From 9e68287f1bacb02496fe4ea4d35df38ec55d686a Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 25 Aug 2025 14:30:52 +0200 Subject: [PATCH] bicep/minecraft-heatmap: change postgres password, add to sops --- hosts/bicep/services/minecraft-heatmap.nix | 6 +++++- secrets/bicep/bicep.yaml | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/hosts/bicep/services/minecraft-heatmap.nix b/hosts/bicep/services/minecraft-heatmap.nix index 95b9125..85a8c8e 100644 --- a/hosts/bicep/services/minecraft-heatmap.nix +++ b/hosts/bicep/services/minecraft-heatmap.nix @@ -7,6 +7,10 @@ in mode = "600"; }; + sops.secrets."minecraft-heatmap/postgres-passwd" = { + mode = "600"; + }; + services.minecraft-heatmap = { enable = true; database = { @@ -14,7 +18,7 @@ in port = 5432; name = "minecraft_heatmap"; user = "minecraft_heatmap"; - passwordFile = pkgs.writeText "minecraft-heatmap-password.txt" "1234"; + passwordFile = config.sops.secrets."minecraft-heatmap/postgres-passwd".path; }; }; diff --git a/secrets/bicep/bicep.yaml b/secrets/bicep/bicep.yaml index fec2254..03fe2b9 100644 --- a/secrets/bicep/bicep.yaml +++ b/secrets/bicep/bicep.yaml @@ -6,6 +6,7 @@ mysql: gickup: github-token: ENC[AES256_GCM,data:H/yBDLIvEXunmaUha3c2vUWKLRIbl9QrC0t13AQDRCTnrvhabeiUFLNxZ/F+4B6sZ2aPSgZoB69WwnHvh1wLdiFp1qLWKW/jQPvzZOxE4n+jXrnSOutUWktbPzVj,iv:KFW4jRru93JIl9doVFtcNkJDWp89NlzWjPDflHxcL/U=,tag:YtgyRxkoZO9MkuP3DJh7zA==,type:str] minecraft-heatmap: + postgres-passwd: ENC[AES256_GCM,data:T8s9xct07AJ4/Z6MQjNrqZQq7FerHz8Op+ea8zO2MDLPWWgU7/hBfrr+T4sc1TgT3e5vtE0dVcqCSbZCZj+6zQ==,iv:prx6d8c92OvbL8IjBLAvi1Vqk69D6ZIkAp7E8CSljok=,tag:UA5YS4YwViYZJ2PWzIIM3g==,type:str] ssh-key: private: ENC[AES256_GCM,data:h9OtD6hxrxyokFDe9bveAkMICrs3YrsAEqg0RVHV+xCkgkNAdoh85wb1QI8FJ0tga4Bfq8ZxZTdMnexQvbYWL8m/N/P6gWoPPJd7dwGuxaUZu5lqngVuHIhH0yWFWtPXjQ0Zyl5Q1aBKyjzJMvJc/H2iprgVH4YFs/fWf/KDEp17Plvvz0AoPGPrOZErDmne4MtLbW3pUm1r5ACo/41OyXYwjHk1Ywgsoz1CMxe/DrmkADnf7jSDWL6Q0mz8hIIYi8GbToJS4BIJ2plttraxV9sqpIPzS/1jMERNchItlkCppSYIy/eohVmskP8dAySm5Z7HNGGtzWSSGLxq15xKc7OVFYPMI+B35nPnp1LVOUWqBHAqVo7dwxc3VXOlVat7AMknUZnr67d4TIIl5BOdy/rvAxzXS/fDV0zntIs5o3phKStVvq07eZFaOVva45B7Pyyn0PdBhHBt2JcBtm+Xtg9i3xvZdwQgbeeJRhnYgDqK6BVhmtTuirwp1GOyslqaFCjg0MJj+W+d8R9gbbfyFR6YrZQAkcd/o/yZGg86z7Phe18=,iv:nt/+qPBwPZKQt43VJ9FbKjLYioFwCxD7VK9WNCJCmpQ=,tag:MuDfnTiro3VVJq9x5rkEQg==,type:str] public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str] @@ -65,8 +66,8 @@ sops: cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX 0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-22T17:54:32Z" - mac: ENC[AES256_GCM,data:lUcE2bwdgDAAEZWSe9At8Rx5ieixboxJNw7xkXfBRo4OgnU/zp6660lwc7Q9uVQBKZxmdx9BJsGeoWh6eehbTxfJYNhUbAJB/7hnkD2HTiBR/0nJAL9iixlXxehn85QhWZ3KXWQDU9l26X4saYIF3rWvGXlM8oSkoPsPluxGfG4=,iv:0m7LpwOort5mKB0jzd4qnwOACuj/aE+8AoXSuv6Nx/s=,tag:LqxCKFYq+flQ/b361ZZSqw==,type:str] + lastmodified: "2025-08-25T12:27:53Z" + mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str] pgp: - created_at: "2024-08-04T00:03:40Z" enc: |-