ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 4 Actions 1 Packages Projects Releases Wiki Activity

set up sops for jeevesjr

Browse Source
This commit is contained in:
Richie Cahill 2024-07-05 14:30:41 -04:00
parent 726f44403a
commit 740bc8495b
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
systems/jeeves-jr/docker/web.nix
View File

@ -1,3 +1,4 @@
{ config, ... }:
let let
vars = import ../vars.nix; vars = import ../vars.nix;
in in
@ -7,7 +8,7 @@ in
image = "ubuntu/apache2:latest"; image = "ubuntu/apache2:latest";
volumes = [ volumes = [
"${../../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/" "${../../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"/ZFS/Main/Mirror/:/data" "${vars.main_mirror}:/data"
]; ];
ports = [ "800:80" ]; ports = [ "800:80" ];
extraOptions = [ "--network=web" ]; extraOptions = [ "--network=web" ];
@ -20,7 +21,7 @@ in
TZ = "Etc/EST"; TZ = "Etc/EST";
}; };
volumes = [ volumes = [
"${vars.main_docker}/jeeves-jr/haproxy/cloudflare.pem:/etc/ssl/certs/cloudflare.pem" "${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem"
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg" "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
]; ];
dependsOn = [ "arch_mirror" ]; dependsOn = [ "arch_mirror" ];
@ -33,10 +34,18 @@ in
"tunnel" "tunnel"
"run" "run"
]; ];
environmentFiles = [ "${vars.main_docker}/jeeves-jr/cloudflare_tunnel.env" ]; environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];
dependsOn = [ "haproxy" ]; dependsOn = [ "haproxy" ];
extraOptions = [ "--network=web" ]; extraOptions = [ "--network=web" ];
autoStart = true; autoStart = true;
}; };
}; };
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/cloud_flare_tunnel".owner = "docker-service";
"docker/haproxy_cert".owner = "docker-service";
};
};
} }

8
systems/jeeves-jr/secrets.yaml
View File

@ -1,4 +1,6 @@
hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str] docker:
cloud_flare_tunnel: ENC[AES256_GCM,data:E+XYu5AxS8Ew9OVIfbH5gLkMk+rZ4yT96tSGAwL4smedkddoevRnqil78LtFNYKV8Zo3MpuA8q/c4Me0KrrlSAvwJz1T2cev0dKnuTei3MHZxK7RwWYo9UMJH+aV+l343OY9nvGBj6ryTM3wKyUIoqSmOnRCAbYmhkkqN0wFO+Mxxqjw6nf5UEeeKb36k2NwlhjjnscOKe+wo3sXhjjzVXrE3IOUQJM3hWWukMElcYewVgJmstRidKiNCRMi1/UYMk/Nfhk=,iv:yFJ5SbHB3wZ0FEF0k9KrWye55ref7OqbQPd8oMLTmH4=,tag:p3K4yGR6X2+uKIj4H6rZ+g==,type:str]
haproxy_cert: ENC[AES256_GCM,data:1n2BurHeWI+j7CMQ7qk3DUl+8MgqRsgtYQ1TxJKcPXuz0YBkg6SUp95lPZv6Jo+2OIaVxCoWpiuoLp8YgtJgnZo4S9QVG2qi60sWCSf4acMRSg0hIA/pdcslogZc5LrsBOTINZCODE4mz7Bya42f+RfVfwPGT7Buz8MniW6kfT9cr3iuq+BQc6513sHhDHgZJgwdfP5x9XrwEtaBl41Db7ejGTrza9jtsHqkrD8j3Pf1XJDhACrTeB7Uqh68sjwc2giAc/2bInDayvnKFHqHaLFTUMAbCeMPOiEZSK4UaWrSMk5I5wDVu8Ya8nBostHlPOBT06gFxT13aEe3Ox3/ctBm/83BXhFfjEaYy6AbMhbp29nxUogVjMICs3FiHG3XBz7vsVxxcBvLXp1Bw3ml5Vd7ACKQPe+r1T54aIdYMoab8DhKPMqb/6TQwrhWD3je4wwOHzzQq9psE1hlB2lJsRnAsVAy9a7M5aBpj0v2pCPVjxjkGHqUUgN+w4hzPPf10A0dWiaXc3k8bWcwc1SlJwHvYxphyZEjNQAzXrAkUPcuy4+9c7LwniMdu5qoUL/oZPW5VHWgtrUO9IlAgduiEujrAW96zfz4jfM0UBqJHT58l/WHHmBM8bMsRDHTnc43uvdoU+VgjtTiFERBi+Xm5mXCqWd4d5Y5P8ozIwGho8UdLqmR9Y2nth1mrs//FIh9mZ7i7QQGHBzoR7ICRDX2ghK98J4RMfF2ph0I+nhWpoCq056xItoVZyAEWQSR4ptpAaKMX4Crd3hrK6tZmyvaTrk5IsNaf5hrS+Fw8uTYUAM+3E6kb1TJwFvUH1plkwU83iBRlboRO5d1ahESp5nifZIVz+KBStLjUVWfXnelPCkH55LVnobgk0zekoEeNLKq+Q5wOBmR28rYXVp/q+FNCgxEW+tXIswmC72jbsDxM/oMHBQnYsmEy5dTxU2X/IzmrZfWod07fRblkWRplzLGyEjsY7CquHlG119LuHcWFOUGxYm3bgn1pGnIV3cBLvbInEAPK0apqSXMBSJw0mk/ihtdx8ANidMn8nhkHVjo/Bo9orH3tJdw8l7x+Cei347CkiQZz21jHvL1qcV/EAAxBnT4c5WtOljo13ntk8RiARdye4hcUXpORIUhH8zq88RNquOkF5QjV8C/u2EaUhQYqy3Xts49v7S9I8LLzjrrfY/IDQVqlJsAgkNuwvheTlya5JoeTasscLfLt3iJ7LsbzWWqQrfn3KQJp3H4Gxh/uqak/V5ROBahHQ4KpXzsDG++XLE0o7W4BFQbrBYV99mlGzB1blmX30C8S+b8n1u+oMXfH8oY20Jm5UQcV5/JNK8WG69ihonRDXdX7fy2WGzylql2hj+3aoYYdYpFAeHVLNzj9vAIxPHzvK0JmwdynsFLo4Hpyn7KN+6L3MSACjAOc3SxY20XxjmqJSWVEM0tq4Zbe/VdhOF1L4pyIBMKQC2XwrWyturTboh86qAfyxtYzEQXGLzz585nVnwj9PLmXQw98M8JWwsFq58ZsOdQZKhN3e0aSY2opSigmXQ9ZJeCF+6KbwElOSz4pDfkZIXqZc+LCzEl5IO1CxLWCTIIfN3Gx60W3vz8QohydoCBt2FLHH3lBiAEitWxYQhsfdlFExQa1/+0WSk3wK5dEA7SPaBWKq+xtPR0yUmuT/JN4VPX+hqqkVHigk8+XfqE/H1as9JbYo92N6xBd2ZrNzhFIkMykUOT+0etVtyOdXLkxdV9lwaBX9ARPHJV7g35e52UspX335aLGE0GtCaIbHRwJuENCIixo7sbdmB9i9xSTeg+7RBQAWpuR7O6firAEKWOGBaYzDUBnqt++Q2wUuMnQBJE/9bh,iv:3FuXEQxbTvbdnBnwPxF+T8QZvQoWX/WXx3lpDBXML1k=,tag:g1Y4qY+XoSA6K/LCKbllOw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,8 +16,8 @@ sops:
QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas
ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g== ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T20:01:04Z" lastmodified: "2024-07-05T18:26:01Z"
mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str] mac: ENC[AES256_GCM,data:sLVSN3FGbK5KorwoSzX4GwGPvGKgOR7g1g+RdLAVX4KjAeORaeSz5S84HjLYKehRUfdGjoJ+9hwF6hxWTpilUNqcg2GQFEJFVSmlGtzi6MGAy19qKPKfTPb4r+PD+BC+EnlAkq4t3sUhPLRL2Cb1IJ7wbg7QM5xXTBkRz8vscW8=,iv:XhIHzFrnsbLd6VxJfgqQoksvx/cWNRAPZkDqCwVwcEY=,tag:JY6F5JjRsh2IHiBjIH0BrA==,type:str]
pgp: pgp:
- created_at: "2024-03-23T05:49:12Z" - created_at: "2024-03-23T05:49:12Z"
enc: |- enc: |-