Add sops secrets and miniflux
This commit is contained in:
parent
21d138dfaa
commit
0f10949aa2
8
.sops.yaml
Normal file
8
.sops.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
keys:
|
||||
- &admin age1xy66lg9eh572ge0y7zzh34f78s8l9hnkxhg3r4gn98ph95mz25tszgerul
|
||||
creation_rules:
|
||||
- path_regex: hosts/dalinar/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin
|
||||
- age1y5lmqqzpapjmtxzvsmf6a9cchhhpq05uwdlqv2q6yz9kkx3s6ars6szsc7
|
23
flake.lock
generated
23
flake.lock
generated
@ -452,7 +452,8 @@
|
||||
"home-manager": "home-manager",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixvim": "nixvim"
|
||||
"nixvim": "nixvim",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
@ -476,6 +477,26 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742700801,
|
||||
"narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
@ -26,9 +26,11 @@
|
||||
treefmt-nix.follows = "";
|
||||
};
|
||||
};
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, home-manager, deploy-rs, disko, nixvim, ghostty, lanzaboote, ...}:
|
||||
outputs = { self, nixpkgs, home-manager, deploy-rs, disko, nixvim, ghostty, lanzaboote, sops-nix, ...}:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
@ -58,6 +60,7 @@
|
||||
inherit system;
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
sops-nix.nixosModules.sops
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
./hosts/dalinar
|
||||
];
|
||||
|
@ -58,6 +58,17 @@
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.age.sshKeyPaths = [];
|
||||
sops.age.keyFile = "/etc/age/keys.txt";
|
||||
sops.secrets."miniflux/ADMIN_USERNAME" = { };
|
||||
sops.secrets."miniflux/ADMIN_PASSWORD" = { };
|
||||
sops.templates."miniflux-admin-credentials".content = ''
|
||||
ADMIN_USERNAME=${config.sops.placeholder."miniflux/ADMIN_USERNAME"}
|
||||
ADMIN_PASSWORD=${config.sops.placeholder."miniflux/ADMIN_PASSWORD"}
|
||||
'';
|
||||
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
@ -206,6 +217,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
services.miniflux = {
|
||||
enable = true;
|
||||
adminCredentialsFile = config.sops.templates."miniflux-admin-credentials".path;
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
@ -219,6 +235,11 @@
|
||||
reverse_proxy localhost:${builtins.toString config.services.prometheus.port}
|
||||
'';
|
||||
};
|
||||
"http://feeds.dalinar.home.johannes-rothe.de" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy localhost:8080
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
32
hosts/dalinar/secrets.yaml
Normal file
32
hosts/dalinar/secrets.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
miniflux:
|
||||
ADMIN_USERNAME: ENC[AES256_GCM,data:k27rrjZWxPI=,iv:JlGrbUxf2kpiQ3pOtrYGEXsCZbn4IJqoeOhoJ4QMaCI=,tag:iduP6v0IWBNYRM8FhUeBww==,type:str]
|
||||
ADMIN_PASSWORD: ENC[AES256_GCM,data:6bctOmg79yyM8oNyTZ+9SQ==,iv:z0ldWb1PtWqmCHFFJkVJh3JUKqRmFm4olIkK4/ciq3Y=,tag:k04RksQJdOOeBPEI+HpSFw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1xy66lg9eh572ge0y7zzh34f78s8l9hnkxhg3r4gn98ph95mz25tszgerul
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUk9VN1dCMzNoWVozMzZR
|
||||
MG1rTkF6STRiK200b1FFZW8zQjRMeFRoUUVJCms3UHBPODA1MHBxdjBpVHBFdlVu
|
||||
KzRoVGErSjRkTStIMVVUYm9GbmVJMm8KLS0tIEhoVWRhaVB3d2c3Rk15YlI5NlE5
|
||||
ZWpJbnJCK3VSMzJUa1hXSmdNOUoreUEKfsW5cJgy1TibKfZ/pGUtlSlsnmtaj9mF
|
||||
T2RImHfCA0ek2rCaK/VrRs8mvQCCMxWKOqwd7Fc1L+htrDzZOPv6fw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y5lmqqzpapjmtxzvsmf6a9cchhhpq05uwdlqv2q6yz9kkx3s6ars6szsc7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VFg1ZTQxOFBOSjVKR0Q4
|
||||
Y2J0dU5odDdudS9VYzU5WmZkOGdSQnlwNDIwCjEwWjQzWVk4MldjcXE3Q045ZE5t
|
||||
YUhJR3o4d0xwOVk5MmlNbzNORjUvcXMKLS0tIHN6b2R3bDNXSk9BS1dnc0JweW1C
|
||||
SVMwSGwwWVo1RzZnSjB6Z0MraTBHZ00KiHCJ8M3xQ8+YH5+aOy3th5fYTEavHqa0
|
||||
bbzATd2uRW8K+RSW3NFpN2AMtn9GCGt6Hsw0kezhiBN8qZ4tneKxJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-23T21:30:34Z"
|
||||
mac: ENC[AES256_GCM,data:rFYQ3Zm+ooTpxnWpJ1XdlZsGH9h1CLUfbDUZrQZZYOkZVNnnkJgbHYcSt6cv0iwCsktC6g/Hp3eiA4+oXXLm/viJ1EvSprIdYvhfdsK3qR/sw08tqn9a97yfxYlo79gu/JkMusXZ4gLSJiKwJJ79ohiBBeMGQcUfETalDZpx+mU=,iv:DEv8Qy2wPqUC45dhx32hlBWK3bfcANPjARuxWbnnrY4=,tag:wSpTKcZX9ocz07g1AQ2NBw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
Loading…
x
Reference in New Issue
Block a user