diff --git a/machines/beagle/configuration.nix b/machines/beagle/configuration.nix index 331ef1c..d144a3c 100644 --- a/machines/beagle/configuration.nix +++ b/machines/beagle/configuration.nix @@ -1,6 +1,7 @@ { imports = [ ./modules/kanidm.nix + ./modules/matrix.nix ./modules/reverse-proxy.nix ]; } diff --git a/machines/beagle/modules/matrix.nix b/machines/beagle/modules/matrix.nix new file mode 100644 index 0000000..016af62 --- /dev/null +++ b/machines/beagle/modules/matrix.nix @@ -0,0 +1,300 @@ +{ + config, + pkgs, + ... +}: +{ + services.postgresql = + let + databases = [ + "matrix-synapse" + "mautrix-signal" + "mautrix-whatsapp" + "mautrix-telegram" + ]; + in + { + enable = true; + + ensureDatabases = databases; + # Create a user for each database + ensureUsers = map (id: { + name = id; + ensureDBOwnership = true; + }) databases; + + initialScript = pkgs.writeText "backend-initScript" '' + CREATE ROLE "matrix-synapse" WITH LOGIN; + CREATE DATABASE "matrix-synapse" + WITH ENCODING = 'UTF8' + TEMPLATE = template0 + OWNER = "matrix-synapse" + LC_COLLATE = 'C' + LC_CTYPE = 'C'; + ''; + + }; + + services.matrix-synapse = { + enable = true; + settings = { + server_name = "peprolinbot.com"; + public_baseurl = "https://synapse.peprolinbot.com/"; + listeners = [ + { + bind_addresses = [ "::1" ]; + port = 8008; + resources = [ + { + compress = false; + names = [ + "client" + "federation" + ]; + } + ]; + tls = false; + type = "http"; + x_forwarded = true; + } + ]; + database = { + name = "psycopg2"; + args = { + user = "matrix-synapse"; + database = "matrix-synapse"; + }; + }; + report_stats = false; + + experimental_features = { + # Enable history backfilling support + msc2716_enabled = true; + }; + max_upload_size = "1024M"; + + oidc_providers = [ + { + idp_id = "kanidm"; + idp_name = "FruesAuth"; + idp_icon = "mxc://peprolinbot.com/oKncNzBglyvNwvwsPMkxoPsK"; + issuer = "https://idm.peprolinbot.com/oauth2/openid/matrix/"; + client_id = "matrix"; + client_secret_path = + config.clan.core.vars.generators.matrix-synapse.files.kanidm_oidc_client_secret.path; + scopes = [ + "openid" + "profile" + "email" + ]; + user_mapping_provider.config = { + localpart_template = "{{ user.preferred_username }}"; + display_name_template = "{{ user.name }}"; + email_template = "{{ user.email }}"; + }; + } + ]; + }; + }; + + clan.core.vars.generators.matrix-synapse = { + prompts = { + kanidm_oidc_client_secret = { + description = "Client secret to use Kanidm as OIDC provider in Matrix Synapse"; + type = "hidden"; + persist = true; + }; + }; + + files.kanidm_oidc_client_secret = { + owner = config.systemd.services.matrix-synapse.serviceConfig.User; + group = config.systemd.services.matrix-synapse.serviceConfig.Group; + }; + }; + + services.mautrix-whatsapp = { + enable = true; + registerToSynapse = true; + + environmentFile = config.clan.core.vars.generators.mautrix-whatsapp.files.environment-file.path; + + settings = { + homeserver = { + address = "http://[::1]:8008"; + domain = "peprolinbot.com"; + }; + + appservice = { + address = "http://localhost:29318"; # The address that the homeserver can use to connect to this appservice. + hostname = "[::1]"; + port = 29318; + }; + + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/var/run/postgresql"; + }; + + network = { + os_name = "Mautrix-WhatsApp bridge"; + displayname_template = "{{if .FullName}}{{.FullName}}{{else if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)"; + }; + + bridge = { + permissions = { + "@peprolinbot:peprolinbot.com" = "admin"; + "peprolinbot.com" = "user"; + "*" = "relay"; + }; + }; + + encryption = { + allow = true; + + }; + + # Secrets set using environment file + encryption.pickle_key = "$ENCRYPTION_PICKLE_KEY"; + }; + }; + + clan.core.vars.generators.mautrix-whatsapp = { + prompts.encryption_pickle_key = { + type = "hidden"; + }; + + files.environment-file.secret = true; + script = '' + cat < $out/environment-file + ENCRYPTION_PICKLE_KEY = $(<$prompts/encryption_pickle_key) + EOL + ''; + }; + + services.mautrix-signal = { + enable = true; + registerToSynapse = true; + + environmentFile = config.clan.core.vars.generators.mautrix-signal.files.environment-file.path; + + settings = { + homeserver = { + address = "http://[::1]:8008"; + domain = "peprolinbot.com"; + }; + + appservice = { + address = "http://localhost:29328"; # The address that the homeserver can use to connect to this appservice. + hostname = "[::1]"; + port = 29328; + }; + + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + + bridge = { + displayname_template = "{displayname} (TG)"; + + permissions = { + "@peprolinbot:peprolinbot.com" = "admin"; + "peprolinbot.com" = "user"; + "*" = "relay"; + }; + }; + + encryption = { + allow = true; + }; + + # Secrets set using environment file + encryption.pickle_key = "$ENCRYPTION_PICKLE_KEY"; + }; + }; + + clan.core.vars.generators.mautrix-signal = { + prompts.encryption_pickle_key = { + type = "hidden"; + }; + + files.environment-file.secret = true; + script = '' + cat < $out/environment-file + ENCRYPTION_PICKLE_KEY = $(<$prompts/encryption_pickle_key) + EOL + ''; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; + + services.mautrix-telegram = { + enable = true; + registerToSynapse = true; + + environmentFile = config.clan.core.vars.generators.mautrix-telegram.files.environment-file.path; + + settings = { + homeserver = { + address = "http://[::1]:8008"; + domain = "peprolinbot.com"; + }; + + appservice = { + address = "http://localhost:29317"; # The address that the homeserver can use to connect to this appservice. + hostname = "localhost"; + port = 29317; + + database = "postgresql:///mautrix-telegram?host=/var/run/postgresql"; + }; + + bridge = { + permissions = { + "@peprolinbot:peprolinbot.com" = "admin"; + "peprolinbot.com" = "full"; + "*" = "relaybot"; + }; + + encryption = { + allow = true; + }; + + logging.writers = [ + { + type = "journald"; + } + ]; + }; + }; + }; + + systemd.services.mautrix-telegram.path = [ pkgs.lottieconverter ]; # for animated stickers conversion, unfree package + + clan.core.vars.generators.mautrix-telegram = { + prompts.appservice_as_token = { + type = "hidden"; + }; + + prompts.appservice_hs_token = { + type = "hidden"; + }; + + prompts.telegram_api_id = { + type = "hidden"; + }; + + prompts.telegram_api_hash = { + type = "hidden"; + }; + + files.environment-file.secret = true; + script = '' + cat < $out/environment-file + MAUTRIX_TELEGRAM_TELEGRAM_API_ID = $(<$prompts/telegram_api_id) + MAUTRIX_TELEGRAM_TELEGRAM_API_HASH = $(<$prompts/telegram_api_hash) + EOL + ''; + }; +} diff --git a/machines/beagle/modules/reverse-proxy.nix b/machines/beagle/modules/reverse-proxy.nix index 6221554..85521f6 100644 --- a/machines/beagle/modules/reverse-proxy.nix +++ b/machines/beagle/modules/reverse-proxy.nix @@ -1,10 +1,14 @@ -{config, ...}: { +{ config, ... }: +{ security.acme = { acceptTerms = true; defaults.email = "personal+letsencrypt@peprolinbot.com"; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; services.nginx = { enable = true; @@ -24,6 +28,19 @@ proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}"; }; }; + + "synapse.peprolinbot.com" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://[::1]:8008"; + + extraConfig = '' + client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size}; + ''; + }; + }; }; }; } diff --git a/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/machines/beagle b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/secret b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/secret new file mode 100644 index 0000000..b795ee1 --- /dev/null +++ b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:5q/jE9BMq3cNYR40mt9oqnmF8R26BlZNAtU04hfxpXgNwuZFtUxDiHvBZFPIDHax,iv:kDeqwFrX/4GRFi41zmqCpLLumEmw/9liDDizc5aAwzM=,tag:StUwReaRqEgaTzBLMp3iJA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRjducjVOS3ZwclJsS1Jy\nK0tUU2lmRDNzZTYxMG1QRkk1M0lpb0RpWFVBClR3NlFFSnhDRkZoQ2ovOGRvTE51\nLzFuSXB6dnZRMExRbWgxOW1GZGZmYncKLS0tIEhYdndFVm9QdEwzUE1IQnVRcVpU\nL1dpRTM5M0RzZkdrblY4QnN3TFVsWHcK6b5bs738zOQHjtEgNI70m2madfHkuO7g\ncgB6jR+JfBgJB5fRrB5YpC9JvgJW/IRENCjJlaMXseNEpRp/h+lVtQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Z2M1NUZjRFRRTCtUMDlB\nUTJVYjRCSFRkMEtzVHFqUnBSMzlOREc2UEVjCmZJaDc1TXZLWXkvcGlZTjkxT2tC\nVGg1QTN3dXJVYmxtOWZSc1I2aHd6WFUKLS0tIE5lamY2Q3VtWVpPdFpVbGlWb0xP\nVE04c3RmWVhjTmNRbng3SzlrZnRnQk0KchluC+DipOw7U9SU2CtjWYVrf2QtuBr3\nKho+V0cJW45sKZFl0L3T1E5qM6QJlNiyAsrCYDYUYBvr/ttwz3U5Pw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMOFpvNElSRkgyNWJ5Z2Vp\nMExJWUZwUWFhN2V0a0JPNk4xa3B1Q1JnS3pBCngraVQzS0RGZGE1THlDb0lJUmVG\nNnBUWUhkT0dseTlkSXJmOU9LUk5uVWcKLS0tIFpFM1NPR2l0N1drNUt0QytlcVps\nMHNPMWg5VVFSQW9pUVRaSDd6OFFWQmsKIaAMsLp5+tKQUNEoBYBoKhEEX2pTWjB8\nHgtrfN8Hq91Ed4ubCQCKHjOfBTP6hiCkFyyM/sDKe3NmjwyXwY29sQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-19T19:38:18Z", + "mac": "ENC[AES256_GCM,data:v9h/KKXFze+OSHSii83a5eOnc3kpsxEylDArlJkzotqeGEgMt2sh1t9PUc5waXAGK0iMHz9PTIedImrn8pCQrXa2jsO9ENgXi+u048Pk2FGPxYTj6imaeddEqPstZhqCP60XtAV+Wl11az8HSX/OmDxjTtnAKkWcOsULBGwY+CY=,iv:F0ORQoyrOkShcgZchRC9fk1u9HQlJvFbWASAkhDedqs=,tag:C6XkOP/tmdd6IY2STPuHag==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/users/pedro b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/matrix-synapse/kanidm_oidc_client_secret/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-signal/environment-file/machines/beagle b/vars/per-machine/beagle/mautrix-signal/environment-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/mautrix-signal/environment-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-signal/environment-file/secret b/vars/per-machine/beagle/mautrix-signal/environment-file/secret new file mode 100644 index 0000000..ffb7ff1 --- /dev/null +++ b/vars/per-machine/beagle/mautrix-signal/environment-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:u4DKZleTG0+TYxzjqTAn+fDkrkBLj3b67vxs13gQQmcMbZ5Y8bmRDH19OPasTfTVwcMJnj1VzTeWdnrkDJdv/EKMcPof1L4ROBbewVsS7Y8qGDmWDgqomXU=,iv:g2uSAbTlo/Xx5BXvRt/PUXUmZHiL7V50YxMmgvsT1zY=,tag:+gPXOBi4fn5AxLWPYxJM6Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQ2JtbWs2Umh2NDV4TGlD\nNGFZWE9zZkJwSzZWRTNRWGIwQ3RGR2JBR0hJCnRCOU9CamMwQkFUREhOajYyNnJu\nRGZsTmFZTG1KZnZrNHpZcitCMUdUM2cKLS0tIDhzOThBaXpuS05KbFBYdDJRbG1Z\nRUJQOWpxZDJSaFFPRDBXWDJqRUFzRGsKMYuduJHz2npO4ZPMTe0e3fJj08HUkv7s\nfe2pmMoQUU3suslG9abigrOI8y/hwT+F52G5SV/hkTFvhZTiPXZusw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YklTaFZhYWVIRE5vNjU0\ndHhKT2tHUitnMGpqUkJHYUZvajhMQzlocUIwCllFYi9uQm02UzMzNWFnS3d1N0Yr\ndFVNWDNkL0VUVWpmUFU2NWxVWldvSWsKLS0tIFZ2WThKTGdobjlVNEkvek9VQlNQ\nLzg1ZWErSEV2T28zNDhzSlZUbHVWRDQKe9gvE0DZgYsGT/lIltjtzaH0wxTb+bJ8\nHLW4+3BxBoySz2Fmi3GvEhbKP93i1VIT+qGZtEqsxfaYzlgnAQewoQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWGlhd0NCY245VC9tVnNH\nN2xsZ2x3SHhhcHNmQVhtMDhWNjg1UVEyL0NZCldQd21mU0RiREc2Y21JdnNIdkFm\nN2xmMVRHbUpLOWQxSUN3Z01TaWZ3VDQKLS0tIHovN09oSWNDV2JqMU5xTHRnb0Z2\nVWxVcittUnpUbDhDWnpWSEhVV2ZOQkkKEAvqS+ly45j4nHK7Dj7+7jh0KOPJ10Kx\nC8TcJ1reA6ZwKLPZ714MV+m+6EAIwghDeQaG+yM8CM69vKiU898NwA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-30T17:51:48Z", + "mac": "ENC[AES256_GCM,data:zRff9nIFpuwJd/M08WzTzNEy/9AzaDyhrfCOIbrXTo9VMXvd28goNgSPrrOCMFJUIT9/dUutwT4re+qurzd1ZkeRYJqoBXl/1yjx66GLwmfc0MH2D8cAAbRjvUT4lyS4wxFLUe1yAbhVtwV7cjymBPp4x1Y+a6sSwBzwqm9gDk4=,iv:csYT/f8CT4n1C84V7jrrKoz/ZO9txQMMYwFPTiPtGmE=,tag:bcTt++leOPpIF0CH0yzwfQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/mautrix-signal/environment-file/users/pedro b/vars/per-machine/beagle/mautrix-signal/environment-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/mautrix-signal/environment-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-telegram/environment-file/machines/beagle b/vars/per-machine/beagle/mautrix-telegram/environment-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/mautrix-telegram/environment-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-telegram/environment-file/secret b/vars/per-machine/beagle/mautrix-telegram/environment-file/secret new file mode 100644 index 0000000..c96e060 --- /dev/null +++ b/vars/per-machine/beagle/mautrix-telegram/environment-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:jZOyALwC7KLnySQaOzwcokQK2EmjGhozrv9sOcGW0ZPsSgfN7oH0VkB9druDeRer/5Ch/0irOVSUNv66EEQeVcCjZh1RkEzQKwSBCByvmzXgryfsYziHsiZPldlEZq8KbSzrmhSXCBeX0GGzA87Op5aueTD1rrr1hVXrSoS8ARQe3dgCfIY+Vkp4mA1WsXk8FUe+HIAEBtUy4RHf36Y7kPljFYEdtfv2K8aJQOszMPmdYO4HU0JGb7nRTZurp5rZvcYJVKpJXfWIYFd/tlomaAL6DY5fKaGBt2c0likoNhWf6pMw7/6oNtlN//OSl5eQxE/hdAnbLHLkGZ/CG0rM+UvZr0NYpUZUjaVQaxeCSPg/wpRClVR4Z6Gwus8T4WkGNhfbc24jIGNTIfRLMp9SxfoHtIlicLHyQ+gdaebxyjK5lw==,iv:YF/u3FVeXPjyLBOpNCg/Z2iOjikU+0DkTPWgE/Pf1EI=,tag:5qUOc5TKRp3Lohgtq4GCew==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQUJhYnJlTFFtSHZTL0Ro\nbHRuQlN5Q3E5NDVKemk3K0RRL25sbkY2dHh3Cll0Z1dwcjB4Vi9kZ1ZSTzYyeWdu\nMllsdHFsdHlicXlpMTJnUXdrcEwrSG8KLS0tIE5NMEVaVGtORzJILzV5RENlQU9r\nV3BTVUl1cnRUTmlISVNIZ21kMlF4Q2sKb2ETCTa250etlXV5alLxucG+pFbjCS3m\n1t4fM2ns4jfWw542vYE8A/LIV+wVC+ynPowgMvPvbrHhcbXYeQ8O0A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNGJQRTdGZFBqSmN1Q0Ey\nNVZtbTBzUG5jZUU4Mk1FVjhaWEZ3T216dFJBCjlJK0Rha3VMeHZLbTVnZXAwYUZ2\nN2hmdC9VQ0xOcjhrMzBCdEdDUWsyclUKLS0tIExSSmFucE1VYVMzMTgwSElUeHM4\nQ01DMXNQSHJ4MEJ5V1dKTmFhMzVuVncKU2h8pHix9q4SV8WSvtXUEgS5slwnJ8kO\nc44Wpek//mzlDxMc/sGYSfQZKVZ37Dym9zW6ajxNI/DDHf+Z3pv41Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwL2tjbHFXcWdNVC9leDdP\neWF6UmgrYjFGOSs4dkRGNndsYjNwd3Qwc0hBCkNTeE5oNHcrMTdxOG9leWIzekJF\nRlp3V2lCT0I0Uk5hU3g2SmpjRzZhaVUKLS0tIEdpTTVRbEZCKzZDcTcweWI2OEx6\nOGpvNjJXWjlXcThDUHdBL09meTIrTkUKylrplyKKm9ZXegHTvisF/KCNKPus3kew\nRgNrC8QaH9qK6W4B5KhuWOV0I+dg0UilAA0nfa0khMe2iznN/++rjQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-19T19:39:19Z", + "mac": "ENC[AES256_GCM,data:KX9H925q7+xHiDVUDjoODacFpMimwjl5tzPMXHlD7LFLqGPf4bOB7lUnjHnoTQNmwWCnjbf6/Tx3iA0Z7LXYuPnyz/jjaeARnWqprn4S5Vt6oLd1eVIczRgfPVGXepMhNWvM5HllkNlEv0jC5AgavpT4itgcOBFcEyf6vvhiXgs=,iv:BYJ0M4NODglSOcyVV3jRIBAXKv853G7bn4nYE+6Mlzw=,tag:W7eQIT1vT9SwuC6BCI1k5g==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/mautrix-telegram/environment-file/users/pedro b/vars/per-machine/beagle/mautrix-telegram/environment-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/mautrix-telegram/environment-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-whatsapp/environment-file/machines/beagle b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/mautrix-whatsapp/environment-file/secret b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/secret new file mode 100644 index 0000000..87ec3be --- /dev/null +++ b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:slbziRzxx6lijgZF56VUuvUFXmCZGKZBDIEZQQyeez+5ta9KuJy4Im4S8c8ViCxdjq/tyNnsj8Y=,iv:suWo93LOBxcQORlfPcJR+QMQnuwEsHfbNHsNpq6d5yU=,tag:PMaJpJVI3+RGZyy+Ozt0Fg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWEtpTEZ1Ym5JU3I0Ykl4\nR1VCMFFWYk9ESEFmZGh3Skh4UCs4b1d2Wlg4CjdUYVpqMFU4aXM3R1Bsb2E0bU5y\nMnk0dE8rRitYOXFka1hPY0o1cFc4NjQKLS0tIDh3ZFFDRmFxOE9JSGhQQVFPUFUx\nNnhRaWgyajYxeThlVjRZZitrZXNiZFUKvPRZrWhhaGV6fJkjVZTmxH45Q8yIsvwU\nSm/Lk+5DGdYDndpIbPS61WruI/M49ETskOreu4mqR0MXXsr2HX0+gg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoY0dHK2RlOTlwS1ZpaUIx\nbi94Q0wrWG1PYTJUV29pZGZXRHhGRmNpY2g4CjJ6Uit4Snpqd2QzVjI0b3pNeFJp\nUENMZXVhSk5WN2FmM3VwYzhBbmZkRlEKLS0tIFlTei9wRlEySW1jd1haeGZZOVcy\nZWRFYXQyUTk3NXlIdFdNTHFvdU8wa2cK+r1A0LrXLwi2vwOaPkwr+l+YDYg/Itux\nFrasAERs37YW3/fi1X853lcgy5IDo7t/ld1b4lWFpjJ5z/nbILfCkA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMU9UTjdkSGpxZTVBaDc3\nMVl0aWR3ek5ic1dJL2c3dFNsM1pKTGhSbDFJCnEwWm1EYWhYanhGRVZPSEowc040\nUTBTbFU1QlczYmUyT2VTdURvZDlDQzgKLS0tIGY3Ky82S0hFbGVCeHE5S2c4c0RR\nc2U3bWVYRFYzYTIxL0NKQTNiZlhsTjgKbMQ9m0H20KJvDgMcjvTomkJ1nrbV0elt\nhzw+ipPzoktRuMVkstz1cWA5GcbVQEKqxFToEDhF0b9sNUsCA3dg5A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-30T17:51:54Z", + "mac": "ENC[AES256_GCM,data:vRntbhthWZd1EybzzYGC9gfUdc7h/wChXoKFJ7Cd3AGeiPP+vVwkmhQEpccf/HFSqJB9bTwJ10FJIB7CiJiRlYeorGm4TMSauYvH7PihVyBdwzhCbjA+D553aa6nMzgekfeOzDZePTDpYjc3440SZT6IggOZjsM0hL6SZ91CnJM=,iv:MHT5qwFJrLxjy+aNC9pI6HCHOQ8i3+i3fw4DxsiD/to=,tag:o5fKT6Moj7eqGLsH3YOgig==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/mautrix-whatsapp/environment-file/users/pedro b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/mautrix-whatsapp/environment-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file