From ce8ddd137dee9018fe250f5d8cfaa0867571b307 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 23 Dec 2025 22:02:42 -0500 Subject: [PATCH] update sops config --- systems/palatine-hill/docker/arr.nix | 21 +++++++++++++++++++-- systems/palatine-hill/secrets.yaml | 10 ++++++++-- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/systems/palatine-hill/docker/arr.nix b/systems/palatine-hill/docker/arr.nix index 6d1958d..30f0a01 100644 --- a/systems/palatine-hill/docker/arr.nix +++ b/systems/palatine-hill/docker/arr.nix @@ -61,6 +61,9 @@ in POSTGRES_PASSWORD = "SOPS_ONLY"; POSTGRES_PORT = toString config.services.postgresql.settings.port; }; + environmentFiles = [ + config.sops.secrets."docker/bazarr".path + ]; volumes = [ "${vars.primary_docker}/bazarr:/config" "${vars.primary_plex_storage}/data:/data" @@ -82,6 +85,9 @@ in TZ = "America/New_York"; } // arr_postgres_config "prowlarr"; + environmentFiles = [ + config.sops.secrets."docker/prowlarr".path + ]; extraOptions = [ "--network=arrnet" ]; volumes = [ "${vars.primary_docker}/prowlarr:/config" ]; autoStart = true; @@ -97,6 +103,9 @@ in TZ = "America/New_York"; } // arr_postgres_config "radarr"; + environmentFiles = [ + config.sops.secrets."docker/radarr".path + ]; volumes = [ "${vars.primary_docker}/radarr:/config" "${vars.primary_plex_storage}/data:/data" @@ -115,6 +124,9 @@ in TZ = "America/New_York"; } // arr_postgres_config "sonarr"; + environmentFiles = [ + config.sops.secrets."docker/sonarr".path + ]; volumes = [ "${vars.primary_docker}/sonarr:/config" "${vars.primary_plex_storage}/data:/data" @@ -133,6 +145,9 @@ in TZ = "America/New_York"; } // arr_postgres_config "lidarr"; + environmentFiles = [ + config.sops.secrets."docker/lidarr".path + ]; volumes = [ "${vars.primary_docker}/lidarr:/config" "${vars.primary_plex_storage}/data:/data" @@ -163,8 +178,7 @@ in hostname = "notifiarr"; environment = { TZ = "America/New_York"; - } - // arr_postgres_config "notifiarr"; + }; environmentFiles = [ config.sops.secrets."docker/notifiarr".path ]; volumes = [ "${vars.primary_docker}/notifiarr:/config" @@ -187,6 +201,9 @@ in DB_USER = "SOPS_ONLY"; DB_PASS = "SOPS_ONLY"; }; + environmentFiles = [ + config.sops.secrets."docker/jellyseerr".path + ]; volumes = [ "${vars.primary_docker}/overseerr:/config" ]; # TODO: remove ports later since this is going through web extraOptions = [ diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 72c66c3..79eb639 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -26,6 +26,12 @@ docker: delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str] protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str] notifiarr: ENC[AES256_GCM,data:XxVEhp4Rei6mRcdSSooRnofuVNZDalVhDYiVUmvQUr8QihrVRMKRE9Kpl5PGWUBw,iv:urMLaUf3XUjMks2vk0E7iRUU3mLHBiMAiwtQgmWQq20=,tag:dHdTOyC/ukd71UlYEI5fWw==,type:str] + bazarr: ENC[AES256_GCM,data:x+JdRCl3x3OM3lWmgcWikJSEnh5c5He5HmuLzCGAQ8zUXMi2Z3Kf6LzL+aoqtCBu3rabYZmQSLBoDm9CPkk=,iv:7e+3w46RUD2/OSlwrEe7BRxUqPPdt5+obIjQA8pr3xY=,tag:rHSijp/tcf/SGp5y4kJ0cw==,type:str] + prowlarr: ENC[AES256_GCM,data:AyOaj1nYCxeycBgp5sfNKz3A158FuXVg0DCoLrOE9YnUIAjo+5PW9HMdpCEiK0OfgoMPcUZNZowLYYY0goxwC+4+tB87TnBz2YpXTX8L7YO2JA+g7hA=,iv:IaZxKl5ypdIQ4f4SAHQtaUC20lbYL1b7mptu/FVB6k4=,tag:A9eQI9gG7wkSEPt6Mdg3Zw==,type:str] + radarr: ENC[AES256_GCM,data:vqjqRsDjFm30yMrzWsWC6prYSEUQ+4v0hlDqJ6FS39hNFaGtGAsulUWv9MAJ11xI9CLsjjQUtpQ5KlRkYlHo5FnzeXCpK05ewkhYyqa7NKE=,iv:sKdxA5AtxpFpuiUYpz3NW2Fjc+ZKFmiJqibdQ3P6pVg=,tag:tDlJpApk4g6SYFzyn8Z/HA==,type:str] + sonarr: ENC[AES256_GCM,data:IooG9LDXpdbQcknriSdowPwNv++yfj54mko49rtm4B8IVEV30B5o8iZhGXmSgpLsH9QtP/PmkuczjiiwlPI2QM5iRxpjUz2456a1hi61/uY=,iv:/PagjmFtJgkYKFPmZD5qI8DzdiuUIX8m0lapdZBXUus=,tag:Ppew0fepqgnhvTorwalhEw==,type:str] + lidarr: ENC[AES256_GCM,data:9YtVafa4/SQ78+DJ52emGyLHCWpJpnhc+2DwGBQ0uhFiee7ZRFy+O0kHPPyNly8sgP9UOZt+53D4sAv9S8hOCnJTAbHiNnzTbjQmZtnvgnc=,iv:dlF5wtcphEhg5jxb8YSIF9/2Vj1KY10Vza/OGK1jXRM=,tag:8qmdQjRv30VqRReOzr6UEA==,type:str] + jellyseer: ENC[AES256_GCM,data:oGZfjfTEXre24kmzKM7EZthY09yxENmVBkjZbYrniwnu8p0Te3tPHWAWt1KSJYy/hgc=,iv:IeJ5yUXjLEGVLyu3zVe7sUhaEEMdkwRtsRI3qHCYe/c=,tag:FLBW/YSUb6xRgkhhAG5eHQ==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] @@ -44,8 +50,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-08T03:05:16Z" - mac: ENC[AES256_GCM,data:gIw//fnDU/lE2rDP4890MjnQ2xp0I4fXwvSWrLC0kFjW1RMLzNCaRLlJzw5/khALH/IZgTrnRqTHF3zHZd+mlyqvC/vzkyBBVdWRRX6w5l9JhFDfe83r86tvsV9G/AOeRchDp1gGuBBNkRamSuCOj7QFc1l334e/jNdKDadhwgI=,iv:nrOQxvJBce5/NDvpowJX/AiIssQdNOStvjj/Lkutppk=,tag:MlRJxbG3laajsi5KHAxy5g==,type:str] + lastmodified: "2025-12-24T03:01:37Z" + mac: ENC[AES256_GCM,data:yFJcY8y9QXgADUog2iN+eig1KoDEcb5kZHCSaCzwIzTV1GecFsD9ht6+j7cWgV95pVGMbyOMxftEYDyyGsQOUlKxmNLcKIdLJpECpnUbIQFItSXbIok69UUPZMTU7PoMgChoC7VzCIoxve8r3vIKCNQNd+155kaAGDwzDTeHbgo=,iv:4elCVXrFZxC8rAsnXy56N/WUw0y5h/r/z9PrPqBnJx8=,tag:MwcExqwKCqNhz6cjT3MXuA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |-