From 4393cef4e1b24c14dceefe12d40587ff88020c91 Mon Sep 17 00:00:00 2001
From: Qubasa <consulting@qube.email>
Date: Wed, 26 Jun 2024 14:20:45 +0200
Subject: [PATCH 1/3] Update secret web01-matrix-password-clan-bot

---
 .../machines/web01                            |  1 +
 .../web01-matrix-password-clan-bot/secret     | 24 +++++++++++++++++++
 .../users/qubasa                              |  1 +
 3 files changed, 26 insertions(+)
 create mode 120000 sops/secrets/web01-matrix-password-clan-bot/machines/web01
 create mode 100644 sops/secrets/web01-matrix-password-clan-bot/secret
 create mode 120000 sops/secrets/web01-matrix-password-clan-bot/users/qubasa

diff --git a/sops/secrets/web01-matrix-password-clan-bot/machines/web01 b/sops/secrets/web01-matrix-password-clan-bot/machines/web01
new file mode 120000
index 0000000..a3c776b
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-clan-bot/machines/web01
@@ -0,0 +1 @@
+../../../machines/web01
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-clan-bot/secret b/sops/secrets/web01-matrix-password-clan-bot/secret
new file mode 100644
index 0000000..b22c48a
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-clan-bot/secret
@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:S8Y5p8O9KmheK4fRzoSF5/LqanJ0CxkuMEIqPFfhkFbCaXbjRw==,iv:xVlBzGfAqLDk01UI7oXnR7ukjnKMIn9/avxI/KkLWtg=,tag:sn4N8dXipo63YLT9I40s3g==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRmxjY0FWTFBpc3BLK1JB\nMGhrVFJzTHVsNGlzR1FyS0JsSzQxMnpSRWtRCkU3bEhidFd0RTVZTzVXemJCTjhV\nSk4ydHJscUd6cExyK3ZmNnowMkR2OVkKLS0tIFBKZnFvaGx1cStNWU9leUk4Ymd3\nM0FFN1ZRYmZJUU8wQ1lKVlI5bzN1TVUKSTK4MflBBEq4a8RnBMEtKGzrKxjZi9wv\nguglBCGX6tvWVkzGmZWWIT9oSimb4pEPlJKH553WBf4aiF5n+kYwsA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zwte859d9nvg6wy5dugjkf38dqe8w8qkt2as7xcc5pw3285833xs797uan",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMEpEL1dkM214NmRzdVpw\naUhxSms1ZlZOS0dhdTlVbmkvdFN3MCtFZ3lvCkRYeTFJUHErSFFyK2YvTHdwR3h6\nRVZqNVdkWUh0R09VRDNIVnRNa2FhdFkKLS0tIGxzb3BaQy9vMTZhdjVlVUQ0SEhP\nMHRTWHgxNE1HSVhXM091RVVJUjVmRHMKZD7U1cUvHzvB/rdXRPUAjakxwqrpthUB\nZkLNaY7ws5KNF8dwU72vElPPdz2CWDdIz563u3XV1ZioTkuepgdZyA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-06-26T12:20:42Z",
+		"mac": "ENC[AES256_GCM,data:SdZInMlmS/fDQDpxuZUTjWwhjJqzPSJ7UN+fY5vsTdXJ+BRLKxZUpMlahXt85PZukfxE2XxjsnDV+tft80qxSv66HzwSnxsecfrxR9OMwGlG4SEdO0NJe2HFWwcSsXJUlGdkefVhUS5HL97Jr/NN69QTX1Ay/NoOoEdW6R6hb+w=,iv:uc9nlVAbScdxOtvERSiQ0SNfSJ6WK95B37MuL30FY2A=,tag:Swkkc/dQflO7MuTZXvm99w==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-clan-bot/users/qubasa b/sops/secrets/web01-matrix-password-clan-bot/users/qubasa
new file mode 120000
index 0000000..c315f0f
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-clan-bot/users/qubasa
@@ -0,0 +1 @@
+../../../users/qubasa
\ No newline at end of file

From e0b7df1590521ee2ba00972483c0c9a54d540564 Mon Sep 17 00:00:00 2001
From: Qubasa <consulting@qube.email>
Date: Wed, 26 Jun 2024 14:35:10 +0200
Subject: [PATCH 2/3] Add matrix-bot user

---
 modules/web01/matrix-synapse.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/web01/matrix-synapse.nix b/modules/web01/matrix-synapse.nix
index 749a6bc..01fa466 100644
--- a/modules/web01/matrix-synapse.nix
+++ b/modules/web01/matrix-synapse.nix
@@ -7,4 +7,5 @@
     admin = true;
   };
   clan.matrix-synapse.users.monitoring = { };
+  clan.matrix-synapse.users.clan-bot = { };
 }

From b2d0830e143f6b1d1281c03d7eba0887ab0f527d Mon Sep 17 00:00:00 2001
From: Qubasa <consulting@qube.email>
Date: Wed, 26 Jun 2024 14:53:47 +0200
Subject: [PATCH 3/3] fix shellcheck errors

---
 pkgs/action-ensure-tea-login/script.sh     | 4 ++--
 pkgs/action-flake-update-pr-clan/script.sh | 6 ++++--
 targets/web01/decrypt.sh                   | 2 ++
 targets/web01/deploy.sh                    | 2 ++
 terraform/web01/install.sh                 | 2 ++
 terraform/web01/nixosify.sh                | 2 ++
 6 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/pkgs/action-ensure-tea-login/script.sh b/pkgs/action-ensure-tea-login/script.sh
index 4185f5d..10fb3d7 100644
--- a/pkgs/action-ensure-tea-login/script.sh
+++ b/pkgs/action-ensure-tea-login/script.sh
@@ -8,5 +8,5 @@ fi
 GITEA_TOKEN="${GITEA_TOKEN:-"$(cat "$GITEA_TOKEN_FILE")"}"
 
 tea login add \
-  --token $GITEA_TOKEN \
-  --url $GITEA_URL
+  --token "$GITEA_TOKEN" \
+  --url "$GITEA_URL"
diff --git a/pkgs/action-flake-update-pr-clan/script.sh b/pkgs/action-flake-update-pr-clan/script.sh
index 0797663..17cb806 100644
--- a/pkgs/action-flake-update-pr-clan/script.sh
+++ b/pkgs/action-flake-update-pr-clan/script.sh
@@ -5,8 +5,10 @@ set -euo pipefail
 export KEEP_VARS="GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GITEA_URL GITEA_USER PR_TITLE REMOTE_BRANCH REPO_DIR${KEEP_VARS:+ $KEEP_VARS}"
 
 # configure variables for actions
-export PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)"
-export REMOTE_BRANCH="flake-update-$(date --iso-8601)"
+PR_TITLE="Automatic flake update - $(date --iso-8601=minutes)"
+export PR_TITLE 
+REMOTE_BRANCH="flake-update-$(date --iso-8601)"
+export REMOTE_BRANCH
 export REPO_DIR=$TMPDIR/repo
 export GIT_AUTHOR_NAME="Clan Merge Bot"
 export GIT_AUTHOR_EMAIL="clan-bot@git.clan.lol"
diff --git a/targets/web01/decrypt.sh b/targets/web01/decrypt.sh
index 3f625d8..d712ff2 100755
--- a/targets/web01/decrypt.sh
+++ b/targets/web01/decrypt.sh
@@ -1,6 +1,8 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p coreutils sops openssh
 
+# shellcheck disable=SC1008,SC1128
+
 set -euox pipefail
 
 HOST="clan.lol"
diff --git a/targets/web01/deploy.sh b/targets/web01/deploy.sh
index c6aa588..1895473 100755
--- a/targets/web01/deploy.sh
+++ b/targets/web01/deploy.sh
@@ -1,6 +1,8 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p nix jq bash rsync
 
+# shellcheck disable=SC1008,SC1128
+
 set -euo pipefail
 
 clan machines update web01
diff --git a/terraform/web01/install.sh b/terraform/web01/install.sh
index 3b3f603..63d5cf2 100644
--- a/terraform/web01/install.sh
+++ b/terraform/web01/install.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p coreutils sops openssh nix
+
+# shellcheck disable=SC1008,SC1128
 set -euox pipefail
 
 if [[ -z "${HOST:-}" ]]; then
diff --git a/terraform/web01/nixosify.sh b/terraform/web01/nixosify.sh
index ea2e3f3..bea7cf4 100644
--- a/terraform/web01/nixosify.sh
+++ b/terraform/web01/nixosify.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+# shellcheck disable=SC1091
+
 set -eu
 
 installNix() {