Deploy HedgeDoc to kinda.sus.lol

This commit is contained in:
Ciapa 2023-04-16 10:33:46 +02:00
parent 002bc4c629
commit c7d56d4b2d
4 changed files with 39 additions and 1 deletions

View File

@ -8,7 +8,7 @@ keys:
- &host_nyx_lewd_wtf age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
creation_rules:
# kinda.sus.lol
- path_regex: hosts/kinda.sus.lol/secrets/.*\.yaml
- path_regex: hosts/kinda.sus.lol/secrets/.*
key_groups:
- age:
- *admin_ecchi

View File

@ -14,4 +14,12 @@
owner = config.users.users.nginx.name;
group = config.users.users.nginx.group;
};
# HedgeDoc
sops.secrets."services/hedgedoc/.env" = {
mode = "0400";
owner = config.users.users.hedgedoc.name;
sopsFile = ./secrets/hedgedoc.env;
format = "dotenv";
};
}

View File

@ -0,0 +1,13 @@
CMD_DB_URL=ENC[AES256_GCM,data:LXeHvEPJEqfYyx5Hlq+ThEoSkHZiQG3IMtbQeNVYJOSnaFDL5EJLZ4d+oKG0V2jCEyz5NNzVPR7sjPXNNcmVXCFHrUfF6asS,iv:FcWZs/+KE9fsOiFv9DMs+1GLpm0CV0liSfOs+ND7Y6g=,tag:nLStY7GG5FhfY976YvOIKw==,type:str]
CMD_SESSION_SECRET=ENC[AES256_GCM,data:WzQSttnr/avqH+540nLLw0OnH0NGhNvzQUD8LH0jIoPC6dpfRJo/M9S+3SulQUeSGqwYlg==,iv:R9fXBVVg4G2ZPsgSLQkLjrFEErMlWVEaLI4n1VT0bIY=,tag:YUJYMf64x9uxAR0Yj4aQjw==,type:str]
CMD_GITLAB_SCOPE=ENC[AES256_GCM,data:BVRJ,iv:2iArikHiD3D0RAyP2EqWXRRrdo5BN50WSrnzHe2OcO4=,tag:SQcQt8Cp3DjNdbCdtg2uug==,type:str]
CMD_GITLAB_CLIENTID=ENC[AES256_GCM,data:2CFyRDsGoLOYMbL2L1yg5EyZQm1pd0OUecfnUCSm3drl3dYxOgPhoC2QxeEWrCEZ8h1pWE4qFZanKanWg1IKxw==,iv:OVgKHtfAUJSEuQj3xLBT12wJw9JPiXgE5Vngtsp7rRo=,tag:zMc/NtHnCg+r+ygBsUTH/Q==,type:str]
CMD_GITLAB_CLIENTSECRET=ENC[AES256_GCM,data:tli/eEp3/AFVku10SwTeDbSuZEdjt0ntC8oQIgVptbshXQs1D1RECXmhNv3KTXC42/JKNlFYPARlH34ilCvbWQ==,iv:/XuDXF4E9wlZd3MIKstYKi7+BF2S9/CfQ4q+JrDhOHc=,tag:GHwXchVTYjesKuKZf8L6gA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiU0h0b1ZCL3RIMFpyUWRO\nYlA4NEdrV1RyVHFqOTRLMFd3Y1l0bTJhSldzCm1oTTM2OHlyUW9STC9palF3NWJE\nTjNxZUpxTnpRdmJyS2pKeUd1NnVWdFEKLS0tIE9uUDFoWm5ub2N0RjBWajZwVWtq\nRVYrTTUwRFFvN2s1TWpRNGdrTUNBT0EK6UCM8CayfNxIyrmkqZedGpuxFdlh2GgJ\nVSrGZy30e9x+cJZV+6IdbRGv8sm7HZhVbWgnTYWhjYot0gSx2g2fgQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age187hkscvxar33wta3zvgypj6kkc02g6sewwmfwmup26z2fuhwpamsa2d8yh
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBaWpOVUJHVUNIalZoV1Ev\nT055K2VHbXlzQ28zbVhFMjd1UmdJWEtpR0RzCkVMYmJPMWk0WHp5TnBYNzdyZ2dh\nelVnTjZoejJWaEc4cGd5MDA1Q256UU0KLS0tIG1YajNzSHVzOExHZHFNUDZtWjEx\ncHltR3BiK3F3em1ZUlo2R0VTcVBXelEKXynCDYoVR+fPSQ4udFGBdgWysPSWd6LO\nJhe6WZ2fmkeAo9BEQXJ0+vtFaA9wEekoo2AdvyYQmAKOyUwkVWy6Ww==\n-----END AGE ENCRYPTED FILE-----\n
sops_version=3.7.3
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
sops_mac=ENC[AES256_GCM,data:N1ZhRxi8mjwwGNdNYFNMNy2JBxGqdAQSKgx9TZfvVMJl+vmjv2gX4Jick4Xlg99Y6A0f847NE6JVH81vvtZuBCzCCkwv1DlVyRgWT5zt+tdN+LP81XqFLisSiiqg2myhXQ236dGZWiHnMJYAmGBkZyHtZ8ItQv37iSg9LaCByDc=,iv:smxsFHI+lllXxlWidfIRK30d7LKq02uoOXGqxNOkakM=,tag:BUSmCi0eHLblEbd6Wi7Q3A==,type:str]
sops_lastmodified=2023-04-16T08:31:12Z

View File

@ -0,0 +1,17 @@
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 3000 ];
services.hedgedoc = {
enable = true;
settings = {
domain = "op.pai.wtf";
protocolUseSSL = true;
email = false;
allowEmailRegister = false;
allowOrigin = [ "op.pai.wtf" ];
};
environmentFile = "/run/secrets/services/hedgedoc/.env";
groups = [ config.users.groups.keys.name ];
};
}