fix: matrix
This commit is contained in:
@@ -494,6 +494,10 @@ ${lib.concatStringsSep "\n" (map mkUserRegistration matrixUsers)}
|
||||
})
|
||||
|
||||
(lib.mkIf (cfg.role == "standby") {
|
||||
systemd.targets.postgresql.requires = lib.mkForce [
|
||||
"postgresql.service"
|
||||
];
|
||||
|
||||
# Hot-standby bootstrap: standby.signal + primary_conninfo with passfile.
|
||||
# pg_basebackup must be run manually (see runbook) before this activates
|
||||
# for the first time.
|
||||
|
||||
@@ -31,7 +31,7 @@ in {
|
||||
|
||||
hectic.generic.matrix-cluster = {
|
||||
enable = true;
|
||||
role = "standby";
|
||||
role = "primary";
|
||||
matrixDomain = "accord.tube";
|
||||
signingKeyFile = config.sops.secrets."matrix/signing-key".path;
|
||||
secretsFile = config.sops.secrets."matrix/secrets".path;
|
||||
@@ -190,6 +190,8 @@ in {
|
||||
};
|
||||
sops.secrets."matrix/turn-secret" = {
|
||||
key = "matrix/turn-secret";
|
||||
owner = "turnserver";
|
||||
group = "turnserver";
|
||||
mode = "0400";
|
||||
sopsFile = "${flake}/sus/matrix-cluster.yaml";
|
||||
};
|
||||
|
||||
@@ -62,7 +62,8 @@ in {
|
||||
|
||||
generic.matrix-cluster = {
|
||||
enable = true;
|
||||
role = "primary";
|
||||
overrideEnableSynapse = false;
|
||||
role = "standby";
|
||||
inherit matrixDomain;
|
||||
signingKeyFile = config.sops.secrets."matrix/signing-key".path;
|
||||
secretsFile = config.sops.secrets."matrix/secrets".path;
|
||||
@@ -95,7 +96,7 @@ in {
|
||||
allowedSourceIPs = [ "91.198.166.181/32" ];
|
||||
};
|
||||
acme = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path;
|
||||
porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path;
|
||||
};
|
||||
@@ -187,8 +188,8 @@ in {
|
||||
};
|
||||
sops.secrets."matrix/turn-secret" = {
|
||||
key = "matrix/turn-secret";
|
||||
owner = "turnserver";
|
||||
group = "turnserver";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0400";
|
||||
sopsFile = "${flake}/sus/matrix-cluster.yaml";
|
||||
};
|
||||
|
||||
@@ -27,6 +27,8 @@ matrix:
|
||||
password: ENC[AES256_GCM,data:heZSXKj9MCQcY7wH,iv:PdIo3PhXTiGt8JiwafxQA7ysjJ3MJ0hrgCMO+sCs4Oo=,tag:iQYP6r44F3J+xEkam7Zjiw==,type:str]
|
||||
vismajor:
|
||||
password: ENC[AES256_GCM,data:drD8JaqQ5tg=,iv:LnDMbaPRTxOBtqN7ZbWXd6FcSWJQ808Vv7Zxugozn8g=,tag:t6w4TPkYphF+wSbAKzHUIw==,type:str]
|
||||
snuff:
|
||||
password: ENC[AES256_GCM,data:DG+35VxkuCfmz4UxF70YI+E+TJTD,iv:1pdXLohOKVsmGrwLdg0p9wncCUnaJYQIPdGtJaG1Wsc=,tag:2Aa8zjSMiDfYW3Kh7/5Jrg==,type:str]
|
||||
turn-secret: ENC[AES256_GCM,data:2RerKgYNFXEVM/YVmXt2l+t3BqduS+FlmjBWTA==,iv:6odb0HB9mntsceNaJtU2kwEVAiF0O88u47eDPLZVJbs=,tag:BJXAvK8abcnCLi96Kra5zA==,type:str]
|
||||
wg-bfs:
|
||||
private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str]
|
||||
@@ -89,7 +91,7 @@ sops:
|
||||
Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck
|
||||
qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-05-23T17:31:37Z"
|
||||
mac: ENC[AES256_GCM,data:B8htf29e/p9cf8twsXohXGWBG6B7Onv9OZ9OSy4O/l7k1RaJOqIPazsmkTDs5Ipkr1X2k1roaS2tJYWm2uu5sAZxoHQw5ajTmTJ1g+R6TEZcnU+AQi1AkSeS+k0p4j5zbFDRjZswVc2slGfJNUm19f9v/Mc2b43o0u6yoVoYw/8=,iv:z+XqfLfJtKjyMuYfVvp4rjyOBI3ujzSJy6jDvkB2I70=,tag:ebQfV0hBu3JUb+OYMFP5xQ==,type:str]
|
||||
lastmodified: "2026-05-25T20:54:48Z"
|
||||
mac: ENC[AES256_GCM,data:fb6JjwTKbXayFOmLF/QaKiYHK1gnYK7E6y7OGARzfpwh9nV28n/aydgQiJ1+aS+88QgRbXbHdGH8GGeqKzApA1TczomYnm/BRA+gUsLIKGDbsamArtY8BqTC9ZEwVXK/izcwURWbTabJYA9FsK+ggYskwNOJmrukh5mhtKVmeUo=,iv:INodLtYp54Bm4YdGhJbrqaXMb90CyAG/8aHs3iIFXzY=,tag:jKMl0a9ZdmIh/ayvEvLNsw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
Reference in New Issue
Block a user