hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: matrix-cluster: shared users

Browse Source
This commit is contained in:
yukkop
2026-05-27 12:41:51 +00:00
parent 92f55320b5
commit a8dd82d05f
5 changed files with 67 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
nixos/module/generic/matrix-cluster-users.nix Normal file
View File

@@ -0,0 +1,48 @@
{
inputs,
flake,
self,
}: {
config,
...
}: {
hectic.generic.matrix-cluster.users = {
yukkop = {
passwordFile = config.sops.secrets."matrix/users/yukkop/password".path;
admin = true;
};
liquiz = {
passwordFile = config.sops.secrets."matrix/users/liquiz/password".path;
};
vismajor = {
passwordFile = config.sops.secrets."matrix/users/vismajor/password".path;
};
lvgkcfjl = {
passwordFile = config.sops.secrets."matrix/users/lvgkcfjl/password".path;
};
};
sops.secrets."matrix/users/yukkop/password" = {
key = "matrix/users/yukkop/password";
owner = "matrix-synapse";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/users/liquiz/password" = {
key = "matrix/users/liquiz/password";
owner = "matrix-synapse";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/users/vismajor/password" = {
key = "matrix/users/vismajor/password";
owner = "matrix-synapse";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
sops.secrets."matrix/users/lvgkcfjl/password" = {
key = "matrix/users/lvgkcfjl/password";
owner = "matrix-synapse";
sopsFile = "${flake}/sus/matrix-cluster.yaml";
};
}

1
nixos/system/bfs.poland.xray/bfs.poland.xray.nix
View File

@@ -22,6 +22,7 @@ in {
imports = [ imports = [
self.nixosModules.xray-system self.nixosModules.xray-system
self.nixosModules.matrix-cluster self.nixosModules.matrix-cluster
self.nixosModules.matrix-cluster-users
]; ];
hectic.generic.xray-system = { hectic.generic.xray-system = {

32
nixos/system/hectic-lab/hectic-lab.nix
View File

@@ -25,6 +25,7 @@ in {
self.nixosModules.hectic self.nixosModules.hectic
self.nixosModules.matrix-cluster self.nixosModules.matrix-cluster
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
self.nixosModules.matrix-cluster-users
self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl
self.nixosModules."shadowsocks" # NOTE(nrv): usage/instance self.nixosModules."shadowsocks" # NOTE(nrv): usage/instance
@@ -69,21 +70,6 @@ in {
secretsFile = config.sops.secrets."matrix/secrets".path; secretsFile = config.sops.secrets."matrix/secrets".path;
turnSecretFile = config.sops.secrets."matrix/turn-secret".path; turnSecretFile = config.sops.secrets."matrix/turn-secret".path;
publicIp = "128.140.75.58"; publicIp = "128.140.75.58";
users = {
yukkop = {
passwordFile = config.sops.secrets."matrix/users/yukkop/password".path;
admin = true;
};
liquiz = {
passwordFile = config.sops.secrets."matrix/users/liquiz/password".path;
};
vismajor = {
passwordFile = config.sops.secrets."matrix/users/vismajor/password".path;
};
lvgkcfjl = {
passwordFile = config.sops.secrets."matrix/users/lvgkcfjl/password".path;
};
};
objectStorage.s3 = { objectStorage.s3 = {
bucket = "matrix-hectic-lab"; bucket = "matrix-hectic-lab";
regionName = "hel1"; regionName = "hel1";
@@ -193,22 +179,6 @@ in {
mode = "0400"; mode = "0400";
sopsFile = "${flake}/sus/matrix-cluster.yaml"; sopsFile = "${flake}/sus/matrix-cluster.yaml";
}; };
sops.secrets."matrix/users/yukkop/password" = {
key = "matrix/users/yukkop/password";
owner = "matrix-synapse";
};
sops.secrets."matrix/users/liquiz/password" = {
key = "matrix/users/liquiz/password";
owner = "matrix-synapse";
};
sops.secrets."matrix/users/vismajor/password" = {
key = "matrix/users/vismajor/password";
owner = "matrix-synapse";
};
sops.secrets."matrix/users/lvgkcfjl/password" = {
key = "matrix/users/lvgkcfjl/password";
owner = "matrix-synapse";
};
sops.secrets."matrix/object-storage/credentials" = { sops.secrets."matrix/object-storage/credentials" = {
key = "matrix/object-storage/credentials"; key = "matrix/object-storage/credentials";
owner = "matrix-synapse"; owner = "matrix-synapse";

20
sus/hectic-lab.yaml
View File

@@ -14,22 +14,6 @@ mailserver:
lvgkcfjl: lvgkcfjl:
hashedPassword: ENC[AES256_GCM,data:Nm1ijH8DU+HdeN5fOjAsf1Y0jEubiIbBq6NMJsxeMqFNBt6dU1IN9e99Y/7X6xh55JN2e8H1cUohgT7lWTywTOAtjAbOz5SHHQ==,iv:PVormkYkIIV39rjoODcZFtNBUWbO/yeiJWhwusGTnrE=,tag:96Xab0zoZtGkiIigq8Weyg==,type:str] hashedPassword: ENC[AES256_GCM,data:Nm1ijH8DU+HdeN5fOjAsf1Y0jEubiIbBq6NMJsxeMqFNBt6dU1IN9e99Y/7X6xh55JN2e8H1cUohgT7lWTywTOAtjAbOz5SHHQ==,iv:PVormkYkIIV39rjoODcZFtNBUWbO/yeiJWhwusGTnrE=,tag:96Xab0zoZtGkiIigq8Weyg==,type:str]
init-postgresql: ENC[AES256_GCM,data:Iw8M2P1QoqPVaEdM8Zo0qlHrYgop0iknDY4NtgDo,iv:RWj9AFnh4/KWCm3UH4RoCdM2lzsXGY7A7qko8xCxjp8=,tag:l8acSq8+NBXB4L1rVzG6kw==,type:str] init-postgresql: ENC[AES256_GCM,data:Iw8M2P1QoqPVaEdM8Zo0qlHrYgop0iknDY4NtgDo,iv:RWj9AFnh4/KWCm3UH4RoCdM2lzsXGY7A7qko8xCxjp8=,tag:l8acSq8+NBXB4L1rVzG6kw==,type:str]
matrix:
object-storage:
credentials: ENC[AES256_GCM,data:n2sDhGMR8y0in9pdn4zNEQBC5dqk+4JwbuJgEeQxyjn8bL9GebFBaqeE+frvPAGXj/DgpU6lFlFPgaGTWaMZAEEVpXyFeOdODpgW049q83ug5e4j/mbZgFM36XoItw==,iv:MW9H0zASdrY7SX1XM/jfoBihBYX0Fmlew4f71AvvV6Y=,tag:cAiOKUtOeTnczudps8YgQw==,type:str]
secrets: ENC[AES256_GCM,data:ivXp2YSiMI4hgL6122Ex+fGW0lsZvGD6XmiRvNgFgvzLH5yDv9uLsYcGCTYfQSL3X5VyIMGvsdRF+4pbIjBZMuQKrjvXv74E7aFBLQ2Qk98N3IIrznUFR3KXbHR6xXy5ILd7Bmw5JI/ZHULbmITahXUBt2kEJvfh4eAtqShNA4vsJrabHX9A8Q+2Ddp16w0cWftV5++WXzlNpvIc2Py6BwvfroNAjpSaO+ILYDOIL7XjPvF83fTt64pxZ9nsi3hCzcDtBgGkqc8=,iv:wvt9V2uYQUwivSwEIYZwcHjXr5WwMw19lgFDIa1CcVw=,tag:/22UZvp7+1hLbt+kV+wokQ==,type:str]
users:
yukkop:
password: ENC[AES256_GCM,data:2JUc8U87HVrJIDc9j2InZKgTRQBP,iv:0tuM7TFENbiVi7aM0nTgvRJrK0vGLewsmWJz2MUi62g=,tag:RL61PCXzQFLObBwXthpk5Q==,type:str]
liquiz:
password: ENC[AES256_GCM,data:6y3eFrfAZ88=,iv:yEIr1Oq4x3jnWcymHwrLDioKqapzaiOfNPvkgiNIOiw=,tag:CJ3gWTRpQtEEaMkYUOb8Mg==,type:str]
lvgkcfjl:
password: ENC[AES256_GCM,data:heZSXKj9MCQcY7wH,iv:PdIo3PhXTiGt8JiwafxQA7ysjJ3MJ0hrgCMO+sCs4Oo=,tag:iQYP6r44F3J+xEkam7Zjiw==,type:str]
vismajor:
password: ENC[AES256_GCM,data:drD8JaqQ5tg=,iv:LnDMbaPRTxOBtqN7ZbWXd6FcSWJQ808Vv7Zxugozn8g=,tag:t6w4TPkYphF+wSbAKzHUIw==,type:str]
snuff:
password: ENC[AES256_GCM,data:DG+35VxkuCfmz4UxF70YI+E+TJTD,iv:1pdXLohOKVsmGrwLdg0p9wncCUnaJYQIPdGtJaG1Wsc=,tag:2Aa8zjSMiDfYW3Kh7/5Jrg==,type:str]
turn-secret: ENC[AES256_GCM,data:2RerKgYNFXEVM/YVmXt2l+t3BqduS+FlmjBWTA==,iv:6odb0HB9mntsceNaJtU2kwEVAiF0O88u47eDPLZVJbs=,tag:BJXAvK8abcnCLi96Kra5zA==,type:str]
wg-bfs: wg-bfs:
private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str] private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str]
ss-bfs: ss-bfs:
@@ -91,7 +75,7 @@ sops:
Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck
qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw== qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-25T20:54:48Z" lastmodified: "2026-05-27T12:36:35Z"
mac: ENC[AES256_GCM,data:fb6JjwTKbXayFOmLF/QaKiYHK1gnYK7E6y7OGARzfpwh9nV28n/aydgQiJ1+aS+88QgRbXbHdGH8GGeqKzApA1TczomYnm/BRA+gUsLIKGDbsamArtY8BqTC9ZEwVXK/izcwURWbTabJYA9FsK+ggYskwNOJmrukh5mhtKVmeUo=,iv:INodLtYp54Bm4YdGhJbrqaXMb90CyAG/8aHs3iIFXzY=,tag:jKMl0a9ZdmIh/ayvEvLNsw==,type:str] mac: ENC[AES256_GCM,data:dqVqDqMRJFVhT78mO8q+X+Mf4TUqxY4ApOdkMAF9bvyvPAPW7kxbKEvn9H5LBDev9CNxfNF9siqaa7aEdATM6ylhrcWPdzPN04LorojdMNRQy/WFQ0rB1Lz1RrIvwltQD5K8RSPFCWWtF8rhqVTGdFafwCWpdmuKTx0HEPNXsPY=,iv:cWHx326j4aycz17N+q2NNqq0VwfeupmOiPdAtZRz7ws=,tag:LOKuvivMogAGQoVlSTu/vg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

17
sus/matrix-cluster.yaml
View File

@@ -7,6 +7,19 @@ matrix:
turn-secret: ENC[AES256_GCM,data:9nSIeoGrCTGNoOoZ6VeqQXTqcAL24QfPfrN86A==,iv:RQmHtbjonlTNl/Bl5TcokIGHzFp7uNDvTZVqgsgDaIE=,tag:m3It9uTAox9uOqZvgh5ygQ==,type:str] turn-secret: ENC[AES256_GCM,data:9nSIeoGrCTGNoOoZ6VeqQXTqcAL24QfPfrN86A==,iv:RQmHtbjonlTNl/Bl5TcokIGHzFp7uNDvTZVqgsgDaIE=,tag:m3It9uTAox9uOqZvgh5ygQ==,type:str]
porkbun-api-key: ENC[AES256_GCM,data:OrzR0Haf1cjA18XHmMjpDeigF5AnqXencUUpaM+t0G7JoMvA41bPGy5Risp0TTraHAovzECX39Gx6n5qXlOToFZQmJ8=,iv:v9B62LDTwhV7UyhvYCUjbFRXLdyQW4v36boksh670B8=,tag:X77/yeRdWEMbBFQQvw0++Q==,type:str] porkbun-api-key: ENC[AES256_GCM,data:OrzR0Haf1cjA18XHmMjpDeigF5AnqXencUUpaM+t0G7JoMvA41bPGy5Risp0TTraHAovzECX39Gx6n5qXlOToFZQmJ8=,iv:v9B62LDTwhV7UyhvYCUjbFRXLdyQW4v36boksh670B8=,tag:X77/yeRdWEMbBFQQvw0++Q==,type:str]
porkbun-secret-api-key: ENC[AES256_GCM,data:LC4TZZBAhwyRbKLbMwc7pI5oSrfDg2RWkAUjpFyLDgp+zFhWv4+3R1Gfs5S+aqkuLP5l29H6dhSxN1A5rBBL1aLLr6A=,iv:67VAYUZJanK+X/DvEWcjANcEWuho1Gfu5wn4k8dFqdE=,tag:9VTAo1/ITcCJ3gPgQNVtcQ==,type:str] porkbun-secret-api-key: ENC[AES256_GCM,data:LC4TZZBAhwyRbKLbMwc7pI5oSrfDg2RWkAUjpFyLDgp+zFhWv4+3R1Gfs5S+aqkuLP5l29H6dhSxN1A5rBBL1aLLr6A=,iv:67VAYUZJanK+X/DvEWcjANcEWuho1Gfu5wn4k8dFqdE=,tag:9VTAo1/ITcCJ3gPgQNVtcQ==,type:str]
users:
yukkop:
password: ENC[AES256_GCM,data:bVz5EUSp70NOTAwYEW8Smx2EI+zV,iv:bgnX7sI7Lx2rRHDfe5k/xOIZgHmY9V4fpV5AlL6+C9A=,tag:mqZe5n7DakXmuRu6iEG91w==,type:str]
liquiz:
password: ENC[AES256_GCM,data:nLWVQ3g3Ghc=,iv:cuHF19mO2Xp/Iqh6Mm6Atuc+XgVj1adwY3/o9pPXF0o=,tag:WImTMZUABQaq3ZXseBQHxA==,type:str]
lvgkcfjl:
password: ENC[AES256_GCM,data:E27NQ5wnmpxpJlo0,iv:19O8cYj2Z4ILzuJWjBlqrTBPNFLhSxwpSawH3vQc1Tw=,tag:WqiMlxn3Sas55BTUknk0nA==,type:str]
vismajor:
password: ENC[AES256_GCM,data:AOAxZgY6mmw=,iv:RCEqeI/jL1n9oGREFR3zUTcQRQuupqMsoTVxBWaMvf0=,tag:tYv4X1iXkol3I2Qr0oaY5g==,type:str]
snuff:
password: ENC[AES256_GCM,data:gM2BV4xD2lZ860c7VSYRlcgFIwyD,iv:pMb0dzCfYcsrx4ReeI4/4jsCoUj+BKucP9eOFag+vWI=,tag:dPVvXIWOqPi0yAxjmaPE8g==,type:str]
MrAlex0O:
password: ENC[AES256_GCM,data:aq6wYy1OxXPmHVdE926Q79pARzwaKX1ieE0=,iv:vNV0Gm2DlgLuZpEDm1q4+iltNJOtRechdaXUNfDrfpc=,tag:bECr7NWnOEv7DgZ7OIQMcg==,type:str]
sops: sops:
age: age:
- recipient: age1x04u7ftjgx8de2gq596e7frauze764cmn7jjwqnx8szthvfft5qq0tezx6 - recipient: age1x04u7ftjgx8de2gq596e7frauze764cmn7jjwqnx8szthvfft5qq0tezx6
@@ -72,7 +85,7 @@ sops:
cGtrUDRlUUliSVVjU1o4VUVMOE0ySFEKnjBAqifgYnaJ6LPWzDcopqQxUJ0d9vhe cGtrUDRlUUliSVVjU1o4VUVMOE0ySFEKnjBAqifgYnaJ6LPWzDcopqQxUJ0d9vhe
F2fIVq8LmO0Nuu7JMhJAvTJgkEyVUAQVTTAtrnhUf2RmILOb72BTKQ== F2fIVq8LmO0Nuu7JMhJAvTJgkEyVUAQVTTAtrnhUf2RmILOb72BTKQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-25T07:23:06Z" lastmodified: "2026-05-27T12:39:42Z"
mac: ENC[AES256_GCM,data:/zbRiKcGwwUwErqDinNAq6/BZIhGMQEa0M39TEJsTvLn4JPW3T0oKlPiEviARRbdICRYYm2ad6pZm3HUmcjUgvPsMxQW7d8DutaowrRdbTryWZQv5S8zptlsA/gOVJxB7t1Xp4Hq1qPIrbmOuu6mBK/3vsiunN+FitMti775NVk=,iv:ngEXIDROEVssf8PuIsLMctcaqbzNCuMynqYNo449tyI=,tag:Gg3CXvZ5jERiUSxj9ThDmg==,type:str] mac: ENC[AES256_GCM,data:CkFer6IhVGIER25iO/WYMBvmsjtsV0K5c0zT/iZKrkeMBY+k8mHdZe/5eMpvx11Wl1kIL+o1oxUf+/VDw1q+gkXCrDIAhqyAVe6szYVpU04X0sYmSiZvFVtiAGDblOw2SrCIP7XATwBYFsPqBULhpnajMOTnRAUnuWxPLAdRuxM=,iv:VY1AGatQ1TnbypEpw/lx/C3bQbpqRqzYG6NYQMSOYPE=,tag:3Iy/3RHoRegUhlHzrlcrVQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2