []; + + password_config = { + enabled = false; + localdb_enabled = false; + pepper = ""; + }; + + presencee.enabled = true; + push.include_content = false; + + rc_admin_redaction= { + burst_count = 50; + per_second = 1; + }; + rc_federation= { + concurrent = 3; + reject_limit = 50; + sleep_delay = 500; + sleep_limit = 10; + window_size = 1000; + }; + rc_invites= { + per_issuer= { + burst_count = 10; + per_second = 0.3; + }; + per_room= { + burst_count = 10; + per_second = 0.3; + }; + per_user= { + burst_count = 5; + per_second = 0.003; + }; + }; + rc_joins= { + local= { + burst_count = 10; + per_second = 0.1; + }; + remote= { + burst_count = 10; + per_second = 0.01; + }; + }; + rc_login= { + account= { + burst_count = 3; + per_second = 0.17; + }; + address= { + burst_count = 3; + per_second = 0.17; + }; + failed_attempts= { + burst_count = 3; + per_second = 0.17; + }; + }; + rc_message= { + burst_count = 10; + per_second = 0.2; + }; + rc_registration= { + burst_count = 3; + per_second = 0.17; + }; + redaction_retention_period = "7d"; + redis.enabled = false; + registration_requires_token = false; + registrations_require_3pid = ["email"]; + report_stats = false; + require_auth_for_profile_requests = false; + room_list_publication_rules = [{ + action = "allow"; + alias = "*"; + room_id = "*"; + user_id = "*"; + }]; + + signing_key_path = "/run/agenix/matrix-synapse-signing-key"; + + stream_writers = {}; + trusted_key_servers = [{ server_name = "matrix.org";}]; + turn_allow_guests = false; + turn_uris = [ + "turn:matrix.pub.solar?transport=udp" + "turn:matrix.pub.solar?transport=tcp" + ]; + url_preview_accept_language = [ + "en-US" + "en" + ]; + url_preview_enabled = true; + url_preview_ip_range_blacklist = [ + "127.0.0.0/8" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + "192.0.0.0/24" + "169.254.0.0/16" + "192.88.99.0/24" + "198.18.0.0/15" + "192.0.2.0/24" + "198.51.100.0/24" + "203.0.113.0/24" + "224.0.0.0/4" + "::1/128" + "fe80::/10" + "fc00::/7" + "2001:db8::/32" + "ff00::/8" + "fec0::/10" + ]; + + user_directory = { + prefer_local_users = false; + search_all_users = false; + }; + user_ips_max_age = "28d"; + + app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + # "/matrix-appservice-irc-registration.yaml" + # "/matrix-appservice-slack-registration.yaml" + # "/hookshot-registration.yml" + # "/matrix-mautrix-signal-registration.yaml" + # "/matrix-mautrix-telegram-registration.yaml" + ]; + }; + + extraConfigFiles = [ + "/run/agenix/matrix-synapse-secret-config.yaml" + + # The registration file is automatically generated after starting the + # appservice for the first time. + # cp /var/lib/mautrix-telegram/telegram-registration.yaml \ + # /var/lib/matrix-synapse/ + # chown matrix-synapse:matrix-synapse \ + # /var/lib/matrix-synapse/telegram-registration.yaml + "/var/lib/matrix-synapse/telegram-registration.yaml" + ]; + + plugins = [ + config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth + ]; + }; +} diff --git a/hosts/nachtigall/apps/mautrix-telegram.nix b/hosts/nachtigall/apps/mautrix-telegram.nix new file mode 100644 index 0000000..f286bd0 --- /dev/null +++ b/hosts/nachtigall/apps/mautrix-telegram.nix @@ -0,0 +1,211 @@ +{ flake, lib, config, pkgs, ... }: +{ + age.secrets."matrix-mautrix-telegram-env-file" = { + file = "${flake.self}/secrets/matrix-mautrix-telegram-env-file.age"; + mode = "400"; + owner = "matrix-synapse"; + }; + + services.mautrix-telegram = { + enable = true; + environmentFile = "/run/agenix/matrix-mautrix-telegram-env-file"; + settings = { + homeserver = { + # TODO: Use the port from synapse config + address = "http://localhost:8008"; + domain = "test.pub.solar"; + verify_ssl = true; + }; + appservice = { + address = "http://localhost:8009"; + bot_avatar = "mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX"; + bot_displayname = "Telegram bridge bot"; + bot_username = "telegrambot"; + # TODO: See if we can use postgresql + database = "sqlite:////var/lib/mautrix-telegram/sqlite.db"; + hostname = "0.0.0.0"; + id = "telegram"; + max_body_size = 1; + port = 8009; + provisioning = { + enabled = false; + prefix = "/_matrix/provision/v1"; + shared_secret = "generate"; + }; + public = { + enabled = true; + external = "https://matrix.test.pub.solar/c3c3f34b-29fb-5feb-86e5-98c75ec8214b"; + prefix = "/c3c3f34b-29fb-5feb-86e5-98c75ec8214b"; + }; + }; + bridge = { + alias_template = "telegram_{groupname}"; + allow_matrix_login = true; + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + args = { + background = "'020202'"; # only for gif, transparency not supported + fps = 30; # only for webm + height = 256; + width = 256; + }; + target = "gif"; + }; + bot_messages_as_notices = true; + bridge_notices = { + default = false; + exceptions = []; + }; + command_prefix = "!tg"; + delivery_error_reports = true; + delivery_receipts = false; + displayname_max_length = 100; + displayname_preference = [ + "full name" + "username" + "phone number" + ]; + displayname_template = "'{displayname} (Telegram)'"; + emote_format = "'* $mention $formatted_body'"; + encryption = { + allow = false; + database = "default"; + default = false; + key_sharing = { + allow = false; + require_cross_signing = false; + require_verification = true; + }; + }; + federate_rooms = true; + filter = { + list = []; + mode = "blacklist"; + }; + image_as_file_size = 10; + initial_power_level_overrides = { + group = {}; + user = {}; + }; + inline_images = false; + max_document_size = 100; + max_initial_member_sync = 10; + max_telegram_delete = 10; + message_formats = { + "m.audio" = "'$sender_displayname sent an audio file: $message'"; + "m.emote" = "'* $sender_displayname $message'"; + "m.file" = "'$sender_displayname sent a file: $message'"; + "m.image" = "'$sender_displayname sent an image: $message'"; + "m.location" = "'$sender_displayname sent a location: $message'"; + "m.notice" = "'$sender_displayname: $message'"; + "m.text" = "'$sender_displayname: $message'"; + "m.video" = "'$sender_displayname sent a video: $message'"; + }; + parallel_file_transfer = false; + plaintext_highlights = false; + private_chat_portal_meta = false; + public_portals = true; + relaybot = { + authless_portals = true; + group_chat_invite = []; + ignore_own_incoming_events = true; + ignore_unbridged_group_chat = true; + private_chat = { + invite = []; + message = "This is a Matrix bridge relaybot and does not support direct chats"; + state_changes = true; + }; + whitelist = []; + whitelist_group_admins = true; + }; + resend_bridge_info = false; + skip_deleted_members = true; + startup_sync = true; + state_event_formats = { + join = "$displayname joined the room."; + leave = "$displayname left the room."; + name_change = "$prev_displayname changed their name to $displayname"; + }; + sync_channel_members = false; + sync_dialog_limit = 30; + sync_direct_chats = false; + sync_matrix_state = true; + sync_with_custom_puppets = true; + telegram_link_preview = true; + username_template = "telegram_{userid}"; + + permissions = { + "test.pub.solar" = "full"; + }; + }; + + logging = { + formatters= { + precise = { + format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"; + }; + }; + handlers = { + console = { + class = "logging.StreamHandler"; + formatter = "precise"; + }; + }; + loggers={ + aiohttp.level = "WARNING"; + mau.level = "WARNING"; + telethon.level = "WARNING"; + }; + root = { + handlers = [ "console" ]; + level = "WARNING"; + }; + version = 1; + }; + + telegram = { + connection = { + flood_sleep_threshold = 60; + request_retries = 5; + retries = 5; + retry_delay = 1; + timeout = 120; + }; + device_info = { + app_version = "auto"; + device_model = "auto"; + lang_code = "en"; + system_lang_code = "en"; + system_version = "auto"; + }; + proxy = { + address = "127.0.0.1"; + password = "''"; + port = 1080; + rdns = true; + type = "disabled"; + username = "''"; + }; + server = { + dc = 2; + enabled = false; + ip = "149.154.167.40"; + port = 80; + }; + }; + }; + }; + + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; + systemd.services.mautrix-telegram.serviceConfig = { + User = "matrix-synapse"; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 5ee4ba9..a9df98f 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -18,5 +18,8 @@ ./apps/opensearch.nix ./apps/postgresql.nix ./apps/forgejo.nix + + ./apps/matrix.nix + ./apps/mautrix-telegram.nix ]; } diff --git a/secrets/matrix-mautrix-telegram-env-file.age b/secrets/matrix-mautrix-telegram-env-file.age new file mode 100644 index 0000000000000000000000000000000000000000..2497dfdfc6ae974d903a22130d6cdd9bd4c33752 GIT binary patch literal 2013 zcmZA0{qxg=0mtzTzMNQ@Zon5DKCH3{jPRvNnkKE|!L&`=q)F2>O`DVc%#_lgovGp+GN#gNhz!^HMD%ecS#k% znr@qtuGNN8HJNjQl#Qaz2CS-FCkHkv7@5OJC5lN%u}sQRH`W;Tao2XxE^vp18I9nx) zn2I*i5|4C=t`jcFV3qE~k)8(#KG=}01c0=iBvenKX2Ta5ks)9-6ab)}*(y0Dmg{k8 zG75CndbyhA$}E=6mFs!YlgoUBk>3(_o}l}cU~0yE)qyb=}6Vm!bCu{6zEJWW*M zQmVqiNk6Alqe{V3NwNwseXvQ;VbCiv*(6>Fl_Ads3S1(_=rRvS2`A8CavUNlP=*t` z12kL4hmgXa%cs3HNQB$r$RuBAA! zTw&v78^dtju5{>RGVKuw-^qCzrbGsrp%yJuLQ&{IvXa-j9NC~Gx{U?;l+jYHTwm(- zP!*B8mL=p^*#jz+WOWi*-EXmlZh~l-zHoKNS3fGHc-B;d9AMyVD;zE4X*VI%;*{$_ z(R?0>WP0N(fFdk%mA<{>?A-h*B*n63O%;TLSRZ$iZ!)} z2>B$|3`z0)|0*S1Fk~0=eJoQ?N{r_Kq7B5dbcu0LqZ}9;8w;iw(6o~VmnQlN%dgrL z+C?O%m54zDA>`UN$mcP|({nm11@@e{`10K|Biq0Auk&X^Z@gZe_rdPzv#&da&UmmP zJ^#sz=O+F9;Vo0|TfXni;lJ(rd>eCIhz6Jc=AG}sdp7TwzV4RkbN%o9I)2^6S^1mx z?o&n%Za!IiZprpDk$J~fB-iik_ZB~XVgAO(!oPfb#iGaKGHxACMY{3Et@-KEpd5GPKa zntg@5?SkH+d%w6hygT*w>4`hPa$xJLxt|{Yc-4}z(XWoI+;x88Zy$O;-TLkn;_X{! z!k^B)`H|$~S?ZJP<(JMrf8Xf!(~iY1{c7~+W%x};UOHhv75y>u;qRBe_1>ztM(=%Y zjWD-xsc~>0y>)a>ZPMtJ_?5q2{Pf-{6Gxt)UaK5fy!8IfA5EPCe(iSr4+oEKxsu{< Xf8wcEmkl4=FloidQ!kQaaKe89ci7^o literal 0 HcmV?d00001 diff --git a/secrets/matrix-synapse-secret-config.yaml.age b/secrets/matrix-synapse-secret-config.yaml.age new file mode 100644 index 0000000000000000000000000000000000000000..eb1dc12abd25c30684fb496fe16f026479ee410e GIT binary patch literal 2833 zcmZA0`Fj%u0>*KWc7bpdsTNwU6y!3LOfr*9B5fhpC87HGj zUnD#|68A7uELu@1J(2Jhxm|1yhsCG+#7ckKL&ppnm5TvlVFUoxZV8J=nH-=wWEGAp0H9$PJ3W6Ym9uLC_Q8XDfCQ0*O zHNxr?YtnQQF(`Egy^NO;dBb{$9dJcmb{VF0>oFKgE9?@?El{!aW+aoK3G6z^7vcHb z#*88YE987eobWMmuGP#|f^5L-Nt8&d(g~SP<)qj&&L7sE4Ty{xIa|pV#H9SB z)d8R|6Bj#uI3l-U3ZI+?8WpLOIcQd49H(6BM`W-^B?eqUb^_Gle1_iagmjTW0K|P! zqcz3>K@gP!l-H`anMnc5VWB~6rZc5>h*)@vVNMy@p`Z}f2?z;a#}LW=V4BCn6e=*N zisPRrASEE-0X{0 zw>{yeDDSS)G_9zph|UgcC;`u;iQ!shXm`yb6L=E{4w{gvmRv{q>yIr!(^M-Mv8%ZeX&=h5>| zuFbFT=H0x5o)}VId(YGTdsVi+dDq^l+3N=-wbRu5jxGHJVmAGhv#%9MD=-2EudgSc^t$jZ%?jG&!ccJRx>9#iAcwQk>V&a?5t-e~^Ryq)4 zEdSv|!q&BM_}PL>M|+r$Z*k@0m~}O~Z&zIr#$T;GauS^MV%j@0%c$b99lvcH@ucC& zB1X4(ckugZ)Qq}eo!zyo4y5-#10*Yg(;u(==fxZMHGf;15Z!z_dhpJ`r1qRo&o?@A zE(~7v-q^=PQRkB*Bi>eOsGUVG~1*DL5)?yl0@W5E|gkH`A&zBp?8nBIc}(0cCShvZ6T z%Y+MEt2ivEsH&$j&m3qgOJ?tQN&<^sH2+-m^kZ@;gZ+-E5*d8TBzsCBwOjW8vSY$` z1;h598lh*bX^&stlC|`$;J*3KBcIdCU%tI<#n zhtH{OI++=%{-d5qu6zdG&ECRkdqa4x^I0F+HE_tJWi2-yenBA`J9lhQ;m%9m+xhgK zj%gR6hadDV`ljXkt+S4v$ugA5d+P?m2L(qTI2Zo-dSjh*@uOq8^S-Kg4hc=Y)&JUM zMUZwUbLbOzdT#}_?MdGcpC4JN*tX1h?f0yWAJcCI8|TcJ+#D>iA@3fVS+-^BoXym5 z9pml0KvH@=vi9}cd$Yrb$;pek&f~{Bil=THac^{1s8Le+V2tO-@=Vjy0<*mEUp*B+ zY{|1J+vZbc&6~TvX#9h=Syem?8P6~8-&|i%3mVrQIC^LMnRoY`{^+xvxMskO_{u>I zr`|hKpEcv|!K+n3dvV^8t>0q&b=|kYuI3hE$*WM^g$)%8N)+$Z*8CCV{E(l!b9hbl zp;Y~moYOgLM(n`9dTTT%e?_Lhd8_+T(OT20E1A1<^9Byl?tAN6(~Vx^w2=*l=8-ki zwyvnqda%Df=kbkS7l_;6@7Eo$|(KCd*b zvrA&!YoD~8)84+nssDp`*{=B~j-BgBpyWc;luP|uTV7M1uGLm4YQA3mr3$!JRk`!` zi5Gf4ZC>Nee_7R*xqe_wZ{xwmyIMa?=Or8HaQ+@oiS5dzz4v2+i&_6ZV|_B>J#KkJ z>yU>BIvqI^6`~WSe!~iY)g60uSM{uAFGu`Z*}2ql#~Bag_FcAdZ^!1zFOgvdH?lft z_B|!qnziT4vO1U>I^O3ohOaIz&Akcme>poJCwuFv8&?jcep@)2_yE5ZwqL?FXF~#T8oQPnh(amd1_C;&qBq0 z6}?M8I<#?Abs{sp=tx6$@1}Oih$TlQu@l}YHw`)O*DU$*-3^NarQz)>T4MM|p2Ew! zrpzv%^lZKB(!h&zTw#~ ssh-ed25519 iDKjwg DIYhq76lfISisIR1cF5QRAHpUOcY73wh2AAIveZzQEU +AaISTQUQHKZPfI3eOmez1LsANCwMiLae6wNDtdGyrk4 +-> ssh-ed25519 uYcDNw aWo4SN3rJXLWjeQFmHWQsWvq6TZysarvk2/ymPNjSW0 +Z8dFM+4R/rCzVsAQtmeO/ANFdeqkcOixgcfp5Pe9FIY +-> ssh-rsa kFDS0A +fNc11rAe6fUi7DaxEGbU84nJ99DCwv2oSs0EXUtXYU7kSQnPzEMvBUmDtsjc/yJK +JrER6X3EZpStvveHs12T2bD8sC7qvpGDM0/yxQaD/g2sebdl/PSdly3PcKZPmFJn +5a8bdFz6auLoxPtV9Ew83rai7/zSGWomD9MtISmtzofQ6ZUMCTHkyv+JFrSGMlDR +/wAPP4AthjlysLgVnpbFixcFaZKA1825H7yk+i+TvIHIZ5YNhcTlvyos5BnKTbjI +JJffhvEz4I3c+v6Nb6tssFs/WcnuylDQZa3YqHT8zaL/pXWKZKwSTMkXMXdN5/V6 +bKwwyuSepbKgcdnYt3qnSRZcGobAD3LISrkyPuh3/6v6mPxX9eriv8A+cCTVFR+H +tx2EEa0PQpgQX7erCxu8n3marv43e6tF58ULJHoBtEcUs0ov5ereNWJBRL5NcZcZ +1jAg3tJtWFcplghJ8oS4ePrCj87ibNeHUW50zTmpoCWnSdl5coKzPtFRjjWJNf0U +mUAqnoCOVSkpy+5tUbCdo3IhxXPwQp70SkBTKqJhLw7AqmqCSEt8IzO7Nmh8Cra7 +CpRvcqLvOjDNKLpc3FZWcJdZyFoQUd+hjqO3GsmYE+0HQm4Prb9bDqRIyUiGa2y8 +8Z/Ae7T/X2hvr/h8by/JI+f67fj9n88LMBIc2+VF17M +-> ssh-ed25519 YFSOsg 7VxASO8bBrWC66jWnFDr/E4uLrE9Eduk1DrxqKBNeAA +ADu0wFcdyO2+Jzb8nbcBl9RArUrA11+Olr+5wT1NpxI +-> ssh-ed25519 iHV63A 5its014WusI08tPQDHHPngzWaMWwbTFXUr3uRSjmgU4 +PjhSqHE9QtLQsOvkTh44TYsf4dlBxlHA+0hbY0P34rI +-> ssh-ed25519 BVsyTA /0Lg7IgQ+ziQPB8zW/g+b9B5MBUmxl44zHKlPC2qgiM +/nGP+6j9jDh/I0ZW4+nkhVtIRf7rqv0RG+sPoGXq/84 +-> fd]-grease "J/'r +1Gqo8aWuDf5XWFLB+OxHs3sNKf/4Kwv8dXBEtn40oL0uk8UZyUkNaLWZ2/GfdO0t +dT7bm5ihzq/7wJsIoNUgGBDprFAZgcEExno +--- zpUnJCx+HoeJm0KW3PIwljBvp/94VsyKfDQ2GRSOd+4 +1I#C[|)܁:dd 3X'qAokCTT3aBt'k\c&a|:R5 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index bcbe694..cb06356 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,6 +30,9 @@ in { "keycloak-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; "forgejo-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; - "forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ baseKeys; + + "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; + "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; + "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; } From 688f9279d11852bf7a745e9039093d9c2afc284b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 02:55:35 +0200 Subject: [PATCH 3/3] feat: move matrix related files into subdir --- hosts/nachtigall/apps/{ => matrix}/matrix-log-config.yaml | 0 hosts/nachtigall/apps/{ => matrix}/mautrix-telegram.nix | 0 hosts/nachtigall/apps/{matrix.nix => matrix/synapse.nix} | 0 hosts/nachtigall/default.nix | 6 +++--- 4 files changed, 3 insertions(+), 3 deletions(-) rename hosts/nachtigall/apps/{ => matrix}/matrix-log-config.yaml (100%) rename hosts/nachtigall/apps/{ => matrix}/mautrix-telegram.nix (100%) rename hosts/nachtigall/apps/{matrix.nix => matrix/synapse.nix} (100%) diff --git a/hosts/nachtigall/apps/matrix-log-config.yaml b/hosts/nachtigall/apps/matrix/matrix-log-config.yaml similarity index 100% rename from hosts/nachtigall/apps/matrix-log-config.yaml rename to hosts/nachtigall/apps/matrix/matrix-log-config.yaml diff --git a/hosts/nachtigall/apps/mautrix-telegram.nix b/hosts/nachtigall/apps/matrix/mautrix-telegram.nix similarity index 100% rename from hosts/nachtigall/apps/mautrix-telegram.nix rename to hosts/nachtigall/apps/matrix/mautrix-telegram.nix diff --git a/hosts/nachtigall/apps/matrix.nix b/hosts/nachtigall/apps/matrix/synapse.nix similarity index 100% rename from hosts/nachtigall/apps/matrix.nix rename to hosts/nachtigall/apps/matrix/synapse.nix diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index a9df98f..3dbdbcf 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/forgejo.nix ./apps/keycloak.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix @@ -17,9 +18,8 @@ ./apps/mastodon.nix ./apps/opensearch.nix ./apps/postgresql.nix - ./apps/forgejo.nix - ./apps/matrix.nix - ./apps/mautrix-telegram.nix + ./apps/matrix/mautrix-telegram.nix + ./apps/matrix/synapse.nix ]; }