Deploy HedgeDoc to kinda.sus.lol
This commit is contained in:
parent
002bc4c629
commit
c7d56d4b2d
|
@ -8,7 +8,7 @@ keys:
|
|||
- &host_nyx_lewd_wtf age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
||||
creation_rules:
|
||||
# kinda.sus.lol
|
||||
- path_regex: hosts/kinda.sus.lol/secrets/.*\.yaml
|
||||
- path_regex: hosts/kinda.sus.lol/secrets/.*
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_ecchi
|
||||
|
|
|
@ -14,4 +14,12 @@
|
|||
owner = config.users.users.nginx.name;
|
||||
group = config.users.users.nginx.group;
|
||||
};
|
||||
|
||||
# HedgeDoc
|
||||
sops.secrets."services/hedgedoc/.env" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.hedgedoc.name;
|
||||
sopsFile = ./secrets/hedgedoc.env;
|
||||
format = "dotenv";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
CMD_DB_URL=ENC[AES256_GCM,data:LXeHvEPJEqfYyx5Hlq+ThEoSkHZiQG3IMtbQeNVYJOSnaFDL5EJLZ4d+oKG0V2jCEyz5NNzVPR7sjPXNNcmVXCFHrUfF6asS,iv:FcWZs/+KE9fsOiFv9DMs+1GLpm0CV0liSfOs+ND7Y6g=,tag:nLStY7GG5FhfY976YvOIKw==,type:str]
|
||||
CMD_SESSION_SECRET=ENC[AES256_GCM,data:WzQSttnr/avqH+540nLLw0OnH0NGhNvzQUD8LH0jIoPC6dpfRJo/M9S+3SulQUeSGqwYlg==,iv:R9fXBVVg4G2ZPsgSLQkLjrFEErMlWVEaLI4n1VT0bIY=,tag:YUJYMf64x9uxAR0Yj4aQjw==,type:str]
|
||||
CMD_GITLAB_SCOPE=ENC[AES256_GCM,data:BVRJ,iv:2iArikHiD3D0RAyP2EqWXRRrdo5BN50WSrnzHe2OcO4=,tag:SQcQt8Cp3DjNdbCdtg2uug==,type:str]
|
||||
CMD_GITLAB_CLIENTID=ENC[AES256_GCM,data:2CFyRDsGoLOYMbL2L1yg5EyZQm1pd0OUecfnUCSm3drl3dYxOgPhoC2QxeEWrCEZ8h1pWE4qFZanKanWg1IKxw==,iv:OVgKHtfAUJSEuQj3xLBT12wJw9JPiXgE5Vngtsp7rRo=,tag:zMc/NtHnCg+r+ygBsUTH/Q==,type:str]
|
||||
CMD_GITLAB_CLIENTSECRET=ENC[AES256_GCM,data:tli/eEp3/AFVku10SwTeDbSuZEdjt0ntC8oQIgVptbshXQs1D1RECXmhNv3KTXC42/JKNlFYPARlH34ilCvbWQ==,iv:/XuDXF4E9wlZd3MIKstYKi7+BF2S9/CfQ4q+JrDhOHc=,tag:GHwXchVTYjesKuKZf8L6gA==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiU0h0b1ZCL3RIMFpyUWRO\nYlA4NEdrV1RyVHFqOTRLMFd3Y1l0bTJhSldzCm1oTTM2OHlyUW9STC9palF3NWJE\nTjNxZUpxTnpRdmJyS2pKeUd1NnVWdFEKLS0tIE9uUDFoWm5ub2N0RjBWajZwVWtq\nRVYrTTUwRFFvN2s1TWpRNGdrTUNBT0EK6UCM8CayfNxIyrmkqZedGpuxFdlh2GgJ\nVSrGZy30e9x+cJZV+6IdbRGv8sm7HZhVbWgnTYWhjYot0gSx2g2fgQ==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age187hkscvxar33wta3zvgypj6kkc02g6sewwmfwmup26z2fuhwpamsa2d8yh
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBaWpOVUJHVUNIalZoV1Ev\nT055K2VHbXlzQ28zbVhFMjd1UmdJWEtpR0RzCkVMYmJPMWk0WHp5TnBYNzdyZ2dh\nelVnTjZoejJWaEc4cGd5MDA1Q256UU0KLS0tIG1YajNzSHVzOExHZHFNUDZtWjEx\ncHltR3BiK3F3em1ZUlo2R0VTcVBXelEKXynCDYoVR+fPSQ4udFGBdgWysPSWd6LO\nJhe6WZ2fmkeAo9BEQXJ0+vtFaA9wEekoo2AdvyYQmAKOyUwkVWy6Ww==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||
sops_mac=ENC[AES256_GCM,data:N1ZhRxi8mjwwGNdNYFNMNy2JBxGqdAQSKgx9TZfvVMJl+vmjv2gX4Jick4Xlg99Y6A0f847NE6JVH81vvtZuBCzCCkwv1DlVyRgWT5zt+tdN+LP81XqFLisSiiqg2myhXQ236dGZWiHnMJYAmGBkZyHtZ8ItQv37iSg9LaCByDc=,iv:smxsFHI+lllXxlWidfIRK30d7LKq02uoOXGqxNOkakM=,tag:BUSmCi0eHLblEbd6Wi7Q3A==,type:str]
|
||||
sops_lastmodified=2023-04-16T08:31:12Z
|
|
@ -0,0 +1,17 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
settings = {
|
||||
domain = "op.pai.wtf";
|
||||
protocolUseSSL = true;
|
||||
email = false;
|
||||
allowEmailRegister = false;
|
||||
allowOrigin = [ "op.pai.wtf" ];
|
||||
};
|
||||
environmentFile = "/run/secrets/services/hedgedoc/.env";
|
||||
groups = [ config.users.groups.keys.name ];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue