Setting up the AS token for Mautrix Telegram (Matrix bridge)

I am trying to setup a Telegram bridge on a Matrix Synapse server.

I’ve followed the standard config recommendations and setup (from the manual and wiki) so far. For Telegram, I’ve created an app through created a secret file, e.g:

# cat /etc/secrets/mautrix-telegram.env

When launching the service, I get the following error:

Oct 09 19:47:11 cloudy mautrix-telegram[54438]: Failed to create tempfile to write updated config to disk: [Errno 30] Read-only file system: '/nix/store/tmpk8kmmwub.yaml'
Oct 09 19:47:11 cloudy mautrix-telegram[54438]: [CRITICAL@mau.init] Configuration error: appservice.as_token not configured. Did you forget to generate the registration?

I have to setup MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN and MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN, however, these are supposed to be generated according to the (official) example yaml config:

    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: "This value is generated when generating the registration"
    hs_token: "This value is generated when generating the registration"

How can I generate this as_token value?

Okay, I followed this comment from the wiki blindly:

    settings.app_service_config_files = [
      # The registration file is automatically generated after starting the
      # appservice for the first time.
      # cp /var/lib/mautrix-telegram/telegram-registration.yaml \
      #   /var/lib/matrix-synapse/
      # chown matrix-synapse:matrix-synapse \
      #   /var/lib/matrix-synapse/telegram-registration.yaml

Apparently, the token values are inside the /var/lib/mautrix-telegram/telegram-registration.yaml, so I have copied them from there and set them as environment variables in the .env file. I’m still not sure if this was the right way or that there is some easier way to do this. I didn’t read anything about this in the documentation I follow.

This module has the same issue I fixed in the mautrix-whatsapp one.
It’s set up in such a way that it’s impossible to share the shared secret, see nixos/mautrix-whatsapp: various fixes by rnhmjoj · Pull Request #253196 · NixOS/nixpkgs · GitHub.
I would open an issue an ping the maintainer.