lynatic/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Flake is now modular and supports forgejo and forgejo-ci-runner #1

Merged
lynatic merged 14 commits from debug into main 2024-09-06 07:08:01 +02:00
Conversation 0 Commits 14 Files changed 17 +30 -6
4 changed files with 30 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit e28fe0eef0 - Show all commits

2
hosts/forgenite/default.nix
View file

@ -7,7 +7,7 @@
./../../meta/profiles/base.nix
./../../meta/profiles/vm.nix
];
sops.secrets.forgenite.sopsFile = ./../../secrets/hosts/forgenite.yaml
sops.secrets."hosts/forgenite/db_password" = {};
# Use UEFI
boot.loader.systemd-boot.enable = true;

23
meta/modules/sops/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, lib, config, ... }:
let
cfg = config.lyn.sops;
in
{
options.lyn.sops = with lib; {
secrets = mkOption {
type = types.attrs;
default = { };
};
};
config = {
sops.secrets = lib.mapAttrs
(name: value:
let
name_split = lib.splitString "/" name;
in
{
sopsFile = ../../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml;
} // value)
cfg.secrets;
};
}

9
secrets/hosts/forgenite.yaml
View file

@ -1,5 +1,6 @@
forgejo:
db_password: ENC[AES256_GCM,data:Gkk441Tlty2ENGqBSDL/xSS75FOunM/Bfa0TBVV9KjW1DnD/Bx7lSw==,iv:V6g/vuPIhEE6OBaHDPdWIDdv7YAgy0crpmUMpMceJnk=,tag:LH8+qRtrCaHJLKzRB5Nnvw==,type:str]
hosts:
forgenite:
forgejo_db_password: ENC[AES256_GCM,data:1Qp6kLbt4tO+9/i5JN2rRjZJW0gJDKEQV9XmDEEts4bVvOsBCu6wYg==,iv:FZCthW7Yo9z0KqJvjhnQaNX1rqdUeINyfdM3xdLcOrk=,tag:32peH4VsZ3hLeC7XAqINAg==,type:str]
sops:
kms: []
gcp_kms: []
@ -24,8 +25,8 @@ sops:
YnpWY3ZsZWdQcEc2YTJJeldTaTdCVkkKA8cfHrWV7COWKYf19IP/dt/mPM6PDWvm
DiTB8JBSKTlsBsvA26qkPHcKyXCBjLDaSi1hmGI6PhI7nIDTQ15t6w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-05T21:45:11Z"
mac: ENC[AES256_GCM,data:201CRHfhVUf5v1X1LfMH1p59eiLd+ZYEU937iZqCo5+rZ05hSpfXF6XVUdqMI6qgtl1jHY7hWQC4frnprM1BRh0ai/9aV4MKZn4oUCGq6x/avEf442eDL/RPV5pLlvVw1w/SA7lDqOqjaCuF9nDjr03uO7IhqsCLDaUv4JOI/Fg=,iv:W5ulyrMD6XeQ5j3TGhMfC8bh76C+jgXXSn9Em1+XbQo=,tag:sJne9+WMTh1HWTbqzHAiHQ==,type:str]
lastmodified: "2024-09-06T00:00:08Z"
mac: ENC[AES256_GCM,data:LC/WIffWQMHRk0ty3bnSGNyUySjYIA84euR5dgb95+uegLzAaMtBehnE5GB36eMzciMSP95jP2KOHfDimwU7eugeauEgJLrtv8Sp5r29LnU+MLDpAVwqw/HDZq8J7LIoYspqMr19ZxwcG1K4kfNlB7JYSuP7V7DhXo+I5/Qjv8A=,iv:CHf0KGCpbFIEMjgkxxS8RvSfOrGRYdGd/rdVJ/XPkoI=,tag:ZghIOEu9NLchxz7j4Er6QQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
services/forgejo.nix
View file

@ -26,7 +26,7 @@ with lib; with builtins; {
};
database = {
user = "forgejo";
passwordFile = config.sops.secrets."forgejo/db_password".path;
passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
name = "forgejodb";
type = "mysql";
};