From 3d887fc5c505cf6713cfd95ae12ea539fa6a0ddc Mon Sep 17 00:00:00 2001
From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com>
Date: Mon, 9 Dec 2024 12:56:37 +0100
Subject: [PATCH] Arion: Bump signal

---
 hosts/franz/arion/signal/arion-compose.nix |  5 ++++-
 hosts/franz/arion/signal/default.nix       | 17 ++++++++++++++++-
 secrets/franz.yaml                         |  6 ++++--
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/hosts/franz/arion/signal/arion-compose.nix b/hosts/franz/arion/signal/arion-compose.nix
index db5564a..1b06190 100644
--- a/hosts/franz/arion/signal/arion-compose.nix
+++ b/hosts/franz/arion/signal/arion-compose.nix
@@ -8,7 +8,7 @@
 
   services = {
     mollysocket.service = {
-      image = "ghcr.io/mollyim/mollysocket:1.3.0";
+      image = "ghcr.io/mollyim/mollysocket:1.5.4";
       container_name = "mollysocket";
       useHostStore = true;
       ports = [
@@ -41,6 +41,9 @@
         MOLLY_PORT = 8020;
         RUST_LOG = "info";
       };
+      env_file = [
+        "/home/ghoscht/.docker/signal/mollysocket.env"
+      ];
       restart = "always";
       networks = [
         "dmz"
diff --git a/hosts/franz/arion/signal/default.nix b/hosts/franz/arion/signal/default.nix
index 4aa25da..010f551 100644
--- a/hosts/franz/arion/signal/default.nix
+++ b/hosts/franz/arion/signal/default.nix
@@ -1,7 +1,22 @@
-{config, ...}: {
+{config, ...}: let
+  vars = import ../../../../vars.nix;
+in {
   virtualisation.arion = {
     projects.signal.settings = {
       imports = [./arion-compose.nix];
     };
   };
+
+  sops.secrets."signal/vapid_privkey" = {
+    owner = vars.user;
+  };
+
+  sops.templates."mollysocket.env" = {
+    path = "/home/${vars.user}/.docker/signal/mollysocket.env";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      MOLLY_VAPID_PRIVKEY="${config.sops.placeholder."signal/vapid_privkey"}"
+    '';
+  };
 }
diff --git a/secrets/franz.yaml b/secrets/franz.yaml
index fdc3721..6f8335b 100644
--- a/secrets/franz.yaml
+++ b/secrets/franz.yaml
@@ -66,6 +66,8 @@ wiki:
     db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
     db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
     db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
+signal:
+    vapid_privkey: ENC[AES256_GCM,data:OaB+1baDLCXd7kqfQWwX8yBoqARuHFYWmtsiQ/ku8Om6ZKZkuoGVJP1FuQ==,iv:iQkYrRl3+pVzN6bjz1MPo+7prFJRHGkxHr5BjjDlFuM=,tag:vCMo14LZvVjCtJ4vGH0DOA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -81,8 +83,8 @@ sops:
             VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
             EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-09T13:53:16Z"
-    mac: ENC[AES256_GCM,data:5pANdrfnPuDf2mai0UgcFbwr4OzjLzLWraKOt38fX2MySYH2EryMzsk4prhehXPTkD3soMFwaVbuuqZUbkWCWM3CtjuyCisQH4uiZZw+slw6g8atr4h3tpHtD2SwgGVESMJouVQyfb9ko4O1ArBvml/0a6DAGmwoxlQwGboZR5M=,iv:oiZx4BsRBNAn+hjhzhV6oVZrYQJ32DAQlyNNsevaLpc=,tag:A0EsGeaP5vy9vA8WZjbxIQ==,type:str]
+    lastmodified: "2024-12-09T11:43:35Z"
+    mac: ENC[AES256_GCM,data:y8f188EbglQgSsSxEJpVX0GhjjZ4Uw5L7pawLP8Yz3zTgRNUIPICOK3oWNjR/M6BhhqaC2cnz5g2lQDXmO1tKDQ7E8RaZeqdBY0oDB+B1C6LWHnbZiEaQvH+j0nBx191NKUcA3Z4n4Sew+lA2YiQ3lWko4j/Kn+j8pnhrfVsYW8=,iv:F1PUbgZRsf8A3Es/UA+tV92DUywnPZx5iL7iLAICfsM=,tag:K9RuhNIpSuuec/OvShyvhQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1