From 74ff3d0d23e29839c5d766c9055b7ef19a0c3816 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Mon, 1 Jan 2024 08:58:03 +0000 Subject: [PATCH] add second mjolnir instance for tle --- modules/mjolnir.nix | 41 ++++++++++++++++++++++++----- secrets/matrix_mjolnir_tle_pass.age | 15 +++++++++++ secrets/matrix_mjolnir_token.age | 16 ----------- secrets/secrets.nix | 2 +- 4 files changed, 51 insertions(+), 23 deletions(-) create mode 100644 secrets/matrix_mjolnir_tle_pass.age delete mode 100644 secrets/matrix_mjolnir_token.age diff --git a/modules/mjolnir.nix b/modules/mjolnir.nix index 0f0f999..ac887bb 100644 --- a/modules/mjolnir.nix +++ b/modules/mjolnir.nix @@ -2,29 +2,29 @@ let in { - age.secrets = { + age.secrets = { matrix_mjolnir_pass = { file = ../secrets/matrix_mjolnir_pass.age; owner = "mjolnir"; group = "mjolnir"; mode = "0600"; }; - matrix_mjolnir_token = { - file = ../secrets/matrix_mjolnir_token.age; + + matrix_mjolnir_tle_pass = { + file = ../secrets/matrix_mjolnir_tle_pass.age; owner = "mjolnir"; group = "mjolnir"; - mode = "0600"; + mode = "0777"; # not ideal, but containers are weird }; }; - + # global mjolnir services.mjolnir = { enable = true; homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl; protectedRooms = [ "https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de" ]; -# accessTokenFile = config.age.secrets.matrix_mjolnir_token.path; managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de"; pantalaimon = { enable = true; @@ -35,4 +35,33 @@ in { passwordFile = config.age.secrets.matrix_mjolnir_pass.path; }; }; + + containers.mjolnirtle = let + baseurl = config.services.matrix-synapse-next.settings.public_baseurl; + pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path; + in { + privateNetwork = false; # don't want nat + autoStart = true; + bindMounts."${pass_file}".isReadOnly = true; + config = { config, ... }: { + system.stateVersion = "unstable"; + # tle mjolnir + services.mjolnir = { + enable = true; + homeserverUrl = baseurl; + protectedRooms = [ + "https://matrix.to/#/!BgDBnHgMgilMMnPMyp:grimmauld.de" + ]; + managementRoom = "!NQedmlMeoQErGgAwxm:grimmauld.de"; + pantalaimon = { + enable = true; + username = "mjolnir_tle"; + options = { + homeserver = baseurl; + }; + passwordFile = pass_file; + }; + }; + }; + }; } diff --git a/secrets/matrix_mjolnir_tle_pass.age b/secrets/matrix_mjolnir_tle_pass.age new file mode 100644 index 0000000..ec237fb --- /dev/null +++ b/secrets/matrix_mjolnir_tle_pass.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa jWbwAg +MbJMn9f+sg1SygW+O6rIF8fXmieYHkQFnSuI/U71YG3JIJwMDQLMqN8dB1pi5fvg +j4wQU2211KdUsOjmpSFAoylielEMVRSm8ae+0pMDrCli6z8xb0Izd495EMexxwH8 ++FWQORHvrXIaxPgHcOQ4g0SApkDAhEGl8XrI3dvC2szEy9tM5ph3LrXIAV6GBKp/ +SlHD385bgZkuN8lwaczKGTjBktYiK2h1lpJBb+sQkuOP3h8rpHetU6CCbooJkQ4c +x8ND7fu3ptd/YhzVRAhTMOaQU62f1FEJoGP67hsm79rOm+0vnH5K1r16gAB2jjAh +RHXYFhzpPLrYUUCwdklGGtCFcTRc2g4gRglDx4IutTZ+2EBkrzePZ8OqXpR5/2xO +yROb3L3wex0bm9MqIyClaPFq9eUtSI4ca8s5TCZV///6FrzJVEsAlj0xZFQFGTT3 +T1zOOEEzEX4f9878Wj/Rl+MZhtZUJYG39fwonFS799Omgks+NcSXi5pnPTMXnONq +cVXQM1y2wvLlxf9qbPkFCnvkqq6pWMXma18BTiAakbOZ0y/EpOGQG+vAz+zZ5wq1 +le3fgfiKPM4oXuPrMPxuCd1QsmoHj5YYDSSGPWYgxHt3kKKpDVadpqgRp2FyrFGA +KGKGwqbOv12pbzmP2S3WlbAhQiUodg6my93H4kroPPM +--- q4gCKxg3dPi7iXSqByd4F3dQ6hv2h8ZH4vz1Abzzovo +gy޺InԌe*(a5T}D%ǾUqg4\bc5oY \ No newline at end of file diff --git a/secrets/matrix_mjolnir_token.age b/secrets/matrix_mjolnir_token.age deleted file mode 100644 index e144f6d..0000000 --- a/secrets/matrix_mjolnir_token.age +++ /dev/null @@ -1,16 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa jWbwAg -GW+ky3+OLl0Q1pGVEH5Dqe5VTDrjDT+aCQxOtGDe35j9KWP1FetwlE/OpptKiV+R -aKtWBHApRWXVTv5MhidcrAqTQ7E/D3Lly1QTscymRoXDXUeuybbAus/Dq8ZwFAsY -/Wae0hvVtPoVi4P/HO9KHZ6oMGBzmBgASjblry84QEpY3XCWMUr92ZeXKO70bw/F -uoGnBsvDqQTSWiYLD7yyw96f9t/nOUiEmtXvJvlDf/CzVjMEmZV9qgiAFVLbx03v -8EE+I2cwPDXk/ELrxZQ7aNOepYKaHABewARZpgzvgCylnpdm2qqlbs2mcvQgnjrF -MiVP8XQOjB5Tsmcl9qZxyGHdTouDulneOdkHuqHvXV1qM4LRptyCftgsxvWjwSk/ -sp/5dVYEKBtFhV3vdbc/NJM2/Xm2ZiXpKU5MBQU4igkvoDqd5vKRzGbyLW5XnDzj -ynQ7sQ/cRXDXGRU96mm0wqCvTkPc93bUvaHjy5pvSqsLLHWyF/RzJ05DnaxNNSUe -L7LEz11p+d3VPl9B3whd2+XJPoUg7WxP5HEplK3+ioEgSxZHUj7AIIOnxWBeWQKB -c7SpfrOi8/Xyxzjsprzz6EEjNVj6oj9JXMDdon8D40dmHNX5fLmhyOhGrRpYMfq8 -9e62FJpqL+ArlfvT6wnH2aQ0tBl0751fR+baCSHDWBg ---- pOWxhByGuQR+DCAWTEUID2qtKDmWxUmeAMENrwNueOQ -B+=944x0v%`HsT -u!D-Q_)ljm/$vW:wܵ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c7d2f1c..bcb50d1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,6 +11,6 @@ in "nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ]; "synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ]; "matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ]; - "matrix_mjolnir_token.age".publicKeys = [ contabo_nix_pub ]; "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ]; + "matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ]; }