ich werd zum joker
This commit is contained in:
parent
1f99a5cf0d
commit
e7af3e2b4c
4 changed files with 30 additions and 6 deletions
|
|
@ -7,7 +7,7 @@
|
||||||
./../../meta/profiles/base.nix
|
./../../meta/profiles/base.nix
|
||||||
./../../meta/profiles/vm.nix
|
./../../meta/profiles/vm.nix
|
||||||
];
|
];
|
||||||
sops.secrets.forgenite.sopsFile = ./../../secrets/hosts/forgenite.yaml
|
sops.secrets."hosts/forgenite/db_password" = {};
|
||||||
# Use UEFI
|
# Use UEFI
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
||||||
|
|
|
||||||
23
meta/modules/sops/default.nix
Normal file
23
meta/modules/sops/default.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.lyn.sops;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.lyn.sops = with lib; {
|
||||||
|
secrets = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = {
|
||||||
|
sops.secrets = lib.mapAttrs
|
||||||
|
(name: value:
|
||||||
|
let
|
||||||
|
name_split = lib.splitString "/" name;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sopsFile = ../../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml;
|
||||||
|
} // value)
|
||||||
|
cfg.secrets;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
forgejo:
|
hosts:
|
||||||
db_password: ENC[AES256_GCM,data:Gkk441Tlty2ENGqBSDL/xSS75FOunM/Bfa0TBVV9KjW1DnD/Bx7lSw==,iv:V6g/vuPIhEE6OBaHDPdWIDdv7YAgy0crpmUMpMceJnk=,tag:LH8+qRtrCaHJLKzRB5Nnvw==,type:str]
|
forgenite:
|
||||||
|
forgejo_db_password: ENC[AES256_GCM,data:1Qp6kLbt4tO+9/i5JN2rRjZJW0gJDKEQV9XmDEEts4bVvOsBCu6wYg==,iv:FZCthW7Yo9z0KqJvjhnQaNX1rqdUeINyfdM3xdLcOrk=,tag:32peH4VsZ3hLeC7XAqINAg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -24,8 +25,8 @@ sops:
|
||||||
YnpWY3ZsZWdQcEc2YTJJeldTaTdCVkkKA8cfHrWV7COWKYf19IP/dt/mPM6PDWvm
|
YnpWY3ZsZWdQcEc2YTJJeldTaTdCVkkKA8cfHrWV7COWKYf19IP/dt/mPM6PDWvm
|
||||||
DiTB8JBSKTlsBsvA26qkPHcKyXCBjLDaSi1hmGI6PhI7nIDTQ15t6w==
|
DiTB8JBSKTlsBsvA26qkPHcKyXCBjLDaSi1hmGI6PhI7nIDTQ15t6w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-05T21:45:11Z"
|
lastmodified: "2024-09-06T00:00:08Z"
|
||||||
mac: ENC[AES256_GCM,data:201CRHfhVUf5v1X1LfMH1p59eiLd+ZYEU937iZqCo5+rZ05hSpfXF6XVUdqMI6qgtl1jHY7hWQC4frnprM1BRh0ai/9aV4MKZn4oUCGq6x/avEf442eDL/RPV5pLlvVw1w/SA7lDqOqjaCuF9nDjr03uO7IhqsCLDaUv4JOI/Fg=,iv:W5ulyrMD6XeQ5j3TGhMfC8bh76C+jgXXSn9Em1+XbQo=,tag:sJne9+WMTh1HWTbqzHAiHQ==,type:str]
|
mac: ENC[AES256_GCM,data:LC/WIffWQMHRk0ty3bnSGNyUySjYIA84euR5dgb95+uegLzAaMtBehnE5GB36eMzciMSP95jP2KOHfDimwU7eugeauEgJLrtv8Sp5r29LnU+MLDpAVwqw/HDZq8J7LIoYspqMr19ZxwcG1K4kfNlB7JYSuP7V7DhXo+I5/Qjv8A=,iv:CHf0KGCpbFIEMjgkxxS8RvSfOrGRYdGd/rdVJ/XPkoI=,tag:ZghIOEu9NLchxz7j4Er6QQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ with lib; with builtins; {
|
||||||
};
|
};
|
||||||
database = {
|
database = {
|
||||||
user = "forgejo";
|
user = "forgejo";
|
||||||
passwordFile = config.sops.secrets."forgejo/db_password".path;
|
passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
|
||||||
name = "forgejodb";
|
name = "forgejodb";
|
||||||
type = "mysql";
|
type = "mysql";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue