hedgedoc: move from voyaer to sarek
This commit is contained in:
parent
a12250f9e6
commit
130cf2454a
|
@ -2,6 +2,7 @@ keys:
|
|||
- &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||
- &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
||||
- &host_sarek age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
|
||||
|
||||
creation_rules:
|
||||
# Global secrets
|
||||
|
@ -18,3 +19,10 @@ creation_rules:
|
|||
- *host_voyager
|
||||
- *user_felixalb_old
|
||||
- *user_felixalb
|
||||
|
||||
- path_regex: secrets/sarek/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_sarek
|
||||
- *user_felixalb_old
|
||||
- *user_felixalb
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
./services/nginx.nix
|
||||
./services/postgresql.nix
|
||||
./services/hedgedoc.nix
|
||||
./services/flame.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ let
|
|||
domain = "md.feal.no";
|
||||
port = 3300;
|
||||
host = "0.0.0.0";
|
||||
authServerUrl = config.services.kanidm.serverSettings.origin;
|
||||
authServerUrl = "https://auth.feal.no";
|
||||
in {
|
||||
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
|
||||
sops.secrets."hedgedoc/env" = {
|
||||
|
@ -48,7 +48,7 @@ in {
|
|||
systemd.services.hedgedoc = {
|
||||
requires = [
|
||||
"postgresql.service"
|
||||
"kanidm.service"
|
||||
# "kanidm.service"
|
||||
];
|
||||
serviceConfig = let
|
||||
workDir = "/var/lib/hedgedoc";
|
||||
|
@ -93,5 +93,4 @@ in {
|
|||
};
|
||||
}];
|
||||
};
|
||||
|
||||
}
|
|
@ -3,6 +3,11 @@
|
|||
services.postgresql = {
|
||||
enable = true;
|
||||
enableTCPIP = true; # Expose on the network
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
|
|
|
@ -21,7 +21,6 @@
|
|||
./services/transmission.nix
|
||||
./services/metrics
|
||||
./services/gitea.nix
|
||||
./services/hedgedoc.nix
|
||||
./services/vaultwarden.nix
|
||||
./services/calibre.nix
|
||||
./services/fancontrol.nix
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
hedgedoc:
|
||||
env: ENC[AES256_GCM,data:IE1Lp1Lx0ctKIyV9z0rJWIouaHvstEyhcFO6KLNliN2FHKYNlfggrXEwxT+UwNUvEyuN6p+nCOLc48pAxODLHdl+DuTtwmqb14lbiwS6s/CPxlkJvcUnkauFOhuk45qXOhu4rz9sdtA7vSjMXEGmi55bJNAB+AD+oIVgtDEYa/cNkAaGJltxClx3KjCyfmOnN69ZuL81ewOnk5dq8ms=,iv:HBdiT0I9vKgs0es3jluYP0j8lr0YS4seLQmZvj7Bs40=,tag:pqEjkBWeSMtA4QDXpYDKSg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc3lUVW1PNTNoRm4xbzBI
|
||||
OTlBK1MzaHE1cU1UTEN2TkNlU3dVVXZSUXpBCjhISjdBSnZVSnhyckFoVXdJK3N1
|
||||
cE9GanNRcExpckRJbEtPWkFvVFgwZ3MKLS0tIHhhb1A2dU5BbFpmK0d5Yi9yMDZY
|
||||
c1lwVWNibW1PVTFEYlVkYzNKL2pmR3MK0WEvII7d3VUr53uFf/leic1JsALinG4G
|
||||
PSXfzvhywVf+C1/YgE5HJH9pPhIDigLFins09UWt1RDVuwfdmXPJwA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMYkdUMmpDTmtzZHExT3RM
|
||||
d3UxZy9DTzRjcHVrNHB6OTBNOHFkV25GV1JjCk1BU1poZ090U3ZJV0xuMEdIcDE0
|
||||
MHYrbk9VYWlsdWg0bmpVY1pVUmJFTm8KLS0tIExoUG9aMy8rWlBvUXNZcGhUd0FC
|
||||
dEpEWEJZdTMrOTZxVU1JcFN6Nlo5QzQKdo4cKvw7fBmGqsi2ALOEbdRVngzPGhte
|
||||
5AC1PAX85a8r6DA/8etSKjXVh/wEdEs85+qKDgKKJSNqNG+nlzF+wQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYU05cHJOUkZib3B3UHc3
|
||||
dDdDTUlFK1pudHFubTNLMTQ3WDZKeERCRld3ClhCOVpEcjhDQWt6NGxDMXNVSlk0
|
||||
QVhSdnFRc2hqZmZQUEFVR25BNWdYMDQKLS0tICt0bXp6SXpqbFlTdkxWMGlGK0Nw
|
||||
enQ5UjA2ZVBGcUFCenhYckVjanVOeE0KT0NPv0yGmreBQzozp9z5tOtY9Awo5ajs
|
||||
y00uxfBVUgQkhNYCUQ5j9vzMv2U5vDncHox07rEl7YqdlzjJzbuupA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-05T21:56:24Z"
|
||||
mac: ENC[AES256_GCM,data:7n8WFY6fWEwEeF91CNzDbqJm/hx+Nm+A+uKmHN5r9zbwgkKNPuf+aX3bACkGDyI/B2XN6TxEGl3Gc2MnF3ZTazbRkaZE06gS3bPmosHIZkw1CCkJdgD5KM5y8Nffj4Dzdmu86Z1W74FkV29aAFF1BtYSRalBCJ+2kxWabSPTT2Y=,iv:mfpwBmI11ysnIK+xPt8J3n7FEWedRS1WW5HxTmGxCas=,tag:X8gUuKw+tRTm82NvhC5grw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in New Issue