From 828cbc67c735843e6c3ff8b756b15e9a9cc65e8d Mon Sep 17 00:00:00 2001 From: Adrian G L Date: Sat, 24 Jan 2026 19:47:48 +0100 Subject: [PATCH] pangolin env --- modules/pangolin.nix | 9 ++++++++- secrets/secrets.yaml | 10 ++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/modules/pangolin.nix b/modules/pangolin.nix index a89a8a2..10ee3cd 100644 --- a/modules/pangolin.nix +++ b/modules/pangolin.nix @@ -5,6 +5,13 @@ ... }: { + + sops.secrets."pangolin/environmentFile" = { + restartUnits = [ "pangolin.service" ]; + owner = "pangolin"; + mode = "0755"; + }; + users.users.pangolin.extraGroups = [ "acme" ]; services.pangolin = { enable = true; @@ -15,7 +22,7 @@ dnsProvider = "domeneshop"; #settings - #environmentFile + environmentFile = config.sops.secrets."pangolin/environmentFile".path; #dataDir }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 56e324c..a1ab42f 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,9 +1,11 @@ #ENC[AES256_GCM,data:iFOJJlRLRz2m7NyHzPhgUg==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:ITcKcojB8Cpk5cICcxV/Hw==,type:comment] #ENC[AES256_GCM,data:kvu25CX2iZURTBGQXYZTkwT00EqhPNF/ORglzJCsDRthR9hwLomlCzsdDCCwBmbEYbUSnyup0/yt6kj5gUA1iTpoGLVJK1EMoAUm7H7Vl4V0XheizUyTUJdfQUzQQXONzB2kTlE2DHuIWKN5Bz8+LKqoDrI=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:yY+w4rJvDHLo93HgkcKahw==,type:comment] -acme: - certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str] github: api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str] +acme: + certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str] +pangolin: + environmentFile: ENC[AES256_GCM,data:vip6lNBhaH0891+RTphTwerEf7sw6smUVbWIP9KdgbrjRkIAbt/XbLk=,iv:1771tPsQQcjSIoSQxER1Yqi2vZPwg6gbj0VXvDHr7kk=,tag:Bd286kNRYgTXC+jtpVLYpA==,type:str] nginx: defaultpass: ENC[AES256_GCM,data:dJn/Q0jV83PgfFH2ODJO/nXGqew2TZG3ItudJZQ/eCo7Ek2IPlHHQq52bzaVYPqhxUsvXpLV9FgR3FQVOHyiUK3MBsLDNvCTzpnALSflnpj0nKqrXWg3YgEKfi+FdHQ1s0SFQqBOsEw+Xt6eWkNykrl9Jgq5UF7Bp4iC4jmDwQeAFIWaIsWK0117X4seBRQc5rxz1XYNsTaVTzp102I1QmrWLRHGjuvpT5jLVvNEoaU/imT+beAmQAnq5pFOMiEwd4q5FFUdy8XHi7CcT4fql92m2I61pgQbjnHwGklLZvRYO5gIKLwj7u19x8lnFBefDoAshuZOch8397T+vjTxVe0fsuZeLAtLXdPKwoF3L0jp4ffNmPq8H3BTnFwJ2NZo,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:Gt4yl0zK7vF3Is/g8cow0g==,type:str] qbittorrent: @@ -47,7 +49,7 @@ sops: TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-15T19:47:16Z" - mac: ENC[AES256_GCM,data:Hd/T2HMjhkREsDkRMSqL6u+NxvqVsUVg0LCx5Uv4UDCigSTI1spF7Yfpv1Or7mic65m1Gha4UySrDdyiWNl4Euqt5Lymzbbf7ZmwwT4XKtNxSXkQ7t4C7+WY77dfL813ovgHs6+l5EWszxhvfX2yUYcj9pb0qB1mH3yCUTHZ6bA=,iv:dk922L/ukuetOSR6HGVNFohhlRhTxmAvqAx1Uo4Jvjk=,tag:7TzxvSrhlcOUrwUhowbExg==,type:str] + lastmodified: "2026-01-24T18:45:44Z" + mac: ENC[AES256_GCM,data:MMLi9DX0EWFbde5rv6iALPYgHpbRRVcOWy4XI8Cs2SfuqKfYx0X9rEeKRs3xDEnFYNWopnqwKN5QLEd0QEXVjbvusl+XyN5Avh3I96zXNy0LD+zipv3nyXLFLvdfL8uxbSnFOcISeGf6d2Fl2Sw9x4HGRecZRDYGpFcMzHYLm3Y=,iv:PP4xr7ycKQMJYgDMbL5Ju6mYBYD/sy151MdPa+vEuNI=,tag:0IVF3jNv6K2AeaJXDaZ4/g==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0