diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index 6b224d2..be7b5a2 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -54,6 +54,10 @@ group = "matrix-synapse"; }; + signald-environment = { + file = ./signald/environment.age; + }; + mosquitto-password-weewx-proxy = { file = ./mosquitto/passwordWeewxProxy.age; owner = "mosquitto"; diff --git a/agenix/hosts/sail/signald/environment.age b/agenix/hosts/sail/signald/environment.age new file mode 100644 index 0000000..c57754c --- /dev/null +++ b/agenix/hosts/sail/signald/environment.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBnOFBF +VGgxaWd4TFI3Kzc1MTVOZ3oyTkw5OUFJQ1VvejhPVFpBaG5LZlIwCnZldWd2OGNS +a3dSaEZzOWdKaHRCdjJSWXRzM3F0bFZZTEVhYWROdUVOSEkKLT4gc3NoLWVkMjU1 +MTkgTmJWNGh3IGtQMS9ubGIwaXB2SHlQV1JwUHk0T2orN1VxQ1p3THVlU1ovcW5j +VU5QUmsKdkNVbW90bVhjNW5BZkVya1ViS0lRY0kvT05IK3pNc2JJcFlWd2xxcElM +QQotPiBnLWdyZWFzZSBKbyRNY0s/Ck9QQy83OCtKNUpCYnhBCi0tLSBzNFB2eTJ5 +c2p2bHhMeWdSMTBXTmoyaExST1lpZmJsSEt3UmdHbGJEZnhvCvqkLX1gUWNIX4gQ +5hj/S53ekxGqauFA0b+DZ+JxORK90CdRHvenBUeuxfqwjPwlQQXwmL2DDoTVU2qu +HlMitZrjsV8pcHm6HXOdOPBldWbpfvr1ET/rM7OEo5eW/EPqdTvsgLHjKetsra3V +4eqciGp4HlcEQPU6p9i9R0Kv +-----END AGE ENCRYPTED FILE----- diff --git a/container/matrix/config.nix b/container/matrix/config.nix deleted file mode 100644 index fcaf950..0000000 --- a/container/matrix/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /etc/container-matrix/signald 0775 0 0" - "d /etc/container-matrix/signal 0775 1337 1337" - "d /etc/container-matrix/whatsapp 0775 1337 1337" - ]; - - # Matrix: Signal - - environment.etc."container-matrix/signal/config.yaml" = { - source = ../../secret/container/matrix/config/signal.yaml; - mode = "0640"; - uid = 1337; - gid = 1337; - }; - - # Matrix: WhatsApp - - environment.etc."container-matrix/whatsapp/config.yaml" = { - source = ../../secret/container/matrix/config/whatsapp.yaml; - mode = "0640"; - uid = 1337; - gid = 1337; - }; -} diff --git a/container/matrix/default.nix b/container/matrix/default.nix index 17141bc..35effd1 100644 --- a/container/matrix/default.nix +++ b/container/matrix/default.nix @@ -1,61 +1,67 @@ -let - secret = import ../../secret/container/matrix; - custom-config = import ./config.nix; -in +{ config, ... }: + { - virtualisation.arion.projects.matrix.settings = { - services = { - signald = { - service = { - image = "registry.gitlab.com/signald/signald:latest"; - container_name = "signald"; - restart = "unless-stopped"; - volumes = [ - "/etc/container-matrix/signald:/signald" - ]; - environment = { - SIGNALD_DATABASE = secret.container.matrix.signald.environment.database; - }; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - "io.containers.autoupdate" = "registry"; - }; - }; - }; + virtualisation.oci-containers.containers = { + signald = { + image = "registry.gitlab.com/signald/signald:latest"; + environmentFiles = [ config.age.secrets.signald-environment.path ]; + volumes = [ + "/etc/container-matrix/signald:/signald" + ]; + extraOptions = [ + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - matrix-signal = { - service = { - image = "dock.mau.dev/mautrix/signal:latest"; - container_name = "mautrix-signal"; - restart = "unless-stopped"; - depends_on = [ "signald" ]; - ports = [ "29328:29328" ]; - volumes = [ - "/etc/container-matrix/signal:/data" - "/etc/container-matrix/signald:/signald" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - "io.containers.autoupdate" = "registry"; - }; - }; - }; + matrix-signal = { + image = "dock.mau.dev/mautrix/signal:latest"; + dependsOn = [ "signald" ]; + ports = [ "127.0.0.1:29328:29328" ]; + volumes = [ + "/etc/container-matrix/signal:/data" + "/etc/container-matrix/signald:/signald" + ]; + extraOptions = [ + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; - matrix-whatsapp = { - service = { - image = "dock.mau.dev/mautrix/whatsapp:latest"; - container_name = "mautrix-whatsapp"; - restart = "unless-stopped"; - ports = [ "29318:29318" ]; - volumes = [ - "/etc/container-matrix/whatsapp:/data" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - "io.containers.autoupdate" = "registry"; - }; - }; - }; + matrix-whatsapp = { + image = "dock.mau.dev/mautrix/whatsapp:latest"; + ports = [ "127.0.0.1:29318:29318" ]; + volumes = [ + "/etc/container-matrix/whatsapp:/data" + ]; + extraOptions = [ + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; }; }; -} // custom-config + + systemd.tmpfiles.rules = [ + "d /etc/container-matrix/signald 0775 0 0" + "d /etc/container-matrix/signal 0775 1337 1337" + "d /etc/container-matrix/whatsapp 0775 1337 1337" + ]; + + # Matrix: Signal + + environment.etc."container-matrix/signal/config.yaml" = { + source = ../../secret/container/matrix/config/signal.yaml; + mode = "0640"; + uid = 1337; + gid = 1337; + }; + + # Matrix: WhatsApp + + environment.etc."container-matrix/whatsapp/config.yaml" = { + source = ../../secret/container/matrix/config/whatsapp.yaml; + mode = "0640"; + uid = 1337; + gid = 1337; + }; +} diff --git a/secret/container/matrix/default.nix b/secret/container/matrix/default.nix deleted file mode 100644 index 0ef1a68..0000000 Binary files a/secret/container/matrix/default.nix and /dev/null differ diff --git a/secrets.nix b/secrets.nix index 2e68edd..5bfbd0a 100644 --- a/secrets.nix +++ b/secrets.nix @@ -19,6 +19,8 @@ in "agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail; + "agenix/hosts/sail/signald/environment.age".publicKeys = sail; + "agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail; "agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail;