Migrate matrix to sops-nix

2026-05-18 21:21:20 +02:00 · 2026-05-18 21:21:20 +02:00 · a01a891495
commit a01a891495
parent dc965c3329
5 changed files with 85 additions and 70 deletions
--- a/config/hosts/matrix/element-call.nix
+++ b/config/hosts/matrix/element-call.nix
@ -4,15 +4,22 @@
    enable = true;
    settings.rtc.use_external_ip = true;
    openFirewall = true;
-    keyFile = "/secrets/matrix-livekit-secret-key.secret";
+    keyFile = "/run/secrets/matrix-livekit-secret-key";
  };
  services.lk-jwt-service = {
    enable = true;
    port = 8082;
    livekitUrl = "wss://matrix-rtc.nekover.se/livekit/sfu";
-    keyFile = "/secrets/matrix-livekit-secret-key.secret";
+    keyFile = "/run/secrets/matrix-livekit-secret-key";
  };
  systemd.services.lk-jwt-service.environment = {
    LIVEKIT_FULL_ACCESS_HOMESERVERS = "nekover.se";
  };
+
+  sops.secrets."matrix-livekit-secret-key" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "livekit.service" "lk-jwt-service.service" ];
+  };
 }