machines/osterei/matrix-synapse: move to machine `trabbi`

commit 2b7eb625cc5da3bde6950e5fe12edd46fcc6fa53
parent daed9604faecc65cb5cf96a77c37025dc63a90cd
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 20:32:37 +0100

machines/osterei/matrix-synapse: move to machine `trabbi`

9 files changed, 227 insertions(+), 229 deletions(-)

flake.lock

machines/osterei/configuration.nix

machines/osterei/matrix-synapse.nix

126

-------------------------------------------------------------------------------

machines/trabbi/configuration.nix

machines/trabbi/matrix-synapse.nix

126

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

secrets/flake.nix.age

174

+++++++++++++++++++++++++++++++++++++++----------------------------------------

secrets/osterei/restic/matrix-synapse.age

-----------

secrets/secrets.nix

secrets/trabbi/restic/matrix-synapse.age

++++++++++++

diff --git a/flake.lock b/flake.lock
@@ -176,7 +176,7 @@
     "local-secrets": {
       "locked": {
         "lastModified": 0,
-        "narHash": "sha256-GR3bDQY8nstuENXWGsUAYU5LOS+rP4oawWuiTSH5ie4=",
+        "narHash": "sha256-gtnonu+Ejv7daYtSkms5nE/aHA5Z+rbuVMza9E0GWhs=",
         "type": "git",
         "url": "file:///tmp/nix-secrets"
       },

diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix
@@ -15,9 +15,7 @@
     ../../configurations/linux/services/prometheus-node-exporter.nix
 
     # communication
-    ./matrix-synapse.nix
     ./mail.nix
-#    ./maddy.nix
 
     # websites
     ./websites

diff --git a/machines/osterei/matrix-synapse.nix b/machines/osterei/matrix-synapse.nix
@@ -1,126 +0,0 @@
-{ inputs, config, lib, pkgs, ... }:
-
-{
-
-  age.secrets.restic-matrix-synapse.file = ../../secrets/osterei/restic/matrix-synapse.age;
-
-  restic-backups.matrix-synapse = {
-    user              = "matrix-synapse";
-    passwordFile      = config.age.secrets.restic-matrix-synapse.path;
-    postgresDatabases = [ "matrix-synapse" ];
-    paths             = [ "/var/lib/matrix-synapse" ];
-  };
-
-  systemd.services.matrix-synapse.onFailure = [ "email-notify@%i.service" ];
-
-  dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ];
-
-  services = {
-    postgresql = {
-      enable        = true;
-      initialScript = pkgs.writeText "synapse-init.sql" ''
-        CREATE ROLE "matrix-synapse" WITH LOGIN;
-        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-         TEMPLATE template0
-         LC_COLLATE = "C"
-         LC_CTYPE = "C";
-      '';
-    };
-
-    matrix-synapse = {
-      enable         = true;
-      withJemalloc   = true;
-      settings       = {
-        server_name                    = "ctu.cx";
-        public_baseurl                 = "https://matrix.ctu.cx/";
-        max_upload_size                = "100M";
-        dynamic_thumbnails             = true;
-        enable_registration            = false;
-        registration_shared_secret     = inputs.local-secrets.hosts.osterei.matrix.registration_shared_secret;
-        url_preview_enabled            = true;
-        url_preview_ip_range_blacklist = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"];
-        listeners = [{
-          bind_addresses = [ "127.0.0.1" ];
-          port           = 8008;
-          type           = "http";
-          tls            = false;
-          x_forwarded    = true;
-          resources      = [
-            { names = [ "client" ];     compress = true; }
-            { names = [ "federation" ]; compress = false; }
-          ];
-        }];
-      };
-    };
-
-    nginx = {
-      enable       = true;
-      virtualHosts = {
-
-        "ctu.cx" = {
-          enableACME = true;
-          forceSSL   = true;
-          locations."/.well-known/matrix/server".extraConfig = ''
-            add_header Content-Type application/json;
-            return 200 "{\"m.server\": \"matrix.ctu.cx:443\"}";
-          '';
-          locations."/.well-known/matrix/client".extraConfig = ''
-            add_header Content-Type application/json;
-            return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.ctu.cx\"}}";
-          '';
-        };
-
-        "matrix.ctu.cx" = {
-          enableACME = true;
-          forceSSL   = true;
-          locations  = {
-            "/_matrix".proxyPass = "http://127.0.0.1:8008";
-            "/".root             = pkgs.cinny.override {
-              conf = {
-                defaultHomeserver = 0;
-                homeserverList    = [
-                  "matrix.ctu.cx"
-                  "matrix.flauschekatze.space"
-                ];
-                allowCustomHomesevrers = false;
-              };
-            };
-            "/schildi/".alias = "${pkgs.buildEnv {
-              name  = "schildichat-web-env";
-              paths = [
-                pkgs.unstable.schildichat-web
-                (lib.hiPrio (pkgs.writeTextDir "config.json" (builtins.toJSON {
-                  brand               = "matrix.ctu.cx";
-                  disable_guests      = true;
-                  disable_3pid_login  = true;
-                  disable_custom_urls = true;
-                  showLabsSettings    = true;
-                  defaultCountryCode  = "DE";
-                  piwik               = false;
-                  features            = {
-                    "feature_custom_status" = true;
-                    "feature_dnd"           = true;
-                    "feature_latex_maths"   = false;
-                  };
-                  settingDefaults = {
-                    "UIFeature.deactivate"   = false;
-                    "UIFeature.registration" = false;
-                  };
-                  default_server_config = {
-                    "m.homeserver" = {
-                      base_url    = "https://matrix.ctu.cx";
-                      server_name = "ctu.cx";
-                    };
-                  };
-                })))
-              ];
-            }}/";
-          };
-        };
-
-      };
-    };
-
-  };
-
-}

diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix
@@ -17,6 +17,7 @@
     ./grafana
 
     # communication
+    ./matrix-synapse.nix
     ./pleroma
   ];

diff --git a/machines/trabbi/matrix-synapse.nix b/machines/trabbi/matrix-synapse.nix
@@ -0,0 +1,126 @@
+{ inputs, config, lib, pkgs, ... }:
+
+{
+
+  age.secrets.restic-matrix-synapse.file = ../../secrets/trabbi/restic/matrix-synapse.age;
+
+  restic-backups.matrix-synapse = {
+    user              = "matrix-synapse";
+    passwordFile      = config.age.secrets.restic-matrix-synapse.path;
+    postgresDatabases = [ "matrix-synapse" ];
+    paths             = [ "/var/lib/matrix-synapse" ];
+  };
+
+  systemd.services.matrix-synapse.onFailure = [ "email-notify@%i.service" ];
+
+  dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ];
+
+  services = {
+    postgresql = {
+      enable        = true;
+      initialScript = pkgs.writeText "synapse-init.sql" ''
+        CREATE ROLE "matrix-synapse" WITH LOGIN;
+        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+         TEMPLATE template0
+         LC_COLLATE = "C"
+         LC_CTYPE = "C";
+      '';
+    };
+
+    matrix-synapse = {
+      enable         = true;
+      withJemalloc   = true;
+      settings       = {
+        server_name                    = "ctu.cx";
+        public_baseurl                 = "https://matrix.ctu.cx/";
+        max_upload_size                = "100M";
+        dynamic_thumbnails             = true;
+        enable_registration            = false;
+        registration_shared_secret     = inputs.local-secrets.hosts.trabbi.matrix.registration_shared_secret;
+        url_preview_enabled            = true;
+        url_preview_ip_range_blacklist = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"];
+        listeners = [{
+          bind_addresses = [ "127.0.0.1" ];
+          port           = 8008;
+          type           = "http";
+          tls            = false;
+          x_forwarded    = true;
+          resources      = [
+            { names = [ "client" ];     compress = true; }
+            { names = [ "federation" ]; compress = false; }
+          ];
+        }];
+      };
+    };
+
+    nginx = {
+      enable       = true;
+      virtualHosts = {
+
+        "ctu.cx" = {
+          enableACME = true;
+          forceSSL   = true;
+          locations."/.well-known/matrix/server".extraConfig = ''
+            add_header Content-Type application/json;
+            return 200 "{\"m.server\": \"matrix.ctu.cx:443\"}";
+          '';
+          locations."/.well-known/matrix/client".extraConfig = ''
+            add_header Content-Type application/json;
+            return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.ctu.cx\"}}";
+          '';
+        };
+
+        "matrix.ctu.cx" = {
+          enableACME = true;
+          forceSSL   = true;
+          locations  = {
+            "/_matrix".proxyPass = "http://127.0.0.1:8008";
+            "/".root             = pkgs.cinny.override {
+              conf = {
+                defaultHomeserver = 0;
+                homeserverList    = [
+                  "matrix.ctu.cx"
+                  "matrix.flauschekatze.space"
+                ];
+                allowCustomHomesevrers = false;
+              };
+            };
+            "/schildi/".alias = "${pkgs.buildEnv {
+              name  = "schildichat-web-env";
+              paths = [
+                pkgs.unstable.schildichat-web
+                (lib.hiPrio (pkgs.writeTextDir "config.json" (builtins.toJSON {
+                  brand               = "matrix.ctu.cx";
+                  disable_guests      = true;
+                  disable_3pid_login  = true;
+                  disable_custom_urls = true;
+                  showLabsSettings    = true;
+                  defaultCountryCode  = "DE";
+                  piwik               = false;
+                  features            = {
+                    "feature_custom_status" = true;
+                    "feature_dnd"           = true;
+                    "feature_latex_maths"   = false;
+                  };
+                  settingDefaults = {
+                    "UIFeature.deactivate"   = false;
+                    "UIFeature.registration" = false;
+                  };
+                  default_server_config = {
+                    "m.homeserver" = {
+                      base_url    = "https://matrix.ctu.cx";
+                      server_name = "ctu.cx";
+                    };
+                  };
+                })))
+              ];
+            }}/";
+          };
+        };
+
+      };
+    };
+
+  };
+
+}

diff --git a/secrets/flake.nix.age b/secrets/flake.nix.age
@@ -1,90 +1,88 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWVBOQ0MxY3BFaHFrV3JG
-bUc3QmxjeGRNWnVNL21DdWVBcTNJRi9Jc1JzCnpMVHFzK2RZWDkvWnJJazN3K3VI
-SGpTRU1ObmFaWC92TW1PMjJRV1k2L2MKLS0tIHY1WUlmME9nYkVWaTdwQTZHelZv
-b0o1OG1uL1VHMGRHeVNCZ1lUZTBmNHcKLkQIMX9a+JeiA4RB3VAFC7vaMlWiJCy2
-JKdet3OuDfqjwovD9gv9P/Kgu+c2lSb+JLULuBnlOXzjUcBaJq5GMbPOXn2j2N2X
-kErULJ1CA/IyUVFj64LRoVTY5qW2zAHqkyk7I1ekdmk/qJNX9wD1RF5qNUz0rVjE
-hnB1ZZq7qtM7pAVKbI9m8eriAdgkTPe16O7kt12q02I0U1RW2NkQ/Y+t6skHOrhP
-JvXpjjNyVEY1pxsRv8Rc/qvYmsLJClz+aKIjimoRxPp4OCgkekrpIxXuZu7tDDvI
-DZqTW9Tgr8v2BPVr4gpltmh9Clk2Ni/EYVi/zSMvGK2DAQ7g50Bf+ErdeB5E7JEx
-XGTPawvR3/0QiN+AUz0QljflTzgWmwBVBXS2v90/G5gs4+gf2OIZz3tLVQCmMKaU
-S0hpmQmpBTkn4xcUsxoCUxf6FMDWknONwbdE+awK9W5H2MCG/hafu2AaD3RFeGYP
-C5iWAt1rePwUWJ0WGTmRQs6f0nNcVYx+paY0HWxx44cfBzKnkqf7pF+E4hgyv5YC
-0FnKB+z99hdakGb/1AiOBau/XoIwjG0/hQZUsrdu/EncNV0MjKDWRPgJOlYqKG5C
-8A6vuJV/3oCHjgSypGMN3HsYBZA9AohHZs71y4+C9nQM4Ro9wI4zB74oxbXd6oIk
-Ysl8aNrHcV55Zn4P5sPafPN46ylA6N3f5MD3WJJY08Ugv+AFuYQDfPiTsjxDc1w5
-stAYFOV8qLFHq0/nZbuIf74QdSzNc9Zcc0CQqNfwE/p8xaV7/3wDpXgvJYSXintg
-el0oECcmvcAeDbUk3tKIkTcGlIhf3aZHCaiHesEjrXsEH2gESOxcm53OludfcNla
-OnSNXdfPEW7fZDweZUyLE8eDOg+MgIZyIPmDlC2Z5300mFC8aHSMT0asA8hAW5zw
-mIn0B8ecC51i9UuWvzPn7R1oKMvUAN3CX+wTOFuH37bAq9CD9jTpYeCsifJWr7TD
-KnF/FP5QxTxC+XhU8iDlCvuso1TOEwnV1UHmifwt+wL2vMy/bEg1cOe7amGHELho
-T2l5N/XIDzxQuStkYCz34bcSSG+I56RN+3wD76RDzKcOMzHBiZJAifb4HxKH+pqc
-pnXyYFVI4gqViHDvMupFoSCIzDW2iyKg9DhasBHrudeKf4GXViW/PuNb3xiF4z+O
-FKub1Yz7yqmVCWDNdmmV6ygEB43DfMDLSavE7v2KbfK0NwLuyd19KgJGN3Ui3wm1
-rJ4kWd/F2tnvXrfhqI1X1UAOB8Y0RuDBxmcO2E5gWZDre8b9/mCbfrAQrRiV2n1O
-fpfa9QyljlW6+7/uZ1107NcntxPiNHtqMvT5W8dlZceU3MqGseIqz/ie4AA5ijj+
-UDGo3QbJSXJ5PwnbuisG++LeCEpvmCZw3DrAhTgF1Xc44SNK66YFE3uTcWzRQvvT
-B7XF2enHLSKxfH8+6/ZHVJaONVGz7QapeardvS647PFjHizNZczTQHngPEoy2u+s
-uqD5ImJq7Y1g3FhJ+2by5emtP/eGX+ga+nXlpoNlLOzlf5iNCl2CoMbyGXVmnC6M
-esMoPXt5AVUrJNrvJFuHqjzQxQO6z4yxfc7g8pBIVzbm4gQqv3lfoOIxFG7HKD/O
-dy7i9Itb85l/VKAj5+FTvHuoONOtRvlkARiWgjqlr82e06iqaCD0Z5D+mU9T/TBi
-xx+S9q4O0ui7ranfGgjqE/qMd7pg/SYzlDIqAFEHdCHPxg8ydWTrsnkEnqKu/gSB
-F3JIZOD91eqGht8pHpDjFhx9cWqOQQ7krgEIAASBJaUOjxrRLw/C1zA8lWORYj9p
-bUgXb1hC2FyZINVhyT6OxknYK+o5QHYPAQTuHTdlKiZs9UeArs0WrIzTjq3cO0xE
-Nf4qH2GDbw/OFMrqgfHkecKX1eHqXYZ4eQJHo8wegkbHHl2e4RSA5QnwUACcof4o
-NxRIsbhH5RCCMqF0iy84WL9vIbMWqZRpqBEoW5KAt2hukjNjnadutVSRI1Zg4rO6
-E6dmL4ODOluBxrvQHibZl7/okv8vN05huBALaoBm0WEwHLO41L87GPeV5bO61lOM
-VooHjB4xoWeMfwDcF3WjMaHk9n175o0sCqkmESo5VEbPIRX/peg6t128QjRJ4Fwv
-SfCnnlxJrVH3sZQLTqHyXy78rWt30IuWn/8oHSHqudkstagmKJ63Y2rDhVPERYAY
-FFT5ZVLgH4SJuhNsPrrL1/lyqDIwPCRm8hKtVLwtKkGbS6jghx4Bryv+m3MH9n7u
-hkY5fuhC9nxiF6I/fDSQXn7jA7U3s1MFGuRIZi/q2VcmHj2kO8CuHgFcfLNGOC9r
-rO8ED/JoQ5ZfF3c6X+gKr0rYpbb0wc3wDDHwgt1bAPSCP/8d6GC0F42gxM8AWbNS
-dAEMe/ocVX7GpJDyThVhVY8uxXQ9DaUUFv8tqk1FpWMf9t8I0YzMuL4987J7Z1Ux
-4Ks/BNh5jvkPIGBamYWX0oLeYUhkeZ/YlGj5dnS+COOrKqwW8bBJUfZUC1l35BVk
-ljYTyzhNqYPWXAdJ6vvWpQeNh7DUFJjulqf7S9EziK/PX4coN9BnlrRgBJOZjQYi
-bbiegJRNShRMtJcu6X/FDcdZsEuwNLIarz6D9HG/y3LspxI2Rhjx2Zh6Cz+2cyHe
-oUf21G8BaBkY9CeyK5qJGKp62l0OopcypQ1yzOBEAjNL6Sl4arH1coY7kqpRxYNu
-naUlr6M3xxub9E5SQO61uEJL/TGDfqlpe5UlPRyrKDqwVuJnVBKf3oyeAybArHqT
-OJdvtwAFZQXpTljhLtcWYj3QJHCEh2CtdklcSmrE6Agl6WoHbb5fgcI2k0Wx7xOK
-RjWBK9Fo6DTAJJrqE+5jHHnyqHXjzcv+R6veFUwfylSoJFbulP0EtedFq1niuCaG
-N++047EVG4R12SkutcJVmC2tRZJG6UraqPzpFM1aM6NkbZijAc1YWKuYbwroHb2L
-cTjJp2ifrYIZDnSD6DG3YTofOZAG2h6Bu/lku0V4ImCTw1wwH+NS/CAaLHLYCDez
-a8BUzRn4NW7/M4d6aMXnKvpR61PdSyDQn291QLehvVvnhJRttOrzYol/7hYpERZy
-Zr3weJJ0Zuke0LkCQAe06/VhVZcSeixY8IpmqR9Q50Zpay6nTDkKEserR0NBHxTh
-xtlVAN9FR2JxFX1587i1qyHXdBEfR5AdkiPjlHSbYfJ1zU7AgsJm6DpHcbAECWLa
-60zQOqwW6AwUJHjLhpae3dlmmDwqMyx1S4TCq/fEwa2x/cyFAgUDpU7loiFCIoKD
-0SaEtryBlsW8Ae+Ze/1ZRhXuo5wb5oXSnwolXSVrMoDwb2LSQCfHAj4EigHomuI2
-lQ4uM2xImou1ZSJsBBQ6iPK13DcSEDw5xlSXmxxXjytAg5xF7bLxXcqyySs6yr3A
-FbafomqQ4WtDtMfiIaEoBVBdw84P/B8G6TTmFqQbTrsl67bfMCARYot1GiP1A5DJ
-0Op8GjP6UBwL/0ZnwSeWzwLxlp18bhJLuPwED6Q4eJmDNAH3xa5cSwgnzvH/av8L
-jOEG/7jzJYkFHd1GWzQEu69J7Fzhwhg9qGfBH+Z97uI0WYYpd9smaytygZ3INsAS
-WdkODoERoTd3iMZLdmiPjBPKoIKRFNV58mFYJksbBubwRfdK96qRXdzQ49MO7D+8
-LHf7B2Md+GeCEOiXZ8lClcX9nfjiqFOiOWKZQJb9v5xDFrUlysl0Cbj6xBmxVfug
-ikpITceNhxyjzkusq3yVDu1br7AjFfkYFw607AXvlxRSUCXvqBIGoWZfKEj8kmQ7
-q9Fs8oHVkvAaDbpV1VLHKgJl/EjTSf+oOcG+EuupgPf7OcrEyfXJobc3ZQ/lan4B
-8gUW40FfnU4Rx4tyXvV+KG8xTxaQw+AMTZolEmdsWMRWGBsQfQQNBnaYvaLQpDA5
-vFQwuNfK/AdMrAcH7MtI4wTtWmSY9ye4DnEtgpWj6YcFs8XnVw2kyIPDjAil2Pyv
-p5pdlukHamQaxJD4GWkMq2bOn+PeuAk/GT2joqAIYkdzKc/HZbFp3ZnkOKq1HsVX
-0RmSGDf9ONvQPNdEG7we80GnKyjpDqc+0OU0/8b1IRQ9awkTEuBXNDcltFVD12OB
-/bIv9H/DzPb+cdcZ/LMhvJTeIeIPT3k3TPU+p8ZUqjwy8s5fRxPRBO93RMfv9miK
-UZJBXSKnsZkoRgciDUOHrfghhEXQXckR/6sTn6Yy0zrk5PYxm6Oaduo9XAiFIxI8
-NysuhZfMR45+FEKfg278LA4ZK5vBCZM1rNZQ1IWtwdtzCNALCNznnaIYsll+RplZ
-viQwzuLomTmdJrcW+cfYDRqnzeasuTA1pMh7KFc/Bzh3a4NaAV2naYA2hXm46v2/
-ECURzDQVD/KAq0F77Sq4dRnyYIsy1YdBsfpgG7HIyDz1mkDs38wmDDFRvZqXGTwn
-dUO2arNHor4CyK81x0N5gkTgMmpfLTTPsMk9IYyDiVopspnRRpye7H53GpvvCW1c
-G/zkBwVX+KpzzisaHXglTLuvoqloZst9guCRpWDQID61ye6+u/QcdK5UsAVsjpdw
-PmYDUTuxl/q6ZwXz7ZjBUFapHZugLhHmxDT6todQB2zU0rZRgSfEQs6cL1XGVu1d
-o5Lx0pYhf1UDW9kITN0PfZn01FvVyPIbkqHnHNbY0OItROsWXURkdwW4aK7Axdpe
-THLeohUb79SkfpFDR9t6mQF+6YGipMYISHfy5/caCE3kd//5rPdI0pezSyLlJVPD
-nqOiDgMjPKz7RyOp9KKtVL7+OXMTcbdA5Kn6Dm/+UZgD0w7wyIQ5gJg+OlhAY2Pb
-0t7n8c5TQU52X/HW0qnWbVF3FhctOLiplRAYtEKs/wl+6GT1SRAiljOT8ddFZSid
-aWGIbsefKfqhG8GeKbRr74rzD8T2+gpKck3U64U4JO/8nMUvp1evkOrPxe4EOkMV
-YUo0tk71gc61s0RG8aFKfIKq50NFBYxm4ryFUuoK3rULEYCgScKdMskKZYkkzh/H
-f4jj9aWEFibWo5ib0p/ANmtfYDbnulIBim9Qo48OpbyJY9v8J7z+PwpDyHo/GbiC
-8107gJ4BFSELAKFFYFBloGrye5c/rPndjClKvFW41WV+QL9AhqWy17HuESc7kcD5
-5AuuADVccoZ9gyOTy2afvZyh48z15jC/3296ECGSmNhO9e9CBMq3YNQjVoh0odyr
-M+7MmACHS5bQ9QBsQNse9XF4MjA0aRAWRvw4E/XQYDN16GHk3hjKO+TDFWbvuUVe
-IsBKYpUII7fJb77RWjqAtTvaIZIEOI67DFOXtpCBYCsaNZfkcdTtOkaPIzDIygs0
-VolAbmPZZZPGRArX6qnfsOaTT5MKY8MZJmiZEr0J9T/J
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdExMYmFETHV0MHExL01i
+SXJwTU9RQXpDMmhXOGpJUzdzVERMZTBONlZBCjFOb0NDVzBqK0I2SnRGa05VSng2
+Q2QycWRRcVFDOWlLcVRMSGZEQjFsWkUKLS0tIFR2T2NzSVZrTGNSaVZ2dTdSRXIv
+TXRXZ0taWmlsbWkyaktKWnBMZURUaUEKssx4MIieMAWGq7AmYYYa8ki+ElDc7ztg
+2YOC2bEEuNDSyEqTDqASDJnMAJgsLI3MhgUu6RGQvlWUD+r34hCYM7owKBrG7Hwv
+fo2lyTYK+tSEw6326jnxPosjhfFv3M8R/KGZu88Vx9GWngOA9sNRVI9q/KhLGFPm
+N2jIZCOswU169nQaY5ioQodT9JzjX1+VYzb3IRgcCwVo9KyuXZYRDGMC+23aqBtv
+IAm3CWBwYu0EYj2S0oy7xB9T9HMgHyMWvdvj7PAxfxq1JGV4pJFIR4cpPBRUk74U
+s8tRCTwkzxWmd5bi9aFyn7jOhcnjPzmCmYW4e2UywuiipqiXc+o3G0F8JYHop3yE
+SSUfDorAE/R2JCYOXhceh0Ic0jDFJhIH1puLxrKqTk87Rm/f0MpPBdGmsomF5BDC
+O/a8K/0IKfsC15ClEqyM432OWvEIgrDZWXDL/ktLnE9POw1tU6iHPNX8v4q8def4
+M/gDPAVgElP4psWho4x1B5wmkOIvVjj7pbtQDZp2gb33RzGv7m1XPn7OW+oZVrrs
+GrUgSRKrnpczvAX327AaAPJZjLpn6jbY19jodpGvvPhG1Wsgnfsgr0AtophgiHVb
+oT5VAur+VyB+0sIWJS3URZunSnPxPOomGq0dhKhTvtw3p60V84E4xRi68xcuziL3
+3YRm/T5D0EBc5W0IVC86/7PWQSN7mrwkPkC4Mo+/9J/keIE285/B9TM4DfB2Au+S
+RZzNIw8N+nNJn2H+p5f0jzRsam5ROJwLAiwHBjPvI2Lk9+NXpS3CHI+crpT28G8o
+zImkLJsz+KEalGRBQftR2w6G7XTneiu/oKqEEa59la1hnIMZpApojghnXUKndq+g
+1z5cPdrnsFIs1Mt6TllgEohWonyzfYpgxNCAoaEFRjOFlaCYypQMPfOorlsUeLgi
+1xlBqaAchUVHL1Yx+9S4dhlpXDSTAnAi3AVAVQs7TkstevkUl3Ag3+3Ry4lNLkCy
+T0L22QKCOzUDlNiPkCA+ICTPLNQrXUeiIVzmqM/Cf9gGzK424lTvMMkTKAhPXNKy
+YLCGjrFGkhr0zzSYnNWs11IBvbbRF6VYCcZjG8zLqbkFJfb04VEAGNGIFLXS28Kk
+r607ZXRkP8HM3Nys/gKmOynU6+5Jwu/mSfrX26v/O6+2VVBK+ijf1RauoVoXXYzX
+MYB1qlNJiO4gSmYGkYrvPN+AQYwrzaFU5IBhVYOp9KkSFXhJu8fpyJjS+vKyftt5
+2UfsjMXsSfh8o0vEwx7bie0XJcgmEXuywCLWs/PgFDTyU5DiZ4evQV2aoq6V6iO8
+q5nC8ldVVNv+y82PRB4y4JNjYEkJ+VFZMlF2dLBPINGkHzOuE1WhKciIz+CfxGKw
+7wUlRWvOJuCWgrOPGAjcr1KEmoBqD5jih9GVVCtb3Pr/jHfZkwvy6NuiVVSdd2ak
+/Z89D6nWlqh9lLSHCHCPUCpD/pgRp6L1bGbSAR6aJ7drhuKNW1p2y77wV+7c8RJm
+H0+kYbZnIUd3ehilloNcPZtaSzwQ7CAX8ZyYpL8OZWDxIxgalLfjLbJkAYkgxzBe
+Fe5YUU/fbAzQV9V+uEwio+faEg/O94DaEE5dPN7e09mMLvNo5oVUOu/9M8j29WGE
+M4fiqRfubv5qA2gKwtrDFRlBn59jZ/gj5bipk76ljmFDECGFFt077VhHzdR/8BBm
+M5Xh3qfXYa2h7dIFvqccY3KyJSKRwZa3av92LwqeVXDd8Lc0favpNfX2KZ5g54dt
+e8a2dC83NS+indw0q0CMhTVd4/Romxx/WiUqagxFVz9+YGDoMW+0NFLXMznr7s36
+zBzd6MRMrq0q11EieKpJ4Q8szKbDuxa2bBF5iZVMENmsPFVqi1Hxv1VniqtZhaRD
+WUcKX5zOcAb6s0wEEuknWFwTNBqOJmUEriwkAJTVbV6Bz0MDJ634bLR5cJ66x5gK
+YnzktTuyfUhJhIBLAu77lbvM9WhDibbDsyrZRyWjleW30AWurBCHN9GP0mhsk2Gk
+XlKCh3U1aja1gTTSYKEIJmtpnI9N0LmziU0Rp0iQBqJCk9xRmKS+rTaoBP0eTNSy
+XQQuugCwUs+ALBekcZa9YtodIQW3L/LxY3VAeLPkhiY4wXFEly0EXPTGSRV85MZJ
+lfbt69ZnuCJ2Oi2g7b+e27RCmbN/brWtn4R/zNcy/zbuyuLKhvc5QkTU2+cxhfX8
+2SsDCbPG9CvS5DGdte5tCUYlCrRoa2z6G0/crdGjUg//MRRLt5gcl+5H9j2EjDQ3
+asDPzt8iAuSmyEopkcEDc5Rv8/uNtssyy+n5ESKarg09Cu/AdhBl9j2qKj5J/1s5
+C0ll6YbkpogN3yAjwRl4/vCx5vcIEaYdQrsuYpmZhmDw+dcZgUtQCZRi3xhL7Wui
+qO2echf53EdB6kW0lv3wyFz1XnfwkyQGUV3RHo+Q88KCeZAaSzxGwvgk5BXd3Umd
+exYPwH5MWhoRC6usWdylF2PKf2HJIFyEJCd6etjN9TBX2BMhnVTGPJHm8+bnnn2b
+BgX2VPKUdAhA7KSwRwyV7CyyXKJVObPvC5m79xPPbe+eBi+a/k95YWaqO+fmDuez
+MxzoGuQnNzwcWbztSRoB6WPCh5aQqfTa9eCGi3tYwsfq7EsuWL+o3CWoUDXz6iK7
+EaQR8VG4PSrAP4ifrt5AuPHMiIyadZQ9LlV5Qd+d+MT4uazeJ71cnL6oi/ngOSNP
+02jr3gRycMogWobw4ZlyS+8euNUanRWLNgcm0bImuYW03Fn0lJzet2SO0DEYoE7m
+yjYhAS5/bz7jXjj2Urj8YD8G4UncoHVBJRemvqKeRPvQGNkv6XfeMtFf4032DnIG
+uf/uWX5VeTFfTMd8x0OfgW3sqeAKDeg+vIr8bFNrbE/zfx3vih6UdedHvgQ9l8x3
+VTYmiOt747KDwnZH6gj3GaRE5/SpDrUfaDr+nR57KVU536joKoZ3ncAMctDzcM9Z
+4Sd9BehZWOZCAE2e7pMMvsrQOGn33BX4XBnZ/yJF7HwSkO9swc7K6SokPY1Bkk8H
+XNMitmkj7YbBgJLhZVx4f2ctay1WdiNo0vuaFgP2W85yTNyszISDU9hmz/2Vb8db
+WQgIYerLZ+y7/NX3gv5jtps9NtML/vyQZ4eN1ra36vNsqdmJLLBxCTUPLiOa4ega
+KiCfjLWiEAjdq+8OMXeBJ+iq7KeNaGA7wOjoQ3NiiQTA9LKs/GlgFZM162myKZhu
+nYvN1B63Edi1HZHs6JuwHlEVeZYXU37xEqMCgO1iLDiO+VA5yhwKOlh55EO1YAP1
+rZ28077JfZ1fKzlBZrn/iAV+M9Q20mVCpSVPPjksSFAb0j9GGcq1r4/g5zaiihrq
+BogyXIqWqT1bL3qZKy8/e4S/s1CfVucjRxl/4Jy/9atGi3kJaUBPIPEamn7JvDnd
+HiJDFAz8qzSCd5aWBN8FFwez2pgUj7EYtW6wsYh9iV4oRrP3XOxei3w9UfxirORE
+0tasZgwVSjtmwuBkSo44JpiE1bao/sSn8UF9WHkJY/BZbMwgSvBwCFWvC5jS12w4
+Q/QKinNei1/u//jGJGqMsNdEVrcXgMeh3aXasaQYdMBQ2tqIGNrYbc2BppLkMu1U
+/zBQsZyqGYefUGc1+d9tRr0qMiT3DDloI0COb72Te9yXakUJhapFdjcLk62Z5BvH
+Exy87aKm82YlgeNPIzqMcdPi5KweFtyk/zNSTfMxnKQPLVhyAAy+V91t7v8KtJIe
+3yglT1+PB4NQebpPi9R/PxP7RSzkBVLD4JZVgdSGDSaimjUSCivMHj5ynkX7vXS+
+MjIyF/vfhFjU3oXBSJg6JoRndYyHBiwecg4GjPl8M2Dq8y0V9L+ONC62iaR6c4HC
+R66KYh/o/jUW42wJLn5/FA6vOHzBQTQAjo8jD7KvbNkJfvK4m+hvoMhde/b4CaAY
+Z9AaqYU9qCaolbyQhvWVK7cX77LH3FcAFlT30599Q6k4oqyKPlvzpVVnxwl+Js3z
+BxmVdiy9WS0j1l1m7xppSQ6A1YMEZivC53wVWMPA6iVj6O/wB4YmJqyQsAhV+VHH
+83M/FoBeSrxedwYrJ4k9MsaayCBPTBQGEdQK6njmF8WVEausLMcCjY+kesnOLZI0
+9e0feRjEgXgI++BEsD0eyZtA338rxPNsA8btYUTJs4FqzFqpG3TQg86h/EWp+g2v
+acfKnYL2oTryynW7hydD8BeknJo/tIMg/AFzS+F4BKF5spRUmTLeDBgoXxkflIuN
+hUEeCXA1rxOziHGwlv1DUqxZMnHeWSn6vaghVmheCPaABZmAU+KjHSY5gK0UT/hs
+3GDxFNwKeCCULItt7MXj048ehNykc0MmAXZOXAbQdWFB4QsxDt4tuN0Ezx4YziGQ
+SSTlzKl2GL9T42jcg6h4Xhc/0la4sPcbrN9qf+yXUulaJkSml18+FpXDnKdYgpGj
+nH0V4jvtYT/tvzIeeJZ3crx3OlOoBH9KkFW0OKIuthz1hw0HrdyUWZMiCZAuJFhV
+HIlcgZOk2++1OZ2wrgcxA6hh+SJ0ffhmlvz20Q24bFliscIh/77/MeCBoY9/pjG2
+VIfLjFfDXXtTd047Kk8OuGkWAoneb4IInPafy/FC2TJBwv9Zcyv3m6Eci1J3ugOE
+79N4xvzy8ZoywbLN3lTKh1GkqsPRdRyNGxXWGBkNz6p0WrHxQmZpziHSEG31DfzT
+JTeCCTxn5Mr8dawU1P7Bn3hYTbNJZ6Qo0iN5l6C0RW2KH5h93EOxFeiwhjq+ppvk
+wt3N1eF+SWwGiq8nwPESR11coXzimSOmMFUScXb5ei9B+nsqOo5hnPDycOmO9aPb
+NibEKkCwo/HE0Sv5+7GliW1Ek7647EWfxAsWrPhpEhgzq1waBDWBRJbGOecUGk/w
+hVa2C5Ph7vZcCS7udI5xsBhOnq7L1CqCILupx85QHb0kOugI+5nPh8nsCilJV+hY
+AOCJu8cRLhwWsY8X6MYRQVHer/TN2a2cLq1vpMLE0Qz1DgxIxxzTbiDBRWx0/3vY
+gNRjJ37zqBR6R3g2F7V92jSjVnt+seFIvj9TPHinYkEFXveMsZ4XkYVjH2kwjGZX
+L+oofL3K5WDQAXj4gUK1vQydW2V4cPmZB5Am0NpQvmDVU8FiBm4FJ2wTJEOV/22W
+ftjhaJxouZWF/7W5Yp0Qhe5irB1ypEQZIoz5XC/YOliVLwTqZUpxIojiRPKowgQG
+h62OHhzVyvQkL36D+lJwSxC0DLW0zQqmYZtBbIS6UPYZ0ddsWbw=
 -----END AGE ENCRYPTED FILE-----

diff --git a/secrets/osterei/restic/matrix-synapse.age b/secrets/osterei/restic/matrix-synapse.age
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 N4uLzI5DOm16lZUP/JedushWD0ID56FWtCZH1kzgKXo
-TtHlqPvceYFGLq8ctjxrn+42HCWOOYS+XDOMznUAeEw
--> ssh-ed25519 YtLkIw VwJ28uF0VaA93Qrpxn4Mz847dhukcbDCFyb31Xwt8ks
-X/MMOQzl4NlVJAgr3hnYCXDLRxa5ZcwBEJ83mS42Lvc
--> ,]-grease b Fd?g;R
-0gaXCrGHZxIWDiZ102iufLZgL0Z/5NzxsXTTWpDki+LWOL6EGcZ2X11+ryoIoDZJ
-KL4X4L3YWx4+rxihtrSFMJqWNufvk/qmAdzaqhAytZ4jXF2zCg
---- CXG/gR6WdTwmmxn4jGawEqLc2w7e2RgAHMel/hpfZUQ
-0��)]�����kU���M�%x�p�T਌�{�kL\&�є-W��c���}1��(�|o�-
\ No newline at end of file

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -61,7 +61,6 @@ in {
   "osterei/mail/password-leah-ctu.cx.age".publicKeys          = [ leah osterei ];
   "osterei/mail/password-mail-zug.network.age".publicKeys     = [ leah osterei ];
 
-  "osterei/restic/matrix-synapse.age".publicKeys              = [ leah osterei ];
   "osterei/restic/maddy.age".publicKeys                       = [ leah osterei ];
   "osterei/restic/mail.age".publicKeys                        = [ leah osterei ];
 

@@ -78,5 +77,6 @@ in {
 
   "trabbi/restic/gitolite.age".publicKeys                     = [ leah trabbi ];
   "trabbi/restic/pleroma.age".publicKeys                      = [ leah trabbi ];
+  "trabbi/restic/matrix-synapse.age".publicKeys               = [ leah trabbi ];
 
 }

diff --git a/secrets/trabbi/restic/matrix-synapse.age b/secrets/trabbi/restic/matrix-synapse.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 w7yxgYs9FzkMIBcE3GDnJF3r3f4FcwlWPEXE8PKBCiw
+kiEUW7/DvJIXvgBt6S/szdZoXVK6B0N92YW2IcRru+I
+-> ssh-ed25519 V0uUrw H1Kv2K8/01ohEdcTEUvDn29DTN9A3wffd0k+DQyeDFw
+OltzKGc0ZyiS9qI4ETWDGT6Nzm4BnZi4opZlOyj6Zds
+-> e.5H-grease ;ASLD| f{a`[F"3 :fX j,2A6
+PrgMZU2jkGw6dnxlfZ+ICsmmGU4viACFOg+q988JjEsifKtPCLnbFdhSS+n43b9T
+6/o3vNx3ln4Qfu8dzfPJlG5npRegGjx+0OXM/Eyma1W/UvlXPnicebwWc6xp+x7+
+1IfW
+--- 1dLQU8Y7L0HwqStOWjiQMmeVfKCak+l6yGCYSLDR+II
+�T��b�⭉kʸ8��L��&R�$W�7�)$����T(���,r@�0�d<y5�3'�+
\ No newline at end of file