got started with sops and made forgejo use it
This commit is contained in:
parent
a311f82e3f
commit
8844d5665c
3 changed files with 47 additions and 1 deletions
15
.sops.yaml
Normal file
15
.sops.yaml
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
keys:
|
||||||
|
- &Lyn age18c6zws9wk9r7dxjqafwj2l2ex5mn5v8u6yrd2ys9ng8q09rsedpqm38jzv
|
||||||
|
- &forgenite age1u4dtlq4lavqufzsqfqlsnu67u3x2t3d7ffxkqrah2des4dlxns2slegl38
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/all/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *Lyn
|
||||||
|
- *forgenite
|
||||||
|
#hosts
|
||||||
|
- path_regex: secrets/hosts/forgenite.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *Lyn
|
||||||
|
- *forgenite
|
||||||
31
secrets/hosts/forgenite.yaml
Normal file
31
secrets/hosts/forgenite.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
forgejo:
|
||||||
|
db_password: ENC[AES256_GCM,data:Gkk441Tlty2ENGqBSDL/xSS75FOunM/Bfa0TBVV9KjW1DnD/Bx7lSw==,iv:V6g/vuPIhEE6OBaHDPdWIDdv7YAgy0crpmUMpMceJnk=,tag:LH8+qRtrCaHJLKzRB5Nnvw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18c6zws9wk9r7dxjqafwj2l2ex5mn5v8u6yrd2ys9ng8q09rsedpqm38jzv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySlhJWGtCd21zM3BxeEox
|
||||||
|
NG9VcHBoYkxHeUVwN1dQMHZVVmtpVTV6ekRRClB2MzNlKzVwbkdXRFY0QlUwOEUw
|
||||||
|
R2xBNkZGK09pZzBmTUJDdC95bU4vdTAKLS0tIGQ2Z1RpZjRHQUNya2JzZzFQQjA0
|
||||||
|
YlJIcmQrUVJMMUdkMjNoOUkva1hIMWMK+56bsZXNIeYiuj+QAuajsCDWPAv9IYV9
|
||||||
|
7oh61PZvFYql6TXWjVioIBpS0MxKTbidjWQoYwD4vp8ZikfYUwuoqQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4dtlq4lavqufzsqfqlsnu67u3x2t3d7ffxkqrah2des4dlxns2slegl38
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5R2lUZkdXQTUrQmRhMnE3
|
||||||
|
bnRkdUF1WW1obG1acmdQN0NmSkNmWGlFYzFJCkNGQ2lNVFMvYXZYT2dERE1aMVEy
|
||||||
|
a3AybWpZcTZIakVrUExHeTl0MXoxbFkKLS0tIE4wdTRtcUtZTkxiWVkyZC9QSDlR
|
||||||
|
YnpWY3ZsZWdQcEc2YTJJeldTaTdCVkkKA8cfHrWV7COWKYf19IP/dt/mPM6PDWvm
|
||||||
|
DiTB8JBSKTlsBsvA26qkPHcKyXCBjLDaSi1hmGI6PhI7nIDTQ15t6w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-05T21:45:11Z"
|
||||||
|
mac: ENC[AES256_GCM,data:201CRHfhVUf5v1X1LfMH1p59eiLd+ZYEU937iZqCo5+rZ05hSpfXF6XVUdqMI6qgtl1jHY7hWQC4frnprM1BRh0ai/9aV4MKZn4oUCGq6x/avEf442eDL/RPV5pLlvVw1w/SA7lDqOqjaCuF9nDjr03uO7IhqsCLDaUv4JOI/Fg=,iv:W5ulyrMD6XeQ5j3TGhMfC8bh76C+jgXXSn9Em1+XbQo=,tag:sJne9+WMTh1HWTbqzHAiHQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
||||||
|
|
@ -26,7 +26,7 @@ with lib; with builtins; {
|
||||||
};
|
};
|
||||||
database = {
|
database = {
|
||||||
user = "forgejo";
|
user = "forgejo";
|
||||||
passwordFile = "/etc/nixos/forgejo-dbpassword";
|
passwordFile = config.sops.secrets."hosts/forgenite/forgejo/db_password".path;
|
||||||
name = "forgejodb";
|
name = "forgejodb";
|
||||||
type = "mysql";
|
type = "mysql";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue