From e819939002894716ae8ff17737ac421e9a997cf7 Mon Sep 17 00:00:00 2001
From: lew <lew@ily.rs>
Date: Fri, 10 Apr 2026 03:30:57 +0100
Subject: [PATCH] feat: adds telegram-bot-token via sops

---
 hosts/lab/guestbook.nix | 11 +++++++++--
 secrets/guestbook.yaml  | 25 +++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 secrets/guestbook.yaml

diff --git a/hosts/lab/guestbook.nix b/hosts/lab/guestbook.nix
index 345b689..ae346b8 100644
--- a/hosts/lab/guestbook.nix
+++ b/hosts/lab/guestbook.nix
@@ -1,5 +1,11 @@
-{ guestbook, ... }:
+{ guestbook, config, ... }:
 {
+  sops.secrets.guestbook-telegram-token = {
+    sopsFile = ../../secrets/guestbook.yaml;
+    key = "telegram_bot_token";
+    owner = "guestbook";
+  };
+
   services.guestbook = {
     enable = true;
     package = guestbook.packages.aarch64-linux.default;
@@ -27,7 +33,8 @@
         maxDuration = 20;
       };
       telegram = {
-        enable = false;
+        enable = true;
+        botTokenFile = config.sops.secrets.guestbook-telegram-token.path;
         chatId = 8669496383;
       };
       security = {
diff --git a/secrets/guestbook.yaml b/secrets/guestbook.yaml
new file mode 100644
index 0000000..6020980
--- /dev/null
+++ b/secrets/guestbook.yaml
@@ -0,0 +1,25 @@
+telegram_bot_token: ENC[AES256_GCM,data:hCjAHXaiN4/A/LvW8O7ccMShXDjdPksO3RvfaRbPmbPnJpTIqqZj8hOb1Cczcg==,iv:n/VmfjCJy5HeddFbv1xn1MhEj+u4frV84G5/++4+ARk=,tag:s7ioRgR31lVfW6GEb9NVpg==,type:str]
+sops:
+    age:
+        - recipient: age1r8h6gy2f4mu8xvx609qeadl82v2hua74xaevsp982zyfh4tm9qlsu80s0f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZDhNS1o5ZnFrUG5qclk2
+            VUc1eTAraGxBUUgyMWtMczdaU1dwSGREc2lNCjRKZEs2Tmd0dCtoOVdBN3lzNCtG
+            VS9kV3BWRUVpM00wY21DL2VSSHF2ZVkKLS0tIEthYTRueUUwVmRrcTEvdEJ4RHll
+            aUNRUi9jajdZTTlTVzk4ekFnRUlsYUUKZm1mnBMntmOL6TdeDOX1qV2bU2Z1SF4P
+            KKIkqXOxIwk7esqLN+PxLrPL+9oB6U02EDkmZDhBFmpinLus+G2/fQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nq4z2ms4vruhces2f8e7tvgsr0pfg5ha92w0hrmde3n2ulxe4qhqxv05xl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGL2lDWDg4c2lndTgxN0Q3
+            QlA5RHFtZFJMVTliMDdBME1aSGhnd2ppWUdrCkJXRjZPcGNUT3owZ2lPU1BOa2lY
+            a05TV3JyaUJkdm1mTmRXRndVQmRGTTgKLS0tIDcyZi9TbmNsb3VFUnk3UDh6T2U5
+            WFdLaXM3OXhjcVV4ZTFnTXhHVGcydlkKlHlLddAHeX5wqLZKgx/KrG8oAD/+QEjJ
+            9LbQ5lkK+dWjX484zIOEAHLZxZwJ7+jagtsXBeIO72sQOdu6fkbHSA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-10T02:28:42Z"
+    mac: ENC[AES256_GCM,data:wWh5MSYVlF9nkaxAR9XP4pXj9wzIltY0Pp8S2Ks+mdFoC1i1JoNIsEQ0CMlCI6uE+ok1q6d4SI72RIYz4bWqXCrQKWBFlgDbeBIY/a7j9WNUAXjtC7QsVk7nWUeaPOCVJoxmmbYMyzcOjAy+a7Bm5F1s3xauGwlX9eL5X3PwBbg=,iv:Z1/5mJPJlRDemD9yFlYSYliBQNWiaV1WchpREV39xYE=,tag:IjKdrkjTArJ6gKiYaX5U+g==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.2