diff --git a/configuration.nix b/configuration.nix index 54aa1ee..c7cbd5f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -162,6 +162,16 @@ with pkgs; owner = "coolneng"; group = "podman"; }; + secrets.facebook = { + file = secrets/facebook.age; + owner = "matrix-as-facebook"; + group = "matrix-as-facebook"; + }; + secrets.signal = { + file = secrets/signal.age; + owner = "matrix-as-signal"; + group = "matrix-as-signal"; + }; identityPaths = [ "/etc/ssh/id_ed25519" ]; }; diff --git a/modules/communication.nix b/modules/communication.nix index dc997f9..84b3089 100644 --- a/modules/communication.nix +++ b/modules/communication.nix @@ -26,14 +26,7 @@ in { dns_cache.enabled = true; }; # HACK Inherit postgres connection string for the rest of the DBs - app_service_api = { - inherit database; - config_files = [ - "/var/lib/matrix-as-facebook/facebook-registration.yaml" - "/var/lib/matrix-as-signal/signal-registration.yaml" - "/var/lib/matrix-as-telegram/telegram-registration.yaml" - ]; - }; + app_service_api = { inherit database; }; media_api = { inherit database; }; room_server = { inherit database; }; push_server = { inherit database; }; @@ -71,6 +64,7 @@ in { package = mautrix-telegram; serviceConfig.EnvironmentFile = config.age.secrets.telegram.path; settings = { + appservice.database = "$DB_STRING"; homeserver.software = "standard"; telegram = { api_id = "$API_ID"; @@ -86,18 +80,24 @@ in { port = 8228; format = "mautrix-python"; package = mautrix-facebook; - settings.homeserver.software = "standard"; + serviceConfig.EnvironmentFile = config.age.secrets.facebook.path; + settings = { + appservice.database = "$DB_STRING"; + homeserver.software = "standard"; + }; }; signal = { port = 8338; format = "mautrix-python"; package = mautrix-signal; serviceConfig = { + EnvironmentFile = config.age.secrets.signal.path; StateDirectory = [ "matrix-as-signal" "signald" ]; JoinNamespaceOf = "signald.service"; SupplementaryGroups = [ "signald" ]; }; settings = { + appservice.database = "$DB_STRING"; homeserver.software = "standard"; signal = { socket_path = config.services.signald.socketPath; diff --git a/secrets/facebook.age b/secrets/facebook.age new file mode 100644 index 0000000..211ed88 Binary files /dev/null and b/secrets/facebook.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 63fee05..6cafe5f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,4 +15,6 @@ in { "mqtt-sender.age".publicKeys = [ zion ]; "mqtt-receiver.age".publicKeys = [ zion ]; "nightscout.age".publicKeys = [ zion ]; + "facebook.age".publicKeys = [ zion ]; + "signal.age".publicKeys = [ zion ]; } diff --git a/secrets/signal.age b/secrets/signal.age new file mode 100644 index 0000000..15ffa46 --- /dev/null +++ b/secrets/signal.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 iUaRGg J/gZDBtDsIzjCzO1y2vXgxl8YuvWJgcpk+8KMOp63kg +1XF9JFAIscHWFJMTctZOxVIBYhYliUFays5gwjZt6hs +-> vM4\2y\'-grease +bj9VKIuH0l1v5X8N2v4p+u3VySDKjj3WAyVZ7f+wmy16wncrNyMtiUZ+ELBWfqXd +XOyeGZoKBHwd8lOgkZ+va0BEkBJs9piX +--- K2uN9JxuqPQpAxjQ+6dgsqhsq50nTkLsw8QGJprE5hQ +HS:eJ4}'T˦ ['M9E6__yPM8'''FRڡ"ݏX;4J/>k5<:MlK$ӟqS#ŌjX)v–OuJP~ \ No newline at end of file diff --git a/secrets/telegram.age b/secrets/telegram.age index c421392..16581b6 100644 Binary files a/secrets/telegram.age and b/secrets/telegram.age differ