From f4575c4e02b4dcbdd6d8f0aa7d64b7d74c815558 Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 7 Dec 2024 16:59:06 +0100 Subject: [PATCH 01/38] Configuration de neo --- hosts/vm/neo/default.nix | 2 +- hosts/vm/neo/networking.nix | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index b85a37c..261f796 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -12,5 +12,5 @@ networking.hostName = "neo"; - system.stateVersion = "23.11"; + system.stateVersion = "24.11"; } diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index f9139aa..788ca7f 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -4,11 +4,10 @@ networking = { interfaces = { ens18 = { - ipv4 = { addresses = [ { - address = "172.16.10.137"; + address = "172.16.10.141"; prefixLength = 24; } ]; @@ -17,7 +16,7 @@ ipv6 = { addresses = [ { - address = "fd00::10:0:ff:fe01:3710"; + address = "fd00::10:0:ff:fe01:4110"; prefixLength = 64; } ]; @@ -58,7 +57,6 @@ } ]; }; - }; }; }; From 7e2be3f1073c253b73567f65332be9410dbd55cd Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 7 Dec 2024 16:59:06 +0100 Subject: [PATCH 02/38] neo secrets et hardware-configuration --- hosts/vm/neo/hardware-configuration.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/hosts/vm/neo/hardware-configuration.nix b/hosts/vm/neo/hardware-configuration.nix index be3f8eb..8045fee 100644 --- a/hosts/vm/neo/hardware-configuration.nix +++ b/hosts/vm/neo/hardware-configuration.nix @@ -1,6 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. +<<<<<<< HEAD { config, lib, @@ -22,14 +23,31 @@ "sd_mod" "sr_mod" ]; +======= +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; +>>>>>>> c9096a8 (neo secrets et hardware-configuration) boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; +<<<<<<< HEAD fileSystems."/" = { device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45"; fsType = "ext4"; }; +======= + fileSystems."/" = + { device = "/dev/disk/by-uuid/d7e64c03-51b3-415c-8e6f-241a996b16f5"; + fsType = "ext4"; + }; +>>>>>>> c9096a8 (neo secrets et hardware-configuration) swapDevices = [ ]; @@ -43,3 +61,7 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } +<<<<<<< HEAD +======= + +>>>>>>> c9096a8 (neo secrets et hardware-configuration) From 29bc3235bb3d041b416c911514d74adbd5402f23 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 7 Dec 2024 19:52:45 +0100 Subject: [PATCH 03/38] Ajout configuration matrix --- hosts/vm/neo/default.nix | 1 + hosts/vm/neo/hardware-configuration.nix | 27 +-- modules/services/matrix.nix | 220 ++++++++++++++++++++++-- 3 files changed, 206 insertions(+), 42 deletions(-) diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 261f796..8416710 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -6,6 +6,7 @@ ./networking.nix ../../../modules + ../../../modules/services/matrix.nix ]; boot.loader.grub.devices = [ "/dev/sda" ]; diff --git a/hosts/vm/neo/hardware-configuration.nix b/hosts/vm/neo/hardware-configuration.nix index 8045fee..065d77c 100644 --- a/hosts/vm/neo/hardware-configuration.nix +++ b/hosts/vm/neo/hardware-configuration.nix @@ -1,7 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -<<<<<<< HEAD { config, lib, @@ -23,31 +19,14 @@ "sd_mod" "sr_mod" ]; -======= -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; ->>>>>>> c9096a8 (neo secrets et hardware-configuration) boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; -<<<<<<< HEAD fileSystems."/" = { - device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45"; + device = "/dev/disk/by-uuid/d7e64c03-51b3-415c-8e6f-241a996b16f5"; fsType = "ext4"; }; -======= - fileSystems."/" = - { device = "/dev/disk/by-uuid/d7e64c03-51b3-415c-8e6f-241a996b16f5"; - fsType = "ext4"; - }; ->>>>>>> c9096a8 (neo secrets et hardware-configuration) swapDevices = [ ]; @@ -61,7 +40,3 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } -<<<<<<< HEAD -======= - ->>>>>>> c9096a8 (neo secrets et hardware-configuration) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index e2dcc12..e152b3b 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -1,44 +1,232 @@ { config, ... }: { - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "matrix-synapse"; - ensureDBOwnership = true; - } + sops.secrets = { + ldap_synapse_passwd = { + sopsFile = ../../secrets/neo.yaml; + }; + + neo_extra_config = { + format = "yaml"; + sopsFile = ../../secrets/neo_extra_config.yaml; + key = ""; + }; + + matrix_appservice_irc_db = { + sopsFile = ../../secrets/neo.yaml; + }; + + coturn_auth_secret = { + sopsFile = ../../secrets/neo.yaml; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + 8008 + 8448 ]; - ensureDatabases = [ "matrix-synapse" ]; }; services.matrix-synapse = { - enable = false; + enable = true; + + plugins = with config.services.matrix-synapse.package.plugins; [ + matrix-synapse-ldap3 + ]; settings = { server_name = "crans.org"; + report_stats = false; + listeners = [ { port = 8008; + tls = false; bind_addresses = [ - "127.0.0.1" - "::1" + "::" + "0.0.0.0" ]; type = "http"; - tls = false; x_forwarded = true; resources = [ { - name = [ - "client" - "federation" - ]; + names = [ "client" ]; compress = true; } + { + names = [ "federation" ]; + compress = false; + } ]; } ]; + + database = { + name = "psycopg2"; + args = { + user = "synapse"; + database = "synapse"; + # Password is declared in extra config + host = "172.16.10.1"; + cp_min = 5; + cp_max = 10; + }; + }; + + modules = [ + { + module = "ldap_auth_provider.LdapAuthProviderModule"; + config = { + enabled = true; + uri = "ldap://172.16.10.157:389"; + start_tls = false; + base = "dc=crans,dc=org"; + attributes = { + uid = "uid"; + mail = "mail"; + name = "sn"; + }; + binddn = "cn=synapse,ou=service-users,dc=crans,dc=org"; + bind_password_file = config.sops.secrets.ldap_synapse_passwd.path; + filter = "(&(objectclass=inetOrgPerson)(objectclass=posixAccount))"; + }; + } + ]; + + turn_uris = [ + "turn:${config.services.coturn.realm}:3478?transport=udp" + "turn:${config.services.coturn.realm}:3478?transport=tcp" + ]; + turn_shared_secret = config.sops.secrets.coturn_auth_secret.path; + turn_user_lifetime = "1h"; + + app_service_config_files = [ + "/var/lib/matrix-appservice-irc/registration.yml" + ]; + }; + + extraConfigFiles = [ + config.sops.secrets.neo_extra_config.path + ]; + }; + + services.matrix-appservice-irc = { + enable = true; + + registrationUrl = "http://localhost:9999"; + settings = { + homeserver = { + url = "https://matrix.crans.org:443"; + domain = "crans.org"; + + dropMatrixMessagesAfterSecs = 3000; + enablePresence = true; + }; + + database = { + engine = "postgres"; + connectionString = config.sops.secrets.matrix_appservice_irc_db.path; + }; + + ircService = { + servers = { + "irc.crans.org" = { + name = "Crans"; + onlyAdditionalAddresses = false; + networkId = "crans"; + port = 6697; + ssl = true; + sslselfsign = true; + sasl = false; + allowExpiredCerts = false; + sendConnectionMessages = true; + passwordEncryptionKeyPath = "/var/lib/matrix-appservice-irc/passkey.pem"; + + modePowerMap = { + o = 50; + v = 1; + }; + + dynamicChannels = { + enabled = true; + useHomeserverDirectory = true; + aliasTemplate = "$CHANNEL"; + }; + + membershipLists = { + enabled = true; + floodDelayMs = 100; + global = { + ircToMatrix = { + initial = true; + incremental = true; + requireMatrixJoined = true; + }; + matrixToIrc = { + initial = true; + incremental = true; + }; + }; + + ignoreIdleUsersOnStartup = { + enabled = true; + idleForHours = 720; + }; + }; + + matrixClients = { + userTemplate = "@irc_$NICK"; + idisplayName = "$NICK"; + }; + + ircClients = { + nickTemplate = "$DISPLAY"; + allowNickChanges = true; + maxClients = 300; + ipv6.enabled = false; + idleTimeout = 10800; + realnameFormat = "mxid"; + kickOn = { + channelJoinFailure = true; + ircConnectionFailure = true; + userQuit = true; + }; + }; + }; + }; + + bridgeInfoState = { + enabled = false; + }; + + logging = { + level = "info"; + logging = "debug.log"; + errfile = "error.log"; + toConsole = true; + maxFiles = 2; + }; + + metrics = { + enabled = false; + }; + + matrixHandler = { + eventCacheSize = 4096; + shortReplyTemplate = "$NICK: $REPLY"; + longReplyTemplate = "<$NICK> \"$ORIGINAL\" <- $REPLY"; + shortReplyTresholdSeconds = 300; + }; + }; + + advanced = { + maxHttpSockets = 1000; + maxTxnSize = 10000000; + }; }; }; } From 8225478bc0c7ed95863cdcfda6ed5a660971a8ca Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 18 Jan 2025 15:34:43 +0100 Subject: [PATCH 04/38] Finalisation configuration matrix --- hosts/vm/neo/default.nix | 1 + hosts/vm/neo/networking.nix | 28 +++++------------ modules/services/coturn.nix | 63 +++++++++++++++++++++++++++++++++++++ modules/services/matrix.nix | 6 ++++ 4 files changed, 77 insertions(+), 21 deletions(-) create mode 100644 modules/services/coturn.nix diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 8416710..197e9db 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -6,6 +6,7 @@ ./networking.nix ../../../modules + ../../../modules/services/coturn.nix ../../../modules/services/matrix.nix ]; diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index 788ca7f..c9bb04c 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -21,43 +21,29 @@ } ]; }; - }; ens19 = { - ipv4 = { addresses = [ { - address = "185.230.79.38"; - prefixLength = 26; + address = "172.16.3.141"; + prefixLength = 24; } ]; routes = [ { address = "0.0.0.0"; - via = "185.230.79.62"; - prefixLength = 0; - } - ]; - }; - - ipv6 = { - addresses = [ - { - address = "2a0c:700:2::ff:fe01:3702"; - prefixLength = 64; - } - ]; - routes = [ - { - address = "::"; - via = "2a0c:700:2::ff:fe00:9902"; + via = "172.16.3.99"; prefixLength = 0; } ]; }; }; }; + + firewall = { + enable = true; + }; }; } diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix new file mode 100644 index 0000000..ea57f63 --- /dev/null +++ b/modules/services/coturn.nix @@ -0,0 +1,63 @@ +{ config, ... }: + +{ + sops.secrets.coturn-auth-secret = { + sopsFile = ../../secrets/neo.yaml; + }; + + services.coturn = { + enable = true; + no-cli = true; + no-tcp-relay = true; + min-port = 49000; + max-port = 50000; + use-auth-secret = true; + static-auth-secret-file = config.sops.secrets.coturn-auth-secret.path; + realm = "crans.org"; + cert = "/var/lib/acme/crans.org/full.pem"; + pkey = "/var/lib/acme/crans.org/key.pem"; + extraConfig = '' + verbose + no-multicast-peers + denied-peer-ip=0.0.0.0-0.255.255.255 + denied-peer-ip=10.0.0.0-10.255.255.255 + denied-peer-ip=100.64.0.0-100.127.255.255 + denied-peer-ip=127.0.0.0-127.255.255.255 + denied-peer-ip=169.254.0.0-169.254.255.255 + denied-peer-ip=172.16.0.0-172.31.255.255 + denied-peer-ip=192.0.0.0-192.0.0.255 + denied-peer-ip=192.0.2.0-192.0.2.255 + denied-peer-ip=192.88.99.0-192.88.99.255 + denied-peer-ip=192.168.0.0-192.168.255.255 + denied-peer-ip=198.18.0.0-198.19.255.255 + denied-peer-ip=198.51.100.0-198.51.100.255 + denied-peer-ip=203.0.113.0-203.0.113.255 + denied-peer-ip=240.0.0.0-255.255.255.255 + denied-peer-ip=::1 + denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff + denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 + denied-peer-ip=100::-100::ffff:ffff:ffff:ffff + denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff + ''; + }; + + networking.firewall = { + allowedTCPPorts = [ + 3478 + 5349 + ]; + allowedUDPPorts = [ + 3478 + 5349 + ]; + allowedUDPPortRanges = [ + { + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + } + ]; + }; +} diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index e152b3b..18bf9ad 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -15,10 +15,13 @@ matrix_appservice_irc_db = { sopsFile = ../../secrets/neo.yaml; }; +<<<<<<< HEAD coturn_auth_secret = { sopsFile = ../../secrets/neo.yaml; }; +======= +>>>>>>> 8e15aad (Finalisation configuration matrix) }; networking.firewall = { @@ -101,7 +104,10 @@ "turn:${config.services.coturn.realm}:3478?transport=udp" "turn:${config.services.coturn.realm}:3478?transport=tcp" ]; +<<<<<<< HEAD turn_shared_secret = config.sops.secrets.coturn_auth_secret.path; +======= +>>>>>>> 8e15aad (Finalisation configuration matrix) turn_user_lifetime = "1h"; app_service_config_files = [ From 017d506e5756dadbd973953bced570cbea34260c Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 18 Jan 2025 15:45:43 +0100 Subject: [PATCH 05/38] Ajout coturn secret --- modules/services/coturn.nix | 4 ++-- modules/services/matrix.nix | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix index ea57f63..e6cb94d 100644 --- a/modules/services/coturn.nix +++ b/modules/services/coturn.nix @@ -1,7 +1,7 @@ { config, ... }: { - sops.secrets.coturn-auth-secret = { + sops.secrets.coturn_auth_secret = { sopsFile = ../../secrets/neo.yaml; }; @@ -12,7 +12,7 @@ min-port = 49000; max-port = 50000; use-auth-secret = true; - static-auth-secret-file = config.sops.secrets.coturn-auth-secret.path; + static-auth-secret-file = config.sops.secrets.coturn_auth_secret.path; realm = "crans.org"; cert = "/var/lib/acme/crans.org/full.pem"; pkey = "/var/lib/acme/crans.org/key.pem"; diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 18bf9ad..e152b3b 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -15,13 +15,10 @@ matrix_appservice_irc_db = { sopsFile = ../../secrets/neo.yaml; }; -<<<<<<< HEAD coturn_auth_secret = { sopsFile = ../../secrets/neo.yaml; }; -======= ->>>>>>> 8e15aad (Finalisation configuration matrix) }; networking.firewall = { @@ -104,10 +101,7 @@ "turn:${config.services.coturn.realm}:3478?transport=udp" "turn:${config.services.coturn.realm}:3478?transport=tcp" ]; -<<<<<<< HEAD turn_shared_secret = config.sops.secrets.coturn_auth_secret.path; -======= ->>>>>>> 8e15aad (Finalisation configuration matrix) turn_user_lifetime = "1h"; app_service_config_files = [ From bb34a49d673abf0ecbc32a1248499d7b56719821 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 18 Jan 2025 16:01:37 +0100 Subject: [PATCH 06/38] Fix sops secrets --- modules/services/matrix.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index e152b3b..879b05a 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -221,6 +221,10 @@ longReplyTemplate = "<$NICK> \"$ORIGINAL\" <- $REPLY"; shortReplyTresholdSeconds = 300; }; + + mediaProxy = { + publicUrl = "https://matrix.crans.org/media"; + }; }; advanced = { From 3261ac37fb61f0cfb5e8cdbf531de31c7518a18f Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 18 Jan 2025 16:39:41 +0100 Subject: [PATCH 07/38] =?UTF-8?q?Mise=20=C3=A0=20jour=20Sops?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/vm/neo/default.nix | 1 - modules/services/coturn.nix | 4 - modules/services/matrix-appservice-irc.nix | 172 ++++++++++++++++ modules/services/matrix.nix | 138 ++----------- secrets/neo/appservice_irc_db.env | 43 ++++ secrets/neo/base.yaml | 221 +++++++++++++++++++++ secrets/neo/extra_config.yaml | 221 +++++++++++++++++++++ 7 files changed, 670 insertions(+), 130 deletions(-) create mode 100644 modules/services/matrix-appservice-irc.nix create mode 100644 secrets/neo/appservice_irc_db.env create mode 100644 secrets/neo/base.yaml create mode 100644 secrets/neo/extra_config.yaml diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix index 197e9db..8416710 100644 --- a/hosts/vm/neo/default.nix +++ b/hosts/vm/neo/default.nix @@ -6,7 +6,6 @@ ./networking.nix ../../../modules - ../../../modules/services/coturn.nix ../../../modules/services/matrix.nix ]; diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix index e6cb94d..0441ff3 100644 --- a/modules/services/coturn.nix +++ b/modules/services/coturn.nix @@ -1,10 +1,6 @@ { config, ... }: { - sops.secrets.coturn_auth_secret = { - sopsFile = ../../secrets/neo.yaml; - }; - services.coturn = { enable = true; no-cli = true; diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix new file mode 100644 index 0000000..1b7c924 --- /dev/null +++ b/modules/services/matrix-appservice-irc.nix @@ -0,0 +1,172 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.services.matrix-appservice-irc; + pkg = pkgs.matrix-appservice-irc; + + # Recopié de https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/matrix/appservice-irc.nix + # Permet de ne pas avoir un secret dans le store + matrix-appservice-irc-config-file = + pkgs.runCommand "matrix-appservice-irc.yml" + { + nativeBuildInputs = [ + (pkgs.python3.withPackages (ps: [ ps.jsonschema ])) + pkgs.remarshal + ]; + preferLocalBuild = true; + + config = builtins.toJSON cfg.settings; + passAsFile = [ "config" ]; + } + '' + remarshal --if yaml --of json -i ${pkg}/config.schema.yml -o config.schema.json + python -m jsonschema config.schema.json -i $configPath + cp "$configPath" "$out" + ''; + + configFile = "/var/lib/matrix-appservice-irc/config.yaml"; + registrationFile = "/var/lib/matrix-appservice-irc/registration.yml"; + bin = "${pkg}/bin/matrix-appservice-irc"; +in + +{ + services.matrix-appservice-irc = { + enable = true; + + registrationUrl = "http://localhost:9999"; + settings = { + homeserver = { + url = "https://matrix.crans.org:443"; + domain = "crans.org"; + + dropMatrixMessagesAfterSecs = 3000; + enablePresence = true; + }; + + database = { + engine = "postgres"; + connectionString = "$MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING"; + }; + + ircService = { + servers = { + "irc.crans.org" = { + name = "Crans"; + onlyAdditionalAddresses = false; + networkId = "crans"; + port = 6697; + ssl = true; + sslselfsign = true; + sasl = false; + allowExpiredCerts = false; + sendConnectionMessages = true; + passwordEncryptionKeyPath = "/var/lib/matrix-appservice-irc/passkey.pem"; + + modePowerMap = { + o = 50; + v = 1; + }; + + dynamicChannels = { + enabled = true; + useHomeserverDirectory = true; + aliasTemplate = "\$CHANNEL"; + }; + + membershipLists = { + enabled = true; + floodDelayMs = 100; + global = { + ircToMatrix = { + initial = true; + incremental = true; + requireMatrixJoined = true; + }; + matrixToIrc = { + initial = true; + incremental = true; + }; + }; + + ignoreIdleUsersOnStartup = { + enabled = true; + idleForHours = 720; + }; + }; + + matrixClients = { + userTemplate = "@irc_\$NICK"; + displayName = "\$NICK"; + }; + + ircClients = { + nickTemplate = "\$DISPLAY"; + allowNickChanges = true; + maxClients = 300; + ipv6.enabled = false; + idleTimeout = 10800; + realnameFormat = "mxid"; + kickOn = { + channelJoinFailure = true; + ircConnectionFailure = true; + userQuit = true; + }; + }; + }; + }; + + bridgeInfoState = { + enabled = false; + }; + + logging = { + level = "info"; + logging = "debug.log"; + errfile = "error.log"; + toConsole = true; + maxFiles = 2; + }; + + metrics = { + enabled = false; + }; + + matrixHandler = { + eventCacheSize = 4096; + shortReplyTemplate = "\$NICK: \$REPLY"; + longReplyTemplate = "<\$NICK> \"\$ORIGINAL\" <- \$REPLY"; + shortReplyTresholdSeconds = 300; + }; + + mediaProxy = { + publicUrl = "https://matrix.crans.org/media"; + }; + }; + + advanced = { + maxHttpSockets = 1000; + maxTxnSize = 10000000; + }; + }; + }; + + systemd.services = { + matrix-appservice-irc = { + path = [ pkgs.envsubst ]; + serviceConfig = { + ExecStartPre = lib.mkForce "${lib.getExe pkgs.envsubst} -i ${matrix-appservice-irc-config-file} -o ${configFile}"; + ExecStart = lib.mkForce "${bin} --config ${configFile} --file ${registrationFile} --port ${toString config.services.matrix-appservice-irc.port}"; + + EnvironmentFile = config.sops.secrets.matrix_appservice_irc_db_env.path; + WorkingDirectory = "/var/lib/matrix-appservice-irc"; + + SystemCallFilter = lib.mkForce [ ]; + }; + }; + }; +} diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 879b05a..42dce3f 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -1,23 +1,31 @@ { config, ... }: { + imports = [ + ./coturn.nix + ./matrix-appservice-irc.nix + ]; + sops.secrets = { ldap_synapse_passwd = { - sopsFile = ../../secrets/neo.yaml; + sopsFile = ../../secrets/neo/base.yaml; }; neo_extra_config = { format = "yaml"; - sopsFile = ../../secrets/neo_extra_config.yaml; + sopsFile = ../../secrets/neo/extra_config.yaml; key = ""; + owner = "matrix-synapse"; }; - matrix_appservice_irc_db = { - sopsFile = ../../secrets/neo.yaml; + matrix_appservice_irc_db_env = { + sopsFile = ../../secrets/neo/appservice_irc_db.env; + format = "dotenv"; }; coturn_auth_secret = { - sopsFile = ../../secrets/neo.yaml; + sopsFile = ../../secrets/neo/base.yaml; + owner = "turnserver"; }; }; @@ -113,124 +121,4 @@ config.sops.secrets.neo_extra_config.path ]; }; - - services.matrix-appservice-irc = { - enable = true; - - registrationUrl = "http://localhost:9999"; - settings = { - homeserver = { - url = "https://matrix.crans.org:443"; - domain = "crans.org"; - - dropMatrixMessagesAfterSecs = 3000; - enablePresence = true; - }; - - database = { - engine = "postgres"; - connectionString = config.sops.secrets.matrix_appservice_irc_db.path; - }; - - ircService = { - servers = { - "irc.crans.org" = { - name = "Crans"; - onlyAdditionalAddresses = false; - networkId = "crans"; - port = 6697; - ssl = true; - sslselfsign = true; - sasl = false; - allowExpiredCerts = false; - sendConnectionMessages = true; - passwordEncryptionKeyPath = "/var/lib/matrix-appservice-irc/passkey.pem"; - - modePowerMap = { - o = 50; - v = 1; - }; - - dynamicChannels = { - enabled = true; - useHomeserverDirectory = true; - aliasTemplate = "$CHANNEL"; - }; - - membershipLists = { - enabled = true; - floodDelayMs = 100; - global = { - ircToMatrix = { - initial = true; - incremental = true; - requireMatrixJoined = true; - }; - matrixToIrc = { - initial = true; - incremental = true; - }; - }; - - ignoreIdleUsersOnStartup = { - enabled = true; - idleForHours = 720; - }; - }; - - matrixClients = { - userTemplate = "@irc_$NICK"; - idisplayName = "$NICK"; - }; - - ircClients = { - nickTemplate = "$DISPLAY"; - allowNickChanges = true; - maxClients = 300; - ipv6.enabled = false; - idleTimeout = 10800; - realnameFormat = "mxid"; - kickOn = { - channelJoinFailure = true; - ircConnectionFailure = true; - userQuit = true; - }; - }; - }; - }; - - bridgeInfoState = { - enabled = false; - }; - - logging = { - level = "info"; - logging = "debug.log"; - errfile = "error.log"; - toConsole = true; - maxFiles = 2; - }; - - metrics = { - enabled = false; - }; - - matrixHandler = { - eventCacheSize = 4096; - shortReplyTemplate = "$NICK: $REPLY"; - longReplyTemplate = "<$NICK> \"$ORIGINAL\" <- $REPLY"; - shortReplyTresholdSeconds = 300; - }; - - mediaProxy = { - publicUrl = "https://matrix.crans.org/media"; - }; - }; - - advanced = { - maxHttpSockets = 1000; - maxTxnSize = 10000000; - }; - }; - }; } diff --git a/secrets/neo/appservice_irc_db.env b/secrets/neo/appservice_irc_db.env new file mode 100644 index 0000000..10b6ecd --- /dev/null +++ b/secrets/neo/appservice_irc_db.env @@ -0,0 +1,43 @@ +MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING=ENC[AES256_GCM,data:zgVqwMzTyWoI1ii11T4K+oYaDIWWi/f9foMypQA9/dplmq84YyhvMMnrRpSSLs2eHu4TUomm+7sjf8QcMm+Cr+atG5BxIjc=,iv:LJ+PRrtoQzPQIGhbhtUktidx5T+zdyvunb8huP1dyg0=,tag:xBTrT/AYPxvFCFNjgVhVvA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacG5EbzFpSVVQMjZjZFNh\nTmpPK2h4ZFYzQWxrcG9zdnN6SEtJSlRGSFJJCjRxdGVWSGd6alBOOGpia3JhWGtP\nMXc4cFJYdWRTS3FPS3VlUUR0a0xxQWcKLS0tIEZCeXpCWlNjdmNKU3Bsa0owYSs4\nTyt6bHNQSVlGaUd2VjlCWlNtazVwMzgKnbrfTwP7OTRWyvpgzvn4HVEUSvp5WTpt\nl2sRBZydvO9NHbYC6giqL9i2UobfRYIHFmVkoFAypEVW+2YZW9L3JQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg +sops_lastmodified=2025-01-18T17:30:11Z +sops_mac=ENC[AES256_GCM,data:O0She0bM+FwS8kwK9CTyPuPp6z+tSm6KQVRpnBBr3PC8iAcYg1FddIDDU/I8g+VjHCsyCDIRZ/MvBeurLhW2nBePoq586UeuzYExQRftmzMHJySwS24/1GT9WtZcP66dggamZ7/q67mlp78FivlpK4GO0QjkW7xQ9SpNU2S9N5I=,iv:/vutWCt91gacNBLMntZn8bRg10fqkDlrWUTc3vkQilc=,tag:6iV6uR6mcdBHJOQ2qPTzSQ==,type:str] +sops_pgp__list_0__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DtMjybqIQmUESAQdAxJM3V9zciKKx2ICWVHBpxgCn4NPnXxN2CIVrH60sRE0w\nlkuMLYzcWkOhvFaFlvf1sqSD34Tzkl+wooksE8ZbcHTJ9PxJKZqMMOpQQ81pQGVY\n0lwBO4XHzH28jLqw1JhCDchRMYYW833KX8QFm1EZcUIezbY41cUBXbtV0pxQZaoO\nTsv3XAbPMqgNKjkV3v/G1W+5wVY1RvJ1N8mUfvKvZxAj74SWNGwQ2B3vJMSM0Q==\n=lKFs\n-----END PGP MESSAGE----- +sops_pgp__list_0__map_fp=0x40CB48A443B03B5DBA484D279A130774C458F4D4 +sops_pgp__list_10__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_10__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DYIEGJeT64uMSAQdA6kdrT2SwYyf7V2+XG9rRcgY9RZr6GBoyVaI7+m0Z6Xcw\nusbxnzE6oUUh4RvzHxUtv+djlLvq5KoD2YEtJWSrZtFN7kw2UXTA3PXdL+DvnZOT\n0lwBJV5OX1od1HsX2ILKbp4yYphGm1HoMtxzWNErkaY5SwgvFJxije2L6xjuogDh\newzUKxOYieunXs09XPf+bf/U9AXXalaO3wrghFGg66zp5ZxD3h3Bk8+jbJ9s9w==\n=1rrD\n-----END PGP MESSAGE----- +sops_pgp__list_10__map_fp=0xE474A4AB587CD834813DF35D03FDB411169D6C8B +sops_pgp__list_11__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_11__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQGMAxrcfL3KHjCOAQv8DEqtrxEIQ1C3SlOB6qMOjRN+VCJf64/3oCmdC/PCU0Wm\nINdB9q0Xr2R51VJJb/64JvJMPgVjQUHaFcNFY184P0XdUWFoWnAWGY0L3ricvKuP\nfugqtbvAMG/uha+SOoUDFd/TbjRRXZdcuSm/XxS3B+nRdFm64NxHAao+AreZbSXn\nJDkGz6mkFIQUFdLgukZIL20zeU3XzNq6wwvyluOUviHmS39Vi5AtfcIh1R6qgice\n8Fj69xFiVf09Im3R5Vm+Oe4mTr9Q6n6taU556xrIVwSU/WrF1fsdOzU1tuobEReG\nq66c7FRW5esp1L3ccXLFiRJiBEMsAyWaayoXeZ7IBv2ITBb8E8ehDq50mjY7LqHj\nWlTRg6FuWHNMIPl6EubuV28hxZ85g2m3DtGpTimCqI5NFJH2jm+ziOvyigsZiKQx\noNiKoZoLdR1uZ6AnNHFtf68M1Jm0+0MVkUn1PVr/2We/AAaFVy6sr60IURqYL+es\nu7EapsX9FDRqKTo8SB+/0lwBffnzvUcrvupsSGzVaSwMEwYKTwCDPrk2QFtumLkN\nlptsfw9+X8qKt7IZ5f+dT7XLYh/8BBG4Sc7bqnZLOQsrmyFuuRW5C8mW6FDehaM3\nNlbqGxQ5I8Fl4mgyVA==\n=xW5u\n-----END PGP MESSAGE----- +sops_pgp__list_11__map_fp=0xD5B872E407D438721E5887A000E765FA7F4F2EDE +sops_pgp__list_1__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_1__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA8m7r5bNaN8eAQ/6A+Vjrh/RXSXEu+HAomSFn2KbCCXRXxWY/wEfyYewF2GX\nxgnrVOj/z23VKQ22Fh+shbO9XfeMZG+bQx1hbnS23kad6UlIIxKl+BfkqdRnjcP3\nPAdeE1E+15KXdirFWJiFebQ/U3HjNE99BNHXyjgW4GjJi2REMaImYTABgjTaWNoi\nyYlW/aImrFGGJO/K3MUzTVmR4pX8lt1EFt4Cuh1faFFxXpb4qE5cbPqz42GldUNc\n6F3QvsOAa9ZnN5pVk1jFN4CEN4mwGuq1rhUdq1FfQ4GwiKU9CjSBYC3u8+HhLAYS\nEMsG/yQYO+aqvSv9rPnrV+mazWcsZWY9Ll+Xn1Kd2VbHXc2oRprJMfgYZudYST6e\n1PMO+WmOlRcjD8F0YSUYJjcB1aMfFE71wPz0E1RM8EX8ZubGMPctNUp7O3u/psPW\nMp70bskVXSF2C90x3V2XkyASE5qPs6xTojTimTdK4xjgCmbT+6QTM5mAi4/Fuwvf\n0nqyslzwYdHo6ctMOzcU8eJoWEsx4jv7HXglzxOgGmaE+1rYmqH4GzSn0DQjzvZf\nN72GBUdTMFC8p20oqT8jHxoFm2Ay/gF7GYFXZWcVBFv6hQm/KSWCRkjiAW8SML5h\ns3T2uSecWb3Zb4Dr508i5VOl4x5/ShPragFK79/ExqovxLOeXHJdHKEC+8NJ5S/S\nXAErUWurZvLj2jbYsbokMfUpIBIGPNm9oMO4BFvgrYxmwK75C8kGcJN+SxG4cOuu\n2XbBYskl1cMD1NL9iuVn+o+yuUw2OMaaHk5I41JAZDJMSbQrGNQ9K9ymBu2/\n=Ij7l\n-----END PGP MESSAGE----- +sops_pgp__list_1__map_fp=0x9487E782E043EC0D9E0F6C27D46D7E3364433208 +sops_pgp__list_2__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_2__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA9A+dmzvmzOLAQ//e46p/CtNxgEA6wCgajCv/N5A9GG5Dyp/cAIMFBn8fZAe\nxZeB0zcVdzQvW3F/UG1xRzR7YXVkEF/wRbIwHXvaAbgjBz5ji1emw9WssD7CCeFe\ni+fc9QNuyqL64UPmqhxUD8vYWOQNJEbaEFMEf0nHj+WW8iktEJZJT4JntcfG1j5u\n8cHMlMg3CyrcuHzgDnGdHiA2Fp0zIekskMpw/lQ1WB5AgPq9MhxMWrRs1aylihnx\nFhnHDdnZBVf9qQlvRbbtF5+Muk9CsrALDjiajgS+ti69IHTChrtc+Hm1edUOa/vn\ngIO2AlJ/ZyMuWzkYbNDtoIkEKaY6TKDde3PcM4OgEvoP9qtuCbCJoRc5r8vW9rrh\nC0nZ6PHyJ8XJFZh23rmmZu2BqOzeWwcZdn9/qCkq1TmTZlK+GtHXi25QZjiQOJ5W\nYmg+dG1SaaUPep3JHGuITUlwXi4PvfpmhsG8LXh8xRmGOZdroXTggPg711F8qSrv\n2AHFXnmYV0Vm8EPP4D9Qag5qFYsBgd00+sp66zMWRXEra1eCHyDgfUcDHRYDWfgv\nYxfGiEIA3LUj+O47yFM8HzKzUUrhfxVL6ZQ51PqRy/Y1SrZhYXzADGAItpEkwplS\nn1teZ+hstnSuLOu1/vcDcDKORye8pHIEO8wirnE2JtbWYDBYgPmkPfcCnTVphkzS\nXAEMAJ2HpSTM+tyijXyA7IbaYPbc990V5l3NWIW0hXFTxauVXktfCBSd5Swe4Wvq\nuokXP7GdVBL3lLwJn6Jj4t8Hyi5QA48xhhPyi6oLyo5adhmmGRqOndjHWA/j\n=p1I9\n-----END PGP MESSAGE----- +sops_pgp__list_2__map_fp=0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 +sops_pgp__list_3__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_3__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DRBWo2b0h4f4SAQdAmcXTHWt11Bp5TM1S02EitFujlaSjJHV3zBUsFNpPRG4w\nIszH7SF8P8/BURGjKzdTOl1KK/ySLTuky8WA2/PkkjODWZXEaMeDlHep8luYkfcm\n0lwB5xj6EVHh5ct4pABpfIUJttRMjQpaJ9EZZAosHuJiRzLcW6nl/b1cUzD6mCik\nBqvpxagcCpD/VuTBOpFSrjLr0grUF1UIhdLTT8RXxGi0EXaAc310SC+I9xYj+A==\n=lokB\n-----END PGP MESSAGE----- +sops_pgp__list_3__map_fp=0x572D19D312825B1A504C9003531DDDB6EB559FBA +sops_pgp__list_4__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_4__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA2iXGbkufjklAQ/8CFJZinsCsW+CDPFswV0lqexNR769KY1/+NffkYyg0Zp7\nfv7lu5fVTP3B8WViRLzn3WyFb4jYsW4LpvEtibkFPOLwy4sY1ABnf4cNnG4+ytgv\nH1POkOzboOFa8/77OFN+8L/NXTNTf9Nd+IQBwroUsCtKN08s12kWits86rqqKiNi\nlqs+1+mzBt4i9ZJiVeTLPFWiekhqRHKZcI92vJzWWm6neC6EDIi6b9Siu3ZBh67U\nncZdPNzB4/K9qwSH+YrX00CDVCMJ8VGMZxlqiQMcRK10ga65mvqLmvUZ870A6a4V\nzUqISex5V0JQbFRzG4Bf84c2lGmwYu5OeMg3fomr23AwqkFAGn5mVujk+G6Ng8MB\nuGL/TPLV201h2OkHvDL4S6liiSaEOwfZo8butqAQbWH2mu5cuXLD4aHdZwlnygSi\nowDd2KATUBIWdlhXs4T+6bFnhvCC5Or7w8I38rbrPhlJVYzaXDAUpuF9o/+aF542\nvk1Z8fDl9MJTWmZb3qUgN8A4ISZitm3azcHOEo7TW1O1FVNEnHOpZIyDWQnXgOYE\nzdnSsnZGpQSl8S5+xIyXfu8z9YGZNwBcSrCaKHwcbfud0XBxVqKk+NzfBOFlpoj/\nupTHKpnQkwPrk2zk5Bh4w9+XmLGhoQ4V8jL8LQOjkkxL4K3KY09SveUzAdm75I3U\nZgEJAhAbrxUFyrcO94TQ4Tc0idIPQBdJ5x5P0NI3k40PFhf5cXhEXvbkkMByyb4O\nCTH9WPT5bEATJO0jyAVdgdl8fYUCUzkakSmKA7sVOIuoli/X1OvDQWnrLuV/n5RJ\ndPaKQSwg/w==\n=5EZw\n-----END PGP MESSAGE----- +sops_pgp__list_4__map_fp=0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 +sops_pgp__list_5__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_5__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA4Uty74yOFxLAQ/8D7ce3L2DxsiPE3WLAW9OnDGBnrz/RL5zSHV3Bni5DzXV\nGb2O1cp8apXPuRcX8+wsJdAIh6DVUy+FZ14Z7Er1TC2FVEsVml1MIApwBUSjY6Py\nqADSgVODwow6n/2I1DPl52LIaWj5Gzkpn3x/LeI17zy0L0uOMPwI4Miz5zLIeOim\n6HjW542AEc6WF8Rz5F9YdmmJqpkDiWz5ACm6jLqh4gmFZqDDUC9Q6VGeqRKwjjGI\no7YTVi4+bdYK36SjIhMeMOM32YA8X3jm7vmfy94jWo9ox+pF3gHuF9v1ZTcYLuwo\nks6JhbbZtmnvpxE398Q8MSjzF8bWQbl7UHlS2WmiIcPRPAzmCvaeQw3J7RThj+aK\noG9ppTHv5vZS0WNFcTsf1ElZQnd0aEslHoWHhspp0Yy/HxQ0tXW5b3UWn+CA0RXn\ngQc+uoy4OJdGnKKuIIqNL5o9uwDyJwxXmE+fb5+sDc9mlSUZXmGslhUAWY1IPTY4\nrLrLycf5DXTSY0fN3otFglmbxitHt8ZZb75pEr1rTfAUj2vC2LDOnjfFIfnhe25y\nDMR+CaH0zE9PuttliRKQpQHGOr+PkwBxOp+Dh8Wa4s0vvUKnKZ4fPB736gveAlVg\nA/vsQ+/VxvOpywjROGkVNzA1HBGWw8SWWHyoZGRxfdDHbbJ9/7cwMeiXrXT07MfS\nXAGIl6bGaUAXtDE8s1upx9PBTjXEUiYVUTDms4EDMnGKacUUxY01ErKPGwVE6ojr\nnJ9Ar3hH1qy3ta9o8M+PhvwLnrwnFcAe7Qf594ZjhgeNzBl22od5zdhBPlAu\n=oEfb\n-----END PGP MESSAGE----- +sops_pgp__list_5__map_fp=0xA534E46682DD8C35377352C88DD28608BE411065 +sops_pgp__list_6__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_6__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DIBqTX2T418ESAQdA8QRSuNtld8Io891NLLhCfOnDnWA/rwgXKL/qAjwQI2gw\nN7Xra0ovYJCoS6hg9/VzrdOdpviKqGkrFeWmGCcWTxsSwYczGo+JsaVCg29UXJYX\n1GYBCQIQh6CF9JEPoB0VS/aCUFL4S1Sjir5MXESua8QuCk53U1ZQH0O6Gf7hLVtM\ntGmd/tKnT0hOXq+v+pV+/rYn1/rmuXn8q3W7qELv4v5SEdD8TjtIJpTYiC25v5yO\nj3H9f25IVlg=\n=6GeG\n-----END PGP MESSAGE----- +sops_pgp__list_6__map_fp=0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D +sops_pgp__list_7__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_7__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQEMA7auZh4eKOkIAQf+PrTSXK07lCdmQDFLH4Wc1b0QJ34fwHrC94a7/cluv5wv\nAasZb4JQ4WJwbt8e6wLF9/Pfkex9vnWcP1T5Ot+KBf8xaRlgzEa+oULiyrNspeeC\no+roSlFJNfkZ5A9AlN+bqiahhbEneEu8jIdXe4iLOXvaojXkOqbkWA96Sn/y6/qW\nuZOvXrmAaOeSiKCbN2SKzAHwoXjGPuQqEbeRtPascf4QQpcpLjsUTSXu5X/wqg4M\nR/DGKv+Ur3Oh8q9s00bU/VtEI2okY+9BBvSpP3UdlC9omw50CCmWhtPQEwu05I15\n+NMOcuFCUTXKHmlBey/Ej3s/Tgv3B4+6fKSUGUcpV9JcAXZQ7uTVaeRyj4oUf5Iy\nAFWbvXVlVnoiGJXUlxWTKi+K4JYMZQuNiPcpFwjImxu6SpnXe7UwUcnaeVV0pkYJ\nQ2J6xiTODc9E/p37IAniH17eEUyRuN92rmorxVc=\n=nUcC\n-----END PGP MESSAGE----- +sops_pgp__list_7__map_fp=0x49BA444CDC680527B4835F7C3C1AC435CD1F217B +sops_pgp__list_8__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_8__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA11f9zoCBF1cAQ/8CcibTfWi72SV5RS5rRIKHM6PNPz//4m9yaDwYFdH18mp\n83JeyFajDQnuo1prON7BrnIjhErnFszHaTB/qXd4vuQsnYSeZ0Hhogaj+Rq+QflX\ntN3acmiDThIW8TQJ4/V4BFof+KbXy2lisTkgpWNKqBQLvPFYa4BO+/+TJN7Ii3Xa\nWtqP7jWkNnoobz1luuVSKBbPjjqXhcdt3VNDHBxogCJF4NiQA8qVsuuGaLB7FMf7\nHHtz84nMNjDSHgibF5aETNijB3qBWbmsD87c5uL6bRNLg2b5l1M6COOTDdQ5qmOW\n/jsl+oWlubo5cykRLilcKHFCCALcvQwMBo6uFfA1obC0EbTfP6qX6HAjcIHaYu8F\ngHESbRRt0gcaa/tdzNjibDbysNHHXnwzhPAV+t4e9K7ahpoOhPFruxYzOIOnMsCh\ne6nXN2C2Ztu4ub5C65Z8vzFjleDMkkrdDqB3maEaayB2UGTFEQggkSjf/HR+ayP9\nfs2LpK7UkXallJaY+txqu5wiVuGrdwy4JtMbN0v3FcFEYZdYlhyvPJYxwAaSRzzD\nk8Y0jZLn9kMA1QqIYC3srLcGRYZSWVeCNJubfcWAg6mBbME6wdUKfYLdYi1CVe+b\nkPgOHkQajPJmv3XOsQyiLLKF61vJKsaHG/cdRJdElx8bbx4BEdUqmCD7bwUz0r/S\nXAEmjlGgVSEZj5h8S8YLP6dXte6IS0+qk9YcC1SVusSlGN8EYyyVG9IG50IYLEVb\nHwEGmVpkELdJG1ymQnD++5yMyeVsUucSyY0yxOvyjl56ar47e1lfZHetFG9b\n=IPou\n-----END PGP MESSAGE----- +sops_pgp__list_8__map_fp=0x9AE04D986400E3B67528F4930D442664194974E2 +sops_pgp__list_9__map_created_at=2025-01-18T17:28:38Z +sops_pgp__list_9__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA/HTIsSK0VBlAQ//dV9jWbvdWh8DJXJ1/hwjrUPfoM7Aycqvn3mEAeqH2jcQ\nyFnKYvBjqOsFrWQQZymvIPdLWDEBWr5G6aL17R91zRgeVgbzR0TWd3HLWyeGOmNV\ngP/xgakcc7E8RMzWLyQe44opZBKrXiPPIFjDtmsRgdLIcQTi14YLmd13BaZTDB6X\nGgnmol1/9EyHkoeMkhbJ8kRHmgjEV5DdY5CmsOqecwindFrdDi8Ff2gWo1WfGx/a\nHYcNV7uhE/SmcuFNY0cI3Tif7pYbPZ4PJDcozMD/NzZT7x+JNwivlaEaVquSIG5d\nCQ2dkWD/XGr3DJDnz7eKqd4azCZkiAybZZzmCUG9V6SGFL6KZvd5flnApxzokKhu\nl4Luo9uPz86XAvJfhzGMfzIk25s3RvJx/yu55tAUlcvmbiTNFS1TXj3R6spQIK/n\nndfDYBfp8xwIy5unb+XfM+Zh8D7WvK5X0HsRDeefZohA0LtnOdOb4qykMF3bgD4g\nkimUw1VPEI4PcnULWPeRQX2ueVT8uksljHTjwI5X+Nz9RJ2hALGkCHCeayOVNbt1\nzoGwSZ19vMHVjDZGdMWW72UPbF6tU3LGe0HjwBMlfiESt6czONWGkH6Z1Hvmijmn\nGeZTl94SN1iyF+U+wtAV2ZnfT4VlOkVcKWWi97wb9/I2WY9MCla3zyvXf+JU4m3S\nXAGcrEdcWD6wFhDaKVcvgVTSfdvU8RnIO3Du20iUDF2sOFu0dpYxgqvZbhMaf/LA\n0QnUknQmrZT2VuIXF8EE7NkfQ+eQLkfG1IKTPGLL1F0CPWiFrbn8tcARzRN2\n=sD9r\n-----END PGP MESSAGE----- +sops_pgp__list_9__map_fp=0xFA47BDA260489ADA +sops_unencrypted_suffix=_unencrypted +sops_version=3.9.1 diff --git a/secrets/neo/base.yaml b/secrets/neo/base.yaml new file mode 100644 index 0000000..ba2cbd6 --- /dev/null +++ b/secrets/neo/base.yaml @@ -0,0 +1,221 @@ +ldap_synapse_passwd: ENC[AES256_GCM,data:apbaPXICq+Gv5lw93IhkL8+kqVzaa754dQ==,iv:b3dcgm/8oR4yJNYInjTrCFbBbmbtNseMwv8+F33b45c=,tag:OfzursOa/GWiN75BQWmJgg==,type:str] +coturn_auth_secret: ENC[AES256_GCM,data:6clieNZTJHwvP0eCAEzQzSPiM7RDulKGoxl8481EQ1Y348VQK7Fmr64UVkCb3veV3jgXsqHZnRDYyE01kCtNIrO/XK8NSrjlX1DyORQMm/B4doWs7g5lbra5hz8rpSh7U6gWCw==,iv:Trc5pdgh7+v5zdIcj6kVc6WayoqBHTYdXwjoSzrKg9Y=,tag:2+JzJyp0DcYEuJOU0B+3qw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNEdXdlRHREZwMldieFNO + MjFDQmcrUUZDMEdQZ1FPNzBCUE5yc0tLaVFvCjdmTG1SUTBYcHNzMHJrU052Qzc3 + blRSWlRaVWpnenl0dmMzNk45WHRhQ00KLS0tIGEwQzVybXY4WGVJbmRmYXJXTXlC + bTBlVGFTUE40UVpFSXZnUVBZMmFZOGsKoOmURysqtMIAz/mKh9pMx0d7PsJT6Cvl + iaNybBC16rd48SyfIdmyho9rmEOvk7oS9PCC17iYV25KlLx/zO8RtQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-18T17:34:09Z" + mac: ENC[AES256_GCM,data:dRh6Crp6gWOfHHUf9Gy9L/tINWqiK/ufemkAvt9QK0j48f5b3IdPFEmseXdaTCk3tr7z+lK/+t+wFWPk0c+8PRa+8gQROxR2oO8Co0m0MhD044+ja1rdIb7G2yUOC2ol8JFtWixkTLVxnOwlUP9YrqZoSSbORGWs/9HvLL6P+yI=,iv:IJRGkmnJWW3k+GrDuVjy5VwJR8sKQ4ljHGhu3+S1KbY=,tag:elqYgHYabvUHbGprDvNWTg==,type:str] + pgp: + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DtMjybqIQmUESAQdAfHpmhae5+j3QGJDmyywtetw5X61oQfEFOeQBYOxHhHcw + iLU9+5QcaMBL/2bUb8ntxJGwxxfj8BPvTKmwTWwhlKbF3RvTINictJMsH96uXYzH + 0l4BYbh1vaVkYzOa61v/b6tVs8y8vrMSv783RiTm7Bx9FfAdwUik6pTIo9irxyvx + W2yFrGEvutBSbegfaMMdrajlkCQPvtol5UzNC3/iyEFCZUp45RI1BW4XEGr+QByS + =uboQ + -----END PGP MESSAGE----- + fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA8m7r5bNaN8eARAAgkv1Ls7wpwHocKPmvMhm7+1hwbUwF0UUhzq+44w/Ss9q + AufVGHIyXgOEJYpAUy/FSTsqMqEu9C2Zt4/xB0SDn+nIdg0dBW2uNZHV5xlr8pbr + +vO+EnXYgpuNs1phMGG9Fj89nT/lP9Lo9oOo+DU5PdQZgpsEn9lxB05T6fLLVyRC + bHy6jKIJuEnGIKgz6HEbK/5FnBqkaSmSSwpkb/6a/MM//r7zMfsuseyLhgrX+wJT + 94491D4Ql9yUsI6t60fs3NKQtgyvfSIkwfpZOL+3XSMuCfpPC8loQBohvaTd0mhG + Yu9+yI4UmrE3FvpLZ/VOcOfB1ClYqncrCI+K3vttv1ZZPylDiY0VI6cPPNtyLSo0 + AxdBfDkO9/lMbbfOKHGXJYDkA+nhDRc2bTreoFeOA1MF068WAqQmESCzL0ld70hC + +a7mPClHyrZiIo6sMkn0TFP0apNbqvoUGxjFYYjynyhmFYoHXs9WsLcKGZPunxaE + 5UtSQn/HUH0ifd4poawB+HDdHVzmq7P1Zy8xTGIoLVseUkUWPa/c1BQFHOtXUhLk + w5zC1alhpkzOW6DXn4Z2mc9VEnGmvvInV99AKtfRl/q1VAEwnX1UxJUHE5xa7L24 + wp0le00QZqFN9FOhphQRLF5oMdxmxXty/W2SWph72vf/Wo/DgqsLHoW+c82EWNfS + XgFWbyJKpdYArwbmFvC5xaW8j9lkbasrkEWdg0I/9otf79/FKf6QI/CHhTW4BmHE + IyqjuA5e/mALkp8KR4r6BGttq2wM3a5VlCv01bd5VtoyEYEKMnW1rQl0lwERDQQ= + =pNr0 + -----END PGP MESSAGE----- + fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9A+dmzvmzOLARAAnw/r2icIZdahiOuu7pdN06P+aKRk1EjOu0NDF/lpEK8W + e7aqfHi0cAxkyx4pbVOoWzrfICRtE2CyOZR0M+6jnjx5DCtEFBUif4UwYTjvo+zs + M5kuGRxOABY5b/WIDr8kqZndhokGP1wHxhZZCMvxk2edtqQlM80NavEs4fQn9KwK + Xhz8orHWhGpYR5iADmd1LI4suAbCA0lj0EFchYu3egVGOiMzWWTJtR8aGH1Q2MHT + IUoo3UcZdKU2jCMAPlGh6PVlMm71kb7LDXNXS4EU7QoPxLhqX+fJvwD/dqF7/kJ9 + qdj5ZENf3HRqnqhvU3gC59yMi5PXFeVErQAzgkdOHQ0Qdr+gzpkMrdNilpn/sUPy + 3l5F0e3YxqoAyOqoiwUnKOiV8nPAvN1TfrdE8AlZ8BSxfGofGPUycsuojrpMpMLF + DAAx/Mx7v35nsexi7Vnzwx9qywittR2lnPhIIY1Zf9vUGe+Zbb8IeTNDK1/sPlCv + g5C5tQRwsn1NuGR47+gD0HqXP97aa3tSLzVsmji5J2TtElueliK7nOtLgT8A0QTA + Wl2wES1Hmn8g9cvI3z94txyh320n9EGHlZJHOitGJD0GKA8QaYpIRGDCQynN+j30 + rDbVy57evortk99/WFnOUAmPs1WizYF+i4XCrg5ekXs/mgyMPfPVLMrkd5UlNcDS + XgGUXYoUTKibX+06F7/q2zvzuJyDgilsOsF9FVMrvUIjYciiJsIoQy5PVPUT8ihG + 0USETUcnIV7yWVnIwQMH7dYl+zEpH1/yKLsCiOM4EgP0fKASpxJ5YpiyFsaBB2E= + =MuHO + -----END PGP MESSAGE----- + fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DRBWo2b0h4f4SAQdA7C+Vu+fqJRUZBcLtsVfh3Tn86b1jERBvX17HMnzIpVsw + HuIyzwVoJ3EOMSo8a0qEOG6fT0EROZA+/B8oaUeE9MiqlYL6PBFP3dVgAUx/6v+F + 0l4Bgyvw+7vxacOX5QdPz3xPEA358lzddqkxhd6ZHreXorLcP3oX+pMURH2PZDCy + adcF5tPFev7po6/RDNadNApkLVKNkiyR4d7yOtICSUqUWeLaH1gYRPyfbJ4T8/6w + =dhsP + -----END PGP MESSAGE----- + fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2iXGbkufjklAQ//Xk9jgrxczDEvobrRC1RitXNygum+tDsauLo2ymwKTES3 + GT3CXqTabWKp/i+KKRcgipmgbqWb4XAusBGHg9D212zVIa7uqbm9TpJocqVmFD7u + hihXPAk1qlBz6ZNDPCP2va6trzG7+j0QerscAuFvaRZOeYrSJtguMCXknH5/hh+Z + +tYHlODLHR0D6PtTrYw93GpsTK3tOjO74D5JpxyF82jSKYzHiHeFj1+mj1AQVGXw + pt7aqL47VI+8DLLkF3dDGyxTl7fA3u0VnBWuHRiqZB7aVwATmgYIpHD9TC1mt30d + YK5iQtIouayyIijQKYNtWUucF3OwMD5eI54SyLzhvAk15QivpX+7DgTgqOwRGYHp + 57fRC+mL/TjG9GER4FDIjncNOqsXfAQfm/h1U1/cj1laQv1niIqOqBzZ465aJ0Y1 + /JsDvgVFV/avw/MJpgXH6zKwFgOBV9ooIyEf4GW5Y9x48DhpFrOLCJmrNNFSK/3u + c2iGGTwGwW/Tvf5ABqwrxrKG6m2QYBKnpxXbHEmmuqPasMDR7tukNm++aD5J0SGI + ZLUvt62PaE12lXkGv0QIVuRT4T2i3zLIcExgsKHIoE6sMPIa6MUDfpRS5uxaIXYv + wFIn7RrEpIDVb2zEy2jdguKNqXIO0T6VtF6ObACWv9kFZpKN48pxqeg5H/oRlC3U + aAEJAhCU4u3dgEwrroY3zD4mhmwEqyWV+bOOUOUOzxmlSrsvziw/zX7a3ogqzSyS + btuBvg7cqz1XvqZ1E5DFpCnKPSKZncMeO2r9vPUUOyQZZx0R5vh5xgIRtmxyRH4c + M6dF88CNFR+q + =ySze + -----END PGP MESSAGE----- + fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4Uty74yOFxLAQ//RT4pXW2c5UjFHzcaDASeUimcX0mrJqXgPJZHjLGP2hO9 + TwP+mq3jG4BBdBlq1cl75XHXjTXuy2ZWHe3HfhUq/gxrrFha4Ed6sLfVjD2T9HdK + k2P0MrU0+M43lG2RlX8pZXw7B3GVtOzjUDWG5+JRTn1f9jcHRkPX3SBVBint/lqV + GyhsSy+MR7MZkWkkQfTYExn/tBjuR4cVbnq4/ITpmfzqj+zqCoEBaKJ5EEgiiEX1 + Rpjph5CLVe3kBEooqEWbiBYDsRxSupIv/pEO7p3C5RTU8HkHkqq4+EFXAOWiM59Z + aEy6EmzZl4oIWmRRQglfVs5sk1BnoB+72dqLxd/fAZwWtNDsOOMIlataRPrRcdh0 + aeAq0NsoKXCRkyLdpAZst6gi40pKuJfg8IN2cltsIzPJTd6mk0L9WUyabqtJtcme + +FjRg4oyEuOzpdYwS0Wqehq7ot5SL9ilFXMLJneT4XMaVsUqqNm0xB/mfdiJhO42 + QrfcvMhEInirbO8T/fQCxpSoIhyde5TGUyfdsusTjwAsiYf4hKqapeYdcSy9Spz8 + 9zrkIR0YWqve/ISX46TYINZ649U3Bvizh+8Q6iXQsq8JbVY/LJr1/w3yXcqbisx/ + SL/wXE86scIpb/JkfXNE/PmdscVDlEAUsObLNQQGhmyXzlZiC0jBPj8WADjy7tLS + XgH9fgZUtCJ1USiWq8pl+MUWb1XKG7pYSscapn2qgIbb4OEbu3W2DNwalCoAffDP + OL5YxxLHQGmXhaAQIr7xg7zmryT2fHLk3n0/1AZHGvvkbGhlYiWMGcwFhpabJLs= + =T+mP + -----END PGP MESSAGE----- + fp: 0xA534E46682DD8C35377352C88DD28608BE411065 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DIBqTX2T418ESAQdAAscnPBONw0shBPj5edcMZeKFGzT4kDgfnPkY9hox1z8w + zM/+F9Kx1iXQRrIzJVppBRgyk9Xb8//od6xZvxb1hCTe6Ksa+g9KmmhbFXLiVBwL + 1GgBCQIQIvPnV4LgUqD84/SmKYCS3Ir99MG+vmxuIp8vwvsAR+CSbySTWx4GqhNo + 8UL/ORRo3miP//UUV0VukQsNfPiqT4Jcgd8Jx3QdO93IXuiEh+2QZzHWgnW3M3+j + 0zjjJhbjEsiGbQ== + =mHBd + -----END PGP MESSAGE----- + fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA7auZh4eKOkIAQf/TIZU9Qi68F4A560I0ByCZOaAxfHsqHr5u9GZUwKvSpaZ + mLyUTpJW4BwuSd75LR2gnO42Oplp36vUTDGjkjiCSNqzy8oOGkNQnPcl+FEFndfp + Ee9QYi2Bjrf4/ha495J9uNadyj5BXt4KWHJr4XpcZKTy77n1GnR4d4aXTa2tZPmG + vyKTKZ312jgWUUvwuZzDuW0SJvvn86n89Q7YoWg1qS+XCGk8XQvKMQdXfYCLVrbW + 2+V/USQ+JP6WbH846BjEt4/M1TBbVVXX9sX+nHQ15hp/SH9EqxnHnY5Nt7aquicB + hIdkLrIEwd0cUIIkEOHmGkUVkJvqahAjHGbD7yuXINJeAReBFiq/rfrnUqb1wrpo + 7jKnRocEb7dBRi1mPpgjdBYJtAUyWzNyrkwdMoVM8wKC4ismTNjS+tHh7d8mjexa + d7NdnflLm/DVX1q/I7HmRAl2dkRumOHgcAFS4p99jQ== + =nlJL + -----END PGP MESSAGE----- + fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA11f9zoCBF1cAQ//flFwM8A7zk8yHMgS5AAa449v1008+C1BJMpwGoXJEbV5 + M/17rbvjSfWMT7ur7ulzoy+ZQ60v2+M7q/AyLwaK70I68AJCxswrkVs6xKDQxYTC + qyVJKmThlM4BGsBoQFwfPPqGUtVj+letfhHtCFJS/MEeWGUXjlIU9Qba6OlI2cKo + qjzj+N+2ErKcArv1yYLPPTz9Bl4LtKKzCxlD4w1KWC4MOz/fCyHjbwOtxaa6BJx8 + dODT14MZS5DW3bOej4EVflNnH71ncb7FFi8kOZn1yVE4UJ5yK0vCuiEgtQ2t0YQ1 + YkAMB4Vc+CbW/l/0Lpx0jF6ln+ad6EhlT6PBLXSmgMPOeXkMMu27wkeD0moU0APk + UtXwttYXHS3E9PeA6J6aWYy/HM3B3XNb9XZmuYwcw9gCj+hMgZvnJGOtQXt+N/gE + SA1mleTZTukaB30T4YfikoFvDAbafI6d7qJQx/t4Hiw+rLo4cMypwEuKLOEzfi82 + I+t59xPaTsRD19HH5CBW2xgrFKW9Fe8MIateUDv3uv/N9CKohLLIj9IHpn/io4wp + mLsOp5Zf1ij0BvJaxoZbuLorY1aQSZ+Btu58QydckUX2Ed2PAs6oIpyxdTHuh7P0 + IqGCcsDGbc5Y5ZkSBSESoJMMKCKcyLr5jsRyO+8cDDq+0AMKCyOCPY/nbuaP7LrS + XgFNCGGYHK0IxYsJ/kBu+aZWf+nwjy2zlCgVD3WEzDwtebvYqzPYYGJOgkGkL9qM + ClPHf0kfICnUporsDxpsp6ONIKEkiUnQQZURGPHD7ZGoDswHydvYro9hyilZcnM= + =kvaB + -----END PGP MESSAGE----- + fp: 0x9AE04D986400E3B67528F4930D442664194974E2 + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/HTIsSK0VBlARAAnWpj8nttOE/xoxQRH+/RbTDV/b/ZiX2lF8ZdahpECm/S + ZRP2vNIEyI/QfJan7Z1301/YePS/b5dnlyY9gitgIorZg43TWF+kQserXdy4QjQ8 + 5RgP+Ei2+Tfez5MA0xI0DQlHNG14lTVr+/9djD+bDk2+DWCr5D54xeUkNsQsnxu8 + Fep3GHygCQ4aR33dX7pZAk3tRunS7POWkWlfguNvyKUY6eMqxtG8g8oPFFFnAoJJ + +6f9Pwlgl6c7NipsG45hRwwVEpivIwENH/4GSFXAiq+lKS+OlqAi5VT2e7ZzTF9n + 9AlzedzYD6xe0iTIgbXaC/CRcGJJBa5DvSae60fA6+txISpejY6KpIHbefq9fCF8 + 5+EE8Ih/Dt6esJM4uBOE1E23P2JcQqjHlXR5rBM4HZJUGe27tdFSNzn3vCxLwYR9 + bDnYVwmmunpyB9vwEA6DOIWdbyeIfF263pxLGHmJYTCJeF+W1j/3AOYum2Yvtlmv + Pnrwfk+ESf2G8lU1uie31o3hjIp201Cf+mrDCH0n6bgN8HZsPBAy3wAWEhONZWMe + EFttqW8sRNRvU9yHaJjRiGX4iNkRxQTLspvXtHFl2x/NY5zAGRx4KGN42PPvt1qW + pJlqRWuZ69VFUBbOv0CE05SURSGE8Y+gZ3R1m6XgX47Hdv6W2SktlLuF3C5wYE/S + XgHhhvxvegvJXGJNs91wewdQ3jNuAn7OA1CyuHDyTvXE1mQTRQmbLysj9LqdzCyf + x8Wvb3JB7kyjjF5hGXAcW6nuoHrwEAfLqmW8hNXAdaSqTL+ljRz0SuU2m6Z1YH0= + =Sqjy + -----END PGP MESSAGE----- + fp: "0xFA47BDA260489ADA" + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DYIEGJeT64uMSAQdAYc8sRGKM2KKBmLxBI9XVWLghB1WxkxPzcsYDACULk3Mw + PAYCzl39eLHHO9FCCI6aJX2rkQGtpFRMZaar7M3R7vWImGBz3jbTm/pGSO4hd9WZ + 0l4B8U0bOxig/+2EMBDcF8118wtiAfVl01+Z1DlZ+qcy2kyHyh4X509z17MRsHo+ + 2rqj63HSJJl66ImO1OR6MCLHxwzXvmKWJY1Q+jn4q+zALzPHZ21YCRGTAK3KArTC + =aVd/ + -----END PGP MESSAGE----- + fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B + - created_at: "2025-01-18T17:27:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAxrcfL3KHjCOAQv+Ia6SJOUXoRMvEifMbM0q4oTt7t5n4OEPGv36RujXY1QI + GdrFQ2VOTw3OnXRWzbLnAb8TBE939QfrtopFzkgFnYHWWuF0bicF/4uEsRiBGKeL + U+bczckPGZt5CSWUEG81zKZQUx/t13QUUhhTG9pKAaUAVxn/XuPOHtwvOzMNvE9b + tlaiPNAH8P4VQjKon06kmzBaN2vcueTREZZq/UnOp93x4Iw9zQAYF8iKVCckcM+t + jG6P2eFWUsd7fDrml05V0JOEYjsVCVpahy+b7xfevIg4UdxeMq+/2GMsxmJ56UrS + x5+dDmn8MIC5zsGcCHCiabLYtYKglcvIjNQiDkqy800IcHBrm/CWPK7NGlhYlfss + zY0lxMvyfoyI6BFRIVD3z+P28bhZmxsOBM7U7KXgClUR3lJOd6nNoBxJvAoVRf/t + NUzDlKZaeCGOLAJv/LGtFb+41vvaTZEVykWDNT7HWo5zaiwuBubcPvtQVYcREAQb + P0XaK8CY9aykR95+Lz+p0l4Bp8JJuPVfvYD38wHQ2hY69FRcytn7ebXG90M/6JF7 + gicpaFmgYb7mj8LbyRrCkXBRgqu8CwGspw8jhSNkEA8/y2SBi/7ZdwCFJPhT/LBz + BqZdGMPxVZA+jAnT5x8O + =CHlL + -----END PGP MESSAGE----- + fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/secrets/neo/extra_config.yaml b/secrets/neo/extra_config.yaml new file mode 100644 index 0000000..c755f3f --- /dev/null +++ b/secrets/neo/extra_config.yaml @@ -0,0 +1,221 @@ +database: + password: ENC[AES256_GCM,data:Az8T+I8PDIF3k0ZIR0LwhmCbh0NJqgTyAn5CMZLwaG69jDtdtOAjZw==,iv:93bRDLxPPCs35CH2ePRhk/mwWxFg6kTz/0NtHMHC00E=,tag:Y23vL6hp0l4X8Igodahvgg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcXpVV00zdmZYZTZncXFV + aklTVVU1cCtnNGlqNmJMQlpvbTJFTElyL3hzCnUwS1duWDJQd3NMVkNRckN6SWl1 + aXRUOE1NcTQ5ZEFtdUVtbUdNSVd3eG8KLS0tIGxuYnpsS21ocGttWjF5V0VBemxI + a2xHRTRhWktOMGdlM0tJK0JVaExrQWMKOEktwOnAe2nZzYNUoGZ8KhsGbyVOzwnk + hAwbgpqgfzAbLfHaGnzQvE9podv59bUtj/ty1RxF0MP6VgcMuzDOYQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-18T15:01:01Z" + mac: ENC[AES256_GCM,data:TogIL4JOdlPHoYXZl9Jmg5mUCrE6iC6T/G7rIt48BNNa7pgsk5BVYn+tK06Go5IYYyLF0RAsufaf0ucwOr1zbgTXDzspuK9lxAvKwqj843UhOrm2cK4y11/VHcWpDq5mG5qkHM8ECVdw8ZMXuZ2m1w3uVg7KMrIA/eGhYwJiXpA=,iv:XbfwwoVGbtpmDZMsB830gTO7H7vMbANhE0GGVMlJrYg=,tag:zovIZI+dzhfH2L5arqH8Kg==,type:str] + pgp: + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DtMjybqIQmUESAQdAFNVsoRoQ4Asu3psACyJAZVJZlgd8egHD63vDOtuvTQww + jfvZGz3ACLErHrliAFhZdw+94TsyJK3xAWUKHRvqpEh1w8oJZAXTUcwVz7EO/Ive + 0l4BCWpz/ANsgNZK1LqC3Qa+HP4Jaeoiqiv4hkNIacU2pZASsmqBj9eh4rD1NxhW + pEHuKiy+NS1oxp1jg7ssqBB8HkvY/EhKKAClDJNKTCuFpuTkEq+pOW8CH3dIESYd + =Cnbh + -----END PGP MESSAGE----- + fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA8m7r5bNaN8eARAAiGXdbiWzOInTNer8trJZ6ncU4UucrceX+DiCnfkAS9Hq + JgrA+jZV16RP0Ke+xVRSj/NEuaIGu7DmKNwANYSuRUfvBBRrQp0YKJx4NRoe9ZU1 + IactDCFm3AnIwz5jYhtc6kKjd5hG3APvOJYdOGj0hFNdX96h2b79lUKqpi0wHv+2 + Ab6uzNulTZszcGEyilE6mCf98t8i/n/cLxKbDrgywKd8YceKM/nX4V2cq3wxGgLC + j+5QYMPvxhbVkBZhLe295A/blBwV+L+sm0AZw5fiNo+ryK51+bLo+KwqEinZb871 + A5xB1VatEpeyd8sbH2y5z1iLyWHqgMVfuKa2O8aiuJCyHUxMGMqyBWJI56xGJSme + XmEMQnwR1bvVP2o7J1Ssn6SdvHH0r3zOeYH8PEnTxMky8bkUAVFTxifilGPk2rFs + MNpxLv6r6E5N5kXH59Crl3G9m0bqwELQA5Y/d9HMBCuvWBq16EWZLOmWdW4gmHHD + k1GONRk2KgJyI72LeuxHVSkpe2pseCFnKdOkTl4MU8EUuOM4ERXaIeGLRtwI/Vrh + yt+WNNpdMBuBGzhtOA2wGOkfhZVkhPcaU2VRpNAZzPIHASJNuK2VOEWKd+qF3k89 + /iuDVxg8bRMBBWz6xqMU06NEJNCHkdRawd+kWeN+T3sg1veq/UdwxPZtvtgTsy/S + XgF3yDEmG2CDDOK59MxPyVvt5NLcPuGaq2ztaFXOCPel698OmQWAhc2/TfaLJq0t + 5LMAQKXzuQjBLtaT8N2BCGzGY2s5Mgv9Vzh/OQuC9/Eeenz9LjrnOk/4szGcbRg= + =GfpB + -----END PGP MESSAGE----- + fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9A+dmzvmzOLARAAoWw+e+bVTodSfgjh1K8tqC+XTDnj8Z5Eyj39xqULjtqA + 9AFDU+VCCQa0m7AtyCx8TYZthXs47PCl/srDtK353Bxl/pLWXoiG1Cmk3kOOTY1P + teIFfi+W0wWVItnK7mxRj/hQu621kwr3yuG5K9UNjcaixWGBGefcTYw4nUKsbeDF + 4bZ204IGgjVRU7sI8nK+M6ikwn0Mv7i8lsbLytD+FSr/wU98KixOzg41JgOdQT3X + EtPI03rJZ8daZZGRUlSnamN0RT+8AYRUrgFsz16hCrXH7ztK5HyqmIxWwf/q6Fci + GGxeAjQ8dmduEyUadSU0p7s74yYgPXFDIN+RbNlebWm6eWuCZABtxon/LMnoaG92 + TRNrIsSQEgnNF6xBYrTG4L9NhauuBTsr/Zg+3kcKqzpktdIsGMsVbFaURyVb5IYi + BQ0zcJULGSetcF1uCCRog/uy4i6Ydfl1FuRRmURO0mlkfdChE06UPAep0HBDsI/b + Hd3fpTRKuhNaG28epq+hKzewCZz3Fq7g47j5grWHQGeA0ZQQXaFCKUibXO3Q2O2/ + TaX1OPR4aMNU6/9jgxyrVAg+riz7ly0ja1xiqMi5qJF3+H2p97Wh2qt3Y+NUXS/X + xZtXuKdWI5WnveTmB1ngR9rNDjsmOtv01OhfWalDESlg8bik1QRTd1c8gjVDTF7S + XgHt4E33/3IvKn8VzI1BFda38X7OaEDRP+J6HvrXeJgsVZrVh8N97naLwmCAuqoB + hZhTUO8asf/iPEOU7za4nexD8jSGBaZ/vmD48SkIeStPRYsh687KwLm8TRkW0nw= + =0HAE + -----END PGP MESSAGE----- + fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DRBWo2b0h4f4SAQdABhx8GDBhLAzrMqlqA10ibBR4YuOQ4dt0UhPDHkdbiWww + nWDDDHyz+iXsh5Nhf1uBjplfztc1loEqJ1AqCrCLhZBlRlbLK3+UwYn3aC8f5iGm + 0l4B8eBqJDOAZ49ATqtmJEbXRV4iXTwtF9wh0oYiXqwScdczlgZGi4pkFJ5kruM5 + ZwV3o3HW/kPGWGq6gJr6+CY9+HfsPAvNireoOpAE5blRTDc6npmlNF+soj20UK6e + =HKR5 + -----END PGP MESSAGE----- + fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2iXGbkufjklARAAjRdmg0f5oZXJFApoAspxc1GB7acXfRYFRPDHX50Nu6c2 + 8RwZylkAAIs6MDA9hbz8M2N9U82iwSNYQIT5QrkW4O2BdJ6It/mVKOqJYIJyjIKS + f0/uNnlcCFXNnMTN/YPmZVo5LFJSJkW5LIf3E0f12ZgyVRUla6BiuaKaOs1/UGmV + jXEaQP1CJmHv+TxAIeUeNy6lseXiYnajD1Gx7K6xlv62hvXzJ6ny+/Mz/c8afjtO + aOCuhqXDq7gu/9nwqZjaJcvlvNOj6dO3km2YBXf6dg+D3v7RUtqrNp+iEytD2h2c + pbupHoySOEJPC0gL/nNEgxsYwXEu5x5qyPQT/boWP5KbFmfWxdmFvYsqIoXK3QuP + mMCScqm61mFougPdfXV4i96V3/6Dgog9STfc3khkbXSJ03bCKmvZUCl59OOvHFZD + YWbYfPn0SNkG45AfeSb+5b4/WJ90eGGCqazXug53jlbjHxE8BNRrb8eNLwfZ6/QR + VrVeyqnJemnA7cj7WqrOw+7IxVqk0rneflaMC1zuHd6QvBkwZEkyQMeRjg+d61Wp + 6qDoBr86JcwufSFK/3HSqfkWQ7pWH2T+4PtlGJNqxDRejwPBIA9BwARfqaFOPjuy + aQbs69hWL5GjikXPnNgvgDJDV61cVBoMqn+9sq8zE0LbaAH3PCxeQ9BdlvAknmLU + aAEJAhAJdeIvfvwiCZR55vqvOr1aJozpKW/aMHSLEBbAmi0pntLMnPKfNlS0m4R7 + 7ECKistxoup3FFVgrUMQsfSuaTxv9IkiruxqhIdUjCyW4trEwNc9EBrneSNPQ2iN + QIB0VYLDdU7b + =vLkM + -----END PGP MESSAGE----- + fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4Uty74yOFxLAQ/+OxuEisJV2I5vLchZuBnxl3jN7J2dJkjt8+QhnNNzOGXs + E93JpzEoOuOYKB4JL+Xzye13tfuWvLfIwLVHBLu2zdTWKb1o5QOOE84bUVjRvRIO + +r3nnLsknS5Y4m77a++dLVVwqrUbpvngqAR5BELXUodnihX2KL06QUTmGFWw1mcb + gaWKwUDVJr87EHWZzqVCOyzre3PIvi96KazduVWK5nHn94AnAP/maxqkb4i22QW6 + MYLZ3r6pIpS635wI4f4lw3KwbV3xQIDzRSS2OymOzlLN2ho68Q+u7CGfneXrW4Fz + Adv2ifrxC67gnWGN9zMqQB7OuGowTjaqybuIhwXDbIyUK/gVcT1WcbJaDeLJUrn2 + 9raNTBwfzFpRQD+TCNFWM8FIuVJtFeDZbbAvE53fkyQ1TroCHL+WO5fS9xqTbOb6 + 2acKhsCRV6llXi2FlCNrsS8VlkeIRHLa/vdl2QwLxnh7XFN/6cNqN1SKpbKN7D10 + gp6GFMHfkeJG1CbCNEm+nHvoZlI3/bZrzE/HLDgCQHre097HyDwyqNr8ytFBkZMf + Wmljc0PV8v8niYdUv/ZbmNgXXd/Z8gDiIgvFzMa+VXLQAeOGLLFpGIE6tTCsnTQO + mnmhnQz56fwWJiHJ9mFwwrQvnk94bTg7DAHvT2iWOynq6YlGM4tFcl/buM5xPQPS + XgFRrEyFYYGq4NX9V5tDrkitYGc1AkgkrA3oFerzPfKxEktMSK7CsBXt2EJr/TWB + sqInXmezigoYYkDxggdIXiR+j0CvyZuqUNh6uXNRmv0D14TUdmlE5QA44Ucl3Fo= + =sYBA + -----END PGP MESSAGE----- + fp: 0xA534E46682DD8C35377352C88DD28608BE411065 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DIBqTX2T418ESAQdAkLP66to7ZT3td8EnmtGUUZCsUOM9x3CYk5ZYywgjz3gw + JcFrx60/fNnU2P93HPKXUrRnsKwZdfnPpdTAOzT/KpT+NC4r8bLNcFklcSaZgzNr + 1GgBCQIQ61MKL6jtYU5q3GGOK7Ts6jDjkzPQD21nGhuyrQXkk+evhzrsBqnAfQmQ + eFLNAyIVFcuhnGcQBNu9OmQ7LZaCrlrrrPJDtW6NxJ4DDlyAwWn2Sd036xVtJqcr + PBnNw/pZyb36eg== + =uXsC + -----END PGP MESSAGE----- + fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA7auZh4eKOkIAQgAijOLPXIYcL+QS83uvCCjQvhNwvHwN9GX7abWfBqynVJY + aH3+DyY338Vl2iyOsjLoRW4DtYuxsra7NL3WIgQB8pQ+Dmh2FfWjSZl8tplWpK+1 + ar7tUxKYOV9RqJ4Hs8zh8P2OVPrUICvLJQj4xDlBm26HvAAcN80zHtd9HBMHvWk1 + v/i+yE/AlI21bLFUfj2Y0KXZ3eDB4pI0prKaK2gZQO7IVG+APmTzVJgqnL3Oc5pw + iSJFVNHlgs6ZYv9tgXDhS/H82htZi5ehKPvKYMdvepbF1JFCirpTiMPCv1PNBboT + Dp/wkpPkPf+MYWyCSJ3p2ShlctB5+KkN5wVpzuFOC9JeAcxeDT33bsDXXBzx0ZEg + zgKDqyCUG+BxSHymaENeVoh2wRvBSafwGfeAXByR2XlS+kdWG2BZlgwmAypVw2kL + Rn33kNfst2Pw1eBYk0OwDE07EbSaRv/pVfxZkM5JQQ== + =Pla2 + -----END PGP MESSAGE----- + fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA11f9zoCBF1cAQ/+IC4/bQNSK3efC38TA07DHGiQv7gsMEBLhRVCtPlMZWcv + QRrAtDQAZmGGxPHnFyVhYtl7eetwSzh4EdkXWFnDJjdOiHT+jUWeIeqHXVnARJq+ + eIw7cXCpB4dyEM6vfpO4GFfPqJ6Y24DRz8GiMVE90pmtSVBryPWPdAqN+wLQmQM4 + L/rsDyIwvh6CrQJBhyoMZ+rBaW0Hr08LAtN2xQibQo1aQv+TaJ1ABw63nVN1KiTh + BY2LmxgHuqYIbDg25CPxIffF44+pbZYl00i4Ba43v0rhJh6s8UblgEQQSSuxqXqY + lR5mXxW7KPgCfyJh+mGyac4SaHnxVZSO0dijfAe3/xpJS18FkvZastDcQW1SdGb5 + 7inBVHYppoLr9+fVryWPTNEhXiTEJqWmeHXREFYvCtMUVWqdUuJ5CR+Kkm6PI4AH + 85qBH+fj4cf8EsymMotPSx70P4L+Rgf+Az9h2GYgHiz5zl8x2zhRjTo+mAYm97iq + oEqAxKoYDuRQyYV5AV1Y7VoGzasZbZpCQRvpbGQ9kJf/rwuR+oxdOA0ncRIjcXHF + uXoXiQ5/VJUiSH4NAujY6PyCu0DV9+HMif+fLXhIFIEATabocpTBkzL/uRQrR33+ + haXw5o1ZGOvSBwY7Ane8ONaMdZrpb5yR09hquzNKle7PsLXuqK6AwD60Eu5z8gHS + XgGn09pjkESZjKzqLdd+Djj/Q9cOKQXS1DfB37+CHbIXCq00RYd1jru62ukIj+oj + BOWsoCzQ/KClrFt2CRGGDpGxI84ojQ9iW07/OFByBNbUEl47A8Em4dpYMJw+PmU= + =pKZx + -----END PGP MESSAGE----- + fp: 0x9AE04D986400E3B67528F4930D442664194974E2 + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/HTIsSK0VBlAQ/+IMFjebv/aEuSsjdNFUFU29R3VGD8ncVIEaxm4Jl3JIXy + SRdwf4MIJqpzS/hu0izKxUHe89rGPPHr1Ycdt8qI0pYioFhNs50XnDwfZkRuhg0R + eluW6dZYzJEnqmAGk27aGcp9NCwBGkJOOkwtIK7GYRZ/Av2kYzvRTTnU/550QZu9 + 2VZ1qe0ZbySv5j56C0LrePT5JJ4A3ry4On3NDr/UgUaksrHnJ8/mqewin1cB8NfR + x11MVBCG78YDKoHK9s+QpX3/2TRAargskEJc28PioXz0vSOWpBT6Pdqki/cFRBhg + VKC2/LfdHXAfFDc8hjnIBMBnXvCoy5zUoeK0CdaoKX59hXrKfvuM7Wg4TpEvn1Gd + nhHX91KJt3zfYdODsaLJ3b05/nQP5R1pcX7l1MJuL6wjkn0CV2CXAQT0qb3rC/c3 + /rwhrQcyqp9e4CUfB8Lm6uF752YLp3q4a1e2mhqy3fuegz5tWyQzxwR3+rXmkl1i + o0IIzqz2BATCwW4vH0YCB/lmCkOBe3ur/jLwn70esnqfeFMsKR8CwalMFTfBZDnq + 20LKsw8PZ+V9MpHzTAKigYXcUnsYKYH4/J/aJBXRVeTZExtKR6ISuwNQc1y7kQzO + OQh/neikCjLUqIAIPXCDjoPIpYe2oEjC1bqdU1Fm+XEjd55sfWzDJvjjZmz2OQjS + XgErHb0Z/d023mUFc3+bIi4nWQIIvJC+iZLDANqCqX2Bfap1D0hqgJtqW3SewvZp + CZyI9KUPx/nW/dMdwqw+704UZUD7dQLGKwF1FqvfyvBDvT5ZAZih6tF9JzBq+yY= + =LRde + -----END PGP MESSAGE----- + fp: "0xFA47BDA260489ADA" + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DYIEGJeT64uMSAQdAIQxADpZUsYB4FIa0KJfsKeI3oq3umVU7HM27fSfOYjUw + GrXc7zBcfpl74SrqTbdgEQJKCWk2/c9xBsxK7oShWzVH4Q9jdA9Kz7B4SXkZlF2M + 0l4BOa9frVPRPmvWzLBnaaarU0U4NFU5wcYtlm6w7QtkdJMFNEnYOY+3P6YOocHN + i6S7J1BpfI0JNiNGTudCBKWCYgt71N+uEJgDqU4DPwl2ZEYxFFjFIsPMuvfVbkUZ + =IyXA + -----END PGP MESSAGE----- + fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B + - created_at: "2025-01-18T15:00:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAxrcfL3KHjCOAQv/ab8JUsBl9MjXxWagNCW68iIg9LuiYNyTzYdmOZQ7jNgU + svPhWaX7Pu87VolM2KW5mwxRBHfnCAssUjLDVGFGHdtwzD74lARaCyZPQj17niUu + jFIZ3v2nJW7HNx3KZOj81MYUrlZMetvHy4pe4yDvjCu+hWTGO4MGZpPbWUU9Elo7 + 45auHrCDWeby8PtHwWo9y+RseFLy75STBlA5/yS68wbURfLP17qsaarFXaLiFzYu + GoGozPT4iZW5LP2h+bkmvAq0dbX9S0gfbErd3LXY6Y3eLZ6iX1Bpl+fquVPLnHod + p9Bwrt27uOHa2gQRzUvxn3iIjZy4S+QjYPtH4jtf7vOOddjkxgwdNBmyoonkWsRb + EQVZrVOxc73QiN0CzbLk1IDUctFi/OoHU4j5SyF2x2oAi1I3rLtgb1MuESAX23qO + 38Ksed/jTS7bAigzXddHkW5HYWKNOFpaZFBDh1I4zT9P8tig4wnd+eby+OaL9WZg + UjWKc8ldY9weVziiYor90l4BIJhUFIOu3BAdJAaoDNGwPTu+eeAtm2fRoAUOy++C + abkMwIoBQ77edNoGCnMt0IICGq4PIoNPlRxfffAbt01npH+efQfd2vnA7qa1PddV + B3Fka1oQ4wJvRrhg0nvL + =QnT6 + -----END PGP MESSAGE----- + fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE + unencrypted_suffix: _unencrypted + version: 3.8.1 From 995db8f677109fbdba9c14c6878183905a5df6fa Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 26 Jan 2025 16:12:13 +0100 Subject: [PATCH 08/38] fix config --- modules/services/matrix-appservice-irc.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 1b7c924..2f6176b 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -25,7 +25,8 @@ let } '' remarshal --if yaml --of json -i ${pkg}/config.schema.yml -o config.schema.json - python -m jsonschema config.schema.json -i $configPath + # desactive le check sinon on a des probleme avec envsubst + # python -m jsonschema config.schema.json -i $configPath cp "$configPath" "$out" ''; @@ -75,7 +76,7 @@ in dynamicChannels = { enabled = true; useHomeserverDirectory = true; - aliasTemplate = "\$CHANNEL"; + aliasTemplate = "\$\$CHANNEL"; }; membershipLists = { @@ -100,12 +101,12 @@ in }; matrixClients = { - userTemplate = "@irc_\$NICK"; - displayName = "\$NICK"; + userTemplate = "@irc_\$\$NICK"; + displayName = "\$\$NICK"; }; ircClients = { - nickTemplate = "\$DISPLAY"; + nickTemplate = "\$\$DISPLAY"; allowNickChanges = true; maxClients = 300; ipv6.enabled = false; @@ -138,8 +139,8 @@ in matrixHandler = { eventCacheSize = 4096; - shortReplyTemplate = "\$NICK: \$REPLY"; - longReplyTemplate = "<\$NICK> \"\$ORIGINAL\" <- \$REPLY"; + shortReplyTemplate = "\$\$NICK: \$\$REPLY"; + longReplyTemplate = "<\$\$NICK> \"\$\$ORIGINAL\" <- \$\$REPLY"; shortReplyTresholdSeconds = 300; }; From f675c2eb4b3f1d64531cc6926904e69a6612aae9 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 26 Jan 2025 16:48:58 +0100 Subject: [PATCH 09/38] add password --- secrets/neo/appservice_irc_db.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/neo/appservice_irc_db.env b/secrets/neo/appservice_irc_db.env index 10b6ecd..3d056bd 100644 --- a/secrets/neo/appservice_irc_db.env +++ b/secrets/neo/appservice_irc_db.env @@ -1,8 +1,8 @@ -MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING=ENC[AES256_GCM,data:zgVqwMzTyWoI1ii11T4K+oYaDIWWi/f9foMypQA9/dplmq84YyhvMMnrRpSSLs2eHu4TUomm+7sjf8QcMm+Cr+atG5BxIjc=,iv:LJ+PRrtoQzPQIGhbhtUktidx5T+zdyvunb8huP1dyg0=,tag:xBTrT/AYPxvFCFNjgVhVvA==,type:str] +MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING=ENC[AES256_GCM,data:0vsropjPm6wCr3LUo2TFO2D07gBCX3WDlXAZ3oxHS/AkqZgSESRqK6wgFFPm3rxlTXxU3hoaAGsClYSxUB/9NIf4aM9QaQWfHI8NBlDy5LNOvFBVty05GCo6/c5NbBy30ZWNl5yPsl5mYX0uFIQZOg==,iv:FNUerFYADyRt8BKkwOgBACuscgZ3rzhQmRwkFE5NtGA=,tag:q9IP3A1ucr926bsqR01Tqg==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacG5EbzFpSVVQMjZjZFNh\nTmpPK2h4ZFYzQWxrcG9zdnN6SEtJSlRGSFJJCjRxdGVWSGd6alBOOGpia3JhWGtP\nMXc4cFJYdWRTS3FPS3VlUUR0a0xxQWcKLS0tIEZCeXpCWlNjdmNKU3Bsa0owYSs4\nTyt6bHNQSVlGaUd2VjlCWlNtazVwMzgKnbrfTwP7OTRWyvpgzvn4HVEUSvp5WTpt\nl2sRBZydvO9NHbYC6giqL9i2UobfRYIHFmVkoFAypEVW+2YZW9L3JQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg -sops_lastmodified=2025-01-18T17:30:11Z -sops_mac=ENC[AES256_GCM,data:O0She0bM+FwS8kwK9CTyPuPp6z+tSm6KQVRpnBBr3PC8iAcYg1FddIDDU/I8g+VjHCsyCDIRZ/MvBeurLhW2nBePoq586UeuzYExQRftmzMHJySwS24/1GT9WtZcP66dggamZ7/q67mlp78FivlpK4GO0QjkW7xQ9SpNU2S9N5I=,iv:/vutWCt91gacNBLMntZn8bRg10fqkDlrWUTc3vkQilc=,tag:6iV6uR6mcdBHJOQ2qPTzSQ==,type:str] +sops_lastmodified=2025-01-26T15:47:36Z +sops_mac=ENC[AES256_GCM,data:sHWvxjUjoXrq5P/mh1f6qOBVdE2xWVIp1JUukGick9SsSNOmLftHWsq6W9ARAbYx2FTmspBApeDUw+otWAgLBntXcZ44h6rEBhnjfvKGCYfnMmjYT1EZcHUbpLPCmnvM0dO8KYtr89hLwmpmnZTzdwP2o7FZX80m3BkWVG4LNpI=,iv:6pH8ulaexBKaXzW0hoFK0wKLKmeRC/wyIp70XP9zeug=,tag:AC/TvGstpQRzSbFJRc4tbw==,type:str] sops_pgp__list_0__map_created_at=2025-01-18T17:28:38Z sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DtMjybqIQmUESAQdAxJM3V9zciKKx2ICWVHBpxgCn4NPnXxN2CIVrH60sRE0w\nlkuMLYzcWkOhvFaFlvf1sqSD34Tzkl+wooksE8ZbcHTJ9PxJKZqMMOpQQ81pQGVY\n0lwBO4XHzH28jLqw1JhCDchRMYYW833KX8QFm1EZcUIezbY41cUBXbtV0pxQZaoO\nTsv3XAbPMqgNKjkV3v/G1W+5wVY1RvJ1N8mUfvKvZxAj74SWNGwQ2B3vJMSM0Q==\n=lKFs\n-----END PGP MESSAGE----- sops_pgp__list_0__map_fp=0x40CB48A443B03B5DBA484D279A130774C458F4D4 From 9859cc48844b350372a9e2cbaf2f3427da306a84 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 26 Jan 2025 17:34:30 +0100 Subject: [PATCH 10/38] fix database password for matrix-synapse --- secrets/neo/extra_config.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/secrets/neo/extra_config.yaml b/secrets/neo/extra_config.yaml index c755f3f..e018f9e 100644 --- a/secrets/neo/extra_config.yaml +++ b/secrets/neo/extra_config.yaml @@ -1,5 +1,6 @@ database: - password: ENC[AES256_GCM,data:Az8T+I8PDIF3k0ZIR0LwhmCbh0NJqgTyAn5CMZLwaG69jDtdtOAjZw==,iv:93bRDLxPPCs35CH2ePRhk/mwWxFg6kTz/0NtHMHC00E=,tag:Y23vL6hp0l4X8Igodahvgg==,type:str] + args: + password: ENC[AES256_GCM,data:wxwGmDbixnjXmbahj1nHImpSY168+J72wcB4dE+Z6QUk9k9pFPhNAQ==,iv:HkT71FGhE/osjjwKGJ0g8F9F7LusQNFcBmE27ISNxsc=,tag:Ql5jtyUhrrUCE0+FMDY8EQ==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: a2xHRTRhWktOMGdlM0tJK0JVaExrQWMKOEktwOnAe2nZzYNUoGZ8KhsGbyVOzwnk hAwbgpqgfzAbLfHaGnzQvE9podv59bUtj/ty1RxF0MP6VgcMuzDOYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-18T15:01:01Z" - mac: ENC[AES256_GCM,data:TogIL4JOdlPHoYXZl9Jmg5mUCrE6iC6T/G7rIt48BNNa7pgsk5BVYn+tK06Go5IYYyLF0RAsufaf0ucwOr1zbgTXDzspuK9lxAvKwqj843UhOrm2cK4y11/VHcWpDq5mG5qkHM8ECVdw8ZMXuZ2m1w3uVg7KMrIA/eGhYwJiXpA=,iv:XbfwwoVGbtpmDZMsB830gTO7H7vMbANhE0GGVMlJrYg=,tag:zovIZI+dzhfH2L5arqH8Kg==,type:str] + lastmodified: "2025-01-26T16:34:18Z" + mac: ENC[AES256_GCM,data:7oBBuWHWoMXsFekJqcOUj5aLvLadgi8+R2lSoTVIaYyD9DSw15UaSgvjlrGk61cFnLrHM9zGRw+jvTtWcrtPceOXsn3n6yzvsdUBgyf0kSMDOikCAOs24Clge0Mq+s2EJAsYWTAsRm1NACp2gLabBFeeIotcvDOQaZPqrbXZV28=,iv:iwkIJBRewxoKijUMvrrZN2zd06EWDY2VUdL1uNV7TQE=,tag:YKajm1rIMnRCuEsW8xQIDQ==,type:str] pgp: - created_at: "2025-01-18T15:00:55Z" enc: |- @@ -218,4 +219,4 @@ sops: -----END PGP MESSAGE----- fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 From 48a846f84883301c58f25305929d7ea50e323f67 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 26 Jan 2025 17:56:14 +0100 Subject: [PATCH 11/38] add all config of db in extra_config.yaml --- secrets/neo/extra_config.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/secrets/neo/extra_config.yaml b/secrets/neo/extra_config.yaml index e018f9e..adfe874 100644 --- a/secrets/neo/extra_config.yaml +++ b/secrets/neo/extra_config.yaml @@ -1,6 +1,12 @@ database: + name: ENC[AES256_GCM,data:rybFQDLCQEo=,iv:zXkXlsf68w4Ep64XSPYOF83woy5iiG+h6Yy7SAnepck=,tag:ct8skkYNluhXdqw5bYHrbQ==,type:str] args: + user: ENC[AES256_GCM,data:QWa/0wxp+w==,iv:ZfNAwLak1MUFfttFYsJCrrtG8taSiSsgC09IxIZ35RY=,tag:7fHuLvj3hDBZcxhObIDk3Q==,type:str] password: ENC[AES256_GCM,data:wxwGmDbixnjXmbahj1nHImpSY168+J72wcB4dE+Z6QUk9k9pFPhNAQ==,iv:HkT71FGhE/osjjwKGJ0g8F9F7LusQNFcBmE27ISNxsc=,tag:Ql5jtyUhrrUCE0+FMDY8EQ==,type:str] + database: ENC[AES256_GCM,data:SD3+ed9c8Q==,iv:KtNybt9Sp9oYMu7mfOjpa7cwNpH2ChG+LE2Y6PJgRtQ=,tag:vnz8RdDBloA31cd+5RHWvQ==,type:str] + host: ENC[AES256_GCM,data:hsfZcn+i1vuGGtI=,iv:gohWH4SLOpelizPFVEckGbWtYdOoyHVi12X7Z6fWCGE=,tag:pQG6zbvITxqUxMZBHkMTpg==,type:str] + cp_min: ENC[AES256_GCM,data:XA==,iv:6HBD4fw7U+56icw67eOuFgLL6BcRl/y/0HQuF3amUoU=,tag:Mq/K4mWEsvk5qaCXOvQZ3A==,type:int] + cp_max: ENC[AES256_GCM,data:aVA=,iv:ZDO7XEIGrkmLJf1LiJuzvcLwZH479ZNN/CpxwBiR1CY=,tag:qMwycl7Oa5pPkGy9so50fA==,type:int] sops: kms: [] gcp_kms: [] @@ -16,8 +22,8 @@ sops: a2xHRTRhWktOMGdlM0tJK0JVaExrQWMKOEktwOnAe2nZzYNUoGZ8KhsGbyVOzwnk hAwbgpqgfzAbLfHaGnzQvE9podv59bUtj/ty1RxF0MP6VgcMuzDOYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T16:34:18Z" - mac: ENC[AES256_GCM,data:7oBBuWHWoMXsFekJqcOUj5aLvLadgi8+R2lSoTVIaYyD9DSw15UaSgvjlrGk61cFnLrHM9zGRw+jvTtWcrtPceOXsn3n6yzvsdUBgyf0kSMDOikCAOs24Clge0Mq+s2EJAsYWTAsRm1NACp2gLabBFeeIotcvDOQaZPqrbXZV28=,iv:iwkIJBRewxoKijUMvrrZN2zd06EWDY2VUdL1uNV7TQE=,tag:YKajm1rIMnRCuEsW8xQIDQ==,type:str] + lastmodified: "2025-01-26T16:55:50Z" + mac: ENC[AES256_GCM,data:fzEpnAGMEQ6kJ70DA2r3Vg32BVCQ6bWpWS2eAjaVe5yTpeHLZxdpVOYqWBVhFlhXYmCmnWJuP2zjT2VTnzwbbpw8tzJpvCw6AOv2xl95/6Kr9AYn3wtiumbH1MOuzgTTz7bSDQNeYltpPheE0prW1tz0jg1AaprL2EBDQO6GLKg=,iv:XmfFEChwHyW1M+jOxxOtHiAQ8gku1MmoOXoRBayuZfs=,tag:dBygsK0h9XMpRfp44fuR3g==,type:str] pgp: - created_at: "2025-01-18T15:00:55Z" enc: |- From a4212f53042527f79baf90b0186de22542a85d4d Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 26 Jan 2025 21:54:23 +0100 Subject: [PATCH 12/38] update config --- modules/services/matrix-appservice-irc.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 2f6176b..5c70b30 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -73,6 +73,18 @@ in v = 1; }; + botConfig = { + enabled = false; + nick = "MatrixBot"; + username = "matrixbot"; + joinChannelsIfNoUsers = true; + }; + + privateMessages = { + enabled = true; + federate = true; + }; + dynamicChannels = { enabled = true; useHomeserverDirectory = true; @@ -123,6 +135,7 @@ in bridgeInfoState = { enabled = false; + initial = false; }; logging = { From dc45ed882f01743f564e4d478a62c23b15e7a63e Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 01:15:17 +0100 Subject: [PATCH 13/38] fix port --- modules/services/matrix-appservice-irc.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 5c70b30..349bfa9 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -40,6 +40,8 @@ in enable = true; registrationUrl = "http://localhost:9999"; + port = 9999; + settings = { homeserver = { url = "https://matrix.crans.org:443"; From 0623f60c3a8e0d9048ada1290aacafbead284192 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 01:58:32 +0100 Subject: [PATCH 14/38] fix ldap --- modules/services/matrix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 42dce3f..837d20d 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -92,7 +92,7 @@ enabled = true; uri = "ldap://172.16.10.157:389"; start_tls = false; - base = "dc=crans,dc=org"; + base = "cn=Utilisateurs,dc=crans,dc=org"; attributes = { uid = "uid"; mail = "mail"; From 5acc5cb8ec3131d0d39ea354a69138d7eeb3a6b6 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 02:15:05 +0100 Subject: [PATCH 15/38] add public ip neo --- hosts/vm/neo/networking.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index c9bb04c..937f41b 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -27,18 +27,26 @@ ipv4 = { addresses = [ { - address = "172.16.3.141"; - prefixLength = 24; + address = "185.230.79.11"; + prefixLength = 26; } ]; routes = [ { address = "0.0.0.0"; - via = "172.16.3.99"; + via = "185.230.79.62"; prefixLength = 0; } ]; }; + ipv6 = { + addresses = [ + { + address = "2a0c:700:2:ff:fe01:4102"; + prefixLength = 64; + } + ]; + }; }; }; From 690bbe3e61837fe5a128676c0e87dd151cfc8ee4 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 02:23:40 +0100 Subject: [PATCH 16/38] avec la bonne ip c'est mieux --- hosts/vm/neo/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index 937f41b..8123acd 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -27,7 +27,7 @@ ipv4 = { addresses = [ { - address = "185.230.79.11"; + address = "185.230.79.5"; prefixLength = 26; } ]; From d0caaad8b2f2be78520743f7c230f498d0dc94c8 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Mon, 27 Jan 2025 02:37:12 +0100 Subject: [PATCH 17/38] Ajout configuration nginx dans matrix --- modules/services/acme.nix | 1 + modules/services/coturn.nix | 2 +- modules/services/matrix-appservice-irc.nix | 2 +- modules/services/matrix.nix | 68 ++++-- secrets.nix | 6 +- secrets/neo/appservice_irc_db.env | 43 ---- secrets/neo/appservice_irc_db_env.age | Bin 0 -> 698 bytes secrets/neo/base.yaml | 221 -------------------- secrets/neo/coturn_auth_secret.age | Bin 0 -> 643 bytes secrets/neo/database_extra_config.age | Bin 0 -> 751 bytes secrets/neo/extra_config.yaml | 228 --------------------- secrets/neo/ldap_synapse_password.age | 11 + 12 files changed, 72 insertions(+), 510 deletions(-) delete mode 100644 secrets/neo/appservice_irc_db.env create mode 100644 secrets/neo/appservice_irc_db_env.age delete mode 100644 secrets/neo/base.yaml create mode 100644 secrets/neo/coturn_auth_secret.age create mode 100644 secrets/neo/database_extra_config.age delete mode 100644 secrets/neo/extra_config.yaml create mode 100644 secrets/neo/ldap_synapse_password.age diff --git a/modules/services/acme.nix b/modules/services/acme.nix index c315344..236ddb0 100644 --- a/modules/services/acme.nix +++ b/modules/services/acme.nix @@ -12,6 +12,7 @@ email = "root@crans.org"; dnsPropagationCheck = false; }; + certs."crans.org" = { domain = "*.crans.org"; dnsProvider = "rfc2136"; diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix index 0441ff3..8382c11 100644 --- a/modules/services/coturn.nix +++ b/modules/services/coturn.nix @@ -8,7 +8,7 @@ min-port = 49000; max-port = 50000; use-auth-secret = true; - static-auth-secret-file = config.sops.secrets.coturn_auth_secret.path; + static-auth-secret-file = config.age.secrets.coturn_auth_secret.path; realm = "crans.org"; cert = "/var/lib/acme/crans.org/full.pem"; pkey = "/var/lib/acme/crans.org/key.pem"; diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 349bfa9..268cc0b 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -178,7 +178,7 @@ in ExecStartPre = lib.mkForce "${lib.getExe pkgs.envsubst} -i ${matrix-appservice-irc-config-file} -o ${configFile}"; ExecStart = lib.mkForce "${bin} --config ${configFile} --file ${registrationFile} --port ${toString config.services.matrix-appservice-irc.port}"; - EnvironmentFile = config.sops.secrets.matrix_appservice_irc_db_env.path; + EnvironmentFile = config.age.secrets.appservice_irc_db_env.path; WorkingDirectory = "/var/lib/matrix-appservice-irc"; SystemCallFilter = lib.mkForce [ ]; diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 837d20d..ad6757d 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -2,29 +2,28 @@ { imports = [ + ./acme.nix ./coturn.nix ./matrix-appservice-irc.nix + ./nginx.nix ]; - sops.secrets = { - ldap_synapse_passwd = { - sopsFile = ../../secrets/neo/base.yaml; + age.secrets = { + ldap_synapse_password = { + file = ../../secrets/neo/ldap_synapse_password.age; }; - neo_extra_config = { - format = "yaml"; - sopsFile = ../../secrets/neo/extra_config.yaml; - key = ""; + database_extra_config = { + file = ../../secrets/neo/database_extra_config.age; owner = "matrix-synapse"; }; - matrix_appservice_irc_db_env = { - sopsFile = ../../secrets/neo/appservice_irc_db.env; - format = "dotenv"; + appservice_irc_db_env = { + file = ../../secrets/neo/appservice_irc_db_env.age; }; coturn_auth_secret = { - sopsFile = ../../secrets/neo/base.yaml; + file = ../../secrets/neo/coturn_auth_secret.age; owner = "turnserver"; }; }; @@ -99,7 +98,7 @@ name = "sn"; }; binddn = "cn=synapse,ou=service-users,dc=crans,dc=org"; - bind_password_file = config.sops.secrets.ldap_synapse_passwd.path; + bind_password_file = config.age.secrets.ldap_synapse_password.path; filter = "(&(objectclass=inetOrgPerson)(objectclass=posixAccount))"; }; } @@ -109,7 +108,7 @@ "turn:${config.services.coturn.realm}:3478?transport=udp" "turn:${config.services.coturn.realm}:3478?transport=tcp" ]; - turn_shared_secret = config.sops.secrets.coturn_auth_secret.path; + turn_shared_secret = config.age.secrets.coturn_auth_secret.path; turn_user_lifetime = "1h"; app_service_config_files = [ @@ -118,7 +117,48 @@ }; extraConfigFiles = [ - config.sops.secrets.neo_extra_config.path + config.age.secrets.database_extra_config ]; }; + + services.nginx.virtualHosts."matrix.crans.org" = { + enableACME = true; + forceSSL = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + ]; + + locations."/_matrix" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + + locations."/_synapse/client" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; } diff --git a/secrets.nix b/secrets.nix index d779bdb..bc03267 100644 --- a/secrets.nix +++ b/secrets.nix @@ -103,6 +103,8 @@ in // builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) { "secrets/common/root.age".publicKeys = remove apprentix all; "secrets/apprentix/root.age".publicKeys = [ apprentix ]; - "secrets/neo/database-extra-config.age".publicKeys = [ neo ]; - "secrets/neo/matrix-appservice-irc-password.age".publicKeys = [ neo ]; + "secrets/neo/appservice_irc_db_env.age".publicKeys = [ neo ]; + "secrets/neo/coturn_auth_secret.age".publicKeys = [ neo ]; + "secrets/neo/database_extra_config.age".publicKeys = [ neo ]; + "secrets/neo/ldap_synapse_password.age".publicKeys = [ neo ]; } diff --git a/secrets/neo/appservice_irc_db.env b/secrets/neo/appservice_irc_db.env deleted file mode 100644 index 3d056bd..0000000 --- a/secrets/neo/appservice_irc_db.env +++ /dev/null @@ -1,43 +0,0 @@ -MATRIX_APPSERVICE_IRC_DB_CONNECTION_STRING=ENC[AES256_GCM,data:0vsropjPm6wCr3LUo2TFO2D07gBCX3WDlXAZ3oxHS/AkqZgSESRqK6wgFFPm3rxlTXxU3hoaAGsClYSxUB/9NIf4aM9QaQWfHI8NBlDy5LNOvFBVty05GCo6/c5NbBy30ZWNl5yPsl5mYX0uFIQZOg==,iv:FNUerFYADyRt8BKkwOgBACuscgZ3rzhQmRwkFE5NtGA=,tag:q9IP3A1ucr926bsqR01Tqg==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacG5EbzFpSVVQMjZjZFNh\nTmpPK2h4ZFYzQWxrcG9zdnN6SEtJSlRGSFJJCjRxdGVWSGd6alBOOGpia3JhWGtP\nMXc4cFJYdWRTS3FPS3VlUUR0a0xxQWcKLS0tIEZCeXpCWlNjdmNKU3Bsa0owYSs4\nTyt6bHNQSVlGaUd2VjlCWlNtazVwMzgKnbrfTwP7OTRWyvpgzvn4HVEUSvp5WTpt\nl2sRBZydvO9NHbYC6giqL9i2UobfRYIHFmVkoFAypEVW+2YZW9L3JQ==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg -sops_lastmodified=2025-01-26T15:47:36Z -sops_mac=ENC[AES256_GCM,data:sHWvxjUjoXrq5P/mh1f6qOBVdE2xWVIp1JUukGick9SsSNOmLftHWsq6W9ARAbYx2FTmspBApeDUw+otWAgLBntXcZ44h6rEBhnjfvKGCYfnMmjYT1EZcHUbpLPCmnvM0dO8KYtr89hLwmpmnZTzdwP2o7FZX80m3BkWVG4LNpI=,iv:6pH8ulaexBKaXzW0hoFK0wKLKmeRC/wyIp70XP9zeug=,tag:AC/TvGstpQRzSbFJRc4tbw==,type:str] -sops_pgp__list_0__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DtMjybqIQmUESAQdAxJM3V9zciKKx2ICWVHBpxgCn4NPnXxN2CIVrH60sRE0w\nlkuMLYzcWkOhvFaFlvf1sqSD34Tzkl+wooksE8ZbcHTJ9PxJKZqMMOpQQ81pQGVY\n0lwBO4XHzH28jLqw1JhCDchRMYYW833KX8QFm1EZcUIezbY41cUBXbtV0pxQZaoO\nTsv3XAbPMqgNKjkV3v/G1W+5wVY1RvJ1N8mUfvKvZxAj74SWNGwQ2B3vJMSM0Q==\n=lKFs\n-----END PGP MESSAGE----- -sops_pgp__list_0__map_fp=0x40CB48A443B03B5DBA484D279A130774C458F4D4 -sops_pgp__list_10__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_10__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DYIEGJeT64uMSAQdA6kdrT2SwYyf7V2+XG9rRcgY9RZr6GBoyVaI7+m0Z6Xcw\nusbxnzE6oUUh4RvzHxUtv+djlLvq5KoD2YEtJWSrZtFN7kw2UXTA3PXdL+DvnZOT\n0lwBJV5OX1od1HsX2ILKbp4yYphGm1HoMtxzWNErkaY5SwgvFJxije2L6xjuogDh\newzUKxOYieunXs09XPf+bf/U9AXXalaO3wrghFGg66zp5ZxD3h3Bk8+jbJ9s9w==\n=1rrD\n-----END PGP MESSAGE----- -sops_pgp__list_10__map_fp=0xE474A4AB587CD834813DF35D03FDB411169D6C8B -sops_pgp__list_11__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_11__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQGMAxrcfL3KHjCOAQv8DEqtrxEIQ1C3SlOB6qMOjRN+VCJf64/3oCmdC/PCU0Wm\nINdB9q0Xr2R51VJJb/64JvJMPgVjQUHaFcNFY184P0XdUWFoWnAWGY0L3ricvKuP\nfugqtbvAMG/uha+SOoUDFd/TbjRRXZdcuSm/XxS3B+nRdFm64NxHAao+AreZbSXn\nJDkGz6mkFIQUFdLgukZIL20zeU3XzNq6wwvyluOUviHmS39Vi5AtfcIh1R6qgice\n8Fj69xFiVf09Im3R5Vm+Oe4mTr9Q6n6taU556xrIVwSU/WrF1fsdOzU1tuobEReG\nq66c7FRW5esp1L3ccXLFiRJiBEMsAyWaayoXeZ7IBv2ITBb8E8ehDq50mjY7LqHj\nWlTRg6FuWHNMIPl6EubuV28hxZ85g2m3DtGpTimCqI5NFJH2jm+ziOvyigsZiKQx\noNiKoZoLdR1uZ6AnNHFtf68M1Jm0+0MVkUn1PVr/2We/AAaFVy6sr60IURqYL+es\nu7EapsX9FDRqKTo8SB+/0lwBffnzvUcrvupsSGzVaSwMEwYKTwCDPrk2QFtumLkN\nlptsfw9+X8qKt7IZ5f+dT7XLYh/8BBG4Sc7bqnZLOQsrmyFuuRW5C8mW6FDehaM3\nNlbqGxQ5I8Fl4mgyVA==\n=xW5u\n-----END PGP MESSAGE----- -sops_pgp__list_11__map_fp=0xD5B872E407D438721E5887A000E765FA7F4F2EDE -sops_pgp__list_1__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_1__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA8m7r5bNaN8eAQ/6A+Vjrh/RXSXEu+HAomSFn2KbCCXRXxWY/wEfyYewF2GX\nxgnrVOj/z23VKQ22Fh+shbO9XfeMZG+bQx1hbnS23kad6UlIIxKl+BfkqdRnjcP3\nPAdeE1E+15KXdirFWJiFebQ/U3HjNE99BNHXyjgW4GjJi2REMaImYTABgjTaWNoi\nyYlW/aImrFGGJO/K3MUzTVmR4pX8lt1EFt4Cuh1faFFxXpb4qE5cbPqz42GldUNc\n6F3QvsOAa9ZnN5pVk1jFN4CEN4mwGuq1rhUdq1FfQ4GwiKU9CjSBYC3u8+HhLAYS\nEMsG/yQYO+aqvSv9rPnrV+mazWcsZWY9Ll+Xn1Kd2VbHXc2oRprJMfgYZudYST6e\n1PMO+WmOlRcjD8F0YSUYJjcB1aMfFE71wPz0E1RM8EX8ZubGMPctNUp7O3u/psPW\nMp70bskVXSF2C90x3V2XkyASE5qPs6xTojTimTdK4xjgCmbT+6QTM5mAi4/Fuwvf\n0nqyslzwYdHo6ctMOzcU8eJoWEsx4jv7HXglzxOgGmaE+1rYmqH4GzSn0DQjzvZf\nN72GBUdTMFC8p20oqT8jHxoFm2Ay/gF7GYFXZWcVBFv6hQm/KSWCRkjiAW8SML5h\ns3T2uSecWb3Zb4Dr508i5VOl4x5/ShPragFK79/ExqovxLOeXHJdHKEC+8NJ5S/S\nXAErUWurZvLj2jbYsbokMfUpIBIGPNm9oMO4BFvgrYxmwK75C8kGcJN+SxG4cOuu\n2XbBYskl1cMD1NL9iuVn+o+yuUw2OMaaHk5I41JAZDJMSbQrGNQ9K9ymBu2/\n=Ij7l\n-----END PGP MESSAGE----- -sops_pgp__list_1__map_fp=0x9487E782E043EC0D9E0F6C27D46D7E3364433208 -sops_pgp__list_2__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_2__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA9A+dmzvmzOLAQ//e46p/CtNxgEA6wCgajCv/N5A9GG5Dyp/cAIMFBn8fZAe\nxZeB0zcVdzQvW3F/UG1xRzR7YXVkEF/wRbIwHXvaAbgjBz5ji1emw9WssD7CCeFe\ni+fc9QNuyqL64UPmqhxUD8vYWOQNJEbaEFMEf0nHj+WW8iktEJZJT4JntcfG1j5u\n8cHMlMg3CyrcuHzgDnGdHiA2Fp0zIekskMpw/lQ1WB5AgPq9MhxMWrRs1aylihnx\nFhnHDdnZBVf9qQlvRbbtF5+Muk9CsrALDjiajgS+ti69IHTChrtc+Hm1edUOa/vn\ngIO2AlJ/ZyMuWzkYbNDtoIkEKaY6TKDde3PcM4OgEvoP9qtuCbCJoRc5r8vW9rrh\nC0nZ6PHyJ8XJFZh23rmmZu2BqOzeWwcZdn9/qCkq1TmTZlK+GtHXi25QZjiQOJ5W\nYmg+dG1SaaUPep3JHGuITUlwXi4PvfpmhsG8LXh8xRmGOZdroXTggPg711F8qSrv\n2AHFXnmYV0Vm8EPP4D9Qag5qFYsBgd00+sp66zMWRXEra1eCHyDgfUcDHRYDWfgv\nYxfGiEIA3LUj+O47yFM8HzKzUUrhfxVL6ZQ51PqRy/Y1SrZhYXzADGAItpEkwplS\nn1teZ+hstnSuLOu1/vcDcDKORye8pHIEO8wirnE2JtbWYDBYgPmkPfcCnTVphkzS\nXAEMAJ2HpSTM+tyijXyA7IbaYPbc990V5l3NWIW0hXFTxauVXktfCBSd5Swe4Wvq\nuokXP7GdVBL3lLwJn6Jj4t8Hyi5QA48xhhPyi6oLyo5adhmmGRqOndjHWA/j\n=p1I9\n-----END PGP MESSAGE----- -sops_pgp__list_2__map_fp=0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 -sops_pgp__list_3__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_3__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DRBWo2b0h4f4SAQdAmcXTHWt11Bp5TM1S02EitFujlaSjJHV3zBUsFNpPRG4w\nIszH7SF8P8/BURGjKzdTOl1KK/ySLTuky8WA2/PkkjODWZXEaMeDlHep8luYkfcm\n0lwB5xj6EVHh5ct4pABpfIUJttRMjQpaJ9EZZAosHuJiRzLcW6nl/b1cUzD6mCik\nBqvpxagcCpD/VuTBOpFSrjLr0grUF1UIhdLTT8RXxGi0EXaAc310SC+I9xYj+A==\n=lokB\n-----END PGP MESSAGE----- -sops_pgp__list_3__map_fp=0x572D19D312825B1A504C9003531DDDB6EB559FBA -sops_pgp__list_4__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_4__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA2iXGbkufjklAQ/8CFJZinsCsW+CDPFswV0lqexNR769KY1/+NffkYyg0Zp7\nfv7lu5fVTP3B8WViRLzn3WyFb4jYsW4LpvEtibkFPOLwy4sY1ABnf4cNnG4+ytgv\nH1POkOzboOFa8/77OFN+8L/NXTNTf9Nd+IQBwroUsCtKN08s12kWits86rqqKiNi\nlqs+1+mzBt4i9ZJiVeTLPFWiekhqRHKZcI92vJzWWm6neC6EDIi6b9Siu3ZBh67U\nncZdPNzB4/K9qwSH+YrX00CDVCMJ8VGMZxlqiQMcRK10ga65mvqLmvUZ870A6a4V\nzUqISex5V0JQbFRzG4Bf84c2lGmwYu5OeMg3fomr23AwqkFAGn5mVujk+G6Ng8MB\nuGL/TPLV201h2OkHvDL4S6liiSaEOwfZo8butqAQbWH2mu5cuXLD4aHdZwlnygSi\nowDd2KATUBIWdlhXs4T+6bFnhvCC5Or7w8I38rbrPhlJVYzaXDAUpuF9o/+aF542\nvk1Z8fDl9MJTWmZb3qUgN8A4ISZitm3azcHOEo7TW1O1FVNEnHOpZIyDWQnXgOYE\nzdnSsnZGpQSl8S5+xIyXfu8z9YGZNwBcSrCaKHwcbfud0XBxVqKk+NzfBOFlpoj/\nupTHKpnQkwPrk2zk5Bh4w9+XmLGhoQ4V8jL8LQOjkkxL4K3KY09SveUzAdm75I3U\nZgEJAhAbrxUFyrcO94TQ4Tc0idIPQBdJ5x5P0NI3k40PFhf5cXhEXvbkkMByyb4O\nCTH9WPT5bEATJO0jyAVdgdl8fYUCUzkakSmKA7sVOIuoli/X1OvDQWnrLuV/n5RJ\ndPaKQSwg/w==\n=5EZw\n-----END PGP MESSAGE----- -sops_pgp__list_4__map_fp=0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 -sops_pgp__list_5__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_5__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA4Uty74yOFxLAQ/8D7ce3L2DxsiPE3WLAW9OnDGBnrz/RL5zSHV3Bni5DzXV\nGb2O1cp8apXPuRcX8+wsJdAIh6DVUy+FZ14Z7Er1TC2FVEsVml1MIApwBUSjY6Py\nqADSgVODwow6n/2I1DPl52LIaWj5Gzkpn3x/LeI17zy0L0uOMPwI4Miz5zLIeOim\n6HjW542AEc6WF8Rz5F9YdmmJqpkDiWz5ACm6jLqh4gmFZqDDUC9Q6VGeqRKwjjGI\no7YTVi4+bdYK36SjIhMeMOM32YA8X3jm7vmfy94jWo9ox+pF3gHuF9v1ZTcYLuwo\nks6JhbbZtmnvpxE398Q8MSjzF8bWQbl7UHlS2WmiIcPRPAzmCvaeQw3J7RThj+aK\noG9ppTHv5vZS0WNFcTsf1ElZQnd0aEslHoWHhspp0Yy/HxQ0tXW5b3UWn+CA0RXn\ngQc+uoy4OJdGnKKuIIqNL5o9uwDyJwxXmE+fb5+sDc9mlSUZXmGslhUAWY1IPTY4\nrLrLycf5DXTSY0fN3otFglmbxitHt8ZZb75pEr1rTfAUj2vC2LDOnjfFIfnhe25y\nDMR+CaH0zE9PuttliRKQpQHGOr+PkwBxOp+Dh8Wa4s0vvUKnKZ4fPB736gveAlVg\nA/vsQ+/VxvOpywjROGkVNzA1HBGWw8SWWHyoZGRxfdDHbbJ9/7cwMeiXrXT07MfS\nXAGIl6bGaUAXtDE8s1upx9PBTjXEUiYVUTDms4EDMnGKacUUxY01ErKPGwVE6ojr\nnJ9Ar3hH1qy3ta9o8M+PhvwLnrwnFcAe7Qf594ZjhgeNzBl22od5zdhBPlAu\n=oEfb\n-----END PGP MESSAGE----- -sops_pgp__list_5__map_fp=0xA534E46682DD8C35377352C88DD28608BE411065 -sops_pgp__list_6__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_6__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DIBqTX2T418ESAQdA8QRSuNtld8Io891NLLhCfOnDnWA/rwgXKL/qAjwQI2gw\nN7Xra0ovYJCoS6hg9/VzrdOdpviKqGkrFeWmGCcWTxsSwYczGo+JsaVCg29UXJYX\n1GYBCQIQh6CF9JEPoB0VS/aCUFL4S1Sjir5MXESua8QuCk53U1ZQH0O6Gf7hLVtM\ntGmd/tKnT0hOXq+v+pV+/rYn1/rmuXn8q3W7qELv4v5SEdD8TjtIJpTYiC25v5yO\nj3H9f25IVlg=\n=6GeG\n-----END PGP MESSAGE----- -sops_pgp__list_6__map_fp=0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D -sops_pgp__list_7__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_7__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQEMA7auZh4eKOkIAQf+PrTSXK07lCdmQDFLH4Wc1b0QJ34fwHrC94a7/cluv5wv\nAasZb4JQ4WJwbt8e6wLF9/Pfkex9vnWcP1T5Ot+KBf8xaRlgzEa+oULiyrNspeeC\no+roSlFJNfkZ5A9AlN+bqiahhbEneEu8jIdXe4iLOXvaojXkOqbkWA96Sn/y6/qW\nuZOvXrmAaOeSiKCbN2SKzAHwoXjGPuQqEbeRtPascf4QQpcpLjsUTSXu5X/wqg4M\nR/DGKv+Ur3Oh8q9s00bU/VtEI2okY+9BBvSpP3UdlC9omw50CCmWhtPQEwu05I15\n+NMOcuFCUTXKHmlBey/Ej3s/Tgv3B4+6fKSUGUcpV9JcAXZQ7uTVaeRyj4oUf5Iy\nAFWbvXVlVnoiGJXUlxWTKi+K4JYMZQuNiPcpFwjImxu6SpnXe7UwUcnaeVV0pkYJ\nQ2J6xiTODc9E/p37IAniH17eEUyRuN92rmorxVc=\n=nUcC\n-----END PGP MESSAGE----- -sops_pgp__list_7__map_fp=0x49BA444CDC680527B4835F7C3C1AC435CD1F217B -sops_pgp__list_8__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_8__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA11f9zoCBF1cAQ/8CcibTfWi72SV5RS5rRIKHM6PNPz//4m9yaDwYFdH18mp\n83JeyFajDQnuo1prON7BrnIjhErnFszHaTB/qXd4vuQsnYSeZ0Hhogaj+Rq+QflX\ntN3acmiDThIW8TQJ4/V4BFof+KbXy2lisTkgpWNKqBQLvPFYa4BO+/+TJN7Ii3Xa\nWtqP7jWkNnoobz1luuVSKBbPjjqXhcdt3VNDHBxogCJF4NiQA8qVsuuGaLB7FMf7\nHHtz84nMNjDSHgibF5aETNijB3qBWbmsD87c5uL6bRNLg2b5l1M6COOTDdQ5qmOW\n/jsl+oWlubo5cykRLilcKHFCCALcvQwMBo6uFfA1obC0EbTfP6qX6HAjcIHaYu8F\ngHESbRRt0gcaa/tdzNjibDbysNHHXnwzhPAV+t4e9K7ahpoOhPFruxYzOIOnMsCh\ne6nXN2C2Ztu4ub5C65Z8vzFjleDMkkrdDqB3maEaayB2UGTFEQggkSjf/HR+ayP9\nfs2LpK7UkXallJaY+txqu5wiVuGrdwy4JtMbN0v3FcFEYZdYlhyvPJYxwAaSRzzD\nk8Y0jZLn9kMA1QqIYC3srLcGRYZSWVeCNJubfcWAg6mBbME6wdUKfYLdYi1CVe+b\nkPgOHkQajPJmv3XOsQyiLLKF61vJKsaHG/cdRJdElx8bbx4BEdUqmCD7bwUz0r/S\nXAEmjlGgVSEZj5h8S8YLP6dXte6IS0+qk9YcC1SVusSlGN8EYyyVG9IG50IYLEVb\nHwEGmVpkELdJG1ymQnD++5yMyeVsUucSyY0yxOvyjl56ar47e1lfZHetFG9b\n=IPou\n-----END PGP MESSAGE----- -sops_pgp__list_8__map_fp=0x9AE04D986400E3B67528F4930D442664194974E2 -sops_pgp__list_9__map_created_at=2025-01-18T17:28:38Z -sops_pgp__list_9__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA/HTIsSK0VBlAQ//dV9jWbvdWh8DJXJ1/hwjrUPfoM7Aycqvn3mEAeqH2jcQ\nyFnKYvBjqOsFrWQQZymvIPdLWDEBWr5G6aL17R91zRgeVgbzR0TWd3HLWyeGOmNV\ngP/xgakcc7E8RMzWLyQe44opZBKrXiPPIFjDtmsRgdLIcQTi14YLmd13BaZTDB6X\nGgnmol1/9EyHkoeMkhbJ8kRHmgjEV5DdY5CmsOqecwindFrdDi8Ff2gWo1WfGx/a\nHYcNV7uhE/SmcuFNY0cI3Tif7pYbPZ4PJDcozMD/NzZT7x+JNwivlaEaVquSIG5d\nCQ2dkWD/XGr3DJDnz7eKqd4azCZkiAybZZzmCUG9V6SGFL6KZvd5flnApxzokKhu\nl4Luo9uPz86XAvJfhzGMfzIk25s3RvJx/yu55tAUlcvmbiTNFS1TXj3R6spQIK/n\nndfDYBfp8xwIy5unb+XfM+Zh8D7WvK5X0HsRDeefZohA0LtnOdOb4qykMF3bgD4g\nkimUw1VPEI4PcnULWPeRQX2ueVT8uksljHTjwI5X+Nz9RJ2hALGkCHCeayOVNbt1\nzoGwSZ19vMHVjDZGdMWW72UPbF6tU3LGe0HjwBMlfiESt6czONWGkH6Z1Hvmijmn\nGeZTl94SN1iyF+U+wtAV2ZnfT4VlOkVcKWWi97wb9/I2WY9MCla3zyvXf+JU4m3S\nXAGcrEdcWD6wFhDaKVcvgVTSfdvU8RnIO3Du20iUDF2sOFu0dpYxgqvZbhMaf/LA\n0QnUknQmrZT2VuIXF8EE7NkfQ+eQLkfG1IKTPGLL1F0CPWiFrbn8tcARzRN2\n=sD9r\n-----END PGP MESSAGE----- -sops_pgp__list_9__map_fp=0xFA47BDA260489ADA -sops_unencrypted_suffix=_unencrypted -sops_version=3.9.1 diff --git a/secrets/neo/appservice_irc_db_env.age b/secrets/neo/appservice_irc_db_env.age new file mode 100644 index 0000000000000000000000000000000000000000..2b54a13eed3d017d485f88934cb3d95c35f4625a GIT binary patch literal 698 zcmZ9_OHb1P003ZP1WhFxkqdBeiQJajtzFk{L`mDVW3R5=v)e)K)^6R_u3Oiw+oFkr zCt?td#z!LYU?3r$h#}}fFX#ayJ~&`ZFsK189*7q&8ocxUfln;Tpj^!xotjzFtLJp1 z2(_F5c)`|aD4;CCDC+dsAb+hRTQ;QAR4^ARVD=oW1%hqaku_D0q&Yt8i`VEF6&<&u z2IQa!9bhU7LJ?@1;_@vLDbTbkLO6?t6-!UY*d)tDP@lU4NmV#=a0|e+)aGp}U8u7z zl)+0<5T-D{9AGO%1s5Dd#6q+dn^Z+-H&KdpG#tnY858D0YAGG()g$<|jt*{o?#6Z{MNtwRJ!A%w-gh|*qtIJWa z5w6#0NbnGeumMs2Bpm5tu}Xq1k4Ky3OwGuply(D(q-=NdT2p1Rdb3J5aYA5J4obONbRHJvkiAG6 zMc~&f$1Xqh^P#u>WQ?59j?I{p#F2eJ+P|>ZGq*nQZ#A?bZ2Y)5Hjn`pM$h*@KE)h< z^w+*~bb4*p+tUrwtH0Uk3iz?Rr={Ea?ZGprKVRFwI(5TO(BS&=w;#v-gLyac{M?pq-mP8P17c6)1{)=rg=13lQe0Xq^Di< z;z7m`1TTUjf90KU3 z4PR92@U)vW98;AC5tA0`Q+M1Gr9#sn2I&+b6go%dw1Zn2X8MT;2Hpg1Cmv@D1GQ83 zErTzx6@1V@m*i}mPK%o6mv!4Q%B>K{F;Oc);wlwa+7!-;Lxdw`gwHnd*cMQP@kg}U z;;gW0)DCW}V99I@wrjjzX9Kk)21*}ENCi<*Hje02A+<=!k5`kGh(oxhz)}F7RS3N) z*UXF=iP?%7m3g`uEy>zSPp{>QlP;4FJzcVK!#lX?D>Z6Nfpnge1d38gV!|~lp6*Ff zHOdd@YFkwVNAg&n)rZBp5mFRjIdaJo;7G7Uw^HJQ2<@jcRp>W1(^P1UC#^{jfHynup_Aab_+m*KFJNv(H z{5}42@8~SM|7Gs=pT^mp+0M7Vx1Be)u<~}hyKTDLZXb8s3c}r8`?&MIym{UQ zV);^35|)*qsT4I$dWoQdf()yd!0ZEj5JE~Lq6gE&DCynbKk#eKadu8*R72JZl6Y8B zbB+$D#eU4%-k!H}tP6siUaJF_4NkY3D#esEn#&Psoshj0%6NQHFck5}!9pr1B|t}x z%iux1!)Uj_olK`QplA({m}hxBE~ikX9!#~k+cAf$m2n}aALdL{O3LKME$BkoPSP6k z@GjbnLh({E)QscJZ7wjzda^|n^OBU9jS4gc;E@7|1360+)RYKC3ra{01j9P!Zs8L+ zN^o?#8Io-Uhyh5%WH})p2R3dvk&olLHB#S@k>nT{bfV6DiYL9QyH!ehbAhlUjAYEH z&iUjv$rc7&utg-yW=C6xkxS4D67>Tx2o-n{BmyZk-xf(_3fZ(RP10ro3~t=GR2bG^ zYs92c9M^eBie>x&MPU&(VT%Dmkyi-Nt*aSFlBG!_A%GqWiwPN1g5V?q8gS7B4bvB( zNxdaV>2XHnAfGEwgSO&nH6mH;cDoe|7t-N~|JwQYgM*8o zlXX*18>=tq6A!yb4^CAHKXc2MUo~F2G1-KpwM74un`QUFP^J4>_40|6wZqN>+*tRH z>FuGV$(~VRsIPXSYI>Ks=iPvFJUk%(aMT=KGN}e`^BHO7l=eG%t80FxC$Lg{(=<0q zR6OoKkFV8XfcXV06Z-Qt>=$-1Hu84UwgtD(dUvK*=^kk+&3xNBzB;V1vE8#P<#qqw of3pquu8sAQQ;z~mrP}?-)pT$9+=rc`_qD~jmzEc|w|wvV4-U{ARsaA1 literal 0 HcmV?d00001 diff --git a/secrets/neo/extra_config.yaml b/secrets/neo/extra_config.yaml deleted file mode 100644 index adfe874..0000000 --- a/secrets/neo/extra_config.yaml +++ /dev/null @@ -1,228 +0,0 @@ -database: - name: ENC[AES256_GCM,data:rybFQDLCQEo=,iv:zXkXlsf68w4Ep64XSPYOF83woy5iiG+h6Yy7SAnepck=,tag:ct8skkYNluhXdqw5bYHrbQ==,type:str] - args: - user: ENC[AES256_GCM,data:QWa/0wxp+w==,iv:ZfNAwLak1MUFfttFYsJCrrtG8taSiSsgC09IxIZ35RY=,tag:7fHuLvj3hDBZcxhObIDk3Q==,type:str] - password: ENC[AES256_GCM,data:wxwGmDbixnjXmbahj1nHImpSY168+J72wcB4dE+Z6QUk9k9pFPhNAQ==,iv:HkT71FGhE/osjjwKGJ0g8F9F7LusQNFcBmE27ISNxsc=,tag:Ql5jtyUhrrUCE0+FMDY8EQ==,type:str] - database: ENC[AES256_GCM,data:SD3+ed9c8Q==,iv:KtNybt9Sp9oYMu7mfOjpa7cwNpH2ChG+LE2Y6PJgRtQ=,tag:vnz8RdDBloA31cd+5RHWvQ==,type:str] - host: ENC[AES256_GCM,data:hsfZcn+i1vuGGtI=,iv:gohWH4SLOpelizPFVEckGbWtYdOoyHVi12X7Z6fWCGE=,tag:pQG6zbvITxqUxMZBHkMTpg==,type:str] - cp_min: ENC[AES256_GCM,data:XA==,iv:6HBD4fw7U+56icw67eOuFgLL6BcRl/y/0HQuF3amUoU=,tag:Mq/K4mWEsvk5qaCXOvQZ3A==,type:int] - cp_max: ENC[AES256_GCM,data:aVA=,iv:ZDO7XEIGrkmLJf1LiJuzvcLwZH479ZNN/CpxwBiR1CY=,tag:qMwycl7Oa5pPkGy9so50fA==,type:int] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15chrxr5twkf54k0js06n097t750p33gg3mkjwall7hunja2ql93stpr8yg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcXpVV00zdmZYZTZncXFV - aklTVVU1cCtnNGlqNmJMQlpvbTJFTElyL3hzCnUwS1duWDJQd3NMVkNRckN6SWl1 - aXRUOE1NcTQ5ZEFtdUVtbUdNSVd3eG8KLS0tIGxuYnpsS21ocGttWjF5V0VBemxI - a2xHRTRhWktOMGdlM0tJK0JVaExrQWMKOEktwOnAe2nZzYNUoGZ8KhsGbyVOzwnk - hAwbgpqgfzAbLfHaGnzQvE9podv59bUtj/ty1RxF0MP6VgcMuzDOYQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-26T16:55:50Z" - mac: ENC[AES256_GCM,data:fzEpnAGMEQ6kJ70DA2r3Vg32BVCQ6bWpWS2eAjaVe5yTpeHLZxdpVOYqWBVhFlhXYmCmnWJuP2zjT2VTnzwbbpw8tzJpvCw6AOv2xl95/6Kr9AYn3wtiumbH1MOuzgTTz7bSDQNeYltpPheE0prW1tz0jg1AaprL2EBDQO6GLKg=,iv:XmfFEChwHyW1M+jOxxOtHiAQ8gku1MmoOXoRBayuZfs=,tag:dBygsK0h9XMpRfp44fuR3g==,type:str] - pgp: - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DtMjybqIQmUESAQdAFNVsoRoQ4Asu3psACyJAZVJZlgd8egHD63vDOtuvTQww - jfvZGz3ACLErHrliAFhZdw+94TsyJK3xAWUKHRvqpEh1w8oJZAXTUcwVz7EO/Ive - 0l4BCWpz/ANsgNZK1LqC3Qa+HP4Jaeoiqiv4hkNIacU2pZASsmqBj9eh4rD1NxhW - pEHuKiy+NS1oxp1jg7ssqBB8HkvY/EhKKAClDJNKTCuFpuTkEq+pOW8CH3dIESYd - =Cnbh - -----END PGP MESSAGE----- - fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA8m7r5bNaN8eARAAiGXdbiWzOInTNer8trJZ6ncU4UucrceX+DiCnfkAS9Hq - JgrA+jZV16RP0Ke+xVRSj/NEuaIGu7DmKNwANYSuRUfvBBRrQp0YKJx4NRoe9ZU1 - IactDCFm3AnIwz5jYhtc6kKjd5hG3APvOJYdOGj0hFNdX96h2b79lUKqpi0wHv+2 - Ab6uzNulTZszcGEyilE6mCf98t8i/n/cLxKbDrgywKd8YceKM/nX4V2cq3wxGgLC - j+5QYMPvxhbVkBZhLe295A/blBwV+L+sm0AZw5fiNo+ryK51+bLo+KwqEinZb871 - A5xB1VatEpeyd8sbH2y5z1iLyWHqgMVfuKa2O8aiuJCyHUxMGMqyBWJI56xGJSme - XmEMQnwR1bvVP2o7J1Ssn6SdvHH0r3zOeYH8PEnTxMky8bkUAVFTxifilGPk2rFs - MNpxLv6r6E5N5kXH59Crl3G9m0bqwELQA5Y/d9HMBCuvWBq16EWZLOmWdW4gmHHD - k1GONRk2KgJyI72LeuxHVSkpe2pseCFnKdOkTl4MU8EUuOM4ERXaIeGLRtwI/Vrh - yt+WNNpdMBuBGzhtOA2wGOkfhZVkhPcaU2VRpNAZzPIHASJNuK2VOEWKd+qF3k89 - /iuDVxg8bRMBBWz6xqMU06NEJNCHkdRawd+kWeN+T3sg1veq/UdwxPZtvtgTsy/S - XgF3yDEmG2CDDOK59MxPyVvt5NLcPuGaq2ztaFXOCPel698OmQWAhc2/TfaLJq0t - 5LMAQKXzuQjBLtaT8N2BCGzGY2s5Mgv9Vzh/OQuC9/Eeenz9LjrnOk/4szGcbRg= - =GfpB - -----END PGP MESSAGE----- - fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA9A+dmzvmzOLARAAoWw+e+bVTodSfgjh1K8tqC+XTDnj8Z5Eyj39xqULjtqA - 9AFDU+VCCQa0m7AtyCx8TYZthXs47PCl/srDtK353Bxl/pLWXoiG1Cmk3kOOTY1P - teIFfi+W0wWVItnK7mxRj/hQu621kwr3yuG5K9UNjcaixWGBGefcTYw4nUKsbeDF - 4bZ204IGgjVRU7sI8nK+M6ikwn0Mv7i8lsbLytD+FSr/wU98KixOzg41JgOdQT3X - EtPI03rJZ8daZZGRUlSnamN0RT+8AYRUrgFsz16hCrXH7ztK5HyqmIxWwf/q6Fci - GGxeAjQ8dmduEyUadSU0p7s74yYgPXFDIN+RbNlebWm6eWuCZABtxon/LMnoaG92 - TRNrIsSQEgnNF6xBYrTG4L9NhauuBTsr/Zg+3kcKqzpktdIsGMsVbFaURyVb5IYi - BQ0zcJULGSetcF1uCCRog/uy4i6Ydfl1FuRRmURO0mlkfdChE06UPAep0HBDsI/b - Hd3fpTRKuhNaG28epq+hKzewCZz3Fq7g47j5grWHQGeA0ZQQXaFCKUibXO3Q2O2/ - TaX1OPR4aMNU6/9jgxyrVAg+riz7ly0ja1xiqMi5qJF3+H2p97Wh2qt3Y+NUXS/X - xZtXuKdWI5WnveTmB1ngR9rNDjsmOtv01OhfWalDESlg8bik1QRTd1c8gjVDTF7S - XgHt4E33/3IvKn8VzI1BFda38X7OaEDRP+J6HvrXeJgsVZrVh8N97naLwmCAuqoB - hZhTUO8asf/iPEOU7za4nexD8jSGBaZ/vmD48SkIeStPRYsh687KwLm8TRkW0nw= - =0HAE - -----END PGP MESSAGE----- - fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DRBWo2b0h4f4SAQdABhx8GDBhLAzrMqlqA10ibBR4YuOQ4dt0UhPDHkdbiWww - nWDDDHyz+iXsh5Nhf1uBjplfztc1loEqJ1AqCrCLhZBlRlbLK3+UwYn3aC8f5iGm - 0l4B8eBqJDOAZ49ATqtmJEbXRV4iXTwtF9wh0oYiXqwScdczlgZGi4pkFJ5kruM5 - ZwV3o3HW/kPGWGq6gJr6+CY9+HfsPAvNireoOpAE5blRTDc6npmlNF+soj20UK6e - =HKR5 - -----END PGP MESSAGE----- - fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA2iXGbkufjklARAAjRdmg0f5oZXJFApoAspxc1GB7acXfRYFRPDHX50Nu6c2 - 8RwZylkAAIs6MDA9hbz8M2N9U82iwSNYQIT5QrkW4O2BdJ6It/mVKOqJYIJyjIKS - f0/uNnlcCFXNnMTN/YPmZVo5LFJSJkW5LIf3E0f12ZgyVRUla6BiuaKaOs1/UGmV - jXEaQP1CJmHv+TxAIeUeNy6lseXiYnajD1Gx7K6xlv62hvXzJ6ny+/Mz/c8afjtO - aOCuhqXDq7gu/9nwqZjaJcvlvNOj6dO3km2YBXf6dg+D3v7RUtqrNp+iEytD2h2c - pbupHoySOEJPC0gL/nNEgxsYwXEu5x5qyPQT/boWP5KbFmfWxdmFvYsqIoXK3QuP - mMCScqm61mFougPdfXV4i96V3/6Dgog9STfc3khkbXSJ03bCKmvZUCl59OOvHFZD - YWbYfPn0SNkG45AfeSb+5b4/WJ90eGGCqazXug53jlbjHxE8BNRrb8eNLwfZ6/QR - VrVeyqnJemnA7cj7WqrOw+7IxVqk0rneflaMC1zuHd6QvBkwZEkyQMeRjg+d61Wp - 6qDoBr86JcwufSFK/3HSqfkWQ7pWH2T+4PtlGJNqxDRejwPBIA9BwARfqaFOPjuy - aQbs69hWL5GjikXPnNgvgDJDV61cVBoMqn+9sq8zE0LbaAH3PCxeQ9BdlvAknmLU - aAEJAhAJdeIvfvwiCZR55vqvOr1aJozpKW/aMHSLEBbAmi0pntLMnPKfNlS0m4R7 - 7ECKistxoup3FFVgrUMQsfSuaTxv9IkiruxqhIdUjCyW4trEwNc9EBrneSNPQ2iN - QIB0VYLDdU7b - =vLkM - -----END PGP MESSAGE----- - fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA4Uty74yOFxLAQ/+OxuEisJV2I5vLchZuBnxl3jN7J2dJkjt8+QhnNNzOGXs - E93JpzEoOuOYKB4JL+Xzye13tfuWvLfIwLVHBLu2zdTWKb1o5QOOE84bUVjRvRIO - +r3nnLsknS5Y4m77a++dLVVwqrUbpvngqAR5BELXUodnihX2KL06QUTmGFWw1mcb - gaWKwUDVJr87EHWZzqVCOyzre3PIvi96KazduVWK5nHn94AnAP/maxqkb4i22QW6 - MYLZ3r6pIpS635wI4f4lw3KwbV3xQIDzRSS2OymOzlLN2ho68Q+u7CGfneXrW4Fz - Adv2ifrxC67gnWGN9zMqQB7OuGowTjaqybuIhwXDbIyUK/gVcT1WcbJaDeLJUrn2 - 9raNTBwfzFpRQD+TCNFWM8FIuVJtFeDZbbAvE53fkyQ1TroCHL+WO5fS9xqTbOb6 - 2acKhsCRV6llXi2FlCNrsS8VlkeIRHLa/vdl2QwLxnh7XFN/6cNqN1SKpbKN7D10 - gp6GFMHfkeJG1CbCNEm+nHvoZlI3/bZrzE/HLDgCQHre097HyDwyqNr8ytFBkZMf - Wmljc0PV8v8niYdUv/ZbmNgXXd/Z8gDiIgvFzMa+VXLQAeOGLLFpGIE6tTCsnTQO - mnmhnQz56fwWJiHJ9mFwwrQvnk94bTg7DAHvT2iWOynq6YlGM4tFcl/buM5xPQPS - XgFRrEyFYYGq4NX9V5tDrkitYGc1AkgkrA3oFerzPfKxEktMSK7CsBXt2EJr/TWB - sqInXmezigoYYkDxggdIXiR+j0CvyZuqUNh6uXNRmv0D14TUdmlE5QA44Ucl3Fo= - =sYBA - -----END PGP MESSAGE----- - fp: 0xA534E46682DD8C35377352C88DD28608BE411065 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DIBqTX2T418ESAQdAkLP66to7ZT3td8EnmtGUUZCsUOM9x3CYk5ZYywgjz3gw - JcFrx60/fNnU2P93HPKXUrRnsKwZdfnPpdTAOzT/KpT+NC4r8bLNcFklcSaZgzNr - 1GgBCQIQ61MKL6jtYU5q3GGOK7Ts6jDjkzPQD21nGhuyrQXkk+evhzrsBqnAfQmQ - eFLNAyIVFcuhnGcQBNu9OmQ7LZaCrlrrrPJDtW6NxJ4DDlyAwWn2Sd036xVtJqcr - PBnNw/pZyb36eg== - =uXsC - -----END PGP MESSAGE----- - fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQEMA7auZh4eKOkIAQgAijOLPXIYcL+QS83uvCCjQvhNwvHwN9GX7abWfBqynVJY - aH3+DyY338Vl2iyOsjLoRW4DtYuxsra7NL3WIgQB8pQ+Dmh2FfWjSZl8tplWpK+1 - ar7tUxKYOV9RqJ4Hs8zh8P2OVPrUICvLJQj4xDlBm26HvAAcN80zHtd9HBMHvWk1 - v/i+yE/AlI21bLFUfj2Y0KXZ3eDB4pI0prKaK2gZQO7IVG+APmTzVJgqnL3Oc5pw - iSJFVNHlgs6ZYv9tgXDhS/H82htZi5ehKPvKYMdvepbF1JFCirpTiMPCv1PNBboT - Dp/wkpPkPf+MYWyCSJ3p2ShlctB5+KkN5wVpzuFOC9JeAcxeDT33bsDXXBzx0ZEg - zgKDqyCUG+BxSHymaENeVoh2wRvBSafwGfeAXByR2XlS+kdWG2BZlgwmAypVw2kL - Rn33kNfst2Pw1eBYk0OwDE07EbSaRv/pVfxZkM5JQQ== - =Pla2 - -----END PGP MESSAGE----- - fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA11f9zoCBF1cAQ/+IC4/bQNSK3efC38TA07DHGiQv7gsMEBLhRVCtPlMZWcv - QRrAtDQAZmGGxPHnFyVhYtl7eetwSzh4EdkXWFnDJjdOiHT+jUWeIeqHXVnARJq+ - eIw7cXCpB4dyEM6vfpO4GFfPqJ6Y24DRz8GiMVE90pmtSVBryPWPdAqN+wLQmQM4 - L/rsDyIwvh6CrQJBhyoMZ+rBaW0Hr08LAtN2xQibQo1aQv+TaJ1ABw63nVN1KiTh - BY2LmxgHuqYIbDg25CPxIffF44+pbZYl00i4Ba43v0rhJh6s8UblgEQQSSuxqXqY - lR5mXxW7KPgCfyJh+mGyac4SaHnxVZSO0dijfAe3/xpJS18FkvZastDcQW1SdGb5 - 7inBVHYppoLr9+fVryWPTNEhXiTEJqWmeHXREFYvCtMUVWqdUuJ5CR+Kkm6PI4AH - 85qBH+fj4cf8EsymMotPSx70P4L+Rgf+Az9h2GYgHiz5zl8x2zhRjTo+mAYm97iq - oEqAxKoYDuRQyYV5AV1Y7VoGzasZbZpCQRvpbGQ9kJf/rwuR+oxdOA0ncRIjcXHF - uXoXiQ5/VJUiSH4NAujY6PyCu0DV9+HMif+fLXhIFIEATabocpTBkzL/uRQrR33+ - haXw5o1ZGOvSBwY7Ane8ONaMdZrpb5yR09hquzNKle7PsLXuqK6AwD60Eu5z8gHS - XgGn09pjkESZjKzqLdd+Djj/Q9cOKQXS1DfB37+CHbIXCq00RYd1jru62ukIj+oj - BOWsoCzQ/KClrFt2CRGGDpGxI84ojQ9iW07/OFByBNbUEl47A8Em4dpYMJw+PmU= - =pKZx - -----END PGP MESSAGE----- - fp: 0x9AE04D986400E3B67528F4930D442664194974E2 - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA/HTIsSK0VBlAQ/+IMFjebv/aEuSsjdNFUFU29R3VGD8ncVIEaxm4Jl3JIXy - SRdwf4MIJqpzS/hu0izKxUHe89rGPPHr1Ycdt8qI0pYioFhNs50XnDwfZkRuhg0R - eluW6dZYzJEnqmAGk27aGcp9NCwBGkJOOkwtIK7GYRZ/Av2kYzvRTTnU/550QZu9 - 2VZ1qe0ZbySv5j56C0LrePT5JJ4A3ry4On3NDr/UgUaksrHnJ8/mqewin1cB8NfR - x11MVBCG78YDKoHK9s+QpX3/2TRAargskEJc28PioXz0vSOWpBT6Pdqki/cFRBhg - VKC2/LfdHXAfFDc8hjnIBMBnXvCoy5zUoeK0CdaoKX59hXrKfvuM7Wg4TpEvn1Gd - nhHX91KJt3zfYdODsaLJ3b05/nQP5R1pcX7l1MJuL6wjkn0CV2CXAQT0qb3rC/c3 - /rwhrQcyqp9e4CUfB8Lm6uF752YLp3q4a1e2mhqy3fuegz5tWyQzxwR3+rXmkl1i - o0IIzqz2BATCwW4vH0YCB/lmCkOBe3ur/jLwn70esnqfeFMsKR8CwalMFTfBZDnq - 20LKsw8PZ+V9MpHzTAKigYXcUnsYKYH4/J/aJBXRVeTZExtKR6ISuwNQc1y7kQzO - OQh/neikCjLUqIAIPXCDjoPIpYe2oEjC1bqdU1Fm+XEjd55sfWzDJvjjZmz2OQjS - XgErHb0Z/d023mUFc3+bIi4nWQIIvJC+iZLDANqCqX2Bfap1D0hqgJtqW3SewvZp - CZyI9KUPx/nW/dMdwqw+704UZUD7dQLGKwF1FqvfyvBDvT5ZAZih6tF9JzBq+yY= - =LRde - -----END PGP MESSAGE----- - fp: "0xFA47BDA260489ADA" - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DYIEGJeT64uMSAQdAIQxADpZUsYB4FIa0KJfsKeI3oq3umVU7HM27fSfOYjUw - GrXc7zBcfpl74SrqTbdgEQJKCWk2/c9xBsxK7oShWzVH4Q9jdA9Kz7B4SXkZlF2M - 0l4BOa9frVPRPmvWzLBnaaarU0U4NFU5wcYtlm6w7QtkdJMFNEnYOY+3P6YOocHN - i6S7J1BpfI0JNiNGTudCBKWCYgt71N+uEJgDqU4DPwl2ZEYxFFjFIsPMuvfVbkUZ - =IyXA - -----END PGP MESSAGE----- - fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B - - created_at: "2025-01-18T15:00:55Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQGMAxrcfL3KHjCOAQv/ab8JUsBl9MjXxWagNCW68iIg9LuiYNyTzYdmOZQ7jNgU - svPhWaX7Pu87VolM2KW5mwxRBHfnCAssUjLDVGFGHdtwzD74lARaCyZPQj17niUu - jFIZ3v2nJW7HNx3KZOj81MYUrlZMetvHy4pe4yDvjCu+hWTGO4MGZpPbWUU9Elo7 - 45auHrCDWeby8PtHwWo9y+RseFLy75STBlA5/yS68wbURfLP17qsaarFXaLiFzYu - GoGozPT4iZW5LP2h+bkmvAq0dbX9S0gfbErd3LXY6Y3eLZ6iX1Bpl+fquVPLnHod - p9Bwrt27uOHa2gQRzUvxn3iIjZy4S+QjYPtH4jtf7vOOddjkxgwdNBmyoonkWsRb - EQVZrVOxc73QiN0CzbLk1IDUctFi/OoHU4j5SyF2x2oAi1I3rLtgb1MuESAX23qO - 38Ksed/jTS7bAigzXddHkW5HYWKNOFpaZFBDh1I4zT9P8tig4wnd+eby+OaL9WZg - UjWKc8ldY9weVziiYor90l4BIJhUFIOu3BAdJAaoDNGwPTu+eeAtm2fRoAUOy++C - abkMwIoBQ77edNoGCnMt0IICGq4PIoNPlRxfffAbt01npH+efQfd2vnA7qa1PddV - B3Fka1oQ4wJvRrhg0nvL - =QnT6 - -----END PGP MESSAGE----- - fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/secrets/neo/ldap_synapse_password.age b/secrets/neo/ldap_synapse_password.age new file mode 100644 index 0000000..d1b0851 --- /dev/null +++ b/secrets/neo/ldap_synapse_password.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 /Gpyew GGtk6DYlauerByL2ia9uqYRRnwqwn+oeZZUfRpDzhh8 +OJ0qDoPCz5FXCXDOHJyGlcYhBRvMPIyrDuTXVR6pYiE +-> ssh-ed25519 I2EdxQ rHELcLTEsfu0sL3Aw2c290Zf9EmdOIO5gmhLS6lRMiU +AKX6RMwbLn3J1IKsjSTfxn0u/XlT0W76JKXfcfMCkqc +-> ssh-ed25519 GNhSGw LPx7cnjBfMcDwZ4hqfP6y++D2FVtlYbzMxfVkfF86hY +QjXtb0IX9wtvCw1ms4A+kG4Nx6URhIT9e2nzyRSpI0U +-> ssh-ed25519 eXMAtA sB1Ew2t6yjQoYW6OpH/bFCo5PO+a23nF/OrCrl9d+iY +73LkKS8y0bYR+hGPVjHxHc6VDZ5mscAMPfLwS+a0slo +--- B5T496c9WhW9A7EzOhy7vshIjNFgTr/kfW1mi5Cc5fc +MZϖD7Up{Z~*Xѐ \ No newline at end of file From 12d82fe9ae99cc13230b1bd80fcbef62a7c911f3 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 03:04:39 +0100 Subject: [PATCH 18/38] fix ipv6 --- hosts/vm/neo/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index 8123acd..61906ce 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -42,7 +42,7 @@ ipv6 = { addresses = [ { - address = "2a0c:700:2:ff:fe01:4102"; + address = "2a0c:700:2::ff:fe01:4102"; prefixLength = 64; } ]; From 571e49f0ab566f498e250dd94ce54b7be3b85acb Mon Sep 17 00:00:00 2001 From: RatCornu Date: Mon, 27 Jan 2025 03:35:45 +0100 Subject: [PATCH 19/38] fix missing .path --- modules/services/matrix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index ad6757d..2878f92 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -117,7 +117,7 @@ }; extraConfigFiles = [ - config.age.secrets.database_extra_config + config.age.secrets.database_extra_config.path ]; }; From 99a38a69d96393d42f95d9cda83e211ac032ec20 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 03:57:45 +0100 Subject: [PATCH 20/38] fix typo --- modules/services/matrix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 2878f92..acc7ee9 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -97,7 +97,7 @@ mail = "mail"; name = "sn"; }; - binddn = "cn=synapse,ou=service-users,dc=crans,dc=org"; + bind_dn = "cn=synapse,ou=service-users,dc=crans,dc=org"; bind_password_file = config.age.secrets.ldap_synapse_password.path; filter = "(&(objectclass=inetOrgPerson)(objectclass=posixAccount))"; }; From 0a206285048088b20fae9b3abb097f557a482b6e Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 04:03:53 +0100 Subject: [PATCH 21/38] add owner synapse pass --- modules/services/matrix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index acc7ee9..47cce90 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -11,6 +11,7 @@ age.secrets = { ldap_synapse_password = { file = ../../secrets/neo/ldap_synapse_password.age; + owner = "synapse_homeserver"; }; database_extra_config = { From 07aeb7f18895a87a67b550f24f37da3c26956f27 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Mon, 27 Jan 2025 04:08:11 +0100 Subject: [PATCH 22/38] Ajout CORS policy --- modules/services/matrix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 47cce90..e840d11 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -147,6 +147,7 @@ locations."/_matrix" = { proxyPass = "http://localhost:8008"; extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; From a03aef9adeb86c3388454b34b671856ad5bd7bd4 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Mon, 27 Jan 2025 04:11:06 +0100 Subject: [PATCH 23/38] Change ldap password owner --- modules/services/matrix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index e840d11..15510f7 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -11,7 +11,7 @@ age.secrets = { ldap_synapse_password = { file = ../../secrets/neo/ldap_synapse_password.age; - owner = "synapse_homeserver"; + owner = "matrix-synapse"; }; database_extra_config = { From fb5c0e29425ce890292377344d4e16e9f5382e15 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 15:56:14 +0100 Subject: [PATCH 24/38] add ipv6 route --- hosts/vm/neo/networking.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index 61906ce..363ead7 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -46,6 +46,11 @@ prefixLength = 64; } ]; + routes = [{ + address = "::"; + via = "2a0c:700:2::ff:fe00:9902"; + prefixLength = 0; + }]; }; }; }; From afc6d918ce8db0c5586709cd6c3b72bef2943947 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 19:00:50 +0100 Subject: [PATCH 25/38] add ipv6 in nginx --- modules/services/matrix.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 15510f7..ae1b58a 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -132,16 +132,31 @@ port = 80; ssl = false; } + { + addr = "[::]"; + port = 80; + ssl = false; + } { addr = "0.0.0.0"; port = 443; ssl = true; } + { + addr = "[::]"; + port = 443; + ssl = true; + } { addr = "0.0.0.0"; port = 8448; ssl = true; } + { + addr = "[::]"; + port = 8448; + ssl = true; + } ]; locations."/_matrix" = { From b7b482495ff561c5cdf00ccc7c0be12ff4c2a25f Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 27 Jan 2025 22:32:54 +0100 Subject: [PATCH 26/38] try to fix problems --- modules/services/matrix.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index ae1b58a..d9095f9 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -162,7 +162,6 @@ locations."/_matrix" = { proxyPass = "http://localhost:8008"; extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; From 1b0bddb1c5d70bd8c27a9e34eca577dbf51e955b Mon Sep 17 00:00:00 2001 From: RatCornu Date: Thu, 20 Feb 2025 19:29:37 +0100 Subject: [PATCH 27/38] Changement mapping IRC <-> Matrix --- modules/services/matrix-appservice-irc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 268cc0b..a4c8587 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -90,7 +90,7 @@ in dynamicChannels = { enabled = true; useHomeserverDirectory = true; - aliasTemplate = "\$\$CHANNEL"; + aliasTemplate = "#irc_\$\$CHANNEL"; }; membershipLists = { From 783e008486e444832ba43effb8ba05fdaadf1cb9 Mon Sep 17 00:00:00 2001 From: RatCornu Date: Thu, 20 Feb 2025 20:14:40 +0100 Subject: [PATCH 28/38] Ajout admins bridge IRC --- modules/services/matrix-appservice-irc.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index a4c8587..c3f2c81 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -162,6 +162,11 @@ in mediaProxy = { publicUrl = "https://matrix.crans.org/media"; }; + + permissions = { + "@lzebulon:crans.org" = "admin"; + "@pigeonmoelleux:crans.org" = "admin"; + }; }; advanced = { From a23df4496aa47d01b6c612b916afbfafba907aca Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 17:07:18 +0100 Subject: [PATCH 29/38] Changement nom bot --- modules/services/matrix-appservice-irc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index c3f2c81..e8e5c98 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -77,8 +77,8 @@ in botConfig = { enabled = false; - nick = "MatrixBot"; - username = "matrixbot"; + nick = "IrcBot"; + username = "ircbot"; joinChannelsIfNoUsers = true; }; From 7334838478d0a6af92bf88ea7f123b2fd5f56de4 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 17:21:56 +0100 Subject: [PATCH 30/38] =?UTF-8?q?Changement=20noms=20affich=C3=A9s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/services/matrix-appservice-irc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index e8e5c98..38bc167 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -116,11 +116,11 @@ in matrixClients = { userTemplate = "@irc_\$\$NICK"; - displayName = "\$\$NICK"; + displayName = "\$\$NICK[irc]"; }; ircClients = { - nickTemplate = "\$\$DISPLAY"; + nickTemplate = "\$\$DISPLAY[m]"; allowNickChanges = true; maxClients = 300; ipv6.enabled = false; From 0a3a5d733475cda1d7a11bc5bcee47517aec4d34 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 17:46:06 +0100 Subject: [PATCH 31/38] joinRule: public -> invite --- modules/services/matrix-appservice-irc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 38bc167..95acf0a 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -90,6 +90,7 @@ in dynamicChannels = { enabled = true; useHomeserverDirectory = true; + joinRule = "invite"; aliasTemplate = "#irc_\$\$CHANNEL"; }; From d83fb978756c3c582c59993b7536c05444d71dbf Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 18:36:03 +0100 Subject: [PATCH 32/38] Alias rooms --- modules/services/matrix-appservice-irc.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 95acf0a..91c18a6 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -89,6 +89,8 @@ in dynamicChannels = { enabled = true; + createAlias = true; + publish = true; useHomeserverDirectory = true; joinRule = "invite"; aliasTemplate = "#irc_\$\$CHANNEL"; From fbafd62a2c88a0b7014adbaede532bc0e7614dbf Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 19:07:57 +0100 Subject: [PATCH 33/38] joinRule: invite -> public --- modules/services/matrix-appservice-irc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index 91c18a6..e724921 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -92,7 +92,7 @@ in createAlias = true; publish = true; useHomeserverDirectory = true; - joinRule = "invite"; + joinRule = "public"; aliasTemplate = "#irc_\$\$CHANNEL"; }; From ce4de085d7eb36bb0a885e24f51da5b75386b7fd Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 1 Mar 2025 19:46:14 +0100 Subject: [PATCH 34/38] Ajout endpoint admin --- modules/services/matrix.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index d9095f9..8d46c6d 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -176,5 +176,14 @@ proxy_set_header Host $host; ''; }; + + locations."/_synapse/admin" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; }; } From c3886d9793aaf4dc75d36c9969e6ee3e95d3e61b Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 5 Mar 2025 14:32:47 +0100 Subject: [PATCH 35/38] Ajout OIDC note --- modules/services/matrix.nix | 6 ++++++ secrets.nix | 11 +++++++---- secrets/neo/note_oidc_extra_config.age | Bin 0 -> 1347 bytes 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 secrets/neo/note_oidc_extra_config.age diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 8d46c6d..5a88360 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -19,6 +19,11 @@ owner = "matrix-synapse"; }; + note_oidc_extra_config = { + file = ../../secrets/neo/note_oidc_extra_config.age; + owner = "matrix-synapse"; + }; + appservice_irc_db_env = { file = ../../secrets/neo/appservice_irc_db_env.age; }; @@ -119,6 +124,7 @@ extraConfigFiles = [ config.age.secrets.database_extra_config.path + config.age.secrets.note_oidc_extra_config.path ]; }; diff --git a/secrets.nix b/secrets.nix index bc03267..230e432 100644 --- a/secrets.nix +++ b/secrets.nix @@ -94,10 +94,12 @@ in let key = hosts.${name}; in - genAttrs [ - "restic/${name}/base-repo" - "restic/${name}/base-password" - ] [ key ] + genAttrs + [ + "restic/${name}/base-repo" + "restic/${name}/base-password" + ] + [ key ] ) ) { } (remove "thot" hostnames) // builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) { @@ -106,5 +108,6 @@ in "secrets/neo/appservice_irc_db_env.age".publicKeys = [ neo ]; "secrets/neo/coturn_auth_secret.age".publicKeys = [ neo ]; "secrets/neo/database_extra_config.age".publicKeys = [ neo ]; + "secrets/neo/note_oidc_extra_config.age".publicKeys = [ neo ]; "secrets/neo/ldap_synapse_password.age".publicKeys = [ neo ]; } diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age new file mode 100644 index 0000000000000000000000000000000000000000..e593a11cedb89b9d2045957c4fb32c35b06df861 GIT binary patch literal 1347 zcmZ9J`%e=G0LM2)qgA96d~8Ilj~TJn>w~seono)_1@v03?e$7x#?fA%*WS^)K5>e? z1VxP+H$;cq#GuR>7Db~>6J9=;(Wy}o-_hVB%QObT3?`fVY4b1me7>JA?j{68&=HE$ ztd|O|ph9jSBH{?v@EFD;Ae>^URHWbmS~^Zdd7&`shFyr!qVkcx0+Xs(f}&Ci2$?`* zeqJ5~<9vh2o(Kh_UOh(+m|=;{fb)w1x!6S-Sql-#B0XUl3&_JjRH$?)bPPH3@&VI7tORX`@(?Vh z6H*SRg2YS0VSsU)Aj0RPW0);~ib;`MqSvEtCnrt-1~KfH*^n?4f}O^wT^TT;0XZBu zz>1*6qNUXuMGTFS2IYqp^bl?i7=b54RDRLCGq4kk*ioSpm7k>=L3vtIWetU>G;D z4DQ1rC zQI0?$;OPpr9@b@%MSX!Fs$gt(%50bE%_xXSSsfhIBrszj0&B8dq?*%`lg6zdvJLI~ zxO(N@+=joduA!d3K;Bi9FYTpY-AJofWp{qFuld3Y>9=Rn?XS5DN9PO+q0*bqnOkOU zytb10v!{^lve>dZmcL!r;otT0Mzs9WwCvznVqk0XhTrtvjh}G4Z?8YguiE%FdBy=o z?5rQ&J+r;YuBqCV)&Jnx8K!ee&C(tIVO{U=^A!z;8?qM+(D=K6H|fQdOkL&J+|2$3 z$4T)HbxL|_qo_gsXuP9%O2+k_o9EVzjHTtR5sj>T`;HfJe zSAMS#-*$sVN7xZ+eyy=f~^1APi_Rs1&R@8DdSvRo0%A>{QinYTLoK36qY?&?~#J%2)WY{trygOv^O z>7x(U4NOixGSF7GsgIQZSbwOeXmfc}N@`?(YT4|Gg}LXsryEaxUjbyy8()y|CS%W; zfC@z`-~ntBP*KVh4sM|iUq3`mD8MC+4Z?#+L>ziRvSPp2ZImXSzG zQn_>Qy}5^&H(1-A$7SsozFchgF8gdSoi|k5Uc)sE?%s4X{cB2=x2k)~>`uM_xWgy! zZ@FW> z9WA->q8+m8MW+kK4<8$w)AqWuKeIJSFymcqU2|yhuVoEWOYZ_tg3VrA_P$rdiN67? C(;Phj literal 0 HcmV?d00001 From 01557d89aa3644bb5e65daa973e108d866cfa1a5 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Wed, 5 Mar 2025 14:41:31 +0100 Subject: [PATCH 36/38] Ajout support OIDC --- modules/services/matrix.nix | 8 ++++++++ secrets/neo/note_oidc_extra_config.age | Bin 1347 -> 1335 bytes 2 files changed, 8 insertions(+) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 5a88360..66bd71d 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -126,6 +126,14 @@ config.age.secrets.database_extra_config.path config.age.secrets.note_oidc_extra_config.path ]; + + extras = [ + "oidc" + "postgres" + "systemd" + "url-preview" + "user-search" + ]; }; services.nginx.virtualHosts."matrix.crans.org" = { diff --git a/secrets/neo/note_oidc_extra_config.age b/secrets/neo/note_oidc_extra_config.age index e593a11cedb89b9d2045957c4fb32c35b06df861..fcee140ad1883ed8db93a497aceb18ec1df3a70d 100644 GIT binary patch delta 1290 zcmZY4|5H;1003~w19gS*MYAifRvvb>i0y4}Z=jH4jJ<8|?aTYJJ?58u>UphfUGcUpH%m})Et-s)NpL2pX!RFT! zlBli}R9Nh|%wcxHoEnw0D68l7v<{%`0o?00a1tO=UXGc=0z{7mpm3Q%FDmiK5xLVD z@`j9*6w0yd?T(1d>6RO{ILVZF^jbl7fsk`YvpE2i3!O2QT^bWAa}YA<)5%4Cx3mH@ z6ELc<7R4nfQ>qsc-coUHJdOrAQl}7kxe@^<)#FZus}MCfbBgUTWzY~)+9g2?6wpek zs4c3qm~3!73MBjG3?iyNsCO(vK(orOiD%{D$;rgu~8yTI=!)gi4fNCra{XjmoJMH#Dw$7BGdij_zTEjb|r2Z*F5 zEn4#5os&Y9yi!PEQkMrPvdJ)}G^S7!E?FT%lPUlt37g!gK%yWcrXqZ(!m1X;!ek)~ zmL;T!t|-T&jyqYo&o2)kW|RPAoY&2sotB4R4Y%a9HVw)K&Lrl%+Lo6zbmAPYqvs<}i-!}+-wk_PZ^!mL=<&T$O&z+|UMFEU zry|_I;(8;pikpBA-um*T24?@o9$zP#I@;Y^%ZY9jR}Kw*-ZJ^;dfIyIovCqM>Yl!R zJK;C(w{Qg~ik404db6^GOU8cQ0l)V_x$J&?|GnEikQExtKoeIp=cZ)9yT6%m4LIhc zvOD&E{Yn2>dfJSWHye^lC;v`|m$VN*`O%UETQVn_8_V8zitzjAS1+2LGPU;T&4s3S z$^50jh#>|*Sl;QXdF$u59Jm?V)!UputFmL|@h)k0HptzqW6AMajn zA3I{Wyy;j~$BNnB)~s7h{^79|@MQhHmIG}~Ta~vGuiZ^8_XKBDZ)-SP(_UdyrvRhM zli#gc428Qo&p&Rw)R^yKVt$Mc3N$=#8QD!I|iZs{EJV z`t``=(eVsZnm^^a!;2nlsA=nK5&zL~w=OH*H#8PCj`FLTXNuE(N5{sW**%r~=uqD2 bQxvskO~;DX(e4|WJ6CU7_tjYN-St7+t4^`k$F)GO<=S4aBxaQM`n%YzUbS0}K>LxHGA%aQ^{L}by~xW#}}=p^-w ziHKyA?y!Ubq+uY+m)m8Uh+P#^xPvU-1`g$k@F<~J!XcsxyC}+$Q+$~vAa~>=lnW-D zf|$^(P*RL1$S(~UaF5&UGXhdRTpSEqOYAHm?)4QG3wsyOipMnkpxq%OZ6)C_K)VbO;q_86+~UWCq`)Q8YB86C zRZ0LlA>xx*&@dE29QvqL?l)k5DN?FKWC4*0rc`QK42zOF`9BVtcJl~_P%IY6I9j2~ z5i8(`XgBOo$hdCO975GGHJkul5`)*FbSh$y8Rk0kbPC8PRX_!$I#vWMz_=j^7FNr} z7>;udsMnt7BZ{phAm(RmHp*aSG_DelT=MU>|K?!CZG@v7KaMduA1?? z{c(}qSO8OIFdB?<6QoaLwJ0ep$kKX(s27P6I#f$Q2Ah(UqanhT>xsvWV77!T^r)>N z29i32r2YRo0@ukIIR}Du`M4R7ii}P^#y3mcbPx>N^bBqD+8{`YA}RqL4$ByiK+cL- zLte-jNaRKYRMhN-BK(*_K?0zNaA*YxUvC4=Dwz_;Wm035#pCffnnKvkI8BnM*B`)S zw8a`US|wT|2BKm{g9OxZTTD;eVznvL*o~u>(E}gWtlgj6^w+fw!Dlbg_mvf^ z2dLLK(;5{yJ>MK?z4%i6ZQ^XY^$mOZ#G)}iRCdcTfBS;O^|kb${e?`g$&%fj^=?hK zZ_lfn(TdA+asuaw;T_3ae$)0ff5h&)v-upiI`J-f-XU7(XdK%+zpKcquHKnF^zivv zx@T7H>fOFE&A`};&zg=l^0Fg&I?B=Ix%r#HWhZsy)5ycI8jYiOpMkdZenUbne8%O~W&jj}3Q}ZyhA1 zKQ-&X<|OQx1(yv^8mHtU%#r6ybIMuGiHFP%6E zr>RyEL(_JO`uVr&K)-m@M6^Hs<^IxF2dj78_;@xtVH%I5Bvm-}-(Q?KLchg3_B|=@ zy7n+a From 2a266f69e8c978c440d512d8f8f952d2ff40ded9 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Tue, 8 Apr 2025 22:43:49 +0200 Subject: [PATCH 37/38] Fix media + infiny loop with auth --- modules/services/matrix.nix | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 66bd71d..f2654c2 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -55,13 +55,15 @@ report_stats = false; + public_baseurl = "https://matrix.crans.org/"; + listeners = [ { port = 8008; tls = false; bind_addresses = [ - "::" - "0.0.0.0" + "::1" + "127.0.0.1" ]; type = "http"; x_forwarded = true; @@ -199,5 +201,17 @@ proxy_set_header Host $host; ''; }; + + locations."/media" = { + proxyPass = "http://localhost:11111"; + extraConfig = '' + rewrite ^/media(.*)$ $1 break; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + + }; } From 5d996b70dd436ee79b3b7dc865a4952b8b68447e Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Sun, 13 Apr 2025 17:11:39 +0200 Subject: [PATCH 38/38] Fix: augmenter temps dispos des media matrix depuis IRC --- modules/services/matrix-appservice-irc.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/services/matrix-appservice-irc.nix b/modules/services/matrix-appservice-irc.nix index e724921..6352c7c 100644 --- a/modules/services/matrix-appservice-irc.nix +++ b/modules/services/matrix-appservice-irc.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let @@ -134,6 +133,8 @@ in ircConnectionFailure = true; userQuit = true; }; + # nombre de ligne avant de transformer un message matrix en liens pour IRC + lineLimit = 5; }; }; }; @@ -164,6 +165,7 @@ in mediaProxy = { publicUrl = "https://matrix.crans.org/media"; + ttlSeconds = 2629800; # media matrix dispo ~1mois via IRC }; permissions = {