guh
This commit is contained in:
@@ -2,9 +2,10 @@
|
|||||||
creation_rules:
|
creation_rules:
|
||||||
# Rule to encrypt YAML secret files in a specific directory
|
# Rule to encrypt YAML secret files in a specific directory
|
||||||
- encrypted_regex: '^(data|stringData)$' # Encrypt data and stringData by default (useful for Kubernetes secrets)
|
- encrypted_regex: '^(data|stringData)$' # Encrypt data and stringData by default (useful for Kubernetes secrets)
|
||||||
path_regex: secrets/.*\.yaml$ # Applies to all files in the secrets/ directory
|
path_regex: config/modules/secrets/content/*.*\.yaml$ # Applies to all files in the secrets/ directory
|
||||||
age:
|
age:
|
||||||
- "age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838" # pc-user-doloro
|
- "age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838" # pc-user-doloro
|
||||||
- "age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh" # pc-system
|
- "age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh" # pc-system
|
||||||
- "age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a" # laptop-user-doloro
|
- "age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a" # laptop-user-doloro
|
||||||
- "age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq" # laptop-system
|
- "age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq" # laptop-system
|
||||||
|
- "age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05" # rpi5
|
||||||
|
|||||||
@@ -11,6 +11,7 @@
|
|||||||
# <modules/services/traefik>
|
# <modules/services/traefik>
|
||||||
<modules/services/caddy>
|
<modules/services/caddy>
|
||||||
<modules/services/home-assistant>
|
<modules/services/home-assistant>
|
||||||
|
<modules/services/ddns>
|
||||||
];
|
];
|
||||||
nixos = {
|
nixos = {
|
||||||
networking.hostName = "nixos-001-rp5";
|
networking.hostName = "nixos-001-rp5";
|
||||||
|
|||||||
56
config/modules/secrets/content/secrets.yaml
Normal file
56
config/modules/secrets/content/secrets.yaml
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str]
|
||||||
|
root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str]
|
||||||
|
wakatime-scug-io-api-key: ENC[AES256_GCM,data:XQUccNW4210U8ZpHSGVcsdbAirzyTvmcy4y6emk7n4N6MO/W,iv:9/f9ceLshA7l8hJB+IDIPvEwYwSkFlPOLmpvtYXLTpU=,tag:x7hESZCouzYVNef2C+iCSA==,type:str]
|
||||||
|
meow: ENC[AES256_GCM,data:JVzenw==,iv:oCOo9//r5s2K4pSeH5UNEj0LL+9h2yq0G0DPOfwjmyQ=,tag:0gu9FNOrjQ8fpB+B+RbGSg==,type:str]
|
||||||
|
meoww: ENC[AES256_GCM,data:WPeszDfMWxY=,iv:JJMOror5wj7cTNKfrUj2LDXlO3WCKzb7jk4AeZ0oD+Q=,tag:qs3oyM7K1FGy5cXvS6OHpQ==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdGQ5ZHUxUHE4YXF0bllY
|
||||||
|
dTRsYWc4cllmWEgveGVTLzUvRzJuc0FtUEdvCkNURmxmMnhkaExZcVVNRmRNU1p6
|
||||||
|
UitMYUxNMXgzZC84S3J0SHR4aFV5TGcKLS0tIFB3Skx6UlFDcVJFSlhTd1NRbUl2
|
||||||
|
VGQ3OUpDY0JVaEUyYStHQU83Q1hDYTAKeRgXVA8iWGO8cMMlvBFWGMVIZnaLCpsZ
|
||||||
|
hBjWlxG6oUlCNnO+cyckU3jSTecc+z+EIuseFt710nN5uRJeKs2MlA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0wvV3pHTUZYdlhPWnU0
|
||||||
|
VElBbDI2bUJhQUVCMlBPNjNzOE9tTXJGelI0CjBEdmhWTGlyc2VhODRnbHE3ZGdC
|
||||||
|
WUoyWU0zcU5BbXhGdm5sVEZHdS80bkkKLS0tIHhpcFZQdkl6eHRUTGhZYmVOSCtz
|
||||||
|
RE8zeFl2ZVgyWVBsRmhlUElybXEwSEEKEhvMUClOOoN3RdzVOFBIPt7rMrukla1t
|
||||||
|
bVWGKX5e3p/EtK7aYzdBxYYvml+TNUD1n5TpTFhcnH2Jwpey8thz2Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ODRGRkE3a09MS3Z0QXNm
|
||||||
|
OTBlb2JEV28vTmxhcjM5aFpYbVhYM0wyZkd3CmszblZWVEFkVlMwQ1FMZitBd0Rp
|
||||||
|
MkZpZGViSHlHSko4Tk9rZGNHaWpGWncKLS0tIC9xY1dBSncvQnhHTlhhaEpUK3ZI
|
||||||
|
Tjgwd0VuVGtjaTdaSE5ERmRIa1dVNEkKkN0vp7xDWCnu4aq8VQu5y8Q/6xsFKhCQ
|
||||||
|
ivMqQsqoOBvXSynu7hbNpcGvAsmDHDGcC2b/C9Mkt42OclSYM077bw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTmhiUmFWaDFzcnRXcWFp
|
||||||
|
VjJ1b3VRSk8xN0FQMk13UDY1a2FEV3ZQY2l3Cnd0SmMvM0JDOFhZdmtOL3g0dmNj
|
||||||
|
UGZleDV1MU1DMXFiYUNmR2htWXZXQnMKLS0tIFBLa3lPL0VieG9ZWFBOU25vZTJ1
|
||||||
|
VVVDclBGZTRSVDZOanRwOGNaK3VVUW8KCvt/rcP0rJD5aCNdGaJeABuGZ7huRbGw
|
||||||
|
7FBvo6TvIRh0MCyvfbzfUon2m9d4yU8ddFejpSEK1vucxbXgV7KD8g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLU21oQnlTQ3RQWmNzR3Y4
|
||||||
|
aWhhdFZ6RFEwVm5ITWluS2xZM0QyUHI5SEdvCmFjdDU2YlhlYTJ6Y2pPaGJkNW01
|
||||||
|
WUVVN0xIRXZ3djdVVkYzRThLSzlCVzAKLS0tIFhISmlJcXB2UHNsb2VQS2tnYVUy
|
||||||
|
aW5ERENRS2JWbGZhaGhNSGtqNVRNTncK0uI8n2L5uP3to/sByeO7y17h3ZrcmnOf
|
||||||
|
e3CwdzP4/WcSwbFk0CRnS6Cq8J0esUqweSJxvpt2eNBEYvDZ77SSMw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-02-14T00:08:39Z"
|
||||||
|
mac: ENC[AES256_GCM,data:lp9ZeDxt5gkOkDmYk+F0VQrVhkR0tQiQlYXbygoA8Dcq+gV0IIKKLwRqr5CVfgfRlo3239IwmKLsGaS6zYC1xX4toZ8oqw3Ic2UvP2CiWt6M7HTrlL+3Y2+PKOUvGl7RAqQxQAw7QaoxB4esqdIiWnMDueVHk5BTKrkay+afhno=,iv:NAMaZ9SMBAtROTBSQtU0RJDB60MAuE82AFoPtDqVHVM=,tag:RGBUTQC1pM+LcBweSJbc6w==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.11.0
|
||||||
53
config/modules/secrets/content/server.yaml
Normal file
53
config/modules/secrets/content/server.yaml
Normal file
@@ -0,0 +1,53 @@
|
|||||||
|
namedotcom_api__key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7
|
||||||
|
test: test
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSYm92cVo0Ykg2R3hTUWpW
|
||||||
|
UlNOTXF2cFI4Y29uRTh2aXIySFNSTFhZZ0RFCnR4YmRrQTVrY0hkUloxMGgzdFFa
|
||||||
|
ejFST0FESytnN3NIZW45blhmWDRMSlkKLS0tIE1MNWlHWWd1WEhNUGtiUm5GZ2pn
|
||||||
|
QUR3aGtVczZYV1FSUFdMRGw4a2lGU2MKh/56SL7neNFXN70dzwtwTHBaECoMvArR
|
||||||
|
TicJhSPV5S/vUrC9oDmSE3MMYtdzXSZkcRHYPI8fy5LcPOxXVPRARQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3K3ZxKzdvdVFMYnZLS0Nv
|
||||||
|
bDBkRWRNMkRMS09UWlZlcFYvZ1pEd09VVmlJCk9uMGJyNzd5QnZtWkdxOE40TVdG
|
||||||
|
YkJiaGZMaEFlNXljcnFvODVSL3Q2d3cKLS0tIFg5UFFPVElyR0xlbXEvMDNDQmpW
|
||||||
|
TGo3cUJVQ2NETkhWdmNCazNYSVpyUWcKr4EUvbK28WCiymL1BgYk6N6J27ZnadK8
|
||||||
|
kQ8tzwVS7iI1frBoHOVzXhCRt2CEg+O3EnXMRJDrahhxwmpqlx6cRA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWGVsRmkwZGxId0hXQlEv
|
||||||
|
czdmclRXYWNrL0t4bGpEQ0lmNE0vb1RuZEhjCkhEaGlxY3JKS3l4WGxHS0Uya2tM
|
||||||
|
Zm1Lb3RpY2h0K2lKaHR1bjdFL25yQ0UKLS0tIFYvNmkrUWNFekVoMFVLck81bXhl
|
||||||
|
WHNSbHpCTTZSS3lkUiszeEE0RGw4QncKTr1ZzIHtkv8aJNKT1v0m+QMJyht43+XJ
|
||||||
|
0CRxdoZ/HXoymMQ7oZvT8vf6Ehz41aLe1gZHl8ZJPexDHrSl28NCtg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlc0tUVjVGVS85YUZOSmJq
|
||||||
|
a0pvcGV4UDBEc0N0Zk0xVEhUc1l1ZUFFTGxnClNocURmTE5ZaUorSVdWcE1kbW81
|
||||||
|
U3doQm9ZbHVrdVlsSVhFaEFoSHo5NU0KLS0tIGgvd05PY2tlbnRwbTRrdXpsT0ho
|
||||||
|
Zm1jbTlSMnA1WDUrZUVCOHNDWWJ2RFUK+cvqFK49rIVj3FITF/4HtCELvZhvkCZ9
|
||||||
|
8Ss77uE6qtGyhuGWXB0HwnO3fsCpXA62uUt/zv08o9LmIgRi7o7adg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1fw4xnh2q52juce94ffn54js708cr6umfwpv0mykuddkea7kr4f0q7a9h05
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN0dkcExkR2pyaUxhbUlz
|
||||||
|
NkR2WTNWRUpHSWdRTFdUY05jcm4ybDdEbW4wCmR1TTV5VlFudHN1cC8yRG5Nd2ts
|
||||||
|
K3duNEE1dit0Ym9PdmNaM1pEWjlZZU0KLS0tIHBXaXhzQ0VuTWFxdDQrczQ4YTBM
|
||||||
|
VlhpZ0N2ZmVkSC90NlowUkNuYWZUclEKzQUfWDETV5lPgrtCxYTLtVP8y7R8RFJj
|
||||||
|
4J1bei0nJHlsap8V88u+QiYRgFsEthd++hzkYmUDvYPsA48PnzMupw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-02-14T00:09:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:nYWQYK5QOA0u3DYGTozSGFMYhx2uMqkAWoqhthgagRFRnKA/j852fVKqRFcwn+fPSQ4e8i4WpcvoM7FVwuFDC+ixNp7xtz16pnswiNS4N/mNEYXfajkon7wIoUYNtrHahUeYlAnID0vYSQFA3XKgV7ZDD9b4V8X5N+yMlVXex4c=,iv:IW7276v0nnmFBe9Z7HIn6Tl9vX4sDoqWdDfJ1uwKoAY=,tag:YC8OiTcoL+nYV4x8rkivbg==,type:str]
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.11.0
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str]
|
|
||||||
root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str]
|
|
||||||
wakatime-scug-io-api-key: ENC[AES256_GCM,data:XQUccNW4210U8ZpHSGVcsdbAirzyTvmcy4y6emk7n4N6MO/W,iv:9/f9ceLshA7l8hJB+IDIPvEwYwSkFlPOLmpvtYXLTpU=,tag:x7hESZCouzYVNef2C+iCSA==,type:str]
|
|
||||||
meow: ENC[AES256_GCM,data:JVzenw==,iv:oCOo9//r5s2K4pSeH5UNEj0LL+9h2yq0G0DPOfwjmyQ=,tag:0gu9FNOrjQ8fpB+B+RbGSg==,type:str]
|
|
||||||
sops:
|
|
||||||
age:
|
|
||||||
- recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYVcvRFNGOUwyTllMSWtX
|
|
||||||
WGdEeWVBa0U5MXROTXEwSzVJZms5MWZmM1RzCk9ra1FmT2tlbkp4ZW5tYW90SEhK
|
|
||||||
Y25TNmFrMEg4TzJIT0wwaGRQMlYrZXMKLS0tIEpKaEMvdHB6aVBodmN1OERXZ2da
|
|
||||||
SUh3TjIreHJBL0VEUXJkOGpseVphYlkKnhM3XxcBXG4Y+OedQzcngNACsFoASPTp
|
|
||||||
Ik5COr5AVsinTS+uOpNDKIY+y0mwkZq50NSIBMy0drhDjd3i+h5dmA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWmZGZWUwZUk5UEk2Ujgz
|
|
||||||
S0RHd0VSUWNEbWtoTlRkOWphS0IzeE8vT0FFCjlxaFVESGdpeVFCUlRCaGo0U0pZ
|
|
||||||
Y1NFQXRNVm52SXgxMGtkc2NVTTRzMGcKLS0tIER5bHZLV0lsczh6dXdJQWpjakpX
|
|
||||||
Zms5MnphZ09UZWVNdFcrREx5U1Y0UGMKE9KkY+8lbZ7to2aGhsJ4iSmboyfekOJi
|
|
||||||
giQ1GWdOs/MJAPN/xgcHzfNj7hzEUJxgj5z0kd0q2GzZCOvGfO16NA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cnhuNDh3SEFxZUpXTHdv
|
|
||||||
RWRHNVFTcm1xbjdiN3FRRjFVR2JPRkdCcXd3Cm51VHptYXVlYnQzY0pJSGt1anZn
|
|
||||||
QTZ3YTgwSFJUUUxsMEYrdk9RRUFyN0UKLS0tIFJKNDNKY0lnQVdlM1gycm1sRkJ2
|
|
||||||
cHJTV1FZbDZ0M3NpS2w1YW01ZGhIWDAKef6765U4ew5QPmbHhDuufAjq0bS/qhJh
|
|
||||||
9N7g+a4vqTvv5TaOYQ98JBgfVclOZYIx9WO6xPJnb495gPyhWxEjuQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheUI4VzZUN3NSTGc3U1kv
|
|
||||||
YzJqRk1mNjBUVTdFNzRNTTZQSmcvUW5zcnowCjI4WlRoL2pPeDZWRy9TaEZUQ1po
|
|
||||||
YUl1emFGL29qYW9iZXExUVBZai9GN2sKLS0tIEZ1ZEM2N05zYzU4OFdUVUtDaHRu
|
|
||||||
a3Y2V1I5TjFnVUNiWEZlZkVMekFZelEKXZc7W3mZcj/rypQ+Wm2Iqvd/4Ry/n507
|
|
||||||
FcYa+F2LT32D43AoaPZxEHIyJCYUeGpD7Z9rcI822u4pOpCvuoKiRg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2025-12-28T17:02:38Z"
|
|
||||||
mac: ENC[AES256_GCM,data:uWBbdr10CpCUsn6TcaqewwqnXlICizTGW+arCLZz5S0b+Nc8iznq98Ev/G4M9mg4f79JRSwXnL6KgtVyf0Hd5LJuEhmViv2wTNfOTBffN3AV/Bvz2qCuwhD14GzPGUH3oYijfx+EB1LaGLniE2rx85h+q1hasRUlUY8UE/ndzus=,iv:rIM5T3PkzTsJYRjvWWbJyEcKu3evRcYJhVNeGCtOlms=,tag:pCYvDaI0qLIvJJzwT08nwQ==,type:str]
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.11.0
|
|
||||||
24
config/modules/secrets/server.nix
Normal file
24
config/modules/secrets/server.nix
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
{ inputs, modules, ... }:
|
||||||
|
{
|
||||||
|
modules.sops = {
|
||||||
|
nixos =
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
sops = {
|
||||||
|
# age.keyFile = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
|
defaultSopsFile = ./server.yaml;
|
||||||
|
secrets = {
|
||||||
|
root-hashed_password = {
|
||||||
|
neededForUsers = true;
|
||||||
|
};
|
||||||
|
doloro-hashed_password = {
|
||||||
|
neededForUsers = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
namedotcom_api_key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7
|
|
||||||
sops:
|
|
||||||
age:
|
|
||||||
- recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0JYbStoeWR0VHV4UXNo
|
|
||||||
Y3c5d1BUZk5tZm1tc1dXczlCTlBoVHd6R1JjCklXbmNUdU13VWVBT3hwcW9HNHE3
|
|
||||||
YjhBWGhZRW5Cc0cyV0hjYXFaY1l2cWsKLS0tIGcxd05BTmVoRjc2dVdNQ1J4M2dx
|
|
||||||
YUFiaHE1MVQ0NnJZbGsxQ014c0ZieXMK0GD+VeFpYrEGTc0CSYMOftJOTsKJVWvL
|
|
||||||
DmkxM5fz60j2v0aVAjBp6dRjScWkueKGYtITMHHzjj8QIFJPOR5RVw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTzVUeUg5Tm9sNmt6MDQ2
|
|
||||||
Mm1pMTNKeDJ1OU1qS2tqZFdtTm9lcUhOUVVzCitEYzJNOHIrOHFuTUdXdXFPaXhX
|
|
||||||
M21DSEVGejJsRXNXVSs1WFJqWFMyMFUKLS0tIGkzVzlMNWorTUZsajlWTzBFSlNk
|
|
||||||
WGJYRWRlYXUrTm5LWWxIUG9MTzNGb2sK8iMaTbdZjqDSJkhsobnilBRsTXkP0lgl
|
|
||||||
hbHWEX8w2LNvO9IJxbs9wxMwJ4h7vRDLwqDmba7EVFRMb6E9PDyLZg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUZTdWNOa2w0ZU1mSTli
|
|
||||||
Tm5YYWw5aXVGY1BnQ1hySkFYQ3Q4NUhCR0djCjBHWDljQ1lid2ZFTXRTS0tUUzRM
|
|
||||||
N0w1N0JkRENXaEwvbE1BM2dEa1Q4TE0KLS0tIEZwYmxleldMbytkcXF0Z0xEcUxU
|
|
||||||
bGVzUTZkR0JseVRLWFdZUVljZ2VFT0EK2bN6iL20Drd1+eSdXsMRI347wZjZds4a
|
|
||||||
I8jb7vPiKbHAPp/7zZ5Go7jNIh+UkscOf5YGMja82ts7M81QC0K5+Q==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWNJNXNnQjZ4a0NsK2dS
|
|
||||||
ZkpCUkJSUzZhd2NiNWhiNHh5ajQvazZlcUdrCkJDYkJTVXVrVG5Ia3VWVEZRajVi
|
|
||||||
VGkyZExJdkNxY2JMbXlqd2JMTkNram8KLS0tIDRqTUJDcjR6dUttaWlOS3lpU0s2
|
|
||||||
ejV5MytJMXgzNkM1SHN4dXo3eE05WXMKCLGPFGaQa542A1Oqqrq6NtjRBl2rDycB
|
|
||||||
6YQjCKReLfT1QA/Q3C3B0eDZm8ZWMV2re55kDCDr7CIIf4mpu1zghw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2026-02-12T09:29:35Z"
|
|
||||||
mac: ENC[AES256_GCM,data:5tYqDg30iM0VVSA/K+XkSF3IarRHvjLVSuEdcemKgfBXCzf6Eny3x2Q32FhfgwGQ4SrgPK69YgZjTAOVeeVPGArTRO01SWzeHpcOkejhscZp39Sc+uWRiMMrjeCrvP6dUWrScwYk0naOi4n4rEn1WiwRougfevvsWJXGrwD13I4=,iv:Xo/OMkbr25zQcSgSZgwmruC5YQFrphK78LbBsGcVozs=,tag:4NlviKbACQkT9BT9NCJBXg==,type:str]
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.11.0
|
|
||||||
@@ -16,7 +16,7 @@
|
|||||||
];
|
];
|
||||||
sops = {
|
sops = {
|
||||||
age.keyFile = "/home/doloro/.config/sops/age/key.txt"; # must have no password!
|
age.keyFile = "/home/doloro/.config/sops/age/key.txt"; # must have no password!
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./content/secrets.yaml;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nixos =
|
nixos =
|
||||||
@@ -27,7 +27,7 @@
|
|||||||
];
|
];
|
||||||
sops = {
|
sops = {
|
||||||
# age.keyFile = "/etc/ssh/ssh_host_ed25519_key";
|
# age.keyFile = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./content/secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
root-hashed_password = {
|
root-hashed_password = {
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
|
|||||||
@@ -25,19 +25,13 @@
|
|||||||
image = "qmcgaw/ddns-updater";
|
image = "qmcgaw/ddns-updater";
|
||||||
imageFile = ddnsImg;
|
imageFile = ddnsImg;
|
||||||
volumes = [
|
volumes = [
|
||||||
"/run/dbus:/run/dbus:ro"
|
"/data/ddns:/updater/data"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
ports = [ "0.0.0.0:8123:8123" ];
|
# ports = [ "0.0.0.0:8123:8123" ];
|
||||||
# networks = [ "meow" ];
|
# networks = [ "meow" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networking.firewall = {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
8123
|
|
||||||
];
|
|
||||||
allowedUDPPortRanges = [ ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -39,9 +39,9 @@
|
|||||||
];
|
];
|
||||||
allowedUDPPortRanges = [ ];
|
allowedUDPPortRanges = [ ];
|
||||||
};
|
};
|
||||||
services.caddy.settings = pkgs.lib.mkIf config.services.caddy.enable {
|
services.caddy = pkgs.lib.mkIf config.services.caddy.enable {
|
||||||
virtualHosts."ha.home.doloro.co.uk".extraConfig = ''
|
virtualHosts."ha.h.doloro.co.uk".extraConfig = ''
|
||||||
reverse_proxy 127.0.0.1:8123
|
reverse_proxy :8123
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user