From f47bf3b5c7c4c03a7f4e2aac7856e6e8a6dc360f Mon Sep 17 00:00:00 2001 From: sefidel Date: Fri, 22 Dec 2023 19:13:18 +0900 Subject: feat(modules/matrix-bridge): configure double puppeting --- modules/services/matrix-bridge.nix | 33 ++++++++++++++++++++++++++++++++- systems/cobalt/secrets/secrets.yaml | 9 ++++++--- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge.nix index 04f51be..2a96e01 100644 --- a/modules/services/matrix-bridge.nix +++ b/modules/services/matrix-bridge.nix @@ -18,6 +18,22 @@ in }; config = mkIf cfg.enable { + sops.secrets.double-puppet-as-token = { }; + sops.secrets.double-puppet-hs-token = { }; + + sops.templates."double-puppet-registration.yaml".content = '' + id: doublepuppet + url: + as_token: ${config.sops.placeholder.double-puppet-as-token} + hs_token: ${config.sops.placeholder.double-puppet-hs-token} + sender_localpart: 55e126746dad19e50d9c4e646b6f5ac9ba21b346a24b840330cd8d8a1d65ce80 + rate_limited: false + namespaces: + users: + - regex: '@.*:exotic\.sh' + exclusive: false + ''; + services.mautrix-telegram = { enable = true; @@ -56,6 +72,10 @@ in require = true; allow_key_sharing = true; }; + # NOTE: python bridge - managed via env variable + # login_shared_secret_map = { + # "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN"; + # }; permissions = { "@sef:exotic.sh" = "admin"; "exotic.sh" = "full"; @@ -112,6 +132,10 @@ in require = true; allow_key_sharing = true; }; + # NOTE: python bridge - managed via env variable + # login_shared_secret_map = { + # "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN"; + # }; permissions = { "@sef:exotic.sh" = "admin"; "exotic.sh" = "full"; @@ -155,7 +179,9 @@ in }; send_presence_on_typing = true; double_puppet_server_map = { }; - login_shared_secret_map = { }; + login_shared_secret_map = { + "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN"; + }; private_chat_portal_meta = true; mute_bridging = true; pinned_tag = "m.favourite"; @@ -213,6 +239,9 @@ in require = true; allow_key_sharing = true; }; + login_shared_secret_map = { + "${cfg.domain}" = "as_token:$DOUBLE_PUPPET_AS_TOKEN"; + }; permissions = { "@sef:exotic.sh" = "admin"; "exotic.sh" = "full"; @@ -256,6 +285,7 @@ in "mautrix-signal:/var/lib/mautrix-signal/signal-registration.yaml" "mautrix-whatsapp:/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" "mautrix-discord:/var/lib/mautrix-discord/discord-registration.yaml" + "double-puppet:${config.sops.templates."double-puppet-registration.yaml".path}" ]; services.matrix-synapse.settings.app_service_config_files = [ @@ -263,6 +293,7 @@ in "/run/credentials/matrix-synapse.service/mautrix-signal" "/run/credentials/matrix-synapse.service/mautrix-whatsapp" "/run/credentials/matrix-synapse.service/mautrix-discord" + "/run/credentials/matrix-synapse.service/double-puppet" ]; }; } diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index 2117961..14e0df2 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -7,7 +7,10 @@ matrix-server-key: ENC[AES256_GCM,data:gv1zTWRNqmpB/WtPGwYahm9BnCNNsuzKN5oMTnkv1 matrix-shared-secret: ENC[AES256_GCM,data:Xv9pOMA/kUJUrYxdXRA7NTrbkFvVsA==,iv:J3rZJGJ1cQPyhBK5lcd04dv2cGbhAvjg9IEQeXU+K/U=,tag:3YD3/MMUsVPnbW3ZUuf11Q==,type:str] synapse-extra-config: ENC[AES256_GCM,data:bJh9nMzZvP36Uwe7x03MLEk2N+FKq2V2YAFJT43vhMQ/XkvdN9yAeWhlxPGNEtl2wcMpCLnqbVAtfhJVI4VI5hGnue5HZz4Q51lbVQr2ZwzWuU6I25mY,iv:2qJuuyBlwgSWx5dkxGDbHhTW7ajI68lPgrvjdHmNTZ8=,tag:xRM6XGlitvcf+MrxBQ9GDw==,type:str] mjolnir-password: ENC[AES256_GCM,data:dyM2VVxn1PFRXy5dgfvq3EuWyGDhDZvJOd1sTnKE5q0Arv1y,iv:DD80um8QXLybj1w4ZsxPbv3+s2NrQfpPDAEpkztkMFo=,tag:3ZEJ7V+ICh2Ip5gZt06zjA==,type:str] -mautrix-envs: ENC[AES256_GCM,data:1ocnZg7g6bLo+hjBMLqNQas2TXT1fiVz5HGYQId6LlsrdQ2zHlxtWF8AIQCRhzS3EvVhNjqqKYhAK7cYVYNcTBXhHKqFUlvN4NPJ3ItFl1y5ULkDXrt8Mj3rP4aotKIby4RmR9c5FSaL8U0zDFhe+Yd0cadLfH9WadYZtHJcww9MRsIhb8cS5SVhyhuYMwtNWms6ypOJ1kk+FCDAsV5hbps7J/8LL53eJySuG1TIo7L+ADnC5ZA15EDp1+FQsMIAhh7Ck5703DlInimCgc0IV6x4Qtba36buFbY9cmHTTfn2fC/ykJGE27HLT9RgpDo8gbNUCr6tZNxZ/02sXriKTEJj//4HG4smfZRlzgBerwsOxDAt0Gp0Pn8PKN8Cz4QdBa8wg/terOgQkTNB5UKXNRU3k90YpXlCzCtKvALKIrXLqgu8aWU8hjuERdBCljirh6LhuguQtG0W1+MGTecH5aGRAQr4Uim4pF0vm0vvzs1+KQHyqfgp8NcZgNLED+cd1NTZX16AUnyAAO7ZXgxa8WnJbcA2KRv+GlH69uXhgrphlqQ+JFSLYAvK3mRtaZbds11bFHq4CcnXEAyzK7dNrOe2/TdDZSVA3giM39LX4m9cqkVJM1k8Um0e54MtR5rdezv8omBqM5ACQMfBplUA/ELY1pTJWWtciHEEKQknLsXZwZPIMH9EaD3p9lbJpfdKP4CaqjWcAMsvwmy57PW2mGMWhRBwWGzlR86Aw+qzIHbn2UqmVOfKKR3++BZsgBA+VeR9n8QNkm4oi6n/K5Grpii8+sv7e6ochuF0gSAX4QT2CUl2KGRNEo2htb2G1fM+dNuzYVkZH91GMZJQ98YDkB6rMabQ50Hfj4r1qVbpYCW3Q1V6zd5kVF/aFfB+EBr3+W1m5IteW3Rho0dVGjvfLBCCKac5Yv3fqsRzm9CezNE0THWr/lai6glfUU+ejP/ZdxABIOjGyHN2y7JD2ZWTJjfvyIe0KZvNTro9wnORoaFgU2JevOkQjqgE6Flk9lonKliJpbzFhgRiibkd1kXpoIYqxslgtGPl5W1YseBurUMK4zDXL6+Z+hCuMUcGWdIMM+DPv6kNHB26j7HdMESV4UGGT4Bx86TjiEeERK0LvvoANgGRU32AO3nPbIWqAvM5gAuE7kf8R7PSruMY2No8EyKpuueMePY8hvCMlSq2/1SVkUYmScQuMeG9x54geAGxRyXVKnZq9gBL6isnHpfC0pjrvKwBRy3dsiL6qETcXfKw/LcNv+7yiYa73pDcxj5O2phyMwQYqWmzH3NmaCCjB7zznHSDawxoNIcz1oUIFZm+srPlN9mvxqQxM1o=,iv:wB2tF/YJAiHr8CtqxYlXSxqEpnMzVyGSL3iGFRP5OtU=,tag:Sg4fXeNt8WfpEoTPEOlrTg==,type:str] +#ENC[AES256_GCM,data:Qp2qzobiQ1q5JQboo9fRG/HUhyqoYEF4EmBd/DFt46Y9i4dCU+kbEHnqGOvb6zdOgAcIo1L/8Z4ZutGiRnvkJFnrbA6r/bf3LJOilLsVbg==,iv:TCj3cjZcLhHNVv6fDwx092D2YHRwIwaRj1Vuw56BYQs=,tag:gMAkM++w92fFwRrMv5AGLA==,type:comment] +mautrix-envs: ENC[AES256_GCM,data:Aoggf5HUOYV8YhJXck/W1EL7HGp4Tus2bjetPmeRNWB6teZeo8LP8j+IlqM43i6wnaTUnjLf1KxLEjKbsjMBL8OCJXLzZpOlm9FkVN47pI4ItjFnZlAyc951fQ8j0p3z+EVPKoH10El1fFd1GCmu5Y8ZJCIo/kaO/LOl2m0iLSMViPh7NMf7KOVQbTmMRSf+TwfzrdXoX58YRAIYX+NbfRkaxjZ16FAbGbAoClLk0SUjJ/4zvnVQWLPPzuCDo+7oTof769kVdzCVe5j174ocKxekYxmodq05zOHAJ0p5VBTe/MF2nSyLGU7j79gaOBsdpzYvNTv9DeCWVTPAKI7HoKkt804q7Ea+mtA5QJLOl3WbDbCjnzAt59vESKx64oouthuLhNaMU6gqcb+7dFhkZFCgHMj1sEBJ1NU8lY44uYlmgZPjeNlsLLHqxAvxoxIaiZFxg1AmOQU8BiIMogPoUZ8dItHCRM3pgNUrBFRq5YbKYv3NSnFziDYFiBIkIVwwsbaoDKvMO1a23dX1JJS1cMyWxceg/YLhKM/Y3aOPX0NxNoyiLpIkk838DsTYv/uepvn3FD1sB5uK0rtNgzXe9/dznRx52cM4uz2Qjc0+Cjw68CNX8ptLZL/+lMT10W9FOT8pRHH7+Xa3R9wx6Kb4XJX5J19H7cpnPl38m7VwoSS5qk6Rf1ddJhbHfcQlha7ERZJzEd9FoVT9oxe8LAoVYpnJCq2AYQXCeveF92OkmhBJ3NXaE7RryBM6Xed/ac0n8yZ5HMV48dWLwUy1R/gr55rFkJhD/hnjT7SR9fEvh7E0UaXuBRiTwJVQH5Dl1NLyjeX4ntJ/qz0akFw/dTv0fo4S1Boj+xK1v4pWzrtYz2qvpG2904pnubUE5mmWnFzKDa+P+oebmiqRlINacZtKyMCfAj/L2ySaOiaDB6EEiBGfROtv3pm2sCyFJbxEAc0AbWpqP/JfoDhrqRCpxbGPfXo4ZGCWTGcmVBx7KXwiTOyxrHPtlUR1eoZb2X7hLQSwRQlxOE2HyDituKq/Qmq8ctL7m7yTbL1wYvzqwON/KwYr//aYvj/IrWqpA34fNVWHMag8qoa8O07OemrW6YTRKF+nREGuDALr8e4kJ4bB4IRSHlLJCsa6aNYkgkiGWuWvfkQZWlFG6o2zUDLdEYwe7ilofSZlqTt/riAXL8htF1vF3EmsxUTYC1/tBqGnEH/5WKC/LPiIxMSxUuZnWBpbOhjpQDtcqo+PU5qeOEGEabzqAJGXD+OLb4MobOSuT4d3N/j7WNGkL+RPjWIC6mpwYJR4UNoeouPhgDq9kwGcI0c2po0SPkNvI+osQwvJFS4UnFfW8cUYyxgIvbsEKYuXcBbcIsOsIGHzccGw3KcHcBftodgmvo3cwP6aJ7E6723Jqx5RLxo6sQtEsr5tTgyWQuoRwDXVSZtVDsU++R++qOzmR/bp9EG0Okj+4KOXXjfR4wNPlBZBnVkNNHgzY7y3WwuGgHVAFO8ssTOacXQ38CfdYUi4lYz9uhfTcYw4K34Cz2RFZLAJuDgqMQ/+dP2JtOTY9W7g49xioYqrut64J7WHdKUHJcNYj3p/M00+DqtCI+AH+8htJc++mmJCeTrnJDST9cXS1srpmvw8flB1oY0ubPI4CTfx7ZbPbmbqlUEBIGDAHQzomdYbAwICe1+plBlIDJ3IGVVOMY+UCbAfZjYwMaQsRjPzynx8eHWikI9gIKYVZDdejF8LyrcVhxJZMi2whNv682Sqb68s5DQwNySCvF7ebEYfPM6OKVqqZqgnj1mNLHYsWxVU/22SijO1Ncdjh00gRLILLQQT9wwogczjHKx2RcHbYf1PAEruWvRvRSiygh6Ny1nZFqBfi3bk1bTO8xtc7ZrXTnYdauTUovjLKAnhl2O0Ax9R8OBvMnVBT0oW5uP8ErdV9HjrjEbTYCJucW9Fo3Ip1ffGkrpZb6lOskjWsl52vpqTivxD05QeHVGI/dt2wBEpk6xqBB1G1rw5M+qncsie2LYwHvTql7OYIEZd5sDhMbth5QNMEtsnrgXw9xR0YQITd13QJfOvvpTr5scBBuM6A+be9nBDjPVeJpqgVR0kW1be2cz7X5/eG9221OQfAiszHY1t2a9VHeXRC6oajb7g3cUL0QXXGfa58Nm2BGTEIBpG,iv:KjkrFePP86nV3wGkaNhJvRnXcB+Jqkj1FncPxVTrOPQ=,tag:SbH6fcbB3x52FEfUs2DowA==,type:str] +double-puppet-as-token: ENC[AES256_GCM,data:q7zsHsm9JvKfQkLxLZb44cuUse3+JdJKjC1Z8erAVaNZjDNvBzqHZv6hgWLnRvjD5htCOZyDk0cAdg17/wNWsA==,iv:KTUJsLfit9vXuVD8ba2QyCS1v7dRgDfgnrE+1nkHL5c=,tag:keLyl4TS2RQ6li07JCn+7A==,type:str] +double-puppet-hs-token: ENC[AES256_GCM,data:iHIjy5pcjgVJF39XXj6WCdFslRmkLRnrCs95mjzmzRHCPEgWbmTqlqBuQVGIOkKhcyTZtflpC1D0/NtoBlmtFg==,iv:iDLvhGBABbgGSH9Q/FfgSMcw0srwL1KX6P87zAjn70k=,tag:pmTecoXSMVsRPZ5OhaD5Jg==,type:str] dendrite-envs: ENC[AES256_GCM,data:67FnrGQUZWFfHAoUM/idTZlBX7aek3fbPkswB9+3pjLNQuXpIWYoa2vpdGt7zec2n9o9z0V3LdlkookjS95aPpZmKYwPaKkH2L7Jaxw=,iv:c4lEReLizcQeTTiG7cJwd+2sBH+EKBGycKeoDgJ/394=,tag:zBBxIcXn+8Q90BkPidltfQ==,type:str] sliding-sync-secret: ENC[AES256_GCM,data:mBgQZ/SVRpvELrqwCzjxJETxDSj5gw+CcIb3rk/vjQ3j8tvjt4Z2GbuE6fwQ1CXhHKRL7kYOLn8ec7rgaMTr6me2pRcI+Sz/40IKUvlE,iv:NQvkJ4gjmOtfOyb8ciOudNHBYOytizNg6K6IhVxhE28=,tag:LNhd6MgUOPBHY9qK/tDBjA==,type:str] turn-secret: ENC[AES256_GCM,data:JA5/BlGwH6yIjYsFZGa8Nm8XVbOBKpre+NFybniOtlmbSx89ldKBvuqF2ZoPltJS+vzQ/+wxM/VorhF7M+s4jA==,iv:rK5SFj4VOzgfaP/LIzWTVFyCBmklGMSyd9iWbet2CVc=,tag:QycYCHH72bMMX5UubDHTlg==,type:str] @@ -42,8 +45,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-21T16:51:47Z" - mac: ENC[AES256_GCM,data:ZoSWm8puMrA3rbesfCLbP/cgLwUrgDOoDAv8/s3ACpfOxqjqa4KKX7JxIn28CSouhpR/MAgDisb1I6XdItjYAy9ISBTnrthY3gfx/1GjJVrWXgOaYJVcegLQyiMKUkHerP+mV7S+GwCgeQAVSkRnlqL9220t1zlj8easj3FTybo=,iv:+5aNpcrKSPs6Kkd8K4n6AfH6znupHsZ1r44xwCa1x9c=,tag:PtQW8k/5y2mjpX9obHsW3g==,type:str] + lastmodified: "2023-12-22T14:57:57Z" + mac: ENC[AES256_GCM,data:l0dP/78qh+urLgW0ga+WOiOalGVXpaJv89PtWwmxAfPfIQ4zPfe3EnfCWqs65VZRD6ZAZXDVgHfrSn6htElAFCGY3Y5zw00+n7fXdAOQ5pahwA4FsJQy8yxS0XlRZ0HpIXpklbbhUp71Tq1m+0KCG+eBZg2MyIfsljlwHVuPiss=,iv:F/NM0f5xXYMOUSmwJ1GuJnIyGKjoqyNF9Rxfo765FTo=,tag:RM4OkjjkyibMfnpG5fxxsg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- cgit 1.4.1