Add nyastodon secrets
This commit is contained in:
parent
decd75c77d
commit
d6bdadef61
3 changed files with 70 additions and 0 deletions
|
@ -2,6 +2,7 @@ keys:
|
||||||
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
- &emily B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||||
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
||||||
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
|
||||||
|
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/services/dns-knot.yaml
|
- path_regex: secrets/services/dns-knot.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -39,3 +40,9 @@ creation_rules:
|
||||||
- *emily
|
- *emily
|
||||||
age:
|
age:
|
||||||
- *seras
|
- *seras
|
||||||
|
- path_regex: secrets/services/nyastodon.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *emily
|
||||||
|
age:
|
||||||
|
- *girldick
|
||||||
|
|
|
@ -1,4 +1,24 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
|
sops.secrets."services/nyastodon/extraEnvFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/secretKeyBaseFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/otpSecretFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
|
||||||
|
sopsFile = ../../secrets/services/nyastodon.yaml;
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nyastodon;
|
package = pkgs.nyastodon;
|
||||||
|
@ -6,5 +26,10 @@
|
||||||
configureNginx = true;
|
configureNginx = true;
|
||||||
smtp.fromAddress = "webmaster@girldick.gay";
|
smtp.fromAddress = "webmaster@girldick.gay";
|
||||||
streamingProcesses = 16;
|
streamingProcesses = 16;
|
||||||
|
extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
|
||||||
|
secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
|
||||||
|
otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
|
||||||
|
vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
|
||||||
|
vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
38
secrets/services/nyastodon.yaml
Normal file
38
secrets/services/nyastodon.yaml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
services:
|
||||||
|
nyastodon:
|
||||||
|
secretKeyBaseFile: ENC[AES256_GCM,data:VywfWY41tcM6zDCMlCLnOh5hRCkb3dLCmfDgcT0QoKTqlV2QqlutQMOAG4DA06HuIyext6DGOkvAsDGLIHb7SWblU6UaQgpoUCp+WpHqCc/fxzg9EsOy9ApF4ESCj/Fb+l55eRS7QlC7isU9zxWW5H9ccMxbmZcGePN8aGyZbaU=,iv:GHg1/Q64uuxFmbt9X/+WbmuHUVlXcK7fd0W+flYoxVs=,tag:8tlsSUXfyb67Cx4Eejmg9A==,type:str]
|
||||||
|
otpSecretFile: ENC[AES256_GCM,data:Gu0MAnP4E+oTNtVeqeKpI3RceCotoqo2kVKJXiCEUtw3Sm206nDIyfdcX7r7Ho+nlpwe05gYFYSb+ISgmz8p8bTxmAc2J/1fFnmC+6V/3d5sNP+a0KIdA0xVZ+HRTqe+N8X1n8n0FzbBvps5IZ4Y02Jvf7dK5QQyxj6H5fFzdhs=,iv:QrO78qm4jCBbdDPqoprVUHMM6XC9YTQ+U4zAnMVaHcM=,tag:HIzQUwsYi3i+SoDbbuaMUg==,type:str]
|
||||||
|
vapidPrivateKeyFile: ENC[AES256_GCM,data:YhT0xABuEa8VIlpzl1IAd5Jkni9xKBazF0EJssDfRfry7RHvrj5qyMkK17w=,iv:cfbspnityKGgGOohXcwGY6h8k2VbW35wa+Lzc/Z71mc=,tag:bK02soRkqcmkPKB/n2w/ug==,type:str]
|
||||||
|
vapidPublicKeyFile: ENC[AES256_GCM,data:CIv5x7oG4oJ13suTlMUEDnih26rQ6XhHFiyXz3kRjVkNiWFylLxRvpmCRvgogFQoH05MRTTm50qPK7GTFc0N/XMucGSS4bHpZFc/g/OJJAfjHWUixamK0w==,iv:Vo9txxYAY0YOmv23w94S7K0vh8QntCKiK7/VwA439P8=,tag:UtJmMFnnyYPgypDFBtgKjQ==,type:str]
|
||||||
|
extraEnvFile: ENC[AES256_GCM,data:kaMYIkHq7TluFww4SnQiVrEgm0+yIbXFucbMWRzdpq0KSrBD2Wim014KljfnGC6udMGApzhACHCRx0K5HtjxUW0dtoasQOregHZQL8peuvm8hWwsvAm4Y+uNY4zz6XU+2vZgUFLFWkJdRjWngc4Va2lLn0rGGV1GtGHUJrvCjNz931XGjVERaSqfBbcJ5YzrevIreixCqcqTPWm5VlpGYtzS3dQptqRb/fu/x3ewZIRUV0pwDCZC4x0PNTI7I2fEyWrNEqwaA/7gPIwu600PGYf5gIP+1UNLhbhdGJjCl6PKL2srNs8=,iv:3Dfw5FEGvHzvCIslTFAoy0Y6Vzp/KjT4sAJq7nWgBSs=,tag:CZmVCBJrxVyCvtV03qaP7A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUTdsY1F6bXFtNWcvTlEw
|
||||||
|
YVBSUHFKOFVaUTBBNDQ1YURrTDcyTkMrcndzClRZbkw1a2xzU2lwZDM3QVE5dFhs
|
||||||
|
ay8rYmt5QUFVTGpNVzJkTzlTOElSZVUKLS0tIGYwUDFKazhNcFZvNVEwT3R3K2FM
|
||||||
|
Y0RKVmdleHJBZ0lkNzNJbVc2UzY5dU0KEK8p4FnlZ5LRXl4LAYBnhKssxS5wVOzn
|
||||||
|
sK+T3B6sduuFsCDtKj8PslRHqhqUzKx9zHnmEzVdknz5lMu3VR8dig==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-08-14T18:02:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:M5jjc6EjOS07PEc36z5Bj5wKYcIILFH34AWgdQDWsST4xeyFl+I0nDBJNxfsHuh9j5DOiqVSQsgGVww5ldb491JC6CDwAbjU/vAU9qmncBU6QGH3li/iqUQgL5i6JRBwdiuaDG+MUG9uYuyJoQrFFY64ysKcZEu50Uz3ZFE4zzA=,iv:EIewnDy+oBC1x/TMLbF7qwrjvq/eRW6D5VXOpmWQUf0=,tag:E7OQfoVQFABZw6CrFpBb0g==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-08-14T17:48:29Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4D1GtNSlou/HkSAQdAjC0ApM8rgWrRJZNhQp67X7SsTM3bR6eG39MKdzyDIXYw
|
||||||
|
pXMhu4F75V2X22ptlUfvIyCZWk2Xo4O3DvyjjTPXPucvgKDq3sCrUZ5s7PzuSPkL
|
||||||
|
0l4BybEwUNioL8xs8+Mft6kFAXiXQX3f4Y5IYNi2L5uboDEASyXpmwE14FAITeIO
|
||||||
|
XAsG0U6WAh/GtOtaP4R7samvM67e4CSbijxM4FaITZa1K4LcmSeVGl3SgiSAuDj2
|
||||||
|
=KquB
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue