From 82c98f468526ae928dbdc283c9352d63965f0117 Mon Sep 17 00:00:00 2001
From: Jake Hillion <jake@hillion.co.uk>
Date: Sun, 26 Nov 2023 19:44:30 +0000
Subject: [PATCH] matrix: migrate vm.strangervm->jorah

---
 .../default.nix                               |   1 -
 modules/impermanence.nix                      |  12 ++++--
 modules/locations.nix                         |   2 +-
 modules/www/global.nix                        |   8 +++-
 secrets/matrix/matrix.hillion.co.uk/email.age | Bin 1353 -> 1260 bytes
 .../macaroon_secret_key.age                   | Bin 1107 -> 1092 bytes
 .../registration_shared_secret.age            |  37 +++++++++---------
 secrets/secrets.nix                           |   6 +--
 8 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
index 69a6fdc..59ac535 100644
--- a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
+++ b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
@@ -21,7 +21,6 @@
     ## Custom Services
     custom = {
       locations.autoServe = true;
-      services.matrix.enable = true;
     };
 
     ## Networking
diff --git a/modules/impermanence.nix b/modules/impermanence.nix
index a49bd66..52f5e3b 100644
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@@ -31,10 +31,13 @@ in
   config = lib.mkIf cfg.enable {
     fileSystems.${cfg.base}.neededForBoot = true;
 
-    services.openssh.hostKeys = [
-      { path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
-      { path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
-    ];
+    services = {
+      openssh.hostKeys = [
+        { path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+        { path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
+      ];
+      matrix-synapse.dataDir = "${cfg.base}/system/var/lib/matrix-synapse";
+    };
 
     environment.persistence."${cfg.base}/system" = {
       hideMounts = true;
@@ -43,6 +46,7 @@ in
         "/etc/nixos"
       ] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
       (listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]) ++
+      (listIf config.services.postgresql.enable [ config.services.postgresql.dataDir ]) ++
       (listIf config.hardware.bluetooth.enable [ "/var/lib/bluetooth" ]);
     };
 
diff --git a/modules/locations.nix b/modules/locations.nix
index ff95c36..c6f5043 100644
--- a/modules/locations.nix
+++ b/modules/locations.nix
@@ -15,7 +15,7 @@ in
         services = {
           downloads = "tywin.storage.ts.hillion.co.uk";
           mastodon = "vm.strangervm.ts.hillion.co.uk";
-          matrix = "vm.strangervm.ts.hillion.co.uk";
+          matrix = "jorah.cx.ts.hillion.co.uk";
         };
       };
     };
diff --git a/modules/www/global.nix b/modules/www/global.nix
index 7dbc0d8..79ca1cf 100644
--- a/modules/www/global.nix
+++ b/modules/www/global.nix
@@ -20,7 +20,12 @@ in
       virtualHosts = {
         "hillion.co.uk".extraConfig = ''
           handle /.well-known/* {
+            header /.well-known/matrix/* Content-Type application/json
+            header /.well-known/matrix/* Access-Control-Allow-Origin *
+
             respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
+            respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.hillion.co.uk"}}`
+
             respond 404
           }
 
@@ -42,7 +47,8 @@ in
           reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096
         '';
         "matrix.hillion.co.uk".extraConfig = ''
-          reverse_proxy http://${locations.services.matrix}:8008
+          reverse_proxy /_matrix/* http://${locations.services.matrix}:8008
+          reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008
         '';
         "unifi.hillion.co.uk".extraConfig = ''
           reverse_proxy https://unifi.unifi.ts.hillion.co.uk:8443 {
diff --git a/secrets/matrix/matrix.hillion.co.uk/email.age b/secrets/matrix/matrix.hillion.co.uk/email.age
index cf671bed5984083bb599057a1cdb535586c13382..503bb711324987767b1876ce3bd4b34154427158 100644
GIT binary patch
literal 1260
zcmYk&`;XHE0Kjof2p4ONNDy)+>S->bnY(U%uE8i>w{_jt$GUZEmm{HTyY;bW+pV_=
zB0r!8k$6!P5Z}N>QGdWU28=NvkTWqM0Yx4vkq{1#s6>H8g8GArf5A83k6JgvMoV)C
z9p7rVCfaTt>_>s{BV(RthFwn`qo;&aCJ*RTyMYK&P*o#*s392)Yg=|CgW8<Swn!!(
z?W=+BJBBB;#9FQHr^T{Q(^e>w&YFWtp$8x$g<~*@BW$K^DZDEih>%H_a;DQpn#mrb
zU^c9z2Hgx@Qp*L&hdZ+A!myaLGSxul7@*Ez1+$3ujdludh;agPD6wcJ-E<=Z^<|i0
zyAaC9lRRz(3C;!Ksb*G=7E@dgZ+7j<umuDpt(TIFGO&gvZ9sH5cq#@#BFiFeM~;PJ
zpxi6TVyB|eK@LV+wq&SeJJctOV7`-%;Q=6bl4U&Z6kAc#jSQUtEV<>nAv&E}&t-FT
zHx%V#CAyrZ2gQ^yfV@bj&n1evUd^adl^Es%h#pT=G}zVSy^tH2c1)!}E%?87mS~ov
z0T6doI~8vQ`7|k;TtceXaa08pm8{srLTx9Ts$xMrATpBJlxq!-O+?wORF+K-gd-l4
zv;Z{&N@B4s!EK>Ir3bj)O&VZs$O{-Il2+7b0=8f|d?FE#Vm%v?C=l{l(jxh8jwk-v
z2K=(2fqJxT8gP~n`5aM2qEcV0c^y;LoG#rMD7M8$2ZI4j!gWQr5KF8!+(IeeBNU_T
z0%^`L^<hAZjaHU#RhkV=O;NnqFC)H8M5K^vfx`~R(FT+64+*=K%2v~)pBL1gB6M-I
z22|j31B&$vQwVJEIV7KgB2+`F%WhSM1D~vSLSlh;$uwLMG*^u`86-h*bWg3sEuC^@
z5-3I#A)z{$?9fUz(}5Vv6Y%<f+J+9HXp|Vsw=obW$2=tDM^%=x8JjR`$qER`xk%nh
z3Ob#~xDJzTW>ZpEffUgL{AQ`t_PS6VHp^(Sm}0bqnv2zH_Ee9g2NVo(QfSIj8;HjK
zTbt0<7?Fwlt#I8nRL>aWbkCM2b-)f`eN$tAa5y|xu<3qIr&*jzCgLVv(;W)RNF1KZ
zI2KU^E!`eCwN?w)sX8!siXh*5_r)FPuF<b>G<Iik>Eq8H_%65)J#b>#!SMz86-zd9
zubfp2FCW{t=eO|gE8UxpU!NbJEGT~}tJgfZomja3%5-@Cb0qjwIEFsG@zT9}y5j8j
zvu8I~4^?-)ed77)k*B`gykmUjnb+?=|8a8Xdl#-hdEn;-^COKV`)_+~^vuQ6@~TC<
zm#%(n>w;TGMz?H^!Eaus(I0Poc=Ul!9(v>4jfsWRGkY(d-1cyw%^VuX)D^F;J$rs~
z(^{FhdGY8A?RTED_lIV8JhRn5_s3tO_(%6#N+jlH9A@|X*Osiha3qe-?HfOQjn3X-
zoSIq5%kuGWO?(jy-&*;_oP2b<-1~LcGK#v&UcGDi>}S>!m%pAr%>H!rbos>Xxf|=|
k=p((8#t-XUQvdzn7aOKO*szx$S-d>EWz)`YW?owVH(>YCeE<Le

literal 1353
zcmYk5NvsnE0EPuMkTJ$UqA?GVX9C99)Na$6=>=&!ZKun$)0xiJxX|gWZD(KF8GLzh
z12ja@0~$FHo=Q+37&IzK;9$h45J*Hl00tvr(<n-mL<7NhG4cLi{_p$$o+8C1qwj>4
zr<ukhrlTZ+6cArK?Ye5*aeLF12~n=KfkwOMwmW*mrG`kZfv_f%(isNL2qT>k!CF+6
z$1OO)wd*m)<?V4Nmc=8_HuRV^;OZu&0ClU@Q8FYhk+C2bKt&6YG7MQ67vRQVjMtJh
z#PX7EU?z|2u_Vj+VzRE5t)M=XA!=lc0Lpn4+fS1MVg$KPJzw+849`>?5OD;ps0nEc
z8%r%t@hfRrLmgRdcPS_A>!3QE6sT4kKsY{!742rgNCS$l)%$uH!wN!1F>!~6Y`9LB
z%epnhdv4R3I1UW;X$J$@z5_WWsjp@LDZ%6$9yj8Ld{@9>GoMZQ8e11=BQptvvOuAw
z5uxhsOi>Qman2o(FfU_6D^k(OjYI`t8W=w)4fLjqCP)Ow+bkv^<NwpH=X5qT2E>8~
zO_B!a8*rsB6!BQI3O69E6q`_-SCC3!1g7135rITmO7K`uEU>Lnf9Pj<yz5j^6JQg9
z6E&I%SWMb}v*jio590&8oG^<d0cDC#U-j))Gwf7Hj9(4Pa4ief&~9a*$k{+;SRjN8
zLDlOECg-6;P^P7_od*roBo|V;L6j*rfl<~V@X{unvC=3%W~)lr6NoNRDh)<spyC<=
zJh8=zy`ar)=8M{3m?E4Q8n^_9^~kU<)fl(t6IoOvTyxUNW@(RO3$~TZ<4~yth`L@&
zMqZj?NGrusR+8eYY2F@<Ykf&pxX{Hz7)Gi|#SjM(0x6lCpNkxsa9pBbSfmPw>ZHx!
z1}~QUVJK$0pf3$T<v-ezn9gQXx#?E2fn&;aL`#N@Xtao?ibF^uRLf8`vY3uWR+DH+
zR6oJ$pwCyd5(tEePKwnVF_B4U+M(O%#gc8pr6Yr`*ja_uWH;qO4r)USqg!~=lX1n7
zdaeY3<}j&bRn}@YIBL`koURf!3Ib=j9Wo7ZSP<huCy~@b0rwcluZ;NEf>I7fGbGr<
zcmwF<a)LOa@sXTE0vb0<pxTR^NjWMwqLjqZN;Vbdt8K;`v4aY!WrquG<MC-ci-ee@
zhYZ(~Z5I&@(zjX>V=EbNq7JJ_NOut*b;QU`0{0(W{?JcbE<XE%e#kaQDR{%*59%Lo
ze(JUPjcdOC5xF!oceFHhSh_KHZPT&?+dkNLkXq_*-9JU28L!-OGWO<`6UPo*J$t?0
zI`z(~x$}!>7Ja^Xy}bTlZuLt`sC$<0-?#nlT<*7*KfZL^4ZJXZZ2s5BpV*ozLA#G`
zTD)xj%$LXDHRIjmymX6g4L1m<zuJB4%Gq^iSIsZE{LjtHhY!i0B-U<wW!H`ar!IJ(
zRrAJ`bMVx0@Z!_&))t+<_R9j06*Q9l=*}H`wr#}=Ctk#ke0%#83MRJC{;}%!?Ub=&
z+s=(=UvCF%-~Z-Q7u(f2FRs}6{M>tRYo@`DVn>eeeM39<=bD-IZ>{_81!zwgYI`58
zX!pfem^YNgvxnl(q%JIXmd@Vw+<?)qo+SVJKK_Nh`uYRM@7Qzi!*9R(^UZ$&r4{#K

diff --git a/secrets/matrix/matrix.hillion.co.uk/macaroon_secret_key.age b/secrets/matrix/matrix.hillion.co.uk/macaroon_secret_key.age
index 64451ce904841e2a1778a081631ca7a85f9e28ed..a76e0a4cab286fba76f8f99473c526643ec04d4f 100644
GIT binary patch
literal 1092
zcmYk(zpLYP008hor|gG1C`Gx&Qj;`4nkaXY*R)BKHvP8woxw+b|7_YMP10l#6b1F+
z;30S5>?z#npokuF;PSv#1SgfZhz|#GxIs`{#DC%Qu|t34=Wf{@j`2Q!X<vqLgF>U*
zgQ|)~Wn~Yz6PODdD8WdX7STqX`;v8v&<yo_dq{~zujI>Oi#a~mv)m5IS&}NiDz_EA
zk}J8bnTkhHD}rcZ7xeS9rp3BR$LXP~BT~otu?0(9Q<!~y$O^%k8UajL?U4@hmW%ab
zp;{t#;MnE}IkUac2A%={7jiu5hdVeQ)>b>=Yd+0{BinXiM6{c|6IDSyEO1=#ZF@?x
zA+@NHc?DTgGCm6Ea&fE>r`q{VE;RmHF{A=hT)qMTonfgtJyL5h3qW!r%rTQV_E6ig
zjKWGVMEGRxN^65?Vg_dOELfuAX^5r)#h|Sy$WlJ_kRB}9h|TQKa~+SOriQlxJD}En
z#X^OrvWLta&Xat4O7&6ze4cOquPxF$9c`g`+V63H$IG!5XR#}TFpi`t%_g<9iX-H}
z(P09FxxXZPET)>?8S7bzPxuPk8kFmL5U1Ak1P)1%PEc8KtV4kaB#md*GV8bHCT8|q
zc9=I#%XYDeOG=dLTq|^?NSIn>I5ec>RJuP~bvl!w6HK+v0)vK+mZQOEVeHt6WSXkH
zHVY0YM{%_t$E_8^0ntccELXIVLpFKRFov!LB;I%^KQ~TnvF}JytN`u`#zY;u8lHdy
z;<+AU!u2lHTs@B%ZM%?TfCNynT+MVcB(as@3q_oujh110G&2etXDpsuaW(JgLA{M;
zGNowRDXp@Ilu<q}olQY)AmW5n+hGFu1)q*B0oyF~P4%C)?~Mrpr3afm2~U^-6E4OE
zcScghj>Y*(>X$;st=0=_%iAG5?bd4$3X(-=p$n~x;~uH)qp<e1nMtlCDiIcrlyV(S
zio#lldA<>gR8$b=-&>!f2y7IVzFqkP&|=B+1K_GJs|f-X0V<f26=Eh~Z&VYksarT~
zbEQ7wBs3b0259U0DhdmTC}IrGk7GsT4q(A88nSfkmN)$}(M?}6w+uA2uezuE^ZO63
zFZ?e*KmSX(^}*NLclX#|-oo>b^-KJZpPIKX9^ZW9?<a13`}6HrZe+}#%~N-uwO@bo
z(GOSWH_jiu+kbQY&O>#4OMUgjkAA&0p8G9%=-ouGk~g{QuU6?ZUwnUg=Y=~DKD+nY
U;}?HSF79@pe)9YM_lNKO11v#%0{{R3

literal 1107
zcmYk4O~~5>0EPwK;S20G7>GiVflBDoByF0=_%O{+)3i;}{4{L^C29WC{3p$ihoP`B
z@F<9)FhLYO%lHt)@3<WVckwty*hG|p7Z2Y2yokr=_VT=s;o5yW-sf#v`bm5}$zA9O
z1O3xpQF#5lFnZHQV)+$7rf{3UHNJG@F(pXT`lym97YCZk3zmtgZL1qPL_}S<bznzm
zG%8#VG{&22x*<tu2$Xb1$+iOONbH0ONP8YU0HckAK*?k)*H((wksMR4mcv>^gGIU$
zP&=y^4#Jt-G?9SPu*?+7vB+rW!Oo-W$epYr-(4jX>*ZvcQQTJ2HZlV;<H!fo)L6x3
zfxr%@4jdn30ZX8)shIQTw4Dx@J7$(>d{9lc3Kj};G7UDWJ(SjSr)XD6tSakfuIeDA
zZg)rtg;K!)>ujo4j)o>%G2NNiur@4ykIj9TRXt)Xl-!iX1WR>GX=2KJMU+XEWya<>
zvX0~0qym7QY|z7@tV@+PlelQ`wp7Ua|F-8uq{B5Jx~Z%QLL!ciEK@?Y+0jSGB^yGg
z`4}D^!V45Ouw8=-MBNyhfw0%pZjt4cmkmAA0a8)N62~(+XNwBjI?wlqW0L93Hj*uH
zv{Ru@KvW6zxq4%FrYLlvUHi+Kf@lkp;1?V)_R$dJSr=~-DX_vF#jN&SfGxUk0jqTr
z2=U<{?v^}8P@{!kSpgwewl;x}9?z&12LVt9GEL#B({)#lyu#pCo1!fUet#&GE&)Z2
zs)#~`NOpyfZGX1JMde^aI|}z!OLrDb0EB~VA*8i%cbI9h=NtHBuMJTZhT0u0rva6+
z>fEi`x`^l;%~fu)Dap()EyFE?rs4s_&t)W7ia`=|`;0P5m5I3jY}*zx8o@+Q94wZc
z+pFWDwb=3$Q)!uY92<KbhAMaf?bjHC`Ep>>dKqjZe~b=*04h*NwhMl&1vEQh8Xqy{
zO&4MfJt9q<cX6Vy_Le+k-G9Fwk6!P)xos47Z!#dU>pfh188s8&fFjYlJhVHD+G(=A
z5}ZAoQF&veWSlD@K5#BF-rz%JZ8!YI?tZ`L(IDT|V;)|45yvU?dIpiwbeJkxeN;5w
z&n?kaF-1NU1@Pp{->!}Q;k&nstAD-OKECn%SC=2&zV+GQi(h{H^V-ulx|5T$kAHpP
zwY&J=_kOthKG;6GcPV`5zV_j_pWZsZ|J^n6?7d5mZ$5ha!D)5&$Bma-Vs?Jz>Gb58
q^XDGC_=$A$=Z8O?z8WK6Uw-BHJIK|~&1bLV-+$x1b?3=PAN&JYUV)4N

diff --git a/secrets/matrix/matrix.hillion.co.uk/registration_shared_secret.age b/secrets/matrix/matrix.hillion.co.uk/registration_shared_secret.age
index ca03a74..78564e4 100644
--- a/secrets/matrix/matrix.hillion.co.uk/registration_shared_secret.age
+++ b/secrets/matrix/matrix.hillion.co.uk/registration_shared_secret.age
@@ -1,21 +1,22 @@
 age-encryption.org/v1
 -> ssh-rsa GxPFJQ
-go9Ut43nwGSKLx2cWSQuymgvlFyC43QxbV9NMP8Cs810fixcnvqzg3QWeK3iYvPZ
-TKL0+ZvdKYoGBatWc/dHflsNUSKef6rZ5Ip1VDCZIlkN2jYLaw5Z6fIKAthGBv55
-3VOEZGQ5g96OMeUnNPklTiRbukhVKoH1vtiyamzh7YIYYR/j/zyitEu1Ik+roQcf
-ngxMWpRKMvu7Za3Ujxga/z7d0JlVFCaJLK+taNvhJJ/EVb92KYpxHrR6AT3TLQK7
-9LXdHEYqrXRqDHCLEzoctKDSuv1urreQkG3CF2iXTsgGmy5uglh3bhVhYTmD0GD8
-BUzp8YNNGrVwDYcQvoR7VA
+PcYDtUs6evvvrjU3cZxaEoj62lvEyRQI4aGvGFK+6E/5ROwjBsyv7g6ClxDOICNU
+CUHzDYtbepFIycvqGGm/TDk2ZDknjpcef/pC2MjlPk+WZDkTx2MeNQs6uk8fNvS5
+6Ppw3CvdiABcx3NFUrgh/N1NKsvgGCR621q/AkyjodUdjWwTxYbr3XnZVA1J+S6M
+Nj+1RGYGBRGvUYcC7JIqArLZaCjDyXlyExtlCzlux8jUtblEBBmuwDYjMjUNE4fB
+Qq7D0RZW1AiaMqiFuzB03l9+n+NzYtmWHDWpgZcp1mbTWEaGWvfSI1xxULjp89Hx
++3GopFzQpknChP+KIGWCIA
 -> ssh-rsa K9mW1w
-rg0YQVuDyzCf5FZay/JC8P6e+yrGO+d+TK9r153S29vhYsiJXA7PtbrEAe1raToy
-Zp5WTcBXm41vlcHvhYZRDAs1OgLjeyguj2gvaLzXbk6x4N2WzjzxysxjyfqrO/f4
-YYCK40my0kzeAh8iRvdDrceIPZJhu4LcPIyhgspsCKmHSdru2yR3P92/1slw7J/a
-I0SxGSs9Lt/Mq+Tx1wP5mc3LpaiMnFDSjMbpGTs/rnUllIcgQstNiWlQWbVNGQsP
-57aJn7TPn3CXFXj6lKERRz2O6MAtjT35p9svfGQZDh2XHodHqm6A2jFtZcltoOAB
-GklfPJNasTwa1s/GrxFqfw
--> ssh-ed25519 O0LMHg x9UJVbJYJbEVk0gfS+moaBkFnqMZMJ8zzRrh6iSc6Q8
-8wEImXrzZQwVg2j6/LFziUOWlhjDkdDaRDY7++uZb5M
--> tu-grease LYy! <i 8HLB3<V
-pt/Tgs27lfMyLJh1BN57Ce/Tf0ZuiftbuTuoacbCerzPu6Wn
---- Bzf5px8E4eLToZ+vpN3xC0QOeGUzxQOpETr7Pmwpe9w
-|ºÅjç¥3¨sïÇo°?æ‚É•ÖJÓ©Oº4ÉäU±f$õ¢«PaËÍ·½Gð"ñÕåÙïa
\ No newline at end of file
+ioNuiJFlFdVWMmAHlocThTlQYIn0m9I85WZjtbXbBGaV6B7WPVJOAfj8dsKAx2a+
+E8kq3Ffc1iNfcnw5gBb9X9zXReyi1cdSsdjwJS8Wew2was3rcbcRBh4cL+bzZ1U5
+BOkUqWo8lF1PNf/oJyjK3y07br8EKcjDTMs+n3AkjGTLyyP2Li2ZwzCHCoKgyHxf
+COcFAFWQdli4fZon9KjZ+Je4UtPtyDEKUUZxZMxXsXd4OTs/cpaFpzrl7MpB2Qdg
+31x0SQbY7Vt7+88yFoE55NmTTDPtIj9A38xSn9HBGHDl8+nftXTnkoQa+E2gJ2V0
+LYeWbozz2zFUQiUsQhM72A
+-> ssh-ed25519 Qo6/7A h+m0fzmo6DpdSejGvgcrYIuQFM0My3X+Vk4XvwlRyDg
+fWmR5VvANbi8P2zouqz66lxx61YzcW9R6wQLZvh3Y48
+-> Z#,x-grease ~ts
+zKs31SssQzG0GYI+xfHhfC+0
+--- Aa0oGbJedOyry0m22fwH+VY5koBC2NO7o4OwIQe6YlY
+4´ž-v°OÊ?È
+n.dýçCèµD«Þ,Ï+kr½>¿ÖdiØþÕáý8ŒÉøŸ³å4
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index d2e234c..d9b3a24 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -58,9 +58,9 @@ in
   "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
 
   # Matrix Secrets
-  "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
-  "matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
-  "matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
+  "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
+  "matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
+  "matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
 
   # Backups Secrets
   "restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];