diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index edd85ee..73c72a3 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -65,6 +65,7 @@ in ./phpldapadmin.nix ./proxies.nix ./matrix.nix + ../../utils/modules/mautrix-mattermost.nix ./n8n.nix # ./piped.nix # Replaced by Invidious ./invidious.nix @@ -96,6 +97,7 @@ in "/var/lib/mautrix-whatsapp" "/var/lib/mautrix-signal" "/var/lib/mautrix-discord" + "/var/lib/mautrix-mattermost" "/var/log" "/var/lib/systemd/coredump" "/var/backup" diff --git a/hosts/fw/modules/web/matrix.nix b/hosts/fw/modules/web/matrix.nix index e44fce2..8889fe2 100644 --- a/hosts/fw/modules/web/matrix.nix +++ b/hosts/fw/modules/web/matrix.nix @@ -43,6 +43,7 @@ in { sops.secrets.mautrix-whatsapp-env = { }; sops.secrets.mautrix-signal-env = { }; sops.secrets.mautrix-discord-env = { }; + sops.secrets.mautrix-mattermost-env = { }; # MAS system user users.users.mas = { @@ -393,4 +394,33 @@ in { }; }; + # Mattermost bridge + services.mautrix-mattermost = { + enable = true; + registerToSynapse = true; + environmentFile = config.sops.secrets.mautrix-mattermost-env.path; + settings = { + homeserver = { + address = "http://[::1]:8008"; + domain = "cloonar.com"; + }; + bridge = { + command_prefix = "!mm"; + permissions."*" = "relay"; + permissions."cloonar.com" = "user"; + relay.enabled = true; + }; + appservice = { + as_token = "$MAUTRIX_MATTERMOST_AS_TOKEN"; + hs_token = "$MAUTRIX_MATTERMOST_HS_TOKEN"; + }; + encryption = { + allow = true; + default = true; + require = true; + pickle_key = "$MAUTRIX_MATTERMOST_PICKLE_KEY"; + }; + }; + }; + } diff --git a/hosts/fw/modules/web/secrets.yaml b/hosts/fw/modules/web/secrets.yaml index b42636f..30d5d5c 100644 --- a/hosts/fw/modules/web/secrets.yaml +++ b/hosts/fw/modules/web/secrets.yaml @@ -1,62 +1,63 @@ -borg-passphrase: ENC[AES256_GCM,data:xuSgy269tSzDNjo/XOYS82OPkfPyA/B0et25Sc8j23ifWu1y9yjzb9jSgc3MU9rXeDe6sCNw8v9JV6+btdvomH4VzzM=,iv:hRvMcFmTr+LT0VRCGFp0Vdt7/Wvwu02l2xMyL6ZVKYk=,tag:w1FI6GS71pmPk9Qsr0vyAg==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:W6OtuMBsvhTHVojbo01uwDbEWlm3rhXmLnYQBQh0+YFRmQmlveYxojUmyMIsesXNSysRRF8dkmjYrMuB3LMqWFvYO4mt5AfSkjwmpHnOFtk//ctQownye5b6jnQjo+bD1/v2rbd6RSHwB/hI+xT2uxZ+8eBVW3AxnUZuSRKyVFsMrmxqJrK3+glhamP8cy5lnD8i1YDCmgicOUBh/CGzRHgTOXzhe9dUEljAXFRhV179mU7YkxDnSuLLexh+LJ7YM4DtUP7M2SI9DA3vBM5aCrsRyR8Pw4f5R5790v82GoIWZl4L6V1QDeXdeTFdhu3jBmBrLUNECbPwA6NLssEulufpXtwl5SRVyr+8a8Ch1/6VUOiUiFIRiZ/a4+gD3cAFGrq7CFmf6zavyi/UxJhVFz1qKTuu44AWtYKW81zRFbs3zgQ+6MuU7pAsEd70vPZmfKUDMsWUAQavjiZKihF/DKazeDC/Lquv/7Gq7LZG07DzdTMgr06i6Z3Dw7b+EqPkOYfdkr2289iFJoLnQm02XqcDlqnXbM8iegxxYceW9NhFOaMa1l2vYROg5zxxRdukqGK655iNEK/Q2eoaN2SUoi1UNOlK9X/bJADMVr/e6fEkD0BJVL/qnPyi26jNqFcTXFt51/DZ4yOiwOFheSOhXKNIBxn2Vl4INSYhUqze+4oFSzBMRVtwemDYZUdXkFM2QbdUe6U/kYKHOl1xH56eTKiI59ZoqHxKMlHNDpOO6KUKj6rVxFBHC57ZTnto7WOfOWmy8s8+DzU0OeYZzE+7Mfp6onTGVtKCZFmYOR6JARfF90TD4t8iocUdiuvLV5GeRE7YKyjoMIuGcRVvb8eR/8iVZNtTKKNGKhpYwTdgQDeBCDRzsq2Del0ZtVpnDydCI07/mApMqES8V41rE65u6qZOJPOpe0FSf+Ozkrkq8yEiGVwdgm213F/c5K8+YUwNeU7fJHvbWOdRdzdfWIes0sKlJBB4pJiUuDp9xqYiqYDV6+0VqSZA7nTeWPvm/LTjlbFvRboyXNKHfpq7GD2vQI4jgr+Jk5LRJ8pI73pF3dVo5QphsRmAgmtL/+d17KXHzlG0l/TE9STfIhCrZ7yx1+9Nz5cG25fvENybpX6aCiZz27BBidG5VLRNgcRqLE5rQcsrnd3iqo2HAXnlGiggClH9SbK9ao64cCA7fW4EFoxK8G4gQmqCXGZqKEChLfIOThYkXIxlpc2VSMEhsysENTmBHOM3oI76f0JvTttftgbGt/pZcJGfgLa/qwb7Se0J8OsWsxRH3bjAFbuO6wjgx5wCIztH6fMsofTTl4i6dyAc6ub9zGQKm8AEBD0xDftCEhrlFH2kR1bkacCKQz6R35E7eisAXP3JU9Luc25cmmxkiqxuW+Aw109Hmm00QCsDM/xWBZtbwotVrN0enOLjsUpE7Dk+ibLCM3I8QAxvgXfd90vrRDUjUpEVKwm53naa4cHJObBsXuIDPfAXxga9ePOUbD9IdGuDw43d/RSPlCOQmRLIosvt/OnAKoCtyFw/0OEr+pGRmbnLShHJKXlFIQqTTe5NT/O5jX+plqkVNYHL3XKQxU1ALF55zWge8OuJmD9kgia7692ul2JR/irdWqk/CeKYZy3B+PBfulSkWLUsRn0s2CYkwAsmbcE+3lllk/7VSZrJn74SObV+sCan0FL5T6G8N5kgMJHagUGMOiqqvJh5npAMgX/a4ynCb2IWt3wIZ67pdVEt7AVZZMShFkTBVRD0amPRD1cJuPba5ABul5QloQ5iLl5KnuB0Qg40ogpFMB1DE43fFoJjzF1mfz+Mt4b5w9hZph3qkvGOKB4kAkIic63CrFSia+slH3mRbsvo5XqZJ5Yp2H8iG4XzIICGlRQ0/C6nKqNNkG9SsP1GourbwW1QIbxuTJxrDCI0LfVm9zigkH7vIo02ZNpa6ZWh0t2gXL7I/T274Q/wLUkGmv0quxbrF35TcD9a/uOA87zPpI3J73sxGmTbQSDoopBf10vlZcoxougBxlh3LgECF2DO9XkqzgZVvwdelrYwLT0UY7zJSiN+/nFYHxyMLNYZb7QJ6xqNFbh1EtlFDgNW9XzUPMDZQzrg7jhODYC6P+U1K145cwIqAfCWsn84m/+U/iFBFL8I/wino/1/0yG10mP64Ecf6r+VVfkKZ8rAn0WlKYEovNdmfQhqs7lJdY4oLhAJZimgdtx6fo1ZGSEt1em5pWU87vQvogA23bQPCKSCaiza9KLraz2s3SaYqZo+mALMpOU8BtvvAT8zBOrrSt/JWzJHSsVrT84LZumIHd+os3Q6juNq7konIRX3jJUvkGlgim2KRpCfgipw9OoyNExzrffcCnf3jEUtTdviB27lxamFSv0eZZgoPxNbANZhd/zrvEpQj+NHZOaSg7LbfrO2eIgkc290T/10vkhvzXEpjxt1prSLSF1/I7RYpv8sgwhpEIuvOf97tBxJX9Aw8ylJhbiZuceUI736LGyGrxDqxIMzb8pbQ9k/8VXjOIQBPEcC0d1zXKUrYteMHhHXVjmMeAlTLsHpmsQ7q1NVu35tyuqBImXu4wU06VkDak5pjBR/+GAqYMnEPKs5ALNfUkZDtRjS5SGMiKP0e8kQuC0bk6Dhl/GAfO5ckv5kuPArOzUIknYvNU234bcVTOfjh7kfAA1UnSIX7Fa/vcAAzWxjhYvuszagJe6xwrnZTvI9IzaTn0TcOovjpVZUiP2E1Pghrlv+//RT+XeRu9cjNxVrpwmlNVCDDZmz+jaH00YOT7kGNejJUvclR3gjyUK1uo+MqF4nCLpBc2yrnvctMfcY03pwyR46pyhsSx1c377G9E9c3pBVyPFXz8zY3xRcd9aMRUJiJEwD1wn1HZaEo+qvJYsZcFPEF03MenVl2vup0JYZNYEMe9VPEefaLJ/uPCdUYedIo74EZr4baDqdButp39v5kXih4Cab4AsPwlds42BcYfkDS3oXHE/BRMppGvAngHZWwmyuGGAEiT+UjumqFmiPtKL6KWVRGfS2gyS9CJ8oEZJBizVFXzjhdoh/kg9M5MFT7uQfjory8dJWX7jpUuWMIHyLYfYhzTm0K6mFvOoO3W25SvvFnygo6JmBbuuAzV2raFktgsjZm1xDmZOPvbM6Ur3XUWzGXyWLiWqNVgAishPccAzI9F2/ocH0NeXOf+D3tWld9kXBbQPI4DClprRrGqpzKtct16VAKc1kAuuK8BuSD+YbyP5T/3EaO95/KxKhG3ZfJo5map4cuCmz6dys2oKCHmbAxkLFJwzC6hoYhnwJUZj6SWeGJB4IT8bfZ6UYKpfdONW2/841r+WbKljhTzDvSKqGZDvLF6YB2aK4Oe92tnzPbuArNohERv0oJPvAtdUiSW3Ku+62e4YNKEprLNYBVkJ3ew7d3V/Pc8Rb8uMFehx8oq0ojV6Xzj/PT4B1Vt8XrUQlYxkha+ZThs3iJLlSyQ==,iv:qAE9OZM64KdFc2guTNGCVxom8HWmv5CWQJvt0MmHZIE=,tag:56KMQ/JnK1AtRojWGcClcg==,type:str] -zammad-key-base: ENC[AES256_GCM,data:WZsUd7jTG7WlF/d1MRnYPdBDxAuSWATJMN8kpR0LRXbGcPgJL6q55FRIWc5lopeUfqt5fTnY9MqgZ/imjwcj4MX9WkPQ7kMi8cquL60++sn4zmrcs6mIKlj4GJDCJ2uUk1kqJFdSRHAnSvJyC//3g8HmX/CFa0j4j4sihJmeZ6A=,iv:dFX0aOrJBeWk8wErKK4hqu/sWbjamHFRZUrxxvoySUo=,tag:+uoE7cW5ioc5nkXcvY0NCA==,type:str] -invidious-hmac-key: ENC[AES256_GCM,data:TkacC/3KV3+yIHo2WF1Na/x0e4RhApFNOqmyuw==,iv:sbmS2l5NjZDGLOQR7wWQ0lFB7WIf3endlvWC0+Sbh5U=,tag:oIBtURshPQCAcvj4ANYFiw==,type:str] -invidious-admin-password: ENC[AES256_GCM,data:R2FF0lz6QZkHVJ/vSRzr0crxta5euQdLwLFWKeWRXy/Nu3xwcFP+bRjWYXiyxYoAig==,iv:/4b4vNJlgNjD08M55e/IVFhmeNT/z9qMi8i1r54xr5A=,tag:swjJVaydugX9Xa/v98ULbQ==,type:str] -invidious-companion-key: ENC[AES256_GCM,data:AMrP65ryJOfdWsSMX+4Fdw==,iv:nlDdFqK494VBjFS37g+slU5TFAZkT/fsHvMxCH8+Aw4=,tag:58XOkEZYjCOdUXTZr4gZNw==,type:str] -dendrite-private-key: ENC[AES256_GCM,data:oUCh44Ejbw6itfirf5/3hVo2FBlUo8OeR4eTlL388NWAsOKp5fgY2yx2xX8W4Swq2BixKA/KyAV/cFOTzN0Sg2PfasrGYaWxlchwmyHTwSH6+PlFqDqTwGmjfghWagJ0RYadxwm6Z2YsebDkGoJEwSXlwj/zxU5tNJc2WBmto1lg34eYFMGrJmg=,iv:si85iXafRCdX3KxO+fxH+H6iO/xyfU+mV1+e+I9DQKo=,tag:SOLSM2JH7Ktk3685Al14ug==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:rmYdPQNubnYN6JUsGbzYvdtTZkWoJOor2VtiLhICRPlJDrobZflUDKF5WcWR+rwNKgta6jTmZD9QnQbT,iv:q9TZFxN/SEYiYUhjQmUF/dtQtjQkBeLeF3vlBs/KJ78=,tag:pjtQLEbdCtyVmz1wjXyv6Q==,type:str] -n8n-env: ENC[AES256_GCM,data:7Rm5u1eAp/fw3xgyS8K4P7TshJVy9Vs3cHVtzqnQqBggX185LRDtADoslkEnvidxxjImGWZ6Me+Ukchdz3PTnxLoDi9QwpOcL2qP0/RSkqQeMpbwn6aOsd+r54VS1micL2LWQkuwNczPKGcQbrAnSDWaPP44F2r429dENzX2Px8MAHlBBZxhveBWY+vXuwLBD6ylOu9juFz7foq1s+BZxf66B1yo6u5JIPlR3oojDpbPJ7vYa2bMPBEZYB1M4bgkl0mv7IMpQoSItndQNX4AxoB3ZzCFjfZSe2mzhiJtazB2b/CMa0aoBt4UmPSZBfabJ1fvDvRD0KI0G2GIPCmuUT5960bfFcHDImgR3nTzi6AQsxEVgWbLfB9TTFC8duM=,iv:JPdWPnF+uzbWCIzqCVtV3i01s6VYEOD3HATYUw1JM/g=,tag:9HpH8zJAPpeRCZpL3YpTyg==,type:str] -n8n-git-key: ENC[AES256_GCM,data:R5vJ7nFmEYza3adrfWe2X6WExlmxaUrUdv8PDqBAeF/YWHK/mzIld28Bz38EEUgHwzHazhByVyoz5SQoe1ikNphjWYl14mWkwSPFSdet+UQ6hipLAslRMG9QFcR0funfSvUELN0WK+ewJ1B9imbhPpyLVpTKuns5SSUNOidJX1lnEvLmVrVITvU0XkCpzjNZKl5vMULPu3+Blg7L+vlpAM3vrH24vbRA++HxPfox3hneHkbe4Ckll3ID+KUt7TFeFoKoiB4SWuF5+3mHcl74zuYUORmlvqP9x6sNvYm6ozQggb6J+1zBSmD8mlNFr4s0FmGgnPkjwImKzvETqAcf5Ny7wa2Bu4zQsPQsZP6qco9pbFH6hmF0+g6U/o3G1Bqf/K+xCYtOVIfposk/hLCFAN1G0NvkVjyGrnmwrsrhdR9fVDVfxrshxOGip7PMxFIUuHs+gaGP44ocFmIAeizwrY3skb7dAZqQsXwgEEOKoWEtTWxFyvr1moCdjwgByHXPMRpdEF8mzNwLpNqEVo0y,iv:qRJUj/tHElD+UA7cxvBPiHSRBBrg+hPtL9REtyn8uN4=,tag:8MxVx9KbtAu1oKyS1E0H3w==,type:str] -phpldapadmin: ENC[AES256_GCM,data:ctXBV5sxhlY6DeR2ZNCDaxXMhGcdZvoLXNBpE4bZ9zBvOUuo1PwwPkDa2akwVGDyIWHkTQIuoEQO/oS+yc2rHVf/4sf3YSJJvsrpwLYiFyzYBi0ar9PNwAdUAGzTuFrilM5/XiGbXCa5bOk7Cp+FN566xipCvGZpMXO9EGLPIeEBh8ojpPOTFGkLA+4Izw9MZZslPMbsPd3jFeI9bAe+w8o816bCM5xoebO5/7rKTvaWVOWbIXocye43jhD7+C/KArWKO4KW2HytuuXDt33xEbypAA2z4C0o29jQ96QruVk5rl5Cb9P0qLA=,iv:jc7Xwo+Ux2pTlwwQ82bo4QFRkk9bLxYtGkiEPLdxl6o=,tag:58Ty5w2cO2QLZD53abRyUg==,type:str] -piped-db-password: ENC[AES256_GCM,data:oinOX75JbOw6HtNK+xmn4UaW2fTHzm8XASjgLaZrXtD/IOOh+/3DUaSwz30=,iv:00ZVBisldW/t6Sma4Ov9hGuK8Y6lq817OKYH4QuHz9A=,tag:GV8FP9XAktdLMbHquP2xnQ==,type:str] -synapse-oidc-client-secret: ENC[AES256_GCM,data:fU0WUkNvaR+JWRlADp1yk5EmFf0RM5JBdBvVsPLtxzPwhZtNN8zhRTv9anp6NZoThLSNOffXqievBE0PMxVGiw==,iv:mnijdEufA77vU8dYOGrjvaN0LwFNhT1S050lStRgRD4=,tag:GdhdGRQedaXcp4rJ/OBXoQ==,type:str] -mas-encryption-key: ENC[AES256_GCM,data:w9V55+9fpCeYHwT9XLHM+9SHpGNaJO0fWI7JO/DEkGyOQd/7/zLeSaxDnOvORl9T1WTMZfob6XvroeOgt+/Iew==,iv:CtSuhO1KhiSkkfFcvp7KOiQjKU27VlzIayOUEoFjin0=,tag:iZdVd4QTxX2g+W5X2TqvRg==,type:str] -mas-matrix-secret: ENC[AES256_GCM,data:OvBEnMhif9OfZKd2NWhSprIupt4fM7x0ROPKatY2eJbXtzkF9qkKitEhsWgbBrkZP6fp0qEgN7VCF134dmVuGg==,iv:72IrdvZsi4DwkkLPRPM82rhB+g677kaJNeS6KkcA9zA=,tag:H6znD9OQT4hOZ2bIcaj5Tg==,type:str] -mas-authelia-client-secret: ENC[AES256_GCM,data:UB//9okQ5nFouVaRky3t9qyBuOHMw4eX/V0jirD2xBzW2OUieRBDandusPLaFqCm5VjZJUTezT2M+SBpKk7sww==,iv:GDmYh+7RJ7deOLbUtbGXoa2gY+dGa5BrzaSk7PSl85Y=,tag:smPKgSWcmuVZVwm/Osjrxw==,type:str] -mas-rsa-key: ENC[AES256_GCM,data:PMp9YBPL2wXTOm80b5bIG6+rA6fvPX+PHhr+Hvb+vl0n5MGjrmIVwkVHslY5QEMDFmlk4ytKH5BDYV0OVm619vxuopN4CAqUpFhLum3XKXKINGUziwj8HDv3xk5wxdPsQSofGR+E0Cmmls/bHp00CKfid/GzlooI/3hA0+0y1N0JcaiR7xOZJuFGzqzo31UaLoYqdsviKEWoTieme+TiU9CkX297C5PPUqjDGGEZ/UBvueOAlFB+t3So8xdFL5Q8tY2ZeM0YZS1GCodDJUeKHL8X/cmN9PcIoVgJ4UMbQaL8IShgKqAwRNGjBEWgL+q1BlpxCmsGNWnX9V6ox3wpsQM+n6RLkQezJkamQ9E9PmYleo/9Qk3RC1pOMGzMjvnp/Dl3lmzUkXVrkQpDyBPU+DN4l9uWQbxFlk+APAloeXYwrucr2dUGpJNPvpxI22X248qOh++03yIRY/Woef3URDjz/EFZbOExj2HLPb8NnyGl336dpP+FTHolzMxplcsTAp/dyyL2UQiDX5ms1QA90HQ/YHWo74OhZwbV8jAxL/fu3oXwUA2aBHwlNYObPrrWbXMC5QBChLeOxPQaVL0Yj6sSAS0S6H8MW/we0qb8P19T6bYWBSvzSLIKqU2mIvdYx7gNDjMDZUgKaVTk8E4J5KihryN0NBMcyWROeSdKXET71BSp9oEIWtDqzatpMMEGcqXFkZjRt6GT95cYkhiYIPweCQGcggF0eZSTQUBCzfBnugMtbB3UoE/EoGKqELB9KjgoIz/IQOmR5vbhislSZ0myCr4h9J9r++I4b34n7CeK8omKflNY7i7ru3CQyxXcI9pLQjJgAdzFadNONMIvPhTfYymXYAMbm9nJjNprVKnvAP1DN6QMQGpfgqx9ausj7rQoCPhR+CmTVezWokTvu7fk0rphlOawtcf0Zt3TCi3OeAP8w14tXrywyO5fAa/M8u2VSChLIFC/dY1X9lrZxzt4AKnJ7rLitliCQFe4Sm6UhJgb8r5TszN9nBnN9Wo0WoqRnYR7Oj+aDEqeANF/fhDlFzi9y/2hDRiWSbQV13rOwoObgoUMj1+VWCYdgKUJUo5FhpBaEEsVfxS0dJ/cgNprFqbu8srhGa8ajnb6JReKnTwRgN3IquppF6lgBQc50Eb9m6mFZhNR/5cgNxUXpI3uFYqwNnwuRn+nE5s5Py0Dr7d1C579S5BF/awiVQZYGi9tK4OA9qCxjESRThe3jXSatOnCTtYaGs3F85HXEtexKejn9qmLIEbuoBs01BoaLWzGBIRdrbBanbMXCr8JsxyTEk8uRvm1YujH0WDk8HEhjOaDAr+0MPROF2oOlKNzY6Nj65rmXy3wTat0/NhUgf5R4oS7CNhMxo1HyOXaNdAlLkGjbC9p53I8Ic2aeX467jCqkR0fzjd5WNJG3y4Gl7vwbJcv971Zq1JFLkppDFjTiKBNtfCChXtO4nSKMRltHYVnSVSok08ZjFIknqzl2Krnj+GO3AXUYDHwnYHY1NN5e65omJMH6OGHSQqDy2FRSupDX+dx3Bi4p6sw7Khas9+QE1Qx2mzaXknjR+8drYNqMTG4WtRfikwHeqGXJIVCF174NdXBqy4qjyDNPp5SZevpOTbwgn0lIb8F0auQKJ+QyF6cd8vbi4nYh/WTxXU3agjpnojblid1qP6/AjzMIFAnWBOJN1kpwCLcbCSOH9nErqlFl+YrGpifcMIuHncXtbY6mtNPKX+FSj+Vc9ifoDnldtThak0D9ZUKgt3j3oJD4JoMv4ci0AsRpBqNYMnIUhkOdhkApG4mxx1MZ0q/Ahykd4Xgau2bHX65SW20mp0HAjo4b5jz0YE3TLC4nT/MPGUBzGxwNcSpTunsZoH08rh4VIMRmPDRQT6FMiadfxkSQaX78OSBQNVsDcpbHwIL+3kToMkG/o2UQGL9tvORJuU/oyHObIGJpmJHozpFLoy9M0LDaza3e60KT/Vr/DTbgoadtG3tEN2ELGfUCUMuiQcAqd7mdC1pIRX4bLnmSFPERAQ8W+Nyo51+qBeFrZMN9h/vOB+8c6eXZ8FVflFCSHrsPeG+Ju9uuXUOVf7dIjMnZlqbsf4FvX0rcGzIIgEHkoMSa3nOcWvvpSFAA/cflvKsoa05b9/4o/Bo0uXu2Ojil2fsIYUsaajfquxO4r3Z7GZd1JGXJhu4QcOClAW1FsfzlbgEbBtgnx2KK0OrVZ5rCHf5/8EMpiK1ZoFT8xNFEG5Mvc0fj/7HM7UUnHPqRf51/n+6Yzzxd8R6PBght/boiexkxLFwsqkLD1Mpd3klCdaCQbEnTO3GMWPBCs5lxxyJsUjeLY1vNestZdDAQQMCVD2LZ+HnhAmiSak39G1h2glvwKITMRxnAco32mkDPJyYFYcgSANDXZijj9R385uc1h7xIwFYh2z9XRX47QYE1kWvjg7z7lEOH4v/7TwWMw+T3dPocNxRKn3HVcNBFabHLilfECSq6aDXp+7eSUSkKvBCkXJ4xj7ED7y2etee5nVCmG7kVWOHJROxWAJG3htniF+kMtoOLWlSpnPhFlWDaNE5E7TsX/T+zNfbTX3RpGWFLqqMvL1PJyR13rAS+rHeL2KPKoVWbX4JPfTP8vWwKheG3smhDdEAzXugp9gfw4ZweSOpOMJMRf0RvpnU+A9udVwVIpHd9DT/DMtaCvGz/rAZclr5LCuIFQ+OWLytrV4ZKdY9pJ0EXfgpYh7kt+LXjsVGqtQlU0lG9v2jvmaxPMMZtj3Oq3Cx/ZskELcn2YGPl9Q99nsz0RXeeXPJJ7QhId9Zw4TocJAZXC4ZEyf1GPeb5CIGhWM1Lz2kn3ftM+xwTBpj7u0FNFsEbMKBxw8WQb28poiZFB2K5qabWpi1n7S+yIJEmviNGMG9FsIAWNOm474NzHBZT5VByHEQfYEMjIXejrDcD2Cs6CGmaAm7C9Cl4l42LZKmJ7KRXq00/vcbotVN4YnPRfHbelhVvTQYcpPIqqsKs/JefTViA3YMYRnj+WhRyn2KU1g+hzyTwyyKhfTVRDIkwxVEr+yrINgSDCxRxRWR4YlTnVGhOki+bmURGxWYLRcxk73+OHfz2/rYRsTzyzDBWv0xs1ycplOHehc7JuweFJgFn2KTAxS2yX14fZ+R1PSKyN7yRa036qoZN5bG6dMh8Ki6+DR6oQv0ejc4W72yYQ6XXdXeEHd0oQoGrF5kFK5UuX4dQZ+RpgsrL/pFEGQG+h09IvR8N3V5iZXJf557LyhOsGxPY5ZFv5Wl6ZklHdwsbGtU6iuMMdWyGsQ9k0/UPPSijsoRomS9DMFgqZBxzkajYV8dMKLcJCbIYzk6q5w/YdKr4YjglDF1lnkggVORLHVNYsPagjokPJikpSmFlnUdIfbTMSk2UlcTinxVkwiu9yyGD2Ra34Cbe+b43EdS1Jph4abopadT5k1snpfIFiVy5lp1RDGFaqkr+phf6SQDOoLXk3i+toYwElq3pS4Wes7xoUWj+y6icGwXQjv09/TP7KKxwq/lYGcjENOANA1eztkAb2q787ZYAHYOvJiwz2C//D+QG0H8rCP1B6VBZZe29qDM6T9FI45LkkTximoOwPFJfO3XM7tn2CSJ+CMffQTlFkucfqYuB38G0lf6eTxA1bSEua7l0gOnfyTmO+KY1J8yIDJ+gkwLdeE1jK+5/Vn9hVNmYbj3MuzdddzMJ1uQuZcs7LzUTYdkSVUKyT9Pvndlvfeoa4s9W/5lbfa6vpo7pcya5p8dIgU3l9hmqzl/XWZW4yLANImpxGEdTWQabun8HZT3s1Dw7kw6TQymAFky/FEx/gulC7e5n7285FXsC6jIu4Cv0bmqVRdu2qvo1XNEIQxhwp4IemwMfe5Bol6tCQtlVUDgyvgXhZ+rUzc9h/zYNui8AdUVgwEO4GIDEfDI1LGV9rDYAj4ZKDTK2irwDMtdUq3VDK43+IxKLAUqxKA4fBx1CMseY58Tbdky6vLX1VhKB6N5R6zJIl6m9DapYSAdYVuJDjtBAwB3KobJyPrQNEYBSLmp4yqvVDR9ElONs5IURci4VFgIXPTyxsmPKrXjHXiZBYXU+nHNY0KlCnzaScgKRIQDSIOHuu+1acEUETutZWv3+ru7+3cEe7D6SPEDt89MyiBJCVRfnu0s9ssojOMDLvKn5Ba7j7HMsi6cFAyETfFqwrl3HHoc5e69J+1kwc1pxKmn8oJubuBn+7lgp7vJ6GfxobDGi/V5/ICwBMl3FbNfeagpuFguvY6ix426W7Eha5coC9WHNC6wLGJvRyo5aWRcqeakl9veUX8Zh19qPxSsgq3glnGzvcXwZGCY7CcCxLmOrZe0Efy+5vVq9D8XDdwq0twsN5w=,iv:rMEKALM7zs/akDPwSL0yEhcgZJC00shO+BgmLvpGRIs=,tag:B8PSa4SgYlhxtbsUJQNisg==,type:str] -mautrix-whatsapp-env: ENC[AES256_GCM,data:FKYO9xS3ndWzsrEan0aQo0VnYn3vFYB3/6bgR2JzyAWSO6BLCFKbpKOZQ12/9fs/Ofxl3YutKwfCjULqt5WHcl/xU7kGxd1WnaAMXMsfzbteB+leZb68nK1b4TR4,iv:9XdrEhmZE6ck5xZKJASnF14cI0mGgiBTzTYXkTG5sM8=,tag:NMPEwVPV4TLLljSPpjy2kw==,type:str] -mautrix-signal-env: ENC[AES256_GCM,data:5J9XEMZ56gZWwo2yGXqS4fnGYMHUMxB1FDogrh/HguyUizc7sgiX/nqMjm2byoPQajdYmPkNkp6cuKPre7uThvOHBLTXoQAPa7oH2rHuoxFGKHEoaMNS9ASC3A==,iv:ralynGox+FPfraSRg9L9DFU2NNhDQkhWrOtR/REnpok=,tag:u14jhQe50opbyNv1XFdhKA==,type:str] -mautrix-discord-env: ENC[AES256_GCM,data:ZFTR6bJ/OXo8Eb7OsB65FX0dv2L53voJL8aE8i1AmXgr6t2e4RIxEj5cMUMv8g5YjnTxodlQwlCojErU68RGikksSHt0I00aEVxD7QzAoZ168apwh4PY6/jklyoclusRV7O4p3nGqjMJHgLe5abZUbTSwG64jspn9xF74SIPC7FseOwb4L9rkFZdwF2Guvg/vuX5bPOjxw300qiJmxh0qyQOWE61jTWPD0NMBhvKdBgvHhxqOx5UPV8mldEJ3lsIyfADF4nOygfuumZ48P1v3mSo8jdQczHhACfw2HhoZd+vhtfo3d9T3brbRVMDbVerOukUAUn7lb6wqJEUKtaUOquNV/xunoTKmRjwD5+FdDA=,iv:ed4Eb4zvkb14Fx4Fnt7ldDdjH4FhHm0OoCcWdbVb3WI=,tag:0w3SYMcrFs6ODtdjH+cbZQ==,type:str] +borg-passphrase: ENC[AES256_GCM,data:EqaHo/yo97t8DUoNCIMc0Xa8Yk0S2764JDgKNv2p2/YK/UVQC3x/JXneeNI98T9UDEiColNED5hGIIPq7T1XeJFwfAk=,iv:lkdY0b/CPzQajP7LFZbC0QslfKkdO9WYzLLCVYIlM2A=,tag:K8wwnz8UKPkGVZFCSCJ29w==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:tAwMC7y2TNhG4Ypk3qJexvKy9f8IuaiBNeiCuFFGkUvVIgCV7Hfm3p3qXsKOlDPYCDS/SOtCt3F7/9PtEjiw3+4DHhCgUuPMJ7LDYPcr4JGtCsKgY3Fhu9q/KMl7HZww/5DRssBdCvSETys3gc1p5W+AI4XQ8G1hbvuaMIOfscL8yePOS5h8luUZl0qMgAm6WbMfVPG53yqhSHV2UG0tKIXO2K2db2ktahXwGo8GKfg3cZiDn61HPYcjq3WNLWqgyNfJ67E6tofvfCZBYo3ST29/3wCy6GfzSfBKNxOi8FmGqsvJCohkUXzj8QhRo9Vak/1QEkEyXv/i+Aeykq/CU7JiQRml8MgeB49It4SbPn0k2iUxv4HURTF+PxwVXMvw8F11T+QOylUoTIy3L0AOHwaWo3lMTIUlMOmu9C/lGfQj8cfnEAqV5ewk7Yfb22kKbzAtmfnqoHV6KKfNNyixyq9eQ7IJehvMQPYkT00EtMR3l6pqfJ9eel5sGYqcppl16I00SGZMcsnH3MvY4xM6+PWl3DhvkZ5dSd/CL7967Hmhj5tafnt7TwkxDz2G0lt4lbe2tpq6jlxPpRFBEvtNxXXxQZUU/OE36hAlHzKKvofi1ptwsBwDMoF1SrpKASSbeyfkQHlMP+AiHJu+0gkACUHHRxI+yonebLkvhlt7r61bTADS4JjQaJVcAT86dry6iEsia47X+qtk9arLuZt9ZWW7kFUTe7+OKZdwQ22LZhGV1huW+gqWbI6xAsLxfg/YvFqgh2klPcPtrp0pwtQrupsPTne3UUpw14bx6ms9VQf0UGpV3D61wiwKumUFuF4u6Cs7ZGB0UWrRZljSJhdL0eLB3W3ZWowYEVuebXYw9WcWax6q0cqr+nkdOmJfFkGUDfP1YfKO1VhiTafErq6AvE/XW6Io8CNN1QjSuBQc5gpHiSecJIuwJlzJiKZtpgKvLbseswPtPEervK5x+2Dm1rqujWhLwdB9VnUOjBwYyEBzK2nvljOXnTM5x6ixesZXgdbd9Ukl9IlptGCB0tu4w2LwEfjtu3QbelUw8lzrcDYLS63pcUQTdqKMI2on73f68EOG5qTC+ezxvIcnRm+6vMPZBy2r7f2MzmHOiSmsSanf5DQfMOP0KfAjRTBTPb/NggN4Vv9EhqsbItvrRwp7DTAe5bLAyOMc+obxXYnAP/8h+Ame53MOpGWQUUAenLETtWavBhypor7SPcVodj/TrKfT9jc7eijQHZ8UflfPWtl1lSB+mn4UiFBX2cRFyzkngaD4iHhzrAi11OBladVuZCKUgH9VvdQ4Ki0RbJN9K9Dv+pDG51xhJc3mavY6jT79B/za/62qVvNtWs59+qfmmBoDlQDTVjDwII8OeiG3Y7To9BA12JhDS1EE53cNlSuU1gnL/YeqABxR8cCdDHr7+KC8bMd6ZYSJ9tef7w4azx5qnuDmoFrGpxvvJTkvbkA0B7CxxrsvJKvNMTbmdglzH20I9qSnY5uM5kWmdJYsDMgPWRR8itw3jPfs2FtTA93sx18p+Visq7yz69RL4msgIx1RQFWMs07yC+oUEz6JjqfC4LgXDqnvWQhpYOIqcGJUke6hDvIZvwVZYARJ4Mwy2oO9Q6sBHLUTBuEPFcQAOGv7k3JwZqu84cG06vSzCXbRh2LM/Wnzn3jq6IROx3jmlttYV+7zr2P/Qtdg7quRrKRBYXeBNn0UYBnvsIOJlmW5PWirP6VidCCbJxdh5W1OMKOaF8sT4JE3nks7wLH81zQSwdKT3kp7Hzv5u/Kv1BzK9/QhrOUFtcnpQHN1Of9CspVRbIRCB0nXRPj+sV6Nhq54XDvwbSxJPA9ROGTWx3kDtax8Jka1DviV9uz76R/JzHVPZEiYPu4vuWOntPS0fu/pBRWIj690EBOrsb7V+eVTY3p2hRbE2PVvXv7s53KI+VAsqN9AMH1mTRmF4AmlosH6QAgcHO1/d+Hcgqiv7C5vQhLL6MBc5xWZCtx79RCVhcx3jKpvwLz6yXPobsgPokdGdIyFmmwrepof0/NOQhXvOCKauKSl6gLhIy7/obDCBS+c64CAQ45lX2JZTEWuvEO1eJV7mJZ/D9SLGkiVlrwmNn+ZXX26hu1IzFKQSTcEJRMisIgJKanDvgKIuraM78QEtsd0RTptREG64tnfHP3j6V1akMFMlkQgS/4PqKXuHrINpPu+f+9D0AjZwnofcJJ8OrVT5dQlNNn9hNVEYKkgCh83nsOLw0In+o5LOJG7lwA0FWRRb1icmWeTlr8GzKssn+WS5gqy4feznCoXy9T/BEMf5HRrhYtmHzJZW4oflkdLuD90UULR5rvziD/pBdthXSTO6Ym4/39EhAqVwXPAp050kROo66X2dIeNGTLUcv1x6FRShpKPgwXxjDwTPL8K2VS7yFkrnTZVLgUUYafXO9Hs0BdVfur1I6kkl8vh03qzBIIxXpDZV1jxyCW3xDZcIqw9Mzoil3saa4UM8aE2cN8mHjKwt8CPQE4dZ38jyo9X0bDNHOGeqkiBL23JjJxXYYFxJFExM1ZgIzR2Q3MTnJcjg6NseJlYZceIhN7QyQoFu2UXPPtSUm9+wWF+vEUt9oshI0aAnJs4QKUPQNmrobcyOFhs3lt+QRQV30l+cZdS21r7A7kZCTrIxf3tluV9T+Dt+29970xNXwd7xHRjsgm5hAJhpQ3XD8N+brFuRw5T4sta0ghJsZAbyxDSohVpKOj1qKXnjapoWxmdD6P8HSPXmd5BeCkbONpVw+jgwUv2yI2Wjhh1GlJ2Mx34ZamSW8TYOHddme4auq3fdEDTNpyReNFhBkzI2ElqkJ0AP9Tu30p0S/uETDW8E+WgAUoCzJSHKghhhGda/VSorfeOiaL99/8frPpoePOuIny8ERZufsnSXXU9d43cO6JqcdtY/P6ZsH+m9tEliLppjsPhMlHWieq/iI4n6Dp9w9GAb0PthuTv7HHKN7CFUDizS5SzywwT6zEoSeIRQbx4PQjqJPD0FcZhQJnyxL+m8l/eVrAt39Kdxzexq4MgNQr0NXNzMfLVTUHQl9IZXeufHJJKHuMeKJe12rPZqy1qiw0d0aDMSZ2yuXi19i9LNd0yXRHrx9eVrJoa+4pR8ek5lHMjDh4JaW1ZMYN9GRNtWEurf941mYreCFGcJc4c2bxfboR1aZq0144IpNHNZmCYGGIBbUhpT4WPBdKVMjTjorwo3L8Foj3wMZbZC7CjkY9B+kJO7av7JTQvDYMY8Yapy/h4MrFPRJhr1+gJwiveHYNBSM9lo6FiKi5uBMRJkUMwNT9l/mWf73n3rNENroj2sLQDIBYF8LpdCEo1GwGWqwhF+vxZ6TSykRM/Z8WTDJqRSlpAFkjsc3fFyPFsaK9pyO2lfe/oM36m9SnI0fZHq4XmHa6tPfcBhfuZVYxYKbAyD+m7MwLf8GKdDsAoq8NkYPT6ntq0wySc+K+/nw==,iv:vVYDWlAKYsksOqbXj5qFk0vAajE1Pu4DibtgcsFzfZg=,tag:nDVcs43Q3Uotx7+xPMfqvA==,type:str] +zammad-key-base: ENC[AES256_GCM,data:lJDyZmDZpYEQ1yL9GMXhb85vwXjGcu2qIYD5FH2e2kux5q0UvbRIzoDRrZFaQN3YucxJQzmf1MmVT6DRIhUsG0TtfXel7f5dOlbfKTX1HufwJdyAiPrPICeRIC6ZFNeLAUSAQDhXnEs1rVpzYL3QQeKUghugOPvq4jq9bqTqyak=,iv:IkZRSUQCFXA4joImPXwnGj6q9ETVREcUmxfe2JMZ2r0=,tag:EbmqTBJ/SA6BMDinDnWTYQ==,type:str] +invidious-hmac-key: ENC[AES256_GCM,data:QjCi4I2AtmnDSw3WuXi/Iq15s/zqVEdX1m6D8Q==,iv:UYr2CnT1y495NFGRT+679+Wu8FF7WETVJb87AqC0InY=,tag:CpKtZJ3ezayIm39BS8mQlg==,type:str] +invidious-admin-password: ENC[AES256_GCM,data:CA/eRelIoCBlthkrt9BTsIKwUCyAWhdnlLxj0oqnBs/sf+xbatfymV6mIhTQ5CH7cA==,iv:TKVM5GqnBqyC7NhTj4scOu75RuifzBH24LVIcpsjdMI=,tag:lXJOC/T/pu1OeuSgQVF84g==,type:str] +invidious-companion-key: ENC[AES256_GCM,data:Y17DVg9Gvqf6zKE+L5plfw==,iv:rn2u+pVL8Kj6PjzngZ+9x5gf1FXAZt67pCWUDVNsppk=,tag:gLAuVKxRVexBCzNNPvheIw==,type:str] +dendrite-private-key: ENC[AES256_GCM,data:vq9CeDQdYG1ymYsTXr7ZuArJTIniH9RsdBpSdfJbgyPdXFhn/uFAWkCocWZUNus+/bYsif8P24ExdPcRx8SU1ACyryDAWp0URJJzd/JJfxe9krAJBuKvVokNyu3XYyyaoiTb4eNI5zCrV+OBI23mCen6aztj1NPo652ZPS1lqBEMyYciP8ouaBc=,iv:7bn6m+rIGE8epPXqfdbYt4uHypQlQ301nDH2X/DDmR4=,tag:ZH6Enp/3uu7Fg0uW6kbgiQ==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:CiQTz5wq/GYWGfWkq0lorYWhumDO1nQDvajrIRH1ArCF3FipLG/pjDH0IXoSbFAvw+u5aYYLYhlued+H,iv:Rp05mscURhdy2TULzhX5GvfE41jm6PmI2or3PVdKXtM=,tag:MoCoh8QbSvKJk3Uw+Efs/g==,type:str] +n8n-env: ENC[AES256_GCM,data:UuPUy8X2WksebFAUsAmNbyIO6EnqyKsmoYdRBQHz2uzd18H7B0iZTrwuAbCHG5C5OS0iRZgJPFf9EX2hM5db4xiP+c62rKpOWoskvfOxbClOvXdykk81apFkXxmoQIQrxltfefnTvOCQGnVmtMykxoHa9C5DuQlMIPhn1jXkbGLhuABAklyJ9+K7j7p2FYCW1Qw3+yFDqmjdNoArwOPJ7yrtguWCK8OfYiXqIkyzm1P/A5nn93LetAFczu+s2lI5VGuV97tS0A7SiaTvNGyE/TUTWrd5SWNYgXvDT7ok7DCK2wUczQxi8NCVJMkM55Qfe0Z7m/+esOsg4Vx0ZH839zjku4/FCxA7P1xfBBI8/N38sMDv84NZiZBdpXiQo38=,iv:xpVsIzfnQST01FaGfnPy767iBdEOFAK+lo0PzQLEUQ0=,tag:Dd8DF2gwf+82Fwf4JgaCoA==,type:str] +n8n-git-key: ENC[AES256_GCM,data:DCzzbTIdHmqSvVF2QTtlEuNgl6YEYkaqP2AQZK3DdKgvOiZohej/wdHv3NWKZoUfKAMCBHQwGHTHaO1qDigHwHOe+N/z7/u3pJnwoTjBBWFyEEBRLdUi0k5p+ytCEekYHlmuBBR8GONSbC++BVm/WpND3O9oLMO4c9824ICbwtD0DyWcqEJmiRifwnsSV3BTT+zHtN1uywr++rER3vII4vfX+KFus2FXt3m28fDP3/a9x8FmCaKJby6qGYAzO+yyEFVLFTV2wnGDDOVLBRAmHbA0obcrg4/5+PLbriY1ublpjG+D0ONk3J9kN53B/USgqfWZsEa1CgKjkih18QVxydCOCNRbZOdm/Qyn2rwhjbjoEB2Lc9K2sYy8zHnWwuQtB6XWkRXE6JbEPPS2yQ5uW7F+rtN+WgvI6z5DRtFxyo5KQ1ZngyMdd4OvU/yAeXWiUs2lUFSP9ZZVxf6VkPCkXzc38sNDWPlFFEObfCZOs1Tu0LkOhvTcRyFekkbrNuEN1+RQhPzrMDVlftutci4G,iv:jkd6+n2SRPL4ZXAkMM5QDMvvpXjEUJeO0OKDOBW/S1w=,tag:6zJ0Xy3GIXa25Y05VV2zyA==,type:str] +phpldapadmin: ENC[AES256_GCM,data:/Kb7tdurJT1o2HSoAdkbUXJzK4nspERQEgvgKEs5GGPATi1IV9cbbUHBqqizzvcEkN95L+B1s5NLRjjjhBO9t0Xy2vpWg/13zq3P7ZwGvImXYhqsH2L7/1HHqDuAw/xdMCAJDJF7ZkU1chf9atKtjZrpBP4ipSddinBgVj5XpyYAvav5FTiPfPH3xiiXAoIsyjCKPXz9mwGAhcOUn+NSav87eMlv2LZtv72ELQ2d2nVngxuG4lHhiMkWGMqtT5Hkh2Pf90bPOlWmLwgSH797ChpX9caQhk6NkExYwVtbUV0YYZNE/UFqhvE=,iv:YV+CID8tHkW07Mepe+n6X1m3TOXFBcdYCt0BZGhTdg8=,tag:i9EyUkbobd1Avq0Gh3V00g==,type:str] +piped-db-password: ENC[AES256_GCM,data:Dn6agL19wxZwOBYzCftauFNHNUxDIS+dXM30ud2czjJL9sENzItVYQ531eo=,iv:NuDw3K33a4/62B6kV/ZDPLsuzi29UEraSmHY2GD4jYA=,tag:xGWyD3MYcPKzjaD2IiYTGw==,type:str] +synapse-oidc-client-secret: ENC[AES256_GCM,data:Vcl+VdUQBjVD3KsUgwX/X/kDYWeo2pwUsAaiKGDbIXe01XRzsPsypJE/RUPIgZU+nPx9ziLVC6yh0n0r7MGisA==,iv:zz37mJU63zKSdC0jrwU07mCR1y4nJFKsYg329N1PkBk=,tag:oSnHjKcwx93bZgYkL9vT1Q==,type:str] +mas-encryption-key: ENC[AES256_GCM,data:aDanp9nbwzuW/HPesSIT4c1u1lgNBl+Uh7Mb3zVm/lPNRtD/tkpySt6V1aU+fkt+Jc2Grmhrk7ykgmKEWupA7g==,iv:dFDkUcIvi7uH79JjbEq1WvbVyeSN77/uBu/8USKaZ5c=,tag:qPla7VhAxN9DB5lEq3Wjbg==,type:str] +mas-matrix-secret: ENC[AES256_GCM,data:RVcHUbc0HOA8GvTPxczsRbf7yBaprvj5TdTNAt+QGvanRQSXlO5pAj084vmHdVyA524a3wnTWU+cnRJapa2n/g==,iv:uL7EsAG0toxVufwgN++E/AxmYF4wHZotOBQFt2DQDCA=,tag:4UQrwPJDpk5oKTw0YRIt1Q==,type:str] +mas-authelia-client-secret: ENC[AES256_GCM,data:ffhXUCiVuiuGDsMLaEZ6FEvslXbtC8Oz+Yn4AYV85jt4X+wDfX2KWJBdBtoITH79gexsbE0+oXAfzfmkHuH72A==,iv:aakNUVXgXsRycyAXkWf9hJZGfcNyEcWLE8KsWaZ7Vsw=,tag:5g21Ii04W5mxZ1A/L6u/rg==,type:str] +mas-rsa-key: ENC[AES256_GCM,data:qKN1VogGMKJhu1ZnIYArrIA1EXFhmeJxBvmqeF+qX1kS3FOcYzuAt9zsqn9r1ZROw63aagWzFDJAdVPbodo9Rsd6N4zYdOASK5R5FKcP7gSRW2kAaBpL87SxUfp2nh5wQVEFTlAxKpLtYnkJBzNkzznfaCC7bOExVADMDAoU3FJkp7kgbhWqnXC4oJxoLegrEbjxWqNiyNraKPd+jBMcnpej1Oxumg4qBRXDh77pSe9wOLApQoeAFJm73L0AzB/5IIzZHlT3203YKt1dZ9da+3xj6kvdoKtdbj+cA2p5QoDUwBG9njYosPGb5i5+JMppwEDPZ3BNa7Bnq+wEC4P36xaR6GEwQYGgCYmFaF98TYsKYURKsUTel70rPR0dDj22RHSBKbLFAMfwSgVeUuTuBRAdQHKYnLFoRZN1gUIeY9VLAH0v/lNVWAmg56mlnRJnKtqfuadHByo9AekBVZe8/EDMVjEPPids8YXPDeUwsIzoDRUUyC0TfeGvZ4S2J/vvryxaIh1F9w0AGj7NwP4CrXjtC9NEQw7hyOir53Nj/rqbfST7ih5osgih88nis/6LTBICBwKJwtNf+hRLcspzmC16mKQlQmHsboTj6sX2kS4u8FDafCyIFc6G29EhbWG3VGUa8s9kDR+xaQoLjgnW48zdykYMHPBbLTwJePhvrVr45NU7PIxOQURdiD7K/4dma6Fb3mH4fPHKmA+rPxRmEnHQ5Wi0aQoHjaGccF+pHK+DOCP8USiPaGX+kfyykeY6QZX2jN11gRy2u8ZDgw3sQgqIQedF3lWvQHQM7PXEGKRvg57Zs2pWl/PuML0GDGQh+et4p+ytU9Egzu6UxVbNNMCAMtgaeYsXK5/miiyRtoGcyU47HNWyq5XQaBSI/tmwxJ6HoZEIStE8CTig8xzgu33mLREcFbBeUH9zKzh18ZKBcYs8oxZMN23HYIY0ZHHVtikAy4Pq4alNsFvvK21yy/fz6KErdUJ7pLFz5bYIUTkpJ09AeI8sNwXk7SyhpS7NNMpUhtuzZD9n+Mi+r7HbeP4yBB7cavJoVZ8OGuU6vZ63RT2vAcUTG3Lfr+YVMllzbywfDsVpD411BGuV4DFIG6eClm2yU2q9XNFcsEwfy56MtMZb7RbulJx2O6sdYV4jiRXPQBQq0GXPUqG0zEHIOP+tU2Tq4W8Z8rUjkK8R+ZpO3uPqRAr7WRJrY1iXaOiXd10F8hHdsMP1SJKnVfQ2RR2kX2aHOPQVUlwDYlPKcmpaP0kqGaPAvbFWaiIxKVaqPRBE5fY1i4kYaMqe+/+r488hDwn89kq0A4dcLMDTmT1BKVG4MJQQvecXNLDiN9bwwh7P2d8QpCIzdtsU8Dd1YNm81hFoyvksjhFu1y5y5rZGVbc2zTrlb8xFxQT6iU2NzEmcZLlibGF4QDKp/aefXiwg3Y0FnHMWn9HPzVMEdMFKL35QG5s0Y7ScCJR99sHJ9DvJkHVaonlCpZlXCe8MuKvsYpXg7jrdPwZ+zK3FmqCaTFTMoFIc0te/Nwa7DkzNzbfCNNfdtjBw7rm8L4nLSgOcPy5nN8vb0jpwLd2GVtemKQgVLL4q3o6zTkSdlIGUtxF93HkAQ/p5tS7u7So7GD+u6jx9qoNcDcYS2/Wtw+QNduLS8LdaMoV1PbAKAZQ3cNqpHz1+X+pYTnAbPzRFtoLSCx6kvIOkDEVeyJpGm8s+LKjaxPCqfCAIFwz9afQtwDBJmzhu7RzbbT6Lx/jwLOqaFVHMnc41Hm11m7awtS5FpBZDXTcakWyIl3/wE9gyN25B/2LAzDoyZxCNdKmSUZPpeNYiM68uiHHxBo4B20xrizEZZqhtegtqgx1n5u405ecnAmpnVy0eL9aVK2xYO+ZRB2yqacH3m0CU3/r9IARrG8zWt+IkfeCVS5Vs4RG6j0R+G5GkLB3KMweNksdlRslyEIidJ1WzqoANxdC52+tTXYG6Eqklw9hrOoWFNlth0iz7+mIyJgvfvFyVB1EYNWJlEbkmkKqhU2YhXQqMA19/3yw6u2Xz60nIpewfCHyjs/EyQeE15M/LjR4fF1rr7h1kYLjnW/3HbanYWlzStlnniayFUqT0wm/vhTWhDygbFj3XXzBISjQ+mmpfgCdh/bE0KXmTTKJvQL4jKx7AuPzGAWOesfPIDHv2AjkhPSHERCmmDFL0hCPcpOeM7tUDOaxjZaZWVlnW+4boLhwWnxywIvjdo5cgz8Wbi5qbyocuB8J5N9FAeTxUjyPuyCthN6bYoXbdMkrxXx3al1H6HpU1tV3E2qHNmv9UyCAyPTigIZglSpVcqPWaLz8QMapIlsAZaAKI2vkUFUp4DKg2lUoekKUe77CM/DYk/DZH12+mPx2Wb6W1jIauaYqpINQK4/CLhENHDppKY6Ipl/rMJLyzUQavsd106CDouz+3avpiYvOmoIEYCcUcPS22p31LaWlUR1aroofCOwNlVr6xL/C9COeW9A4t0SCl/nDwGltHZcirkED8qPzUEnVJ48PBm29LnhsRlHpiUVK46EA0Abgzd+Rupf2SAPzifFUyNxFY3Mrs4k5ErjPFn3y5NFn48f7U2PKTWSrVGFNtVR4iwmh5hfn4t8sWwy+SkJShX5D+aE+tUsJ37ESPtlu/gnT5G6qL0SELK/IeU5mp3t50Ef2J9t4S8QAKBy4HjiYSs4DJOKCfXmrgt2L2q3W7LUi27HQZG+3yYIv6f7oTKTsrD2w2UluUm3Lm5Mjy9OEqIyd54xA0kgPsNv1X+S2NjpFo31CjsAewsWWqizfTP5btQV9AdXaLSa2oDjE2K5AAac/CH8eJbFuGJnUIosEuCG5jdX1Vtzy+ZI2hABPyjzDloUCNuTdK6THlOmP7H+gMyySNU2vgPf/0MGPL+zfJHYadP1gakZpI1VhLrqVGucPu0XuiTbDwtWbzbACVJ4P1zJgl2TyU545/iLIIlau0vEkBoFfiPmXIX1F+jDWn2OSsRENcto9rN5taUAznqMlaix558HEnF6ZxKKU++wJH2eD+joGnqXfFADcCgsOuNF+P6zyrzW8GwGi7wbhIphJnM5BVSAv9YjJHGr85RCeXczfpUdo8V6SSjFXv9kBfi5yK+gL9kJvIY4BDml4QWv385Mq2SBXrQiVYF3gg2GPblIkyDFLTttEiUo8kgy/OYm7vDocc6zqMoPPFa/JwW2+O/0zhQCx1TxQTQNqYT3Bq3Gp0afR3yYulocrYepazZb+YqSTDyS4TscKuxCOEVny/UVLtLBoE0ya1tE1DcQgKwLDPVHE8eGvZYulc24IUXES3ad/0uA0GNdZDDd+CCp2HgSRsbqxzPTyTbwYaq4PHTqdebrgCjBMa+CN0LUMCE7aYHKXZnrucWZnse6Dlk/i3yLJ+6PPxCNbpMzbra33yXN+W8ewppIztHjyBnZCqmNVw924ShoKE15oOS+3/NnlTLRPYKZsuC5aB7UwMcqCQerUlky/1PkiB9th8qPaLPFidRS0MKGQHBGjW7tRkHUEKad6HdWs76Gk/PXs6Z4A3RC4mJ+nf9SIudBUS/s21XebRFGnvflwIoiRxXdU9SicH10b2KfTcxSkKp21dmaUmBbkHOM04r6eE/N84+F+fEmOCdwOwou5Ocp4ZNjzEpChOCtpMiIEnS+gkDyI9cGVk/zP1dhVaT6/YwIUSJJoOs4bTt81EHbpmTpb8OArqdwTmETkn/ZmcdalI7b9Bpxhb5a7jC9H5TWVXimHuR5zTlJ51lDCdrM26n1O57fW2Dq9piMfVn1b907Lrok6k7o6JgX4RM9IlYf7Tw6GqSYemji48vW52F8TMk2QOkCxgXklJL1m2OXeFRuLDLNei6/cOJ135ixRWPLsJmDpmY3EOVuXRoqCwohy8y8s8S4nXIC7fk9hDhXhAcK+aiI51Mm6J40WmvPp+viYPqnwisaJLeV4i/sIPxjfN/5odxqAxt+0FWVgKtiRmrMoPPrwQkIddoz4X5P00GeAv8fwgV6eHqXTouL3kDAkelwNDQ5WOmgsE6sMPjKFKpfi0d+51urlBi55sbM0oGCnPX9NA5V+ovvJIBjAQb2w2y05w/NSthn6E4J+qP7qnnpi/KQW2Li55RGnhsyxR/Ea1hColxjjFb/f+cg1hPj95hJ4U2AUVTNJkzIguYFLE7JFcp8ZVY5OjW/jbQIggg6t358VwIUcJOtc6Ix9xg5A1HpwFRoUAX6b2P0jEBpI87uqBfdOLowUOI0o4qF10iKaz/dbk+AZ7V/PbhtyehD3HyOzKF4z3FIyqqv84vrcGXAFCIo7hTrjKMbQuQijbbG3lXlETgM8dl+vC5cY0TXmUs9dS3T+d3HElvApBQHr5vO6K0Ms=,iv:ewOrUHdFPeKn0wlxdgu1vKPSS59WnPsS2BxbLJX2FUk=,tag:gUxJFCQCX/RhpxpBrUtnWA==,type:str] +mautrix-whatsapp-env: ENC[AES256_GCM,data:aUMVbGWRWu7RSUOKyf1LiH1WIJEMh8GliA08QKCuRdPpPyTfgtFrv3cTbU5Eu35tm7luUXVeML7fOrq9wkZeMHWcvTHqbP5TDWJLoRN9LsrFoCH7La+4vtYeSPLG,iv:K4aMydcssd5WLyzAvkGtB3BJsQR8sQg0sFy8RV1bFUQ=,tag:6o+zQgQYgcOCcuWFDjrFeg==,type:str] +mautrix-signal-env: ENC[AES256_GCM,data:udu4+Ih1oW1zYDNxyH7vqcD/r8OqghLndhOYZvjTnUmv0Q+kbVN3yjKywtTMHkIakYLTCp8wlr09FWXzbP6lnL7/rFSF2aoZilFhyUesnpKFaFWU8FBwiRFj2Q==,iv:Yq/8ZQ7MoRgSM8u5PN7BQjFhU1u4nT5eNmSiSfeVlsw=,tag:nwJCOPDoB4QlGhzMVtvCzA==,type:str] +mautrix-discord-env: ENC[AES256_GCM,data:dYFZCqz5tx/WtzUNkgwd4qQ4vWYiODLBFtKXyl5Lex9jZ/ROybRacgDQfFQKd7FyA/wUbovFetcm32rsUUw+fVvPXxG/BTrpaOrwo2Q/Id28dENwc4WfQsBDiWFLmEAkv1HP24t1fqSEzCSzDfbtzj/OkWiV0abqgxJLz4p0DtLZmYhv9foiG7MzJHoYg7CAtAVexX2q+qrIsL+SCyQXtkfvk/HGo/0ARAaetjRWJjdr9LBPIDRNbxZnAEgqsoEz7reTFcxWkTbNcEKcarTuGYQsjDfEqJuAj/EMccfTN3UDeEc7JXzF5liaOuDN2wNqjR5xVvqpuf87i5hdjUN0jyv8igKRmH3HuZvkB1gPeW8=,iv:hMM+hcDihy0LJvROtOju0aGRKYDja1/lOmlCGF5+Qg8=,tag:26hpu2JeyQ57IlML4SSUyQ==,type:str] +mautrix-mattermost-env: ENC[AES256_GCM,data:dhuTqxVF7zfMf81UDktW0X+nhjheVpImgcfFPvRen3AnRzEZCSu0y5kfip+vYqBkW0+iMMsfGLqtfmPxrlJ+7EFt3+hB/UmG9p21VkBe7NR2ngpgAJ/4TvJgJjsUNK4THymdkybcw+Eu/Y75I1EpPdJHDEz7zWxbgCNQKSZwge98yqw81NP4of/R8GbBTWWuY7KjpXf/HQiyBicT50lJUZ0QHXlWQ4IHJafBhdZl/lSsK9yttpYatKnbOFgIbfHB9byRzilymW+YbeDTwwZSWPf3sX/oHhW5ZDFqA9VezZ3OGO927Nlwv7duZoiSFA24sBioucQCH/1QoRl+oCZb8yysm37M++elqhmzJTQAuu6uWJgzo4Q24Pk=,iv:bvDe62lvkNJ/wSjd8IjCRA2B5QRf3U8R4N3L+xlrP3g=,tag:VQTAgyuEd0MfuFIsU/dK5A==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMkl1OGpYYmxUd1AvejdG - WlRtOXh6TjhPTTlyNmtHZFhRQ1Z3OFJOckFBCktGbEcrZHR1MHRQanhxaGpWQUNB - ekdVMkZQU3FkbDlURklLNlJyNENDRHcKLS0tIDdxSkVBMnhkS0dMZFJ6bGs5V0lV - TThyY2hQeTRIcnpQKzYzbXdlUVQxaUUKE0jgn7aNzN/jnJzLabYPkEw6hSxEbTK4 - dbaccqGjDs/ubiD2ajtsX2/BhARSfsA400vZu/gXBLF9+bzJ3paM3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Vi9lUkZmMjZZTlF3cktE + aDU0YjhzbVpVVFNMSWxPck45bnZqREFwQkNvCmhNUk85YnFuMmFIMkl2SkZ0N09Y + dDRrRGZ2OW50NjZvOGtlVDdOUDdIdHMKLS0tIHBYRVp5MXVTY3FRbnVxZ0RoaUpm + YTVaLy85a1UxQUhSdEcrMXlhRE5RcHMKaIT3TdG8hcdjLcXhPJEUszcVl8LVEjzT + C/pEj2P8ve1zWIewPRZ0F6CPd9eev3QpOIl8tDEcpSxAMWR9OHRAQQ== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycjIzMzVoWmRKUWc3U2Vi - Z1dhYTB4Y3ZoeDU1Wng2M2F4ZDBjd0tvcjFvCkRYVlhiWXFlTFdWazcyMG9xSnd5 - Z3h0U3J0MEIrYWZQaDlwUFR4MDVidFUKLS0tIGErakZGRUpEN1RqRVhrRGp6bTNP - S3JmQnFEL0dWRU02dUI5T0RldXFvSWMKT9t6jWeX51XlE27BoKnUsrgWz5jn4ygf - +gqh2KUQPmVooPAooTXl6SVBuqaak+A5kv02/5iiKdKS30m9nEOgUg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaOHdIVzgrQmxFczhxbUZo + YzBMSml4MWVRdktlQkpnaU1wK3VuN21oUVVnCkVqQWdPNHZMU0pxUXdIMXArRmwz + emk2bkphblZDd2JyMEpiSW04RUNGTmsKLS0tIEpHWHExVmdxNjU5bnBGelhoSFVQ + YUI5azEyVEc3UWNQdWV1eHZSQXJOeVEKuQSRTedJXoXOW+A9qmGESbbt0Zaddf2G + Bj5mmvkbq1u1XkhulpJiAtTSIA9gSo/pYWWbNNxS+yIuqh/QJRzt0g== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dktnemgySlhZbFUrYjl0 - aTB0QlpkL0lReFJONjBvczF1MGMyU0ozRjNzClpGaDlqUWRTbWVDb0hPRys5T0x3 - eVd6cXBrNDR0YlJLQVJoN2QxeEZQaW8KLS0tIDAxVXd0TTNZWmFNM0F2ZEJnTUZZ - NlNWTnJjWTdNdXRjTjRRWk9MZGp6SWsKMvtB5iYQfa3GFYzf4w5peWuf7zf55Dhj - 9bNf/AzapwW1czt684gkpPLxMlBOFqj+0hVks1YZn7QLtB1EcnAbBg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUC93a0Q2d3ArNG9XQmhy + cTZIYlVpSTJvWjN3WUVaditWaXB1ZW5DM1dJCjVaODlPNWxDazRUcjk4ZlNSWXYr + QWY5SXJXRTdqb1E2T0pHcHpsb3JCaDQKLS0tIEpuWTd4dCs4WEUvQTJyQ2NUcVMy + N2d0RFA5ZDB3WmtPME1UVE1HVHVZc0UKIeLd4dZHY5aOhyhNFq3a2JG8PMd8o5fi + KiirIf4+CeBpanvth+H9Ql5MhnysmtLYMcvu68mLHHeIUW5gs09fRw== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeks5anEwU2FnVTZNbXpI - cWZiMEpQL1d5bWRpcU84OUZSOURxMXlkaW00CmJKVGppVTFRelBqYm9oTVlYT2RC - OWJLWFFuM05TVUhPZFlsWDhMRGdra3MKLS0tIFpYTjZPbXRlZTJ1cDV1ZFRlZFYr - WUJqaXo0YlR0d3FXb05zYnFFRlhtT2cKFxPi681ZwL3Pr3pyE6cJ0QFxWAGFcI6g - i772pQ/Yqxr81bj3hCSE+vHg0GGV9oGj5La9jdKFVrV7DcW52Rd0gQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dllKMWtsdU95Vi9oZlp2 + ZmhKcTIrdVJxYSt5SGNaWWpuQTJDbVBndmlRCnVGY2ttTVlXSjFnVVFIUXdBcW1R + R1pESXp5NmxaaDY1RGxCUWRNNGF0Q0UKLS0tIE1icFlBQVc1Q284ckNBQXd3Y05r + U0FHTGl4VXlLRXRyUVNEbUFzenZtYmcK3GxpuzsLCqwqoOekguOZfVbm+jz2gwUe + 1DBpy2HjSAKAuOWuieE5en5mBHbz4clrMGChq0VXCgPptfjUs/ILmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-02T08:06:35Z" - mac: ENC[AES256_GCM,data:rWFIxCen7QsSVk4aRU19RejHyN4dympO6h+qEOUmS93eKIi8hMidiHBembLKn+R20CcrX1eKGUVfcazThRQ9RbLEV+amKV2Z3rrQWmTrKu4glCZf7Pnjex9rzSLWYo73inG7n50/bXa/6jP+HPeoBcsdzNpomIogm2ZDF4qDVcY=,iv:ZsxzVWp2B7F0dYAoUGbRi2PsJT1dV9JzrmmldwS66/g=,tag:x/jjfHX6ZyczRfpzqoNAWA==,type:str] + lastmodified: "2026-03-02T12:45:20Z" + mac: ENC[AES256_GCM,data:jdqQ5wLTYgkJ/Iiz0ZzOyg4hFJrIQ2NRwpKEUFr4EV/O6qFpErjVk+VmSaU8JN9uUht7DYWBsd4A2abvRmVn/MIqKsPMgvv4+pwtaWwcHKeujv8ShisyX9eBbpQgyq3DCehjbjleh+F7J6hTDP1gcDGtgiZov8C/OtIYVZt65kg=,iv:SLAZyywg1DibuxCerTKHS7z2nwnE3H+h7SknAsxSUDM=,tag:aVcAYB07G8yrC5KmWKJeng==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/utils/modules/mautrix-mattermost.nix b/utils/modules/mautrix-mattermost.nix new file mode 100644 index 0000000..ab04b2f --- /dev/null +++ b/utils/modules/mautrix-mattermost.nix @@ -0,0 +1,400 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.services.mautrix-mattermost; + dataDir = cfg.dataDir; + format = pkgs.formats.yaml { }; + + registrationFile = "${dataDir}/mattermost-registration.yaml"; + + settingsFile = "${dataDir}/config.yaml"; + settingsFileUnformatted = format.generate "mattermost-config-unsubstituted.yaml" cfg.settings; +in +{ + options = { + services.mautrix-mattermost = { + enable = lib.mkEnableOption "Mautrix-Mattermost, a Matrix-Mattermost puppeting/relay-bot bridge"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.mautrix-mattermost; + defaultText = lib.literalExpression "pkgs.mautrix-mattermost"; + description = "The mautrix-mattermost package to use."; + }; + + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = format.type; + + config = { + _module.args = { inherit cfg lib; }; + }; + + options = { + homeserver = lib.mkOption { + type = lib.types.attrs; + default = { + software = "standard"; + status_endpoint = null; + message_send_checkpoint_endpoint = null; + async_media = false; + websocket = false; + ping_interval_seconds = 0; + }; + description = '' + Homeserver configuration. + See the mautrix-mattermost example-config.yaml for more information. + ''; + }; + + appservice = lib.mkOption { + type = lib.types.attrs; + default = { + address = "http://localhost:29335"; + hostname = "0.0.0.0"; + port = 29335; + database = { + type = "sqlite3"; + uri = "file:${dataDir}/mautrix-mattermost.db?_txlock=immediate"; + max_open_conns = 20; + max_idle_conns = 2; + max_conn_idle_time = null; + max_conn_lifetime = null; + }; + id = "mattermost"; + bot = { + username = "mattermostbot"; + displayname = "Mattermost bridge bot"; + avatar = ""; + }; + ephemeral_events = true; + async_transactions = false; + as_token = "This value is generated when generating the registration"; + hs_token = "This value is generated when generating the registration"; + }; + description = '' + Appservice configuration. + See the mautrix-mattermost example-config.yaml for more information. + ''; + }; + + bridge = lib.mkOption { + type = lib.types.attrs; + default = { + username_template = "mattermost_{{.}}"; + command_prefix = "!mm"; + double_puppet_server_map = { }; + double_puppet_allow_discovery = false; + login_shared_secret_map = { }; + management_room_text = { + welcome = "Hello, I'm a Mattermost bridge bot."; + welcome_connected = "Use `help` for help."; + welcome_unconnected = "Use `help` for help or `login` to log in."; + additional_help = ""; + }; + encryption = { + allow = false; + default = false; + appservice = false; + require = false; + allow_key_sharing = false; + plaintext_mentions = false; + delete_keys = { + delete_outbound_on_ack = false; + dont_store_outbound = false; + ratchet_on_decrypt = false; + delete_fully_used_on_decrypt = false; + delete_prev_on_new_session = false; + delete_on_device_delete = false; + periodically_delete_expired = false; + delete_outdated_inbound = false; + }; + verification_levels = { + receive = "unverified"; + send = "unverified"; + share = "cross-signed-tofu"; + }; + rotation = { + enable_custom = false; + milliseconds = 604800000; + messages = 100; + disable_device_change_key_rotation = false; + }; + }; + provisioning = { + prefix = "/_matrix/provision"; + shared_secret = "generate"; + debug_endpoints = false; + }; + permissions = { + "*" = "relay"; + }; + }; + description = '' + Bridge configuration. + See the mautrix-mattermost example-config.yaml for more information. + ''; + }; + logging = lib.mkOption { + type = lib.types.attrs; + default = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + description = '' + Logging configuration. + See the mautrix-mattermost example-config.yaml for more information. + ''; + }; + }; + }; + default = { }; + description = '' + {file}`config.yaml` configuration as a Nix attribute set. + ''; + }; + + registerToSynapse = lib.mkOption { + type = lib.types.bool; + default = config.services.matrix-synapse.enable; + defaultText = lib.literalExpression "config.services.matrix-synapse.enable"; + description = '' + Whether to add the bridge's app service registration file to + `services.matrix-synapse.settings.app_service_config_files`. + ''; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/mautrix-mattermost"; + description = '' + Directory to store the bridge's configuration and database files. + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + File containing environment variables to substitute when copying the configuration + out of Nix store to the `services.mautrix-mattermost.dataDir`. + Can be used for storing the secrets without making them available in the Nix store. + ''; + }; + + serviceUnit = lib.mkOption { + type = lib.types.str; + readOnly = true; + default = "mautrix-mattermost.service"; + description = "The systemd unit for the bridge service."; + }; + + registrationServiceUnit = lib.mkOption { + type = lib.types.str; + readOnly = true; + default = "mautrix-mattermost-registration.service"; + description = "The registration service that generates the registration file."; + }; + + serviceDependencies = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + cfg.registrationServiceUnit + ] + ++ (lib.lists.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + ++ (lib.lists.optional (config.services ? matrix-conduit && config.services.matrix-conduit.enable) "matrix-conduit.service") + ++ (lib.lists.optional (config.services ? dendrite && config.services.dendrite.enable) "dendrite.service"); + description = '' + List of Systemd services to require and wait for when starting the application service. + ''; + }; + }; + }; + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = + cfg.settings.homeserver.domain or "" != "" && cfg.settings.homeserver.address or "" != ""; + message = '' + The options with information about the homeserver: + `services.mautrix-mattermost.settings.homeserver.domain` and + `services.mautrix-mattermost.settings.homeserver.address` have to be set. + ''; + } + { + assertion = cfg.settings.bridge.permissions or { } != { }; + message = '' + The option `services.mautrix-mattermost.settings.bridge.permissions` has to be set. + ''; + } + ]; + + users.users.mautrix-mattermost = { + isSystemUser = true; + group = "mautrix-mattermost"; + extraGroups = [ "mautrix-mattermost-registration" ]; + home = dataDir; + description = "Mautrix-Mattermost bridge user"; + }; + + users.groups.mautrix-mattermost = { }; + users.groups.mautrix-mattermost-registration = { + members = lib.lists.optional config.services.matrix-synapse.enable "matrix-synapse"; + }; + + services.matrix-synapse = lib.mkIf cfg.registerToSynapse { + settings.app_service_config_files = [ registrationFile ]; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.dataDir} 770 mautrix-mattermost mautrix-mattermost -" + ]; + + systemd.services = { + matrix-synapse = lib.mkIf cfg.registerToSynapse { + serviceConfig.SupplementaryGroups = [ "mautrix-mattermost-registration" ]; + wants = [ "mautrix-mattermost-registration.service" ]; + after = [ "mautrix-mattermost-registration.service" ]; + }; + + mautrix-mattermost-registration = { + description = "Mautrix-Mattermost registration generation service"; + + wantedBy = lib.mkIf cfg.registerToSynapse [ "multi-user.target" ]; + before = lib.mkIf cfg.registerToSynapse [ "matrix-synapse.service" ]; + + path = [ + pkgs.yq + pkgs.envsubst + cfg.package + ]; + + script = '' + # substitute the settings file by environment variables + # in this case read from EnvironmentFile + rm -f '${settingsFile}' + old_umask=$(umask) + umask 0177 + envsubst \ + -o '${settingsFile}' \ + -i '${settingsFileUnformatted}' + config_has_tokens=$(yq '.appservice | has("as_token") and has("hs_token")' '${settingsFile}') + registration_already_exists=$([[ -f '${registrationFile}' ]] && echo "true" || echo "false") + echo "There are tokens in the config: $config_has_tokens" + echo "Registration already existed: $registration_already_exists" + # tokens not configured from config/environment file, and registration file + # is already generated, override tokens in config to make sure they are not lost + if [[ $config_has_tokens == "false" && $registration_already_exists == "true" ]]; then + echo "Copying as_token, hs_token from registration into configuration" + yq -sY '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0]' '${settingsFile}' '${registrationFile}' \ + > '${settingsFile}.tmp' + mv '${settingsFile}.tmp' '${settingsFile}' + fi + # make sure --generate-registration does not affect config.yaml + cp '${settingsFile}' '${settingsFile}.tmp' + echo "Generating registration file" + mautrix-mattermost \ + --generate-registration \ + --config='${settingsFile}.tmp' \ + --registration='${registrationFile}' + rm '${settingsFile}.tmp' + # no tokens configured, and new were just generated by generate registration for first time + if [[ $config_has_tokens == "false" && $registration_already_exists == "false" ]]; then + echo "Copying newly generated as_token, hs_token from registration into configuration" + yq -sY '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0]' '${settingsFile}' '${registrationFile}' \ + > '${settingsFile}.tmp' + mv '${settingsFile}.tmp' '${settingsFile}' + fi + # Make sure correct tokens are in the registration file + if [[ $config_has_tokens == "true" || $registration_already_exists == "true" ]]; then + echo "Copying as_token, hs_token from configuration to the registration file" + yq -sY '.[1].as_token = .[0].appservice.as_token + | .[1].hs_token = .[0].appservice.hs_token + | .[1]' '${settingsFile}' '${registrationFile}' \ + > '${registrationFile}.tmp' + mv '${registrationFile}.tmp' '${registrationFile}' + fi + umask $old_umask + chown :mautrix-mattermost-registration '${registrationFile}' + chmod 640 '${registrationFile}' + ''; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + UMask = 27; + + User = "mautrix-mattermost"; + Group = "mautrix-mattermost"; + + SystemCallFilter = [ "@system-service" ]; + + ProtectSystem = "strict"; + ProtectHome = true; + + ReadWritePaths = [ dataDir ]; + StateDirectory = "mautrix-mattermost"; + EnvironmentFile = cfg.environmentFile; + }; + + restartTriggers = [ settingsFileUnformatted ]; + }; + + mautrix-mattermost = { + description = "Mautrix-Mattermost, a Matrix-Mattermost puppeting/relaybot bridge"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ] ++ cfg.serviceDependencies; + after = [ "network-online.target" ] ++ cfg.serviceDependencies; + + serviceConfig = { + Type = "simple"; + User = "mautrix-mattermost"; + Group = "mautrix-mattermost"; + PrivateUsers = true; + Restart = "on-failure"; + RestartSec = 30; + WorkingDirectory = dataDir; + ExecStart = '' + ${lib.getExe cfg.package} \ + --config='${settingsFile}' + ''; + EnvironmentFile = cfg.environmentFile; + + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + PrivateDevices = true; + PrivateTmp = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + LockPersonality = true; + ProtectKernelLogs = true; + ProtectHostname = true; + ProtectClock = true; + + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = "@system-service"; + ReadWritePaths = [ cfg.dataDir ]; + }; + + restartTriggers = [ settingsFileUnformatted ]; + }; + }; + }; +} diff --git a/utils/overlays/packages.nix b/utils/overlays/packages.nix index 25a59b8..719929a 100644 --- a/utils/overlays/packages.nix +++ b/utils/overlays/packages.nix @@ -5,6 +5,7 @@ self: super: { openaudible = (super.callPackage ../pkgs/openaudible.nix { }); openmanus = (super.callPackage ../pkgs/openmanus.nix { }); ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { }; + mautrix-mattermost = self.callPackage ../pkgs/mautrix-mattermost { }; claude-code = self.callPackage ../pkgs/claude-code { claude-code = super.claude-code; }; # Python packages diff --git a/utils/pkgs/mautrix-mattermost/default.nix b/utils/pkgs/mautrix-mattermost/default.nix new file mode 100644 index 0000000..ee7c3ad --- /dev/null +++ b/utils/pkgs/mautrix-mattermost/default.nix @@ -0,0 +1,30 @@ +{ lib, buildGo126Module, fetchFromGitHub, olm }: + +buildGo126Module rec { + pname = "mautrix-mattermost"; + version = "0-unstable-2026-03-01"; + + src = fetchFromGitHub { + owner = "bostrot"; + repo = "mautrix-mattermost"; + rev = "f7996f0e4acd68b24f2a1a88961712682b6017a5"; + hash = "sha256-J8CJd0tsTLHJRyRVP8fVnzsCS5VV9iXr1epA6P2Qec4="; + }; + + vendorHash = "sha256-r4mmSEzx/oSv0OutLuXe7LwODUJaSwuQ/CNFZNqw5+c="; + + buildInputs = [ olm ]; + + # Disable CGO except for olm + env.CGO_ENABLED = 1; + + doCheck = false; + + meta = with lib; { + description = "A Matrix-Mattermost puppeting bridge based on mautrix-go"; + homepage = "https://github.com/bostrot/mautrix-mattermost"; + license = licenses.agpl3Plus; + maintainers = [ ]; + mainProgram = "mautrix-mattermost"; + }; +} diff --git a/utils/pkgs/mautrix-mattermost/update.sh b/utils/pkgs/mautrix-mattermost/update.sh new file mode 100755 index 0000000..2cb220e --- /dev/null +++ b/utils/pkgs/mautrix-mattermost/update.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p nix-prefetch-github jq cacert + +set -euo pipefail + +cd "$(dirname "${BASH_SOURCE[0]}")" +repo_root="$(cd ../../.. && pwd)" + +owner="bostrot" +repo="mautrix-mattermost" + +# Get latest commit from GitHub +echo "Fetching latest commit from $owner/$repo..." +commit_info=$(curl -s "https://api.github.com/repos/$owner/$repo/commits?per_page=1") +rev=$(echo "$commit_info" | jq -r '.[0].sha') +date=$(echo "$commit_info" | jq -r '.[0].commit.committer.date' | cut -dT -f1) +echo "Latest commit: $rev ($date)" + +# Update rev in default.nix +sed -i "s|rev = \".*\";|rev = \"$rev\";|" default.nix +sed -i "s|version = \".*\";|version = \"0-unstable-$date\";|" default.nix + +# Fetch source hash +echo "Fetching source hash..." +prefetch_output=$(nix-prefetch-github "$owner" "$repo" --rev "$rev" --json 2>/dev/null) +src_hash=$(echo "$prefetch_output" | jq -r '.hash') +echo "Source hash: $src_hash" +sed -i "s|hash = \"sha256-.*\";|hash = \"$src_hash\";|" default.nix + +# Set placeholder vendorHash to trigger build failure +sed -i "s|vendorHash = \"sha256-.*\";|vendorHash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\";|" default.nix + +# Build to get the correct vendorHash +echo "Building to determine vendorHash..." +cd "$repo_root" +build_output=$(nix build --impure --no-link --expr 'with import { config.permittedInsecurePackages = ["olm-3.2.16"]; }; callPackage ./utils/pkgs/mautrix-mattermost {}' 2>&1 || true) + +vendor_hash=$(echo "$build_output" | grep -oP "got:\s+sha256-[A-Za-z0-9+/=]+" | tail -1 | awk '{print $2}') + +if [ -z "$vendor_hash" ]; then + echo "Error: Could not determine vendorHash from build output" + echo "Build output:" + echo "$build_output" + exit 1 +fi + +echo "vendorHash: $vendor_hash" +cd "$repo_root/utils/pkgs/mautrix-mattermost" +sed -i "s|vendorHash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\";|vendorHash = \"$vendor_hash\";|" default.nix + +# Verify the build works +echo "" +echo "Verifying build..." +cd "$repo_root" +if nix build --impure --no-link --expr 'with import { config.permittedInsecurePackages = ["olm-3.2.16"]; }; callPackage ./utils/pkgs/mautrix-mattermost {}'; then + echo "" + echo "Successfully updated mautrix-mattermost to $rev ($date)" + echo " Source hash: $src_hash" + echo " vendorHash: $vendor_hash" +else + echo "" + echo "Build failed after updating hashes" + exit 1 +fi