ab5aebb161
Extracted modules: - Matrix homeserver (matrix-continuwuity.nix) - mautrix bridges (slack, whatsapp, gmessages) - Security modules (fail2ban, ssh-hardening) - Development services module - Matrix secrets module All modules sanitized to remove personal information: - Domains: example.com, matrix.example.org - IPs: 10.0.0.x, 203.0.113.10 - Paths: /home/user, /path/to/ops-base - Emails: admin@example.com Configuration: - Updated flake.nix with sops-nix and nixpkgs-unstable - Updated hosts/ops-jrz1.nix to import all extracted modules - Added example files (secrets, minimal config) - Generated flake.lock Generated with Claude Code - https://claude.com/claude-code
24 lines
593 B
Markdown
24 lines
593 B
Markdown
# Matrix secret mapping module
|
|
|
|
Provides a declarative helper for mapping entries in `secrets/secrets.yaml`
|
|
to the file paths expected by Matrix services. Each secret is defined once,
|
|
then delivered via sops-nix to `/run/secrets/...` with the correct owner and
|
|
permissions.
|
|
|
|
Example:
|
|
|
|
```
|
|
{
|
|
matrix.secrets = {
|
|
"matrix-services.mautrix_whatsapp.as_token" = {
|
|
key = "matrix-services.mautrix_whatsapp.as_token";
|
|
path = "/run/secrets/mautrix-whatsapp-as-token";
|
|
user = "mautrix-whatsapp";
|
|
group = "mautrix-whatsapp";
|
|
mode = "0400";
|
|
};
|
|
# ...
|
|
};
|
|
}
|
|
```
|