upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-08-08 21:04:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: opencloud test

Browse source
This commit is contained in:
Nick 2025-07-07 14:04:06 -05:00
parent aa0e210939
commit 8cf23010b7
3 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/services/nextcloud/default.nix
View file

@ -107,7 +107,6 @@ in
}) })
[ [
"pass" "pass"
"smtp"
] ]
); );
}; };

26
modules/nixos/services/opencloud/default.nix
View file

@ -1,4 +1,4 @@
{ flake, ... }: { config, flake, ... }:
let let
inherit (flake.config.machines.devices) ceres; inherit (flake.config.machines.devices) ceres;
inherit (flake.config.services.instances) opencloud web; inherit (flake.config.services.instances) opencloud web;
@ -17,6 +17,7 @@ in
environment = { environment = {
OC_INSECURE = "false"; OC_INSECURE = "false";
}; };
environmentFile = config.sops.secrets."${service.name}-pass".path;
}; };
caddy = { caddy = {
virtualHosts = { virtualHosts = {
@ -30,6 +31,29 @@ in
}; };
}; };
}; };
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}";
owner = service.name;
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"smtp"
"database"
]
);
};
fileSystems."/var/lib/${service.name}" = { fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0; device = service.paths.path0;
fsType = "none"; fsType = "none";

5
secrets/secrets.yaml
View file

@ -47,6 +47,7 @@ kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTS
podgrab-pass: ENC[AES256_GCM,data:DVmJDb4VqcZDKNcedSaRA5dqKOzx1tSzDiK3i23+a6v3nK+4Kh7n8EA=,iv:SiiUjJLHkCOO1VKCmubftKx06laFqNv79tIPnkVYrJU=,tag:kdkT+03DemlNAsuzps8fnw==,type:str] podgrab-pass: ENC[AES256_GCM,data:DVmJDb4VqcZDKNcedSaRA5dqKOzx1tSzDiK3i23+a6v3nK+4Kh7n8EA=,iv:SiiUjJLHkCOO1VKCmubftKx06laFqNv79tIPnkVYrJU=,tag:kdkT+03DemlNAsuzps8fnw==,type:str]
firefly-iii-key: ENC[AES256_GCM,data:tLJfwB8De1vdGeccr4SxifU7KYAfnasoXISvz5mSR28=,iv:vknG+h2D04lECHE/PPA53aZqWk4ouYcH+WfP7WooPYU=,tag:HKma2cydw58pAnvOFH53fA==,type:str] firefly-iii-key: ENC[AES256_GCM,data:tLJfwB8De1vdGeccr4SxifU7KYAfnasoXISvz5mSR28=,iv:vknG+h2D04lECHE/PPA53aZqWk4ouYcH+WfP7WooPYU=,tag:HKma2cydw58pAnvOFH53fA==,type:str]
firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R4=,iv:pUv8ok5nLDGeCcP2hsTculk+MPPAjkupidQO0Jkc3Wc=,tag:zq7+lFjdOr5ORpthqXW8EA==,type:str] firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R4=,iv:pUv8ok5nLDGeCcP2hsTculk+MPPAjkupidQO0Jkc3Wc=,tag:zq7+lFjdOr5ORpthqXW8EA==,type:str]
opencloud-pass: ENC[AES256_GCM,data:NWdv0aPdimCl3UUz1SBkWo1FjFJv9LkZEwWhsvvU40NdAvRwpLdY7cTUcP2Rigs=,iv:iDk/67ifxDkoiYP4MncsVNCXJck27mPzBtRBqnzc7Co=,tag:Ma3nBAL0X08241AtZE41DA==,type:str]
sops: sops:
age: age:
- recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@ -58,7 +59,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-04T00:40:18Z" lastmodified: "2025-07-07T18:59:54Z"
mac: ENC[AES256_GCM,data:N2BwAzga2/Ig96p49rqNhhZ2udYWt7mQ9JD8DFXuxa3HOh3gtx7FWeWpGjvLnLWCgGcT4R61RKmgZQZRADNxYPE3vtdpPOFz0XvgcYSDlwslzBdSsVc08sh77P0LDgZsCzE1MxYynQ6nzFcc6gW5sorInLarsHoCCBC+Z5YpOVg=,iv:H6d3VrERM02/1zI5boFemEpMYD3greYZRqlSpBqROzM=,tag:TEakUvOlKoZYo/XPS6HVnA==,type:str] mac: ENC[AES256_GCM,data:Lk5YZ6dt0A1sVfz3dw6ATdm0sGQAV/6I2lN0wYtw3ZiILqzPe9Sr2yLxAmvoSWP9MzERGd7WXKZXa0+bKCsJlYYSElx+CBfabKMxj3CFxpy+SZnwdKUU3PMWIsD6TW0G0+gFGS/r8iBMmgY6uL5lN6cK2vAAR7zU2UB33S6RLCA=,iv:dXIvA6rp/F/Y1v6FdI4DFKb2bsP0kWWQ1j1wDnAhNSo=,tag:uthcpHfn/7SIzPAiQq1LWA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2