From 8cd193ec49903c0c031e24e68b8a7a6c953c76b6 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 8 Dec 2025 03:56:44 -0600 Subject: [PATCH] chore: updated sops secrets --- modules/nixos/guests/firefly-iii/default.nix | 14 ++++---- modules/nixos/guests/mastodon/default.nix | 38 +------------------- modules/nixos/guests/vaultwarden/default.nix | 4 +-- 3 files changed, 10 insertions(+), 46 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 0a8de09..7c518be 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -40,8 +40,8 @@ in }; settings = { APP_URL = "https://${host}"; - APP_KEY_FILE = "/etc/firefly-secrets/pass"; - DB_PASSWORD_FILE = "/etc/firefly-secrets/data"; + APP_KEY_FILE = "/etc/firefly-secrets/${user0}-pass"; + DB_PASSWORD_FILE = "/etc/firefly-secrets/${user0}-data"; DB_CONNECTION = "pgsql"; DB_HOST = "/run/postgresql"; DB_DATABASE = "firefly-iii"; @@ -51,7 +51,7 @@ in MAIL_PORT = smtpCfg.ports.port0; MAIL_FROM = smtpCfg.email.address0; MAIL_USERNAME = smtpCfg.email.address0; - MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp"; + MAIL_PASSWORD_FILE = "/etc/firefly-secrets/${user0}-smtp"; MAIL_ENCRYPTION = "tls"; SITE_OWNER = email.address2; }; @@ -123,9 +123,9 @@ in }; script = '' mkdir -p /etc/firefly-secrets - cp /run/secrets/pass /etc/firefly-secrets/pass - cp /run/secrets/data /etc/firefly-secrets/data - cp /run/secrets/smtp /etc/firefly-secrets/smtp + cp /run/secrets/${user0}-pass /etc/firefly-secrets/${user0}-pass + cp /run/secrets/${user0}-data /etc/firefly-secrets/${user0}-data + cp /run/secrets/${user0}-smtp /etc/firefly-secrets/${user0}-smtp chmod 755 /etc/firefly-secrets chmod 644 /etc/firefly-secrets/* ''; @@ -219,7 +219,7 @@ in secrets = builtins.listToAttrs ( map (secret: { - name = "${serviceCfg.name}/${secret}"; + name = "${serviceCfg.name}/${user0}-${secret}"; value = { owner = "root"; group = "root"; diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix index 5d1b81c..0a49d07 100755 --- a/modules/nixos/guests/mastodon/default.nix +++ b/modules/nixos/guests/mastodon/default.nix @@ -32,36 +32,6 @@ let log-level = "INFO"; } ); - - fedifetcherPython = pkgs.python3.withPackages ( - ps: with ps; [ - requests - pytz - beautifulsoup4 - certifi - charset-normalizer - defusedxml - docutils - idna - iniconfig - packaging - pluggy - pytest - python-dateutil - requests - six - smmap - urllib3 - xxhash - ] - ); - - fedifetcherSrc = pkgs.fetchFromGitHub { - owner = "nanos"; - repo = "FediFetcher"; - rev = "main"; - hash = "sha256-/J7psV/mA7okuuO7/aXVVWS9p63eMncG2CEEGN38ip0="; - }; in { # If you need to start fresh for some reason, run these to create the new Admin account: @@ -343,7 +313,7 @@ in done export ACCESS_TOKEN=$(cat /etc/mastodon-secrets/fedifetcher-token) - ${fedifetcherPython}/bin/python ${fedifetcherSrc}/find_posts.py \ + ${pkgs.fedifetcher}/bin/fedifetcher \ -c=${fedifetcherConfig} \ --access-token="$ACCESS_TOKEN" ''; @@ -436,12 +406,6 @@ in ]; }; - environment.systemPackages = builtins.attrValues { - inherit - fedifetcherPython - ; - }; - microvm = { vcpu = 2; mem = 1024 * 6; diff --git a/modules/nixos/guests/vaultwarden/default.nix b/modules/nixos/guests/vaultwarden/default.nix index 1a2dc2c..854bf89 100755 --- a/modules/nixos/guests/vaultwarden/default.nix +++ b/modules/nixos/guests/vaultwarden/default.nix @@ -58,7 +58,7 @@ in }; # Environment file with secrets (mounted from host) - environmentFile = "/run/secrets/env"; + environmentFile = "/run/secrets/${user0}-env"; }; openssh = { enable = true; @@ -185,7 +185,7 @@ in ]; sops.secrets = { - "${serviceCfg.name}/env" = { + "${serviceCfg.name}/${user0}-env" = { owner = "root"; mode = "0600"; };