From 18914f9ab18eeff5e9c36d4585aa9dc3e074f4fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 11 Jun 2024 15:35:40 +0200
Subject: [PATCH 1/7] add users

---
 modules/web01/matrix-synapse.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/web01/matrix-synapse.nix b/modules/web01/matrix-synapse.nix
index 9730588..71c6abb 100644
--- a/modules/web01/matrix-synapse.nix
+++ b/modules/web01/matrix-synapse.nix
@@ -2,4 +2,7 @@
 {
   imports = [ self.inputs.clan-core.clanModules.matrix-synapse ];
   clan.matrix-synapse.domain = "clan.lol";
+
+  clan.matrix-synapse.users.admin = { admin = true; };
+  clan.matrix-synapse.users.monitoring = {};
 }

From 07659fa6f3c0f220c10a07b08e5ef9f8611ed70e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 11 Jun 2024 15:38:26 +0200
Subject: [PATCH 2/7] Update secret web01-matrix-password-admin

---
 .../machines/web01                            |  1 +
 .../web01-matrix-password-admin/secret        | 24 +++++++++++++++++++
 .../web01-matrix-password-admin/users/joerg   |  1 +
 3 files changed, 26 insertions(+)
 create mode 120000 sops/secrets/web01-matrix-password-admin/machines/web01
 create mode 100644 sops/secrets/web01-matrix-password-admin/secret
 create mode 120000 sops/secrets/web01-matrix-password-admin/users/joerg

diff --git a/sops/secrets/web01-matrix-password-admin/machines/web01 b/sops/secrets/web01-matrix-password-admin/machines/web01
new file mode 120000
index 0000000..a3c776b
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-admin/machines/web01
@@ -0,0 +1 @@
+../../../machines/web01
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-admin/secret b/sops/secrets/web01-matrix-password-admin/secret
new file mode 100644
index 0000000..0ef4998
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-admin/secret
@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:vef3eK79BP0R8KS3Ycal0HOfcVTZkB9whZIqjpmgQw==,iv:3i37rWIn5kh6jWQqGFRu0yxyT1Bfa99espOT1DpYB/E=,tag:u90TEhOKTQ8Y8iPvnToeXA==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1K2tkSUE0d0UzYi9XSVdi\nWE5BMVBSTFdLRXJkbk5FaEVvZTUwVjBGT3pRCnVOY3oyK0xIcm4zeXpSb2lzdUZ6\nWDJyUDBDdTdVSmJsYzlBL01qNGtBaW8KLS0tIFoybmZ4cXpZWnhjM2JsMDhNdFVH\nNHhRZTUveDhvRHFGNjhUL0hjNmV2TU0KU9pt2aRKN77uQW5Mq6l/g21YEpokW8Rn\nH0jmBc+n9pPkphojl7VUhm52aBMsUxU94Chko3oHUnTWJXjaS36LAw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBER0c3VCtzb29MUVVvU3p1\naXJXS01uT2NrcmNIT1RyOGJFazA3bFlTNnpvCjVzWmtieVR4ZUV1cWhaR3p3bVNP\ncXp4aWlrZE85cjFRY3RzcThJTlE3SkUKLS0tIGc5UWRINkhhV3lKMjBqYlJDUE5O\ncTY4V05qaGxWM1RYWjFKTXdiM0ZPc00K5nIxr2jMrBdtXJIWjwORM2jXjk7Xcvxu\nIc2KKoOOaQwo7SpAdf/GQm8BoHh2TJcUevfpM0GDII/DyMenhPf1pw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-06-11T13:38:24Z",
+		"mac": "ENC[AES256_GCM,data:B2gQaMJIFpJuKpPPdaa6Gw0K9DN4FcoEOybSkA+2kMAqMv5cTPVnG7HV/XY21bQKvmGkAvKa6PhouIp46QyajTmUrUlAGrZrt9W1tBwctJlsHiY7O6she6S02NPpKn9CWurh5XIz8NxcZVcMEwWhc3wQdld47puubUOgHpmfqFU=,iv:Bi3CL4Zb9EZoEmA0e3Qg0B6Kwhc5pvlFlioCcX8Fnco=,tag:gk7VaDhZlbfnv8Xrx6mypA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-admin/users/joerg b/sops/secrets/web01-matrix-password-admin/users/joerg
new file mode 120000
index 0000000..4c1fba9
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-admin/users/joerg
@@ -0,0 +1 @@
+../../../users/joerg
\ No newline at end of file

From bf86ecbc3836a4217350471f8f8a6d3d978a0f32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 11 Jun 2024 15:38:26 +0200
Subject: [PATCH 3/7] Update secret web01-matrix-password-monitoring

---
 .../machines/web01                            |  1 +
 .../web01-matrix-password-monitoring/secret   | 24 +++++++++++++++++++
 .../users/joerg                               |  1 +
 3 files changed, 26 insertions(+)
 create mode 120000 sops/secrets/web01-matrix-password-monitoring/machines/web01
 create mode 100644 sops/secrets/web01-matrix-password-monitoring/secret
 create mode 120000 sops/secrets/web01-matrix-password-monitoring/users/joerg

diff --git a/sops/secrets/web01-matrix-password-monitoring/machines/web01 b/sops/secrets/web01-matrix-password-monitoring/machines/web01
new file mode 120000
index 0000000..a3c776b
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-monitoring/machines/web01
@@ -0,0 +1 @@
+../../../machines/web01
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-monitoring/secret b/sops/secrets/web01-matrix-password-monitoring/secret
new file mode 100644
index 0000000..66e3b8f
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-monitoring/secret
@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:ruKBCJYW1Q4ivCQ0uXNyI4QpmHF/kux9OtjKFwt6pC2hV2U=,iv:ZYqvNEhGfJxBEs37fX3Rg7KK9M1PKsTFfZEDd1yEbZk=,tag:37uDB6G4vcwYPzmDxJA5/Q==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1eXhOZVNMYkhVbkhrMnEy\nVm5zd0JDVHpwSzVDQ1gwK1NEa2MyU0VaRVdZClJPdGdlYXUwNDZPb2xEUWJkdGNJ\nS1d1TXFvRWQzdVM0VGY2NHRhZ2dSTTAKLS0tIEt6SmUyRlE3V0dUSFFqbnV0SGp4\nbnU1bXdhMHF4TktaNE1nd2R2U0FLRkUKjp8Gq7zy34Z7NR0qn/GNVG2G0CSQPKvA\nQG0fbZQfpCySnz7O3GG0iA9Zz77aj1OvKE4iXnmejmEg0OO9gHEAoA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYzAzUm5HTVRNcFFnUENM\nKzlCZno4SlBDcHVkUDNYRXY1cTVQVVRTWmlVCmJMb3QzRm91dkcvMDVvSDFOS3VB\nSUtRSVRrK3BlVjIwU1hBek5FdkxtM28KLS0tIFUzOUNtRmFMV1ZIWjVkbGF5cmM2\nL2NZWVFuNzFIOC9HeWUrRHByWEJzTlkK8GKi6bY4DEWhSnESt+pe2nAm+Omkh/p5\nJkXX0dJIGxuu9VuOUcVIE9m5WmWPKRDS0BinMPZuGSgFYqzn0kV90Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-06-11T13:38:26Z",
+		"mac": "ENC[AES256_GCM,data:caOsb2taskbJC8iB9+J+lVHCQGDYt/XZiOo1cKSdhtrkQJ/BJOinZOY6cBGCzv57ewBg6FT9XIEQAqcYzChs910gGFklVAlmwo8BEMFdhg/VTg/qDbBC3AmTGuOepVbFRbsA714UiHuAmbt+pfpe3+wAh9oEEpNRmLc9x8MhNTo=,iv:kKtI4yF7gqm1pXQKIifhJX0+Ugk5FdXNjW39t9cnTf4=,tag:2FTptmViYqx/e0yjOfSndQ==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/sops/secrets/web01-matrix-password-monitoring/users/joerg b/sops/secrets/web01-matrix-password-monitoring/users/joerg
new file mode 120000
index 0000000..4c1fba9
--- /dev/null
+++ b/sops/secrets/web01-matrix-password-monitoring/users/joerg
@@ -0,0 +1 @@
+../../../users/joerg
\ No newline at end of file

From d8be26269bb595559a06a2352eff4f2bdd60dd84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 17 Jun 2024 13:52:22 +0200
Subject: [PATCH 4/7] clan-core: fix tarballs

---
 flake.nix                        | 2 +-
 modules/web01/matrix-synapse.nix | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 6f556a8..13a05fd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,7 +26,7 @@
     # Use the version of nixpkgs that has been tested to work with SrvOS
     srvos.inputs.nixpkgs.follows = "nixpkgs";
 
-    clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
+    clan-core.url = "https://git.clan.lol/clan/clan-core/archive/matrix.tar.gz";
     clan-core.inputs.flake-parts.follows = "flake-parts";
     clan-core.inputs.nixpkgs.follows = "nixpkgs";
     clan-core.inputs.treefmt-nix.follows = "treefmt-nix";
diff --git a/modules/web01/matrix-synapse.nix b/modules/web01/matrix-synapse.nix
index 71c6abb..749a6bc 100644
--- a/modules/web01/matrix-synapse.nix
+++ b/modules/web01/matrix-synapse.nix
@@ -3,6 +3,8 @@
   imports = [ self.inputs.clan-core.clanModules.matrix-synapse ];
   clan.matrix-synapse.domain = "clan.lol";
 
-  clan.matrix-synapse.users.admin = { admin = true; };
-  clan.matrix-synapse.users.monitoring = {};
+  clan.matrix-synapse.users.admin = {
+    admin = true;
+  };
+  clan.matrix-synapse.users.monitoring = { };
 }

From 988a38d1a3b2bc237d8b13a038c3a07563231c84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 17 Jun 2024 13:55:01 +0200
Subject: [PATCH 5/7] switch to clan-core main

---
 flake.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 13a05fd..6f556a8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,7 +26,7 @@
     # Use the version of nixpkgs that has been tested to work with SrvOS
     srvos.inputs.nixpkgs.follows = "nixpkgs";
 
-    clan-core.url = "https://git.clan.lol/clan/clan-core/archive/matrix.tar.gz";
+    clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
     clan-core.inputs.flake-parts.follows = "flake-parts";
     clan-core.inputs.nixpkgs.follows = "nixpkgs";
     clan-core.inputs.treefmt-nix.follows = "treefmt-nix";

From b700a79e2626d6689d5209c13018fdb715d3e0cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 17 Jun 2024 13:58:10 +0200
Subject: [PATCH 6/7] update flakes

---
 flake.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/flake.lock b/flake.lock
index c4c409f..b6b64e0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -59,11 +59,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718548362,
-        "narHash": "sha256-N2Wg5UTz9X6AP8zD3//UhEvTPZomxHMVy3XBpwMQuEE=",
-        "rev": "8feea28a191515c28dbc35d702993d609c8b13e6",
+        "lastModified": 1718611779,
+        "narHash": "sha256-ZohxTXp0ZABO3YBfeq357tI39YBAiMZVY0XofEa4PZI=",
+        "rev": "1cd606b879516454b2a58633ccc8adacce6b5520",
         "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/8feea28a191515c28dbc35d702993d609c8b13e6.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1cd606b879516454b2a58633ccc8adacce6b5520.tar.gz"
       },
       "original": {
         "type": "tarball",
@@ -235,11 +235,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718276985,
-        "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=",
+        "lastModified": 1718396522,
+        "narHash": "sha256-C0re6ZtCqC1ndL7ib7vOqmgwvZDhOhJ1W0wQgX1tTIo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3f84a279f1a6290ce154c5531378acc827836fbb",
+        "rev": "3e6b9369165397184774a4b7c5e8e5e46531b53f",
         "type": "github"
       },
       "original": {
@@ -308,11 +308,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718459800,
-        "narHash": "sha256-oRkHJbp/jIljo+yXY6sSjMMTBqWNhIjd4qhs0pTjwbs=",
+        "lastModified": 1718585173,
+        "narHash": "sha256-G5DB6D3p8ucyGfmWt3JmiWcVW55DeuUoiT230wQ9Am4=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "b724a9ad24945a4d6fb11a42f1c2ce072fa3c4c2",
+        "rev": "c607ffef7c234d88f37ed12d75b2c48de3f4b3fe",
         "type": "github"
       },
       "original": {

From a17e2fe0293dbe03153c7d5b84aa5acf81e8fe54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 17 Jun 2024 15:05:05 +0200
Subject: [PATCH 7/7] rename clanCore -> clan.core

---
 flake.lock                      | 8 ++++----
 modules/mailserver.nix          | 8 ++++----
 modules/web01/borgbackup.nix    | 4 ++--
 modules/web01/gitea/default.nix | 2 +-
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/flake.lock b/flake.lock
index b6b64e0..05cdcf7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -59,11 +59,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718611779,
-        "narHash": "sha256-ZohxTXp0ZABO3YBfeq357tI39YBAiMZVY0XofEa4PZI=",
-        "rev": "1cd606b879516454b2a58633ccc8adacce6b5520",
+        "lastModified": 1718900431,
+        "narHash": "sha256-iEpESD8Hywek3lkGgvTjG5C25UTaAAjnqX9R0lIvhSI=",
+        "rev": "b3123b150ff7a287d36efd1cce29bd4d1e7e4d86",
         "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1cd606b879516454b2a58633ccc8adacce6b5520.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b3123b150ff7a287d36efd1cce29bd4d1e7e4d86.tar.gz"
       },
       "original": {
         "type": "tarball",
diff --git a/modules/mailserver.nix b/modules/mailserver.nix
index 86d41ca..b1f5f74 100644
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@@ -27,9 +27,9 @@ in
     localDnsResolver = false;
 
     loginAccounts."golem@clan.lol".hashedPasswordFile =
-      config.clanCore.facts.services.golem-mail.secret.golem-password-hash.path;
+      config.clan.core.facts.services.golem-mail.secret.golem-password-hash.path;
     loginAccounts."gitea@clan.lol".hashedPasswordFile =
-      config.clanCore.facts.services.gitea-mail.secret.gitea-password-hash.path;
+      config.clan.core.facts.services.gitea-mail.secret.gitea-password-hash.path;
   };
 
   services.unbound = {
@@ -49,6 +49,6 @@ in
 
   security.acme.acceptTerms = true;
 
-  clanCore.facts.services.golem-mail = mailPassword { service = "golem"; };
-  clanCore.facts.services.gitea-mail = mailPassword { service = "gitea"; };
+  clan.core.facts.services.golem-mail = mailPassword { service = "golem"; };
+  clan.core.facts.services.gitea-mail = mailPassword { service = "gitea"; };
 }
diff --git a/modules/web01/borgbackup.nix b/modules/web01/borgbackup.nix
index 8c3d37d..2bd1037 100644
--- a/modules/web01/borgbackup.nix
+++ b/modules/web01/borgbackup.nix
@@ -5,10 +5,10 @@
   # 100GB storagebox is under the nix-community hetzner account
   clan.borgbackup.destinations.${config.networking.hostName} = {
     repo = "u366395@u366395.your-storagebox.de:/./borgbackup";
-    rsh = "ssh -oPort=23 -i ${config.clanCore.facts.services.borgbackup.secret."borgbackup.ssh".path}";
+    rsh = "ssh -oPort=23 -i ${config.clan.core.facts.services.borgbackup.secret."borgbackup.ssh".path}";
   };
 
-  clanCore.state.system.folders = [
+  clan.core.state.system.folders = [
     "/home"
     "/etc"
     "/var"
diff --git a/modules/web01/gitea/default.nix b/modules/web01/gitea/default.nix
index 080745c..d9a3048 100644
--- a/modules/web01/gitea/default.nix
+++ b/modules/web01/gitea/default.nix
@@ -38,7 +38,7 @@ in
 
     settings.actions.ENABLED = true;
 
-    mailerPasswordFile = config.clanCore.facts.services.gitea-mail.secret.gitea-password.path;
+    mailerPasswordFile = config.clan.core.facts.services.gitea-mail.secret.gitea-password.path;
 
     settings.mailer = {
       ENABLED = true;