mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2025-08-05 05:09:33 +02:00
kommode/gitea: make secrets declarative
This commit is contained in:
parent
0a7f559869
commit
234a7030f0
@ -11,15 +11,17 @@ in {
|
||||
./web-secret-provider
|
||||
];
|
||||
|
||||
sops.secrets = {
|
||||
"gitea/database" = {
|
||||
owner = "gitea";
|
||||
group = "gitea";
|
||||
};
|
||||
"gitea/email-password" = {
|
||||
sops.secrets = let
|
||||
defaultConfig = {
|
||||
owner = "gitea";
|
||||
group = "gitea";
|
||||
};
|
||||
in {
|
||||
"gitea/database" = defaultConfig;
|
||||
"gitea/email-password" = defaultConfig;
|
||||
"gitea/lfs-jwt-secret" = defaultConfig;
|
||||
"gitea/oauth2-jwt-secret" = defaultConfig;
|
||||
"gitea/secret-key" = defaultConfig;
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
@ -45,9 +47,15 @@ in {
|
||||
ROOT_URL = "https://${domain}/";
|
||||
PROTOCOL = "http+unix";
|
||||
SSH_PORT = sshPort;
|
||||
LANDING_PAGE = "explore";
|
||||
START_SSH_SERVER = true;
|
||||
START_LFS_SERVER = true;
|
||||
LANDING_PAGE = "explore";
|
||||
LFS_JWT_SECRET = lib.mkForce "";
|
||||
LFS_JWT_SECRET_URI = config.sops.secrets."gitea/lfs-jwt-secret".path;
|
||||
};
|
||||
oauth2 = {
|
||||
JWT_SECRET = lib.mkForce "";
|
||||
JWT_SECRET_URI = config.sops.secrets."gitea/oauth2-jwt-secret".path;
|
||||
};
|
||||
"git.timeout" = {
|
||||
MIGRATE = 3600;
|
||||
@ -75,6 +83,10 @@ in {
|
||||
};
|
||||
admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
|
||||
session.COOKIE_SECURE = true;
|
||||
security = {
|
||||
SECRET_KEY = lib.mkForce "";
|
||||
SECRET_KEY_PATH = config.sops.secrets."gitea/secret-key".path;
|
||||
};
|
||||
database.LOG_SQL = false;
|
||||
repository = {
|
||||
PREFERRED_LICENSES = lib.concatStringsSep "," [
|
||||
|
@ -8,11 +8,10 @@ gitea:
|
||||
gpg-signing-key: ENC[AES256_GCM,data:AyafTF3H8p1qDk9xsNvT68BksoKGLwE2uE3hjz0TrT2XPxCRDOIlfAVYEPSu2Ih6l5a2uruEJhHPtU2fPCB2hln3Bv3gZfFGLb3GFWkSvdePIYFxG56uqGK5dE1KaMccc2cTi+raDImKqSTbp7Qpdo/c6C0WYVglYrD+2l8Y4QOiFuazyLY9zwcX0qG7pIjJ+akCUjfE4rJDAW6H/v+OqvHpcED3q4iXOYuw9sj/UeIgZfJ5Xc/uVrRmPewP4yALnA8o9gsaaLdjWRFIILe7VRwPr0YqwQ6XGgc+pEartkV8AzxjCq6DOtifOOzmu8EI1U1yoaOViYCAMbSHfP6SIKr7pJbrdU+YDBq9mvRx8KPXWUU2uNGrMObATEzlqMYAYA/HJeOdV4w3Axvq8RG2FLkJxJJniwNP5VZRF3bbbI3w+hprRP2yAwgeQw19KBU8yF8upKga/GdMNScpKJvRyVLjZtI0rsfvSC81lHawouuje6aPXT3dH1S5ROJBHMTeV0sP0vK6liBevz9RZpvNs6JVyNCgiRRtRSSYqsgwPJonDKuPeI/Zpgih7HboA8HqhIibqpO96h5/4yO69oJAbLUYV3zlKQcMDTaqadL4Ox5Z+8ygSAL3l1ufZIFGSj73SNHGQqQlIS/a3dAccRi5fPqv0gOmGFAAUJPKfeauFn3TclwojKzu5vwmQxZ5g50txEpTSTaYOy++qq6UZa/dXEyDC7fle75dXhqXyqMCf9kDwZZl5E9eBsabNdTF+auQCp82iLQivdBy7uJX2hkJFSg84fF9MLgH4mOcMQc2E/z961uNzEgoyvVhbDY6+SIJ+6SGmnardbFW7mYrj/QqnSUiMc4tHukAB4NGQYHgjOYRZMpHfVO/6dLbjmTOljnPsnfQUCepvb9rGim8NazvnARaVzezx4t3tfbNR8uLQudSeLZzn/Fu1mKSQvpP+IjdglmyAgp6QhB4OCDPbiaMRDUtOQIzlVILdz1/geUVzhZkJ4xzkm5klGukhtv+3TqjiTcEnoVJC+A1jRvxBQUfEE92GFuupJUfrw8bIDqsWQLkHPCNUMgdoKa/q2OkrWeQz2zm2yUqMAJn1/puoLHdSH5aCELUggx1gQZoc480pSBUvSCML+Qc4B4Cd6hX2PPp+/KQeKtfqHIsKz2I+DMT6KDirReX6WHxqk+s2DtLw7Wx/j65PWCIWLCz,iv:c9BDRxQImWTmwq11+T2CW0S00Dixd8d0od5xn5zZmY8=,tag:brnMedsdTwlkbaHaLa2w2g==,type:str]
|
||||
ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str]
|
||||
import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str]
|
||||
secret-key: ENC[AES256_GCM,data:YqwSJazPqz1OOsUVIPKsGvIHbX7SyJqryan1KWSRGRJkt9yZlaiRtQG/mQugAM6IvLFD3pj+gPTcXyqenaAQKA==,iv:nyPnL7wuhpb0kl0tm1JhOHmF7KI9vVcTN1SRGTgD2o8=,tag:Rt/IPC/YtBcmTx5osGlbBg==,type:str]
|
||||
oauth2-jwt-secret: ENC[AES256_GCM,data:YUVbf0xgnzeNoahu57yzoib2XSB0rR2AAIkdlEe8eC9AFEdv4vE0S372jw==,iv:k1cEa/sWqJZ9b/NetVSR37BYy6UUOM4qAnbsfLEw+5Y=,tag:CrUh0xDWA77dAFp8FY0jPA==,type:str]
|
||||
lfs-jwt-secret: ENC[AES256_GCM,data:fAirrt7Ue1XpHYB12e8l+47x1dY/eIsDV61KrDA/sRSKvZherRNnahtLQw==,iv:S6+rQHf3TL/1tKcknX/jHJ7k79GCU1BRBZHhuqXSRME=,tag:WUjNaP8bb1HvZnAX3+vXoQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
|
||||
enc: |
|
||||
@ -68,8 +67,8 @@ sops:
|
||||
OCtLcUZwL084TUp0QmpSQXNtSFhHYkUKwGvXXE9AWlrlDgRl2ECCmej7IMztO+fx
|
||||
852Vu610cI9FLv5oghlKM769+/A2QP82KwdxZ4MaRSDvJwXKBi16aw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-16T13:03:12Z"
|
||||
mac: ENC[AES256_GCM,data:cuMHvEjR3nA/LqGHwIGOD+rWwmvg0fPiFtVTDLATKuc0Ulf+0PKogv9cddmXlmqaBOLMkmZue44egEpiLoNm38kEr7gPfP7XKj3kkwL2U4BiS43JEokt5CEq44sSETKylEMEVajgOEwyWn1od4MLxa7xsuhbvGvDpsbvjyPvzh0=,iv:zWFNpOS9cgCs36rdW9FcJ+jG3HrjRmcw2Ogz7QZuyJQ=,tag:L3x6Bsu+7n5A0/Dx0HghkA==,type:str]
|
||||
lastmodified: "2025-08-03T01:35:52Z"
|
||||
mac: ENC[AES256_GCM,data:wQPIW9zRhB6IjK1OQy69Ln+dj6OMNLnNKIzFIhv/vbQ4GllMJ3N/gZjuzMJIumcVND+jEY/qiYnsCFSptStlDYtB3/zHWo1e6It2pM4igtoTP29uiQME0vPJSz0guakZlDMa20mOTN0vVZODEbeBiQNXWtnTbl93R2JVJlZrWcI=,iv:L9Dk5S+hbBO0LTM0irfLuqjLYHzVtY5Tq+Q7m65u6p8=,tag:0GT9IyPeGY5YM6PP/LNs/Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-03-16T13:02:45Z"
|
||||
enc: |-
|
||||
@ -92,4 +91,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
version: 3.10.2
|
||||
|
Loading…
x
Reference in New Issue
Block a user