alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:2d9ff7245d77e90e0363410e1fb19d4e82100c31
Branches Tags
alex:main
...
compare: alex:ddd12aad4b290353d24ac12994664cb0c83b7bd4
Branches Tags
alex:main

2 Commits
2d9ff7245d ... ddd12aad4b

Author SHA1 Message Date
Alexander Heldt
ddd12aad4b tadpole: Update WHIB secrets 2025-01-12 13:02:28 +01:00
Alexander Heldt
efb4dec329 Update WHIB input 2025-01-12 13:02:28 +01:00
14 changed files with 46 additions and 71 deletions
Expand all files Collapse all files

8
flake.lock generated
View File

@@ -267,11 +267,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735900130, "lastModified": 1736683325,
"narHash": "sha256-bj1b9f8hmyzQH74Lg6rBhe6DXbThifGhKQKIns3GT8w=", "narHash": "sha256-46GsyA5H2E8s7PLDcj/ZVRqrQnHgB7AvruxyF1e1yek=",
"ref": "master", "ref": "master",
"rev": "c9b16ef5558e48703bcb85be413f0c39a896e85b", "rev": "0e717e2ce41d91199717183d036b502a93cf4c8a",
"revCount": 365, "revCount": 367,
"type": "git", "type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}, },

32
hosts/tadpole/modules/whib/default.nix
View File

@@ -1,5 +1,4 @@
{ {
pkgs,
lib, lib,
config, config,
... ...
@@ -26,26 +25,23 @@ in
enable = true; enable = true;
backend = { backend = {
signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})";
domain = "api.whib.ppp.pm"; domain = "api.whib.ppp.pm";
useACMEHost = "api.whib.ppp.pm"; useACMEHost = "api.whib.ppp.pm";
environmentFiles = [
config.age.secrets.whib-backend-env-vars.path
config.age.secrets.whib-postgres-env-vars.path
];
}; };
postgres = { postgres = {
database = "whib"; environmentFiles = [ config.age.secrets.whib-postgres-env-vars.path ];
host = "postgres";
port = "5432";
user = "whib";
password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-postgres-password.path})";
backup = { backup = {
interval = "*-*-* 00:00:00 UTC"; interval = "*-*-* 00:00:00 UTC";
environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
gpgPassphraseFile = config.age.secrets.whib-gpg-key.path; gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
backblazeBucket = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-bucket.path})";
backblazeKeyID = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key-id.path})";
backblazeKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key.path})";
}; };
}; };
@@ -53,19 +49,19 @@ in
domain = "grafana.whib.ppp.pm"; domain = "grafana.whib.ppp.pm";
useACMEHost = "grafana.whib.ppp.pm"; useACMEHost = "grafana.whib.ppp.pm";
password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})"; environmentFiles = [ config.age.secrets.whib-grafana-env-vars.path ];
}; };
}; };
age.secrets = { age.secrets = {
"whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age; "whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
"whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age; "whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;
"whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age;
"whib-postgres-backup-env-vars".file =
../../../../secrets/tadpole/whib-postgres-backup-env-vars.age;
"whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age; "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
"whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age;
"whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age; "whib-grafana-env-vars".file = ../../../../secrets/tadpole/whib-grafana-env-vars.age;
"whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age;
}; };
}; };
} }

10
secrets/secrets.nix
View File

@@ -48,11 +48,9 @@ in {
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ]; "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
"tadpole/whib-signing-key.age".publicKeys = [ tadpole alex ]; "tadpole/whib-backend-env-vars.age".publicKeys = [ tadpole alex ];
"tadpole/whib-postgres-password.age".publicKeys = [ tadpole alex ]; "tadpole/whib-postgres-env-vars.age".publicKeys = [ tadpole alex ];
"tadpole/whib-grafana-password.age".publicKeys = [ tadpole alex ]; "tadpole/whib-postgres-backup-env-vars.age".publicKeys = [ tadpole alex ];
"tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ]; "tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ];
"tadpole/whib-backblaze-bucket.age".publicKeys = [ tadpole alex ]; "tadpole/whib-grafana-env-vars.age".publicKeys = [ tadpole alex ];
"tadpole/whib-backblaze-key-id.age".publicKeys = [ tadpole alex ];
"tadpole/whib-backblaze-key.age".publicKeys = [ tadpole alex ];
} }

7
secrets/tadpole/whib-backblaze-bucket.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A V2ngjouYa4wi42HngK3TQfGRNqZ+gW4iQ01HxdnfNxo
vvK7WyZkdH/vmeBrC8cs3neLpaZ8RryvYg61sBzf12A
-> ssh-ed25519 +oNaHQ 1pK15FPOkaejA0GfotISM2ATOcE8tsUgZOpL0PONC08
dDjq/2ZH/FHgLCQHgRaYba/3JtOvHl4k9GgzxyQw+L4
--- yyW+//7KvwvcTHs76bPxtG9TUrFgJzp7KtqaqjP/0GY
<EFBFBD><EFBFBD>~<7E><>}"[<5B>~nIm<49><6D><EFBFBD>2<EFBFBD><32>t<EFBFBD><74><EFBFBD>T<EFBFBD><54>xw<78>T<EFBFBD><54><EFBFBD>5,5^<5E><>w<EFBFBD><77>6l<36><6C>T<EFBFBD><54>(<28>

8
secrets/tadpole/whib-backblaze-key-id.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A YRCagpPHZ/4X9VyWgxWbugjSdYTzSUD2ncgWunzYVFs
7SKYPayWt4XGG5YVB3yKt+dpGKOBtJW3E/LZq3eJmGI
-> ssh-ed25519 +oNaHQ EHjg/EH4AbcqEHp27hhJqOLwa9P7sz2iavqIvkBkFQA
T/2Po7X5FFb575QSxvvE1LqwZpFoDX/gnKLopBw/NMU
--- 2cWhyrmkeeeiYNTyhJri/UHVhLqU0fJ3Py34rzhmr7c
clN<>2<EFBFBD>ʍ<EFBFBD><CA8D>y~<7E>,lsX<73><58><EFBFBD><EFBFBD>s.<2E><>4<EFBFBD>*!<21><><EFBFBD>j<EFBFBD>c
]u<>Ʒ<EFBFBD>z<EFBFBD>g<EFBFBD><67><06><>;F

7
secrets/tadpole/whib-backblaze-key.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A /exiuF2v+lsAUID7eT53DooUgVnQHsE0lJOPgdbLuzU
KPZKG2vYo7hczQ9iRTubb8mBUM9F3E19+1T6GExhsJM
-> ssh-ed25519 +oNaHQ 6/BOd1ahNHbKPH6V4DwiSWQ2MFPztTAqBHTc8V1HJFw
IF8V4HtNQqYzK58WdxYg1e2bfh9T7keV67VR/VzCUz0
--- WuqN3ez4lofmNyDaaKKXA23lFtnd+2VwuG7wT28u0xU
СQ<EFBFBD><EFBFBD>Vd<EFBFBD><EFBFBD><08><>>\<5C><11><15>

11
secrets/tadpole/whib-backend-env-vars.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A 098fJ/7D7ghIhfoETYu7OoFQA8jZfDRkN2ahMvCHqwI
CRmQOA68qOd1yPXgEIFDCVP1NqBadCsgny4YDsTMF+0
-> ssh-ed25519 +oNaHQ /DszHmFUavDkqGG2QCi4wnKGhwu2/Nby3SROBlnIsHk
lSw/+ogFi5HcjBPP0Q1rVZrLaY514OcTKcvjR+oBDJo
--- 4pBB/eV/ymB2WPnN5v2HlpYFc/W5hplU0lbp5LQgPBA
oh<6F><68>H
<EFBFBD><EFBFBD><EFBFBD>?<3F>M<EFBFBD><19>:s<><73>N <02>~t<>6<EFBFBD><36>3HS<48><53><EFBFBD>I(<28><>b<><62>E<EFBFBD>D!<21>5:<06>O<EFBFBD><4F>A<EFBFBD>H<EFBFBD>X<EFBFBD><58>*<2A>uŮ}rl<><6C>m<EFBFBD><6D>><3E>cF<63>S<EFBFBD>p<EFBFBD>^<5E>93$8Ζ<38><CE96><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>lz<EFBFBD><EFBFBD>p<EFBFBD>{<7B><>T<EFBFBD><54>C<04><>#<23>ۚ<EFBFBD>/ )<29><0E>|<7C>Z<>&<26>
<EFBFBD><EFBFBD> Es <09>U<EFBFBD>տ<EFBFBD><D5BF><EFBFBD><EFBFBD><EFBFBD>
71</<2F><>ѓ<EFBFBD>Fu`Q<06>r~|qTA<54>

12
secrets/tadpole/whib-gpg-key.age
View File

@@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5R7G9A ORTl5WSeg4vSKUAwzCp9ABRL02SvjFZrBHuWLMbSmxI -> ssh-ed25519 5R7G9A Q6V8S5312DQhP0QtPbAlbn+uDER6jpi+gvn40ndmnn0
obXt5wHXbfkdOAXwPySZeFelSFwJnCoH1EExtXNmBio soymoaAKbNlYicSbtHhqn54D0zVBHBuHUKngex/VgoM
-> ssh-ed25519 +oNaHQ vxTHufUlEwbuztnIsCcprfXonpNUlv1ZcHQpEQjGtz8 -> ssh-ed25519 +oNaHQ cpzCyu/9Jrm9Rx5C/rhuZku6uJWjrlHpCYxWOwuwQWw
uFym0SgmM6LZRqJrSPMLHI6DLZ5t/WLvKP0dMvM8bUc 1GA8NsLeOTo/zHs/k0vt/N8hH+2MXfMNRy+qKBqi3fM
--- 7UQLcCs/G20iP2YlwjCEmpFcXgqJfQacqSVGBBPmAbY --- 5O74sFn1xDZ53xHM7KHZ+ge7DzdnhyeB0W0znMk7NYQ
y<>ӆ<EFBFBD><D386>'<27>_K<07><>f<EFBFBD>3<EFBFBD>;<EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD>_<EFBFBD>tu[<5B>\<10><><EFBFBD><1F>)uK<75><4B>,ƫ<>zq񐏭<71>|<7C>1!X<>YY<59>g<EFBFBD>7<><37>Eڛ<>^<5E><> u<EFBFBD><1E><><EFBFBD>w<EFBFBD>D<EFBFBD>ms"<22><>4<EFBFBD><34><EFBFBD><EFBFBD>w<EFBFBD><77>G<7F>L<>ur 7V`G= <09><><EFBFBD><EFBFBD>C<EFBFBD><43>n2<6E><32>n <0C> <0C>3S~go<67><18><><EFBFBD><EFBFBD>cs<63>@7œƳ

BIN
secrets/tadpole/whib-grafana-env-vars.age Normal file
View File

Binary file not shown.

BIN
secrets/tadpole/whib-grafana-password.age
View File

Binary file not shown.

7
secrets/tadpole/whib-postgres-backup-env-vars.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A U4C1QnkHs1IeuWpFmSEVdJRV6GsScLopx5Xfg2CvDG8
+uR+7D9bTTY5esUtkvFMWbT57tHjFooHPW373tb3cJI
-> ssh-ed25519 +oNaHQ 1sprVMRMIJA8qloKB0RbKPJ9nADlk12TjiK2fmRW618
rpnxkInsDYWZKAjyTZVsWIrNPfGl3xL5GncenDGD9kA
--- e31LMSX9cvCMMrKfDsfTIc3qsVddBfWBIVsBq8KzGrY
<EFBFBD>{4%r<><72><EFBFBD><EFBFBD><EFBFBD><EFBFBD>n<04>8<EFBFBD><38><EFBFBD>azmݥ<6D>b<EFBFBD>V<>&<26>G&<26><><EFBFBD>F<EFBFBD><46> <20><>I<>ۺ<EFBFBD>®]<5D>荽N<E88DBD><4E>b tTړ<16>><3E>)<29><>ɀ{<7B>#ym-<2D><01><><0E><1E>Eo<45>]<5D><>J<EFBFBD><05><18><><EFBFBD><EFBFBD>1<EFBFBD>/Cs<><73><18><><EFBFBD><EFBFBD> b<><62>K<>J&%<25>&A<><41><EFBFBD><EFBFBD>#<23>%<25>u/<2F><>~$<24><08>h<EFBFBD>Z><3E><>8<EFBFBD>qm<71><6D><1C><>P<EFBFBD> )?<3F><><EFBFBD>q<>i:<3A>8|<7C>-c<10>]5vF<>L+<2B><><EFBFBD>pe<><65><EFBFBD>%%<25><><EFBFBD><EFBFBD>]<5D>

BIN
secrets/tadpole/whib-postgres-env-vars.age Normal file
View File

Binary file not shown.

7
secrets/tadpole/whib-postgres-password.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A WqkH9G2AGAcQfa9u+w6+QVXYVlozt0JsB/icILH/Jnc
SGhXQ33eRtVtIEKdZCmpyxNUtFgtZhGUs9QX20GbHRg
-> ssh-ed25519 +oNaHQ k66ZToSUzHxDm0yZkI4+Gase/Q5GJrsB7c6+LvmgGSg
6x9dzdloKJT2Tcawn4m2d518KUjdINGi4u+PFvMt9tQ
--- 395jqjDR3lBIIPOUIlnOJW/048qeJPC5CJbMJdpSjTo
<EFBFBD>ϛ<EFBFBD><uI<75>X"<22> <0C>^C<12>j};<3B><><EFBFBD><EFBFBD>Kd<4B><64><06><>ٗX<D997><58>b<EFBFBD> <0C><><EFBFBD>W<>,{7u+x<>L]<5D>ž

8
secrets/tadpole/whib-signing-key.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A ncGAywK2O0Geyy5E9HmRdDCmCD7RwmflyyBXFKH4KSc
4Izx8nT/k5yOMOG4InifQw+wzEDe9PqMyeF3LEicOKE
-> ssh-ed25519 +oNaHQ cPf/X971sb4pNKz9t0W318EpY3XJNB/OId7nGZ/ooXc
Vp5x6PZML0jtPEjuaDo7KjtHdKv5SyPAS2+Fvhjbro8
--- 4jGA5763tvEcNDmNnYaoCfw99xROjqpKW0dMG23BqbE
<1F><><EFBFBD>j^t<><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>B%<25><>a<><61><EFBFBD><EFBFBD>$<24><>8m}-LbM<62>n<EFBFBD><6E><18><1C>R<02><>cZ<63><5A><EFBFBD>=<3D> <0C>$ x<18><>}<7D><>)PH<50>{X<>3<EFBFBD><EFBFBD><E18FBB><EFBFBD>V<EFBFBD><15><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><12><><EFBFBD>Օ<EFBFBD>6Rs<52><73><EFBFBD><12><>r<EFBFBD><72>b<EFBFBD>nl<6E>]<5D><>/Ȏe@/<2F>*<2A><><EFBFBD>:<3A>ڸ<EFBFBD><DAB8>V~<7E><>V<EFBFBD>a]`<60><19>
<EFBFBD><EFBFBD><EFBFBD>=ٿv<D9BF>z\<5C>