Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 7 Actions Wiki Activity

kommode/gitea: declarative pubkey
Some checks failed
Eval nix flake / evals (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-22 15:35:54 +09:00
parent 4f24217bef
commit cedaf2a517
2 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/kommode/services/gitea/gpg.nix
View File

@@ -4,11 +4,18 @@ let
GNUPGHOME = "${config.users.users.gitea.home}/gnupg"; GNUPGHOME = "${config.users.users.gitea.home}/gnupg";
in in
{ {
sops.secrets."gitea/gpg-signing-key" = { sops.secrets = {
"gitea/gpg-signing-key-public" = {
owner = cfg.user; owner = cfg.user;
inherit (cfg) group; inherit (cfg) group;
restartUnits = [ "gitea.service" ]; restartUnits = [ "gitea.service" ];
}; };
"gitea/gpg-signing-key-private" = {
owner = cfg.user;
inherit (cfg) group;
restartUnits = [ "gitea.service" ];
};
};
systemd.services.gitea.environment = { inherit GNUPGHOME; }; systemd.services.gitea.environment = { inherit GNUPGHOME; };
@@ -26,7 +33,8 @@ in
PrivateNetwork = true; PrivateNetwork = true;
}; };
script = '' script = ''
${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key".path} ${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key-public".path}
${lib.getExe pkgs.gnupg} --import ${config.sops.secrets."gitea/gpg-signing-key-private".path}
''; '';
}; };
@@ -35,5 +43,6 @@ in
SIGNING_NAME = "PVV Git"; SIGNING_NAME = "PVV Git";
SIGNING_EMAIL = "gitea@git.pvv.ntnu.no"; SIGNING_EMAIL = "gitea@git.pvv.ntnu.no";
INITIAL_COMMIT = "always"; INITIAL_COMMIT = "always";
WIKI = "always";
}; };
} }

7
secrets/kommode/kommode.yaml
View File

@@ -5,7 +5,8 @@ gitea:
database: ENC[AES256_GCM,data:nDZqnSBKijyhslBjhSu9weqLVJzUiBD8Ltu/nmllicadraeISylyEk3pOA==,iv:XFzM1pGv98jehdgvlZN217LrsK8TcAMFK5eDrPi2bm0=,tag:+YpXqMmvMTrnt7cDK/Sa7A==,type:str] database: ENC[AES256_GCM,data:nDZqnSBKijyhslBjhSu9weqLVJzUiBD8Ltu/nmllicadraeISylyEk3pOA==,iv:XFzM1pGv98jehdgvlZN217LrsK8TcAMFK5eDrPi2bm0=,tag:+YpXqMmvMTrnt7cDK/Sa7A==,type:str]
email-password: ENC[AES256_GCM,data:tasMZ2Zu449o/mH6uSSPM7cFOlBg4vC+,iv:lDNMvXh5P3HNy9pW6nBsSLCyij/3HiSRunVuLeKAmbI=,tag:ApqGWYE9MSE8m6iYLK6Yww==,type:str] email-password: ENC[AES256_GCM,data:tasMZ2Zu449o/mH6uSSPM7cFOlBg4vC+,iv:lDNMvXh5P3HNy9pW6nBsSLCyij/3HiSRunVuLeKAmbI=,tag:ApqGWYE9MSE8m6iYLK6Yww==,type:str]
passwd-ssh-key: ENC[AES256_GCM,data:VOp8vqVoX9IFJhzpKy0J+AzyX3TvxEIBvv3dXpD1f8szmUyPwd4gDOlaFpqTSDu8ebmK3m/D0FMTkfBkPVhUG6XTPo7YIV37gLhfsBF6CuwCMXxTQAd23nfpwJKcDIn3R5h8Mu4MMme2Ev/4PNDztktmIYv3KoEbPglzBMS4LrZqJsDilvIYKEIDUExhSAkESKQZiIzK1TdtWDQSUzvUZ3OsbxONZgaTw5e+xz3qk/q+IR5eRNp9fpeZQ8EkpC7aa/JDIwxzNIuMFi8W9PWh6ANmAOm6GK7JSKiHYQL8GofVifhUGUanAnjgDTYkIWpDiSsuHjfDPGupFCeONNd+Wd4NpJZsej3p9ldLOVxa01Le2tIVYY80jUWT0dpV9IJ5syp4gVaky5Vk6i2QhvjunDoEUnArSRGyMTxWfxAxZLvbLYMNAJDoWzy25vf3jteNB43lVHckEW1F8w/RtzoKzbjKYiANHg+eNLVq0HK67gX2twpblNN4OBt9d03ZbV2lZjTMXGzJXHGFT5ZPDwTkxcDooNvoRuCMe8t8dpuksHFaIp4=,iv:3sgiIgGD9pmCMLVRk0Q8+7GZajYIWsokDUx9JuNrO2c=,tag:WDXyNYtqjdAMePEsnA0hbw==,type:str] passwd-ssh-key: ENC[AES256_GCM,data:VOp8vqVoX9IFJhzpKy0J+AzyX3TvxEIBvv3dXpD1f8szmUyPwd4gDOlaFpqTSDu8ebmK3m/D0FMTkfBkPVhUG6XTPo7YIV37gLhfsBF6CuwCMXxTQAd23nfpwJKcDIn3R5h8Mu4MMme2Ev/4PNDztktmIYv3KoEbPglzBMS4LrZqJsDilvIYKEIDUExhSAkESKQZiIzK1TdtWDQSUzvUZ3OsbxONZgaTw5e+xz3qk/q+IR5eRNp9fpeZQ8EkpC7aa/JDIwxzNIuMFi8W9PWh6ANmAOm6GK7JSKiHYQL8GofVifhUGUanAnjgDTYkIWpDiSsuHjfDPGupFCeONNd+Wd4NpJZsej3p9ldLOVxa01Le2tIVYY80jUWT0dpV9IJ5syp4gVaky5Vk6i2QhvjunDoEUnArSRGyMTxWfxAxZLvbLYMNAJDoWzy25vf3jteNB43lVHckEW1F8w/RtzoKzbjKYiANHg+eNLVq0HK67gX2twpblNN4OBt9d03ZbV2lZjTMXGzJXHGFT5ZPDwTkxcDooNvoRuCMe8t8dpuksHFaIp4=,iv:3sgiIgGD9pmCMLVRk0Q8+7GZajYIWsokDUx9JuNrO2c=,tag:WDXyNYtqjdAMePEsnA0hbw==,type:str]
gpg-signing-key: ENC[AES256_GCM,data:oFB70dl4UEPWxJpguA7FFDhswlKYX1jykyNriD3hBTDlm4ZzQXddQutDb5wjWy+7agPTVj8zP+itALOyUqu4VKyaVsRk6teb96nXMTyPTA6KkIL7FpYd64qOy55M+1GjbkfQEmIzCXGDPoSJDSkC+scIZLZ1LNBcna/ZJVZB+QgrwEK+S8JgQ3I0cg1DsoeS1uouqPH7rvPirCXCnwE6ojjGcPzABHuQrcVL/SJjbUyUrJ/1y4cTolr8lttQHGnirT2XuwpC8SZxxC5Ly1HrY47cXGUThCnM/gzwKwPKrpBw1/xwthK5oUXvmTiXCfvYmpxUowvK+wjGX1X25lDPbsErL2MMkFBVPnXhano2cR7L4DutbJsSo/uaSsQ9MROAoI4ALjZ5S+4eFIyLdPGBimIAybLKY7SsIRrA+tCwzK8I0P9SjBovkSuUmN7ZCQDhcaT9MLbxOkwH5IAry/46ccVsKXie66SkqfRcRTHR0/vP4bJBkrgL7xzC1fqPr/nnzRkA+plgrrvsUQuTyv0IyZw41KI4uP9Xrq40SryM/VCJPTLpyFu7SL2XK9ZoSb1i2FtCwxMdcP8TWZO5eLGzyiCzoTBvKHKVYIH/YXV7JnpnvNN1LA/wayoTu0pOqrj+wNsBHo4GnBlUADXhSukogOCX2Au9IpiWp/WJKvHh/CPwLQFpUlseRjUtupovtxnBRIUAqSNneANePmFHWsdCOU+c7+Vlido+KCJFSLp+iva2M9BbuqwWnMo5yDP5q8n3k9o8ukeGpeW1hfGw5tc3KRO24cRzzj7/kLFPf91CMjnQ3T8z9LNfaHicdD0oy4nGYrwL4zYzqwvPxbLUPlBwyNEJxu3QAQUEASETCbAJgka/3oKbhzL4OeR2tXih2oXRtKdn99OC3le6qrdyyGoo9+eYPMeB6FhvD70F/DtzceMvQ+ikR0dUUUyippzFSjqGsXuhKtebLAe+WNtjX5DqsjjVEhCnxbrqYYWuj4NO6fLWq4RYslodSPAFrtZHMugU0jZyJztOfA/9CSW3Io9vCWE12u95wYqQb2A3Th3J527yea8kDFedtiW8dW4eOwz4yOF7JWNBHqZEkH1LZ2XfeC/aLSA/6wECUiMkMTJQYoL3mzgmqQFyNBL8VpG+v6/67bDrJHlXykHqFFbQc0p+ma+vUJB4JYvS6/Ac4n/1dcLHjNrmaoF+sW7E,iv:HhRB2ODgBiULoiF4L9TsDzF/fJlGPTGC64DSl/bCw9U=,tag:XF5pRyYrSUO5GqObtpxnfw==,type:str] gpg-signing-key-public: ENC[AES256_GCM,data:WgEr+ehNJa9ivlPYnsTD2772MUmsu3uvGtuwn2htqHtNxJwNG6rlnAWr1zG5D69A3G01u61mWCxLYETzjg6GsLW3rKadzUSP934kl5VQMISW2iW3XDaPLpO8dPfk2IaT4oXpui0zk0z+Viy87yl/p6JVLJ2HHFTwh7QTl+gZj8JXF5zpst8Y1op+JuBlePCUgBIE4YCF/m1kKuCDEUnZ5b4QKrogOtlN8AXwIKgrEADGgufXee5B+mg/KYBfX3/JB6evfz3rAn3gLyT8nO9T8V7RJjVeastHw0tPEx7Ep12rQxZ7uOQ66n1D0WIYB5FgiqDoY9AJxMJi02roiW1d2bqvkKfikWnYkk8zkKPWzbLWkL/gaXR5wrvK4x5kLg3GUdNzGKLUrNOy/3QjCUOe4RDXBDPgvB+LNmoME9hGGhtPRBzAsM5n7HKCTRksDRHWnArP2JsNhxeUoJWp09lBIbQ6qoF5x9C/mcxdbfuzP8+PrWiTNbxb7ZWwfhc/NYzS2YYYBUdc30xJwqgPVtJdo2FHLwQFlLNnQzvSTL/ed11EGLaNDQ4ybLVymJE1NGdsqTxzhkh0bejIkl5AcYmuw7qdzjc4bKEokT7EixVNqzw9wohyLrOfaN1fSWt8hWgULkeYNbxUMAicLIyrrBxz0D88wrug6LzNhxAC28RRs4ALhFhXpYQKnr8ldLWgoDUq8uefnWiRCiXPBB6u8BhzwTUR68lbjXjZDTUOLEubdBavRtHsWF2sy7nex8oVcMuD5+YGb+coEB4Js/QhcBSf/ewWFMmg/UIGfCkIpzpsbRTJZtHIgI7eQ8RQ0zRFlNPDeQ0Us05Qza8YcGEtIwyZgc7rJXZ2+6VtQrGuCkOAHiZzlkauDD0RZkB+oAI9RW3HoW0HdfXNwLAlHldNEMNkl2lf5fYNfZIXv6GbHXVnhGo13K8arLMqo6o5DUO3f57PWUk821kNaw5vr6dMb92rx0k0yNp1kxAug8JWYWmUcBypJHNEHTvNiMDO45HwS1C7e670NB8c2MWE2akimbSZTWF1U3RiSAD3MRUjMnT4yvpumhJlKlC9tRsKmE5WapCvwNxwIkGhFV2c0rml+8wBae0Y9CxVGWVwDnJc,iv:LpQufJB8jurx+2b1zvMd87z+byT3kKCITN0PQlW6yE4=,tag:K9tdQyFwbmk8J/6yHz27lQ==,type:str]
gpg-signing-key-private: ENC[AES256_GCM,data:WoFK9E4vCkQ68WTgSrmTwf3qaDfpjd/MVi1wSEiwJLqtWvm6BhWzTD+LQlgqrqZkSbX7bEcRwY2XT2DDLqK32xA8NgmOFinf3Xj3XsVTxTUWB7QoEksl1FVtrzTiJV+5Ztk/irhRnyCBnWSl6dHallY9RxbPVRMdgFzYP09FKhgJ90nmTtbfRzTO+jVsUp886kRwrJhitjie+nJlNrZwdh7YtqazJrmggPs6Z8cF/GkQrpSZpVHPGh6uNWRyxf50R8dcjLTHOHgVMuPo8UHX2w4lSGmEfNVa6VKKiZg86laTr998H1oUzC00erII5RENDb+PulVe3Gy8aSxd+swybM+3QTSGg/2q6hk2rS/uDQ8nDN80xKqho9T5IDqSbVamS9X5n/adY2wDoJMwlF7oha6mrmaUiGaWVoRkhw0YpwH4xY9US5O5BfUgJ+NAAo4U+YQGAJvQkO1txkFifv/lLptRRexvfRQJ5nNP0Dn0Yvolz/Xwx78IykWIHzv1mx3odKc8wDDKfzPEA9Y3KgiSHb8B3CL4XQqcW0ADAO1gfeLRBWTy0wtrgoYKdLW+eNTjy/WW5qWf81CrrjDb0hDwRQRaO0elCjS3tg1FYQYfyc2dg0XPANhCACbBajP9l6MShzpj9+0WWBTrc1e+bKy42FiteYk42f3oI5k9EGsYqlpyTCUyk0Iezwskl5ui/3Jce9G8BhpWH5YQpIg8iXiKkLwaAMDgfrZe5I8ad44L798LVZM+0kXjBW1pbt6ok2PkhQh75sDKubiNKFGVyR70QguQyAfr1FKGC2W351OzX/2CMJ2426/M2IXBfaXxZLDjlMN1KMhwGAGQOPRv8EqZABvPUUP8fIDhUhtAn0AhLs7cga1Xoz0DmY2x+0aVvfYjZIPzrrJA1LIJtTFvJzUltpf6e3UWX+r6MoDfpp4vNLi2x3mDWM8sC75Ouv4jKL2o3VA3C0EuIUK8L/aDh+V53L0Yvc0AZxv+eV3cZjveEgcwSBhv6hXpZYYOHrAOSrHQFns5jUqxZcGMWGDOtl/tmKW9cRuxeSHKB9bNHoJWtMDX2ojcU0l4APCFeM2RRXFSohJRS/0lDgWz0JwI9xXkqDfdB8r7WS0cLKxcHmAxF+d9+qoJRwMc5AVIRFfH8NyDhS5ngFJgeVE1ae0ng6nIauxwjpmtjdWl7a2XOKAtbh+jwHe0OqlG20/i,iv:D7QmF6bx/r9JX2S1Tb8IpDqX/yD3deNPqqNHXJHrhqs=,tag:NSEP9RCcaZBgbaRnmR/p7g==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str] ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str]
import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str] import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str]
secret-key: ENC[AES256_GCM,data:YqwSJazPqz1OOsUVIPKsGvIHbX7SyJqryan1KWSRGRJkt9yZlaiRtQG/mQugAM6IvLFD3pj+gPTcXyqenaAQKA==,iv:nyPnL7wuhpb0kl0tm1JhOHmF7KI9vVcTN1SRGTgD2o8=,tag:Rt/IPC/YtBcmTx5osGlbBg==,type:str] secret-key: ENC[AES256_GCM,data:YqwSJazPqz1OOsUVIPKsGvIHbX7SyJqryan1KWSRGRJkt9yZlaiRtQG/mQugAM6IvLFD3pj+gPTcXyqenaAQKA==,iv:nyPnL7wuhpb0kl0tm1JhOHmF7KI9vVcTN1SRGTgD2o8=,tag:Rt/IPC/YtBcmTx5osGlbBg==,type:str]
@@ -67,8 +68,8 @@ sops:
ZWRCSXpESTNpbnQzU3A3VG1xSE1BeXcKDr35W9phmGfEQtNb7V/f+g4GIcbk/klU ZWRCSXpESTNpbnQzU3A3VG1xSE1BeXcKDr35W9phmGfEQtNb7V/f+g4GIcbk/klU
+1EJsJ+jK1qCSDgO7omQge5Jx1XqSAg8H+21fnHA4JLhfIeZbntBTQ== +1EJsJ+jK1qCSDgO7omQge5Jx1XqSAg8H+21fnHA4JLhfIeZbntBTQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-22T06:04:12Z" lastmodified: "2025-12-22T06:35:29Z"
mac: ENC[AES256_GCM,data:7gduHeCIshMKc0JCUX7uyiIhN1F1Sis+DxvT05aX4gXLOjmxeUIdZ9Th6CdWE21OFviGrFlJSbx3URCjm7+SJlzmyqEHNatWWdCpP5msz9Q9bQZDVJWSq2qRV9zz7aka4bS7iHPztUfCfHwGtO0XnmIMZUy4h8VDiN6OJi/4FcM=,iv:Jx8AThdc3K5srWE/jdz3xOooVjWM8WEINIs1/PLcefk=,tag:dJ/ZkP5FP4/T6QqvpRccWA==,type:str] mac: ENC[AES256_GCM,data:Tvj7CzTOFGTMJyNMTjx4XTmrBGBTkOKb2kIHNEtvhCfc5fSbAjzl/keONaq6LGMhyc83jp0XZpM22vN8d+TqTsUiFGwlXIEJ9aa2N/IFlixd/FGRIZUihQj65Uctbk1x5y0LHUDl53aUa/FFEeuF7aPlUB70Q2SiLME1ATtG9+0=,iv:b0Fp4fQUzhgmSKH7caegMXbstWkj2by/8ABQXUJjdIQ=,tag:uzkkvggilx6KWaeMhYRBEQ==,type:str]
pgp: pgp:
- created_at: "2025-12-01T10:58:24Z" - created_at: "2025-12-01T10:58:24Z"
enc: |- enc: |-