diff --git a/hosts/imxyy-nix-server/matrix.nix b/hosts/imxyy-nix-server/matrix.nix index 37e2789..c6479fb 100644 --- a/hosts/imxyy-nix-server/matrix.nix +++ b/hosts/imxyy-nix-server/matrix.nix @@ -95,7 +95,12 @@ displayname_template = "{displayname} (Telegram)"; permissions = { "@imxyy_soope_:imxyy.top" = "admin"; + "*" = "relaybot"; }; + relaybot = { + whitelist = [ ]; + }; + relay_user_distinguishers = [ ]; }; telegram = { # borrowed from https://github.com/telegramdesktop/tdesktop/blob/9bdc19e2fd4d497c8f403891848383a88faadc25/snap/snapcraft.yaml#L134-L135 @@ -104,4 +109,35 @@ }; }; }; + sops.secrets.mautrix-signal = { + sopsFile = secrets.mautrix-signal; + restartUnits = [ "mautrix-signal.service" ]; + format = "dotenv"; + owner = "mautrix-signal"; + group = "mautrix-signal"; + }; + services.mautrix-signal = { + enable = true; + environmentFile = config.sops.secrets.mautrix-signal.path; + settings = { + homeserver = { + address = "http://127.0.0.1:8094"; + domain = "imxyy.top"; + }; + appservice = { + address = "http://127.0.0.1:8102"; + hostname = "127.0.0.1"; + port = 8102; + bot_username = "signalbot"; + }; + bridge = { + username_template = "signal_{userid}"; + alias_template = "signal_{groupname}"; + displayname_template = "{displayname} (Signal)"; + permissions = { + "@imxyy_soope_:imxyy.top" = "admin"; + }; + }; + }; + }; } diff --git a/secrets/mautrix-signal.env b/secrets/mautrix-signal.env new file mode 100644 index 0000000..25f0017 --- /dev/null +++ b/secrets/mautrix-signal.env @@ -0,0 +1,11 @@ +MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET=ENC[AES256_GCM,data:1ruOcaLzDndGuCed9yhlBJb6kxpkBvSDl8uPZNsIa7EHVN7xLrquo5hCW7pMneTmJbulvVM5wm321WAaeTOj0jx/gkkCnh0duja2,iv:IVtdYE67ArlQN94q/TlY3oFzoYHBQxuPLu8ClDu0798=,tag:zjnFtvBdryZSiL6Y3J4g1A==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSAyUGVr\neFhRVERqUy9pRkFNRUVvQ3NMNFlnZEtQVnNhaWZJbzJUUWN4cG1ZCkduU2NJYnIz\nWm9vWHpGS2hPL1ZNdlhHRWJDaGJYOVFucXA3QktLV1VOdDAKLS0tIDROd2dtMm4v\nN1ZETmxkemk5RFNsU3AzTEphYlVKMTVzajFQNytRRGNBUmMKEwwN7MnPNP0ze0XJ\nm7QTQJhnd9QihXpGVYWKneL2Ef2YU1FZGUPOez9syDRepY/tl8jSFo77+aCLJ2/H\nPzM/4Q==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyA0S0VJ\nTlVpOStxVU1rZ0E2MVVNWmI0d0VxMStSeFJ3dnpONTR3N044dWg0CnZBOFpDbkw3\nWjJ6ZHRQaDNaV2JDNHRYWkdSOVFBSDF5M0kvOExaSnBCeGcKLS0tIGJOSCtHRlNt\ncmpYTmN4dklYWEp1WjR0Uk16VkJjRFNqb2hQNEZHSkdSa1EKpO1hMZr1NTzrEbCr\nycIvP4J3U9X1iTAL2/R98lOhUVPWlu7QN1GWvQIyB3TInTIpKNVV1Q8nkrq8GSFG\n6QHTCA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire +sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBWbk1h\ndVhCL2kyczUvR09YY3lvYXlmeExjdHYvd1dNQktHcUFVeWdYeFQ4CmJQSTVjY1Bq\nLzh1ZnpEWVJvaUZCeU0rMk5UWXBmMmNDMi9xTERlSlIyd1kKLS0tIHJaYlpaQmtE\nd21nQThCTXBVU0RJRnV0OHFTcWZYeSt4eWlmQVVyUWNSdGsKaPXqoSWS87MOHETx\nl7dbIo4maAV+eXbAbEYF2dZzw+Fea5vTrfsg1QQ4YVNGib7o8nvG2vouMyqq6vI3\n37HGfg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ +sops_lastmodified=2026-04-15T09:41:45Z +sops_mac=ENC[AES256_GCM,data:yh+dEf2fPHMBLppZ7/oMk7iBZnKJ3Jsiq7H6Kla5/r3/ERHZl1d1TPWwIOAwcc4yOiVKCAgXxN+mY/w9Nn0AbfpXUDYgQPoWMZPuAC97eXsCutzOM6GXdmxuIL3Glah4dAYP6Bj34nuKpp4+G6m08Eni65wQJUYRyY6JQHnc5Kc=,iv:Xmnm2VjIVxtIH5TSnWnHQUq22DbubdrZshWZzX+NeF0=,tag:LD8HBRa/vWERhrA3DzMzIg==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.12.2 diff --git a/secrets/mautrix-telegram.env b/secrets/mautrix-telegram.env index 9bf8b8a..9aa3a31 100644 --- a/secrets/mautrix-telegram.env +++ b/secrets/mautrix-telegram.env @@ -1,13 +1,14 @@ MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=ENC[AES256_GCM,data:B+gL1Ai045XiEcBkFcaEwByEdHgCrbc00Efd/WEb/s1l3rhIqdEmdyhnpqYJQojDQ8cQfYb1gMOW38sZ0GL4zA==,iv:F3Y92S3rM1qUrRN0cR5SFep+ExeP90l/oiWmrDk4yfc=,tag:CZrujwoVdGFiDKMxgM1tCg==,type:str] MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=ENC[AES256_GCM,data:LDNVwG4cOqgb7stZFCAbzBpqTvt+kcuItaVGrM6Zd1wpxTZJ+sHQTf7acCh1obxdw1S13j8Kw2FsmBk4ojkWtQ==,iv:WJrt9G6BhZTuCxxC9A2AlRvon/MlCa9Y5dGNZ2DO7Mw=,tag:H0SLY4E/G1eJ0Tua+/zxww==,type:str] MAUTRIX_TELEGRAM_BRIDGE_LOGIN_SHARED_SECRET_MAP=ENC[AES256_GCM,data:UcpnOqYwa3fFvU6/A+qUMfB784FuX/wBoilS3lZs3HHLazr9a12m9xivVs+9Kd7l+5xi5VqtQf9ZyF6EjGIeAFc4BFpADx2uvL7HP5kZ2WLGky/un1w=,iv:9ZtTU/iPhOX30uSbx7h3IMUcnCh127lE18Z3gkiydzo=,tag:DzHPBeKl9C28shR6c6t6mA==,type:str] +MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN=ENC[AES256_GCM,data:Gurr78m30j5bhutgJxGCZL4EC5Il0dOCiKnqTG+JskULiwn+82ejo4W+iygvkA==,iv:0DmEq8HmS3S1pKHb47gsZ6/m2Gr2jP6dlw3ytDPfRhE=,tag:8QmMUgv6KigJT4jA4caLFQ==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSAyUGVr\neFhRVERqUy9pRkFNRUVvQ3NMNFlnZEtQVnNhaWZJbzJUUWN4cG1ZCkduU2NJYnIz\nWm9vWHpGS2hPL1ZNdlhHRWJDaGJYOVFucXA3QktLV1VOdDAKLS0tIDROd2dtMm4v\nN1ZETmxkemk5RFNsU3AzTEphYlVKMTVzajFQNytRRGNBUmMKEwwN7MnPNP0ze0XJ\nm7QTQJhnd9QihXpGVYWKneL2Ef2YU1FZGUPOez9syDRepY/tl8jSFo77+aCLJ2/H\nPzM/4Q==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyA0S0VJ\nTlVpOStxVU1rZ0E2MVVNWmI0d0VxMStSeFJ3dnpONTR3N044dWg0CnZBOFpDbkw3\nWjJ6ZHRQaDNaV2JDNHRYWkdSOVFBSDF5M0kvOExaSnBCeGcKLS0tIGJOSCtHRlNt\ncmpYTmN4dklYWEp1WjR0Uk16VkJjRFNqb2hQNEZHSkdSa1EKpO1hMZr1NTzrEbCr\nycIvP4J3U9X1iTAL2/R98lOhUVPWlu7QN1GWvQIyB3TInTIpKNVV1Q8nkrq8GSFG\n6QHTCA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBWbk1h\ndVhCL2kyczUvR09YY3lvYXlmeExjdHYvd1dNQktHcUFVeWdYeFQ4CmJQSTVjY1Bq\nLzh1ZnpEWVJvaUZCeU0rMk5UWXBmMmNDMi9xTERlSlIyd1kKLS0tIHJaYlpaQmtE\nd21nQThCTXBVU0RJRnV0OHFTcWZYeSt4eWlmQVVyUWNSdGsKaPXqoSWS87MOHETx\nl7dbIo4maAV+eXbAbEYF2dZzw+Fea5vTrfsg1QQ4YVNGib7o8nvG2vouMyqq6vI3\n37HGfg==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ -sops_lastmodified=2025-08-22T02:52:07Z -sops_mac=ENC[AES256_GCM,data:ahjIUwIKPUfqTSl704AekBIVTTe8n0YUbMyVKxFSZb5ZoaQ3KRVgWPWCAn9n/Qwpa1oHWvVcqqbTd+wrxqmkpOgFCfg72ZWdPsSbzg6RGcUVHlg5r2b9DE7Pq+qDtgNBVkmdmlCAY2+mQTepXv8fGbWltu6tzdqOvsOBwfSw694=,iv:OJ2M6X23k5LokCrx4Ekz2a5+hUGV66YNjlFBQZdrkSA=,tag:2xjX3CX45kkpYt+skEgKOw==,type:str] +sops_lastmodified=2026-04-13T07:43:39Z +sops_mac=ENC[AES256_GCM,data:xZVKnXOP27j7fiFaiTQbKDCYKg2ywPfzqY0TSJK6C28MAANXYqTBSvDKBmrw64bNQrf1hcUNV3nqqVGMjCPDg2NkY4bWYPYpGKMKZEQ0WmMeR5Dudlryi2+ga9f9fG9vs0u8YJGJvMnob2EvfpPKI5tPBiCLc8AC5vCVlxrRvTM=,iv:PqI752mqSn7oZV4vwS/t/whRTUG1GTnYwmLP2GOqHdg=,tag:C4cso3fEjmX9jqEFDWrDIQ==,type:str] sops_unencrypted_suffix=_unencrypted -sops_version=3.10.2 +sops_version=3.12.2