diff --git a/hosts/hitsugibune/matrix.nix b/hosts/hitsugibune/matrix.nix index 982bc8b..b719913 100644 --- a/hosts/hitsugibune/matrix.nix +++ b/hosts/hitsugibune/matrix.nix @@ -17,6 +17,12 @@ in { group = "matrix-synapse"; }; + age.secrets.mautrix-signal = { + file = ../../secrets/mautrix-signal.age; + owner = "mautrix-signal"; + group = "mautrix-signal"; + }; + age.secrets.coturn = { file = ../../secrets/coturn.age; owner = "turnserver"; @@ -185,6 +191,7 @@ in { ]; services.mautrix-signal = { enable = true; + environmentFile = config.age.secrets.mautrix-signal.path; settings = { homeserver = { address = "http://localhost:8008"; @@ -211,11 +218,25 @@ in { type = "sqlite3-fk-wal"; }; - # encryption = { - # allow = true; - # default = true; - # pickle_key = "$ENCRYPTION_PICKLE_KEY"; - # }; + encryption = { + allow = true; + default = true; + required = false; + }; + + double_puppet = { + allow_discovery = false; + servers = { + "sprechtl.me" = "https://matrix.sprechtl.me"; # Your homeserver + }; + secrets = { + "sprechtl.me" = "$DOUBLE_PUPPET_SECRET_SERVER"; # Use the AS token from your registration file + }; + + network = { + # INFO: If I ever decide to run this for multiple people this option isnt safe -> change to false + use_contact_avatars = true; + }; }; }; } diff --git a/secrets/mautrix-signal.age b/secrets/mautrix-signal.age new file mode 100644 index 0000000..fbb8265 Binary files /dev/null and b/secrets/mautrix-signal.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e6839b0..c26c18b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,5 +7,6 @@ in { "onlyoffice.age".publicKeys = [hitsugibune key]; "speedtest-tracker.age".publicKeys = [saberofxebec key]; "matrix.age".publicKeys = [hitsugibune key]; + "mautrix-signal.age".publicKeys = [hitsugibune key]; "coturn.age".publicKeys = [hitsugibune key]; }