add second mjolnir instance for tle

2024-01-01 08:58:03 +00:00 · 2024-01-01 08:58:03 +00:00 · 74ff3d0d23
commit 74ff3d0d23
parent 76988d47bb
4 changed files with 51 additions and 23 deletions
--- a/modules/mjolnir.nix
+++ b/modules/mjolnir.nix
@ -2,29 +2,29 @@
 let

 in {
-  age.secrets = {
+  age.secrets = { 
    matrix_mjolnir_pass = {
      file = ../secrets/matrix_mjolnir_pass.age;
      owner = "mjolnir";
      group = "mjolnir";
      mode = "0600";
    };
-  matrix_mjolnir_token = {
-      file = ../secrets/matrix_mjolnir_token.age;
+
+    matrix_mjolnir_tle_pass = {
+      file = ../secrets/matrix_mjolnir_tle_pass.age;
      owner = "mjolnir";
      group = "mjolnir";
-      mode = "0600";
+      mode = "0777";  # not ideal, but containers are weird
    };
  };

-  
+  # global mjolnir  
  services.mjolnir = {
    enable = true;
    homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
    protectedRooms = [
      "https://matrix.to/#/!zDkrFrfuMIKbqYFbFv:grimmauld.de"
    ];
-#    accessTokenFile = config.age.secrets.matrix_mjolnir_token.path;
    managementRoom = "!kgfXXqEYHGgToIwhMP:grimmauld.de";
    pantalaimon = {
      enable = true;
@ -35,4 +35,33 @@ in {
      passwordFile = config.age.secrets.matrix_mjolnir_pass.path;
    };
  };
+
+  containers.mjolnirtle = let 
+    baseurl = config.services.matrix-synapse-next.settings.public_baseurl; 
+    pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
+  in {
+    privateNetwork = false; # don't want nat
+    autoStart = true;
+    bindMounts."${pass_file}".isReadOnly = true;
+    config = { config, ... }: {
+      system.stateVersion = "unstable";
+  # tle mjolnir  
+  services.mjolnir = {
+    enable = true;
+    homeserverUrl = baseurl;
+    protectedRooms = [
+      "https://matrix.to/#/!BgDBnHgMgilMMnPMyp:grimmauld.de"
+    ];
+    managementRoom = "!NQedmlMeoQErGgAwxm:grimmauld.de";
+    pantalaimon = {
+      enable = true;
+      username = "mjolnir_tle";
+      options = {
+        homeserver = baseurl;
+      };
+      passwordFile = pass_file;
+    };
+  };
+    };
+  };  
 }
--- a/secrets/matrix_mjolnir_tle_pass.age
+++ b/secrets/matrix_mjolnir_tle_pass.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa jWbwAg
+MbJMn9f+sg1SygW+O6rIF8fXmieYHkQFnSuI/U71YG3JIJwMDQLMqN8dB1pi5fvg
+j4wQU2211KdUsOjmpSFAoylielEMVRSm8ae+0pMDrCli6z8xb0Izd495EMexxwH8
+FWQORHvrXIaxPgHcOQ4g0SApkDAhEGl8XrI3dvC2szEy9tM5ph3LrXIAV6GBKp/
+SlHD385bgZkuN8lwaczKGTjBktYiK2h1lpJBb+sQkuOP3h8rpHetU6CCbooJkQ4c
+x8ND7fu3ptd/YhzVRAhTMOaQU62f1FEJoGP67hsm79rOm+0vnH5K1r16gAB2jjAh
+RHXYFhzpPLrYUUCwdklGGtCFcTRc2g4gRglDx4IutTZ+2EBkrzePZ8OqXpR5/2xO
+yROb3L3wex0bm9MqIyClaPFq9eUtSI4ca8s5TCZV///6FrzJVEsAlj0xZFQFGTT3
+T1zOOEEzEX4f9878Wj/Rl+MZhtZUJYG39fwonFS799Omgks+NcSXi5pnPTMXnONq
+cVXQM1y2wvLlxf9qbPkFCnvkqq6pWMXma18BTiAakbOZ0y/EpOGQG+vAz+zZ5wq1
+le3fgfiKPM4oXuPrMPxuCd1QsmoHj5YYDSSGPWYgxHt3kKKpDVadpqgRp2FyrFGA
+KGKGwqbOv12pbzmP2S3WlbAhQiUodg6my93H4kroPPM
+--- q4gCKxg3dPi7iXSqByd4F3dQ6hv2h8ZH4vz1Abzzovo
+„źŇgyÂŢşňŹIîŻnó<6E>ÔŚşeË*é(¨a5ĘTüÓ}ÚâDú%€ĽŔÇľUqg4\b ˘ýc5´ĆÜoY
--- a/secrets/matrix_mjolnir_token.age
+++ b/secrets/matrix_mjolnir_token.age
@ -1,16 +0,0 @@
-age-encryption.org/v1
-> ssh-rsa jWbwAg
-GW+ky3+OLl0Q1pGVEH5Dqe5VTDrjDT+aCQxOtGDe35j9KWP1FetwlE/OpptKiV+R
-aKtWBHApRWXVTv5MhidcrAqTQ7E/D3Lly1QTscymRoXDXUeuybbAus/Dq8ZwFAsY
-/Wae0hvVtPoVi4P/HO9KHZ6oMGBzmBgASjblry84QEpY3XCWMUr92ZeXKO70bw/F
-uoGnBsvDqQTSWiYLD7yyw96f9t/nOUiEmtXvJvlDf/CzVjMEmZV9qgiAFVLbx03v
-8EE+I2cwPDXk/ELrxZQ7aNOepYKaHABewARZpgzvgCylnpdm2qqlbs2mcvQgnjrF
-MiVP8XQOjB5Tsmcl9qZxyGHdTouDulneOdkHuqHvXV1qM4LRptyCftgsxvWjwSk/
-sp/5dVYEKBtFhV3vdbc/NJM2/Xm2ZiXpKU5MBQU4igkvoDqd5vKRzGbyLW5XnDzj
-ynQ7sQ/cRXDXGRU96mm0wqCvTkPc93bUvaHjy5pvSqsLLHWyF/RzJ05DnaxNNSUe
-L7LEz11p+d3VPl9B3whd2+XJPoUg7WxP5HEplK3+ioEgSxZHUj7AIIOnxWBeWQKB
-c7SpfrOi8/Xyxzjsprzz6EEjNVj6oj9JXMDdon8D40dmHNX5fLmhyOhGrRpYMfq8
-9e62FJpqL+ArlfvT6wnH2aQ0tBl0751fR+baCSHDWBg
--- pOWxhByGuQR+DCAWTEUID2qtKDmWxUmeAMENrwNueOQ
-B+Ä=ã²9Ö44“<34>x³Úâ0v%ä`Hsâ·T
-u«’!D©-óŠÜQÅàÙ_)<19>l«jƒm/è$ÉvWß:¼wåÜµ‹<C2B5>û
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -11,6 +11,6 @@ in
  "nextcloud_db_pass.age".publicKeys = [ contabo_nix_pub ];
  "synapse_registration_shared_secret.age".publicKeys = [ contabo_nix_pub ];
  "matrix_admin_pass.age".publicKeys = [ contabo_nix_pub ];
-  "matrix_mjolnir_token.age".publicKeys = [ contabo_nix_pub ];
  "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
+  "matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
 }