felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-04 09:10:01 +01:00
Code Issues Projects Releases Wiki Activity

bicep/hookshot: add passkey to sops

Browse Source
This commit is contained in:
h7x4
2026-01-26 21:52:58 +09:00
parent e01fd902eb
commit c3c98392ad
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/bicep/services/matrix/hookshot/default.nix
View File

@@ -14,6 +14,10 @@ in
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "hookshot/hs_token";
};
sops.secrets."matrix/hookshot/passkey" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "hookshot/passkey";
};
sops.templates."hookshot-registration.yaml" = {
owner = config.users.users.matrix-synapse.name;
@@ -44,9 +48,14 @@ in
};
systemd.services.matrix-hookshot = {
serviceConfig.SupplementaryGroups = [
config.users.groups.keys-matrix-registrations.name
];
serviceConfig = {
SupplementaryGroups = [
config.users.groups.keys-matrix-registrations.name
];
LoadCredential = [
"passkey.pem:${config.sops.secrets."matrix/hookshot/passkey".path}"
];
};
};
services.matrix-hookshot = {
@@ -54,6 +63,8 @@ in
package = unstablePkgs.matrix-hookshot;
registrationFile = config.sops.templates."hookshot-registration.yaml".path;
settings = {
passFile = "/run/credentials/matrix-hookshot.service/passkey.pem";
bridge = {
bindAddress = "127.0.0.1";
domain = "pvv.ntnu.no";
@@ -61,6 +72,7 @@ in
mediaUrl = "https://matrix.pvv.ntnu.no";
port = 9993;
};
listeners = [
{
bindAddress = webhookListenAddress;
@@ -73,6 +85,7 @@ in
];
}
];
generic = {
enabled = true;
outbound = true;