hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: matrix

Browse Source
This commit is contained in:
yukkop
2026-05-25 23:12:05 +00:00
parent 4ce1945abe
commit 92f55320b5
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/module/generic/matrix-cluster.nix
View File

@@ -494,6 +494,10 @@ ${lib.concatStringsSep "\n" (map mkUserRegistration matrixUsers)}
}) })
(lib.mkIf (cfg.role == "standby") { (lib.mkIf (cfg.role == "standby") {
systemd.targets.postgresql.requires = lib.mkForce [
"postgresql.service"
];
# Hot-standby bootstrap: standby.signal + primary_conninfo with passfile. # Hot-standby bootstrap: standby.signal + primary_conninfo with passfile.
# pg_basebackup must be run manually (see runbook) before this activates # pg_basebackup must be run manually (see runbook) before this activates
# for the first time. # for the first time.

4
nixos/system/bfs.poland.xray/bfs.poland.xray.nix
View File

@@ -31,7 +31,7 @@ in {
hectic.generic.matrix-cluster = { hectic.generic.matrix-cluster = {
enable = true; enable = true;
role = "standby"; role = "primary";
matrixDomain = "accord.tube"; matrixDomain = "accord.tube";
signingKeyFile = config.sops.secrets."matrix/signing-key".path; signingKeyFile = config.sops.secrets."matrix/signing-key".path;
secretsFile = config.sops.secrets."matrix/secrets".path; secretsFile = config.sops.secrets."matrix/secrets".path;
@@ -190,6 +190,8 @@ in {
}; };
sops.secrets."matrix/turn-secret" = { sops.secrets."matrix/turn-secret" = {
key = "matrix/turn-secret"; key = "matrix/turn-secret";
owner = "turnserver";
group = "turnserver";
mode = "0400"; mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml"; sopsFile = "${flake}/sus/matrix-cluster.yaml";
}; };

9
nixos/system/hectic-lab/hectic-lab.nix
View File

@@ -62,7 +62,8 @@ in {
generic.matrix-cluster = { generic.matrix-cluster = {
enable = true; enable = true;
role = "primary"; overrideEnableSynapse = false;
role = "standby";
inherit matrixDomain; inherit matrixDomain;
signingKeyFile = config.sops.secrets."matrix/signing-key".path; signingKeyFile = config.sops.secrets."matrix/signing-key".path;
secretsFile = config.sops.secrets."matrix/secrets".path; secretsFile = config.sops.secrets."matrix/secrets".path;
@@ -95,7 +96,7 @@ in {
allowedSourceIPs = [ "91.198.166.181/32" ]; allowedSourceIPs = [ "91.198.166.181/32" ];
}; };
acme = { acme = {
enable = true; enable = false;
porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path; porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path;
porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path; porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path;
}; };
@@ -187,8 +188,8 @@ in {
}; };
sops.secrets."matrix/turn-secret" = { sops.secrets."matrix/turn-secret" = {
key = "matrix/turn-secret"; key = "matrix/turn-secret";
owner = "turnserver"; owner = "root";
group = "turnserver"; group = "root";
mode = "0400"; mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml"; sopsFile = "${flake}/sus/matrix-cluster.yaml";
}; };

6
sus/hectic-lab.yaml
View File

@@ -27,6 +27,8 @@ matrix:
password: ENC[AES256_GCM,data:heZSXKj9MCQcY7wH,iv:PdIo3PhXTiGt8JiwafxQA7ysjJ3MJ0hrgCMO+sCs4Oo=,tag:iQYP6r44F3J+xEkam7Zjiw==,type:str] password: ENC[AES256_GCM,data:heZSXKj9MCQcY7wH,iv:PdIo3PhXTiGt8JiwafxQA7ysjJ3MJ0hrgCMO+sCs4Oo=,tag:iQYP6r44F3J+xEkam7Zjiw==,type:str]
vismajor: vismajor:
password: ENC[AES256_GCM,data:drD8JaqQ5tg=,iv:LnDMbaPRTxOBtqN7ZbWXd6FcSWJQ808Vv7Zxugozn8g=,tag:t6w4TPkYphF+wSbAKzHUIw==,type:str] password: ENC[AES256_GCM,data:drD8JaqQ5tg=,iv:LnDMbaPRTxOBtqN7ZbWXd6FcSWJQ808Vv7Zxugozn8g=,tag:t6w4TPkYphF+wSbAKzHUIw==,type:str]
snuff:
password: ENC[AES256_GCM,data:DG+35VxkuCfmz4UxF70YI+E+TJTD,iv:1pdXLohOKVsmGrwLdg0p9wncCUnaJYQIPdGtJaG1Wsc=,tag:2Aa8zjSMiDfYW3Kh7/5Jrg==,type:str]
turn-secret: ENC[AES256_GCM,data:2RerKgYNFXEVM/YVmXt2l+t3BqduS+FlmjBWTA==,iv:6odb0HB9mntsceNaJtU2kwEVAiF0O88u47eDPLZVJbs=,tag:BJXAvK8abcnCLi96Kra5zA==,type:str] turn-secret: ENC[AES256_GCM,data:2RerKgYNFXEVM/YVmXt2l+t3BqduS+FlmjBWTA==,iv:6odb0HB9mntsceNaJtU2kwEVAiF0O88u47eDPLZVJbs=,tag:BJXAvK8abcnCLi96Kra5zA==,type:str]
wg-bfs: wg-bfs:
private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str] private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str]
@@ -89,7 +91,7 @@ sops:
Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck
qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw== qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-23T17:31:37Z" lastmodified: "2026-05-25T20:54:48Z"
mac: ENC[AES256_GCM,data:B8htf29e/p9cf8twsXohXGWBG6B7Onv9OZ9OSy4O/l7k1RaJOqIPazsmkTDs5Ipkr1X2k1roaS2tJYWm2uu5sAZxoHQw5ajTmTJ1g+R6TEZcnU+AQi1AkSeS+k0p4j5zbFDRjZswVc2slGfJNUm19f9v/Mc2b43o0u6yoVoYw/8=,iv:z+XqfLfJtKjyMuYfVvp4rjyOBI3ujzSJy6jDvkB2I70=,tag:ebQfV0hBu3JUb+OYMFP5xQ==,type:str] mac: ENC[AES256_GCM,data:fb6JjwTKbXayFOmLF/QaKiYHK1gnYK7E6y7OGARzfpwh9nV28n/aydgQiJ1+aS+88QgRbXbHdGH8GGeqKzApA1TczomYnm/BRA+gUsLIKGDbsamArtY8BqTC9ZEwVXK/izcwURWbTabJYA9FsK+ggYskwNOJmrukh5mhtKVmeUo=,iv:INodLtYp54Bm4YdGhJbrqaXMb90CyAG/8aHs3iIFXzY=,tag:jKMl0a9ZdmIh/ayvEvLNsw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2