moved nginx secret to sops and basicAuthFile
This commit is contained in:
parent
564e04229b
commit
0903e94482
|
@ -1,5 +0,0 @@
|
|||
gitserver with gitea
|
||||
webserver with homepage
|
||||
|
||||
webserver implementation is in works
|
||||
thinking of doing something like
|
|
@ -14,10 +14,10 @@
|
|||
sops.validateSopsFiles = false;
|
||||
# This will automatically import SSH keys as age keys
|
||||
sops.age.sshKeyPaths = [
|
||||
"/etc/ssh/nixos"
|
||||
#"/$HOME/.ssh/nixos"
|
||||
#"/home/gunalx/.ssh/nixos"
|
||||
];
|
||||
"/etc/ssh/nixos"
|
||||
#"/$HOME/.ssh/nixos"
|
||||
#"/home/gunalx/.ssh/nixos"
|
||||
];
|
||||
# This is using an age key that is expected to already be in the filesystem
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
# This will generate a new key if the key specified above does not exist
|
||||
|
@ -26,5 +26,6 @@
|
|||
# This is the actual specification of the secrets.
|
||||
#sops.secrets."myservice/my_subdir/my_secret" = {};
|
||||
sops.secrets."acme/certs" = { };
|
||||
sops.secrets."nginx/defaultpass" = { };
|
||||
|
||||
}
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
#ENC[AES256_GCM,data:whBqc+AeZpCDo/caKJQm3Wan3RiAvQwQ0v4fgmdZhMTu+5QeTTqb1L1M6ZUnNnQS1tc9wjaWfXby/2T0zLDM+Yl3yuHSfK1rkBbC4GwL83tSM4lbDE7+spSKxb2VrOZqozKpL6zQnWJB0COJfC5KqlHJCiM=,iv:M1KPhEQS/l4OFwAClqr7L2Jf73/tkpBBmXEPjGI7faU=,tag:A5x4nCDbnOLplGh7xqdN2Q==,type:comment]
|
||||
acme:
|
||||
certs: ENC[AES256_GCM,data:glU5Kl4wiChxuQJq2ppCP4sJlutJkK1RgV0FloMNe/W8rV/mHcg8FcffotNYVZw87mqWz3N4jMgMVwnmXU0uObhV+W6L0mMb9U7akhXIuJQfiwaTeHZV48DPzDBzIDHUrsPZfxm6vfBlJltk9dH/43lytyMJqSeV3nWW4rA=,iv:Nz2pDdPdVbZK6BuYJrPcZ/LnnruvuMlhMJeowUPADj0=,tag:YNtlgq04iJxnZL76ESsQaQ==,type:str]
|
||||
nginx:
|
||||
defaultpass: ENC[AES256_GCM,data:z1z1u7ujZzOdESyWbpQMNnxO2dgadgwt3dg+xNB5tTnWQpHqCb0y/fJs1TUAbp9oCKYeR/QUVuL34WUeuRQkW0jL6EvPYgE=,iv:O8Mc23CWZwkgjPOwj8YfQqbs1gujnd/ekkDmal2iGNw=,tag:UX2CNlxHDwKsSPbwa0HePQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -17,8 +19,8 @@ sops:
|
|||
Vmg2SkZBdjFYM1MzdVhmRVVNYjg3MlkKPbXkDdChq+GqqZuwQ2rj5LIP1gA44Qxn
|
||||
gI66sDKkBwkAx7EkvUejGXK4pqPPvRwDUZFoSowIOSGaxF7CKdayBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-24T01:30:23Z"
|
||||
mac: ENC[AES256_GCM,data:4ji9jVU4oILYTr3Hfd3Ic1XsxFrOnKTyTY88p9WCO8SaWDqzu2e/W3O8tiMgeZChTLLi0pK6t2hUgLI9XAQFQswMi56Ues1XdR+a8SsQmsMb0oGDzd6/Nhe39G0Q9raAy0XC+j9lBapOgKPKLGlDXRlllA050nFkTWEhKCQJmg8=,iv:FPYTaoDZjsbu6Oc0qu35jHq/AUhbfbnirutmcKDuUG8=,tag:JeQB+Fs2WOdlV7XoBFi3ag==,type:str]
|
||||
lastmodified: "2023-12-10T00:13:23Z"
|
||||
mac: ENC[AES256_GCM,data:hr9fOX7cVLYHOqBppCWf2+YqJt7UMdGNRfAhlNSH4ZWCEwzQhrZcbZ8C/Ge4zkfQS6nQNYZIMulxv4oZjZdeX7B0Km92CRxmZ9nmk3TFtykivTmJgkHqMsWIS+aqtgBilrP2EstUoiQfEvDECwIKyCUu29C7iRxdpt5lEIDUT1M=,iv:cES0q8aRkt0OkkJj12ko7liqxYBaxXAQMtfPpxTQliU=,tag:7KyV+WmjUjTu6ari5Yza4A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
basicAuthUser = "guest";
|
||||
basicAuthPass = "";
|
||||
in
|
||||
{
|
||||
|
||||
#acme and certs helpful blog https://carjorvaz.com/posts/
|
||||
|
@ -47,9 +43,7 @@ in
|
|||
proxyWebsockets = true;
|
||||
proxyPass = "http://100.104.182.48";
|
||||
};
|
||||
basicAuth = {
|
||||
guest = basicAuthPass;
|
||||
};
|
||||
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
|
||||
};
|
||||
|
||||
virtualHosts.${"funn-nas.lauterer.it"} = {
|
||||
|
@ -59,9 +53,7 @@ in
|
|||
proxyWebsockets = true;
|
||||
proxyPass = "https://100.104.182.48:30044";
|
||||
};
|
||||
basicAuth = {
|
||||
guest = basicAuthPass;
|
||||
};
|
||||
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
|
||||
};
|
||||
|
||||
# virtualHosts.${"vpn."+config.networking.domain} = {
|
||||
|
@ -90,9 +82,7 @@ in
|
|||
# locations."/" = {
|
||||
# proxyPass = "http://jellyfin.galadriel";
|
||||
# proxyWebsockets = true;
|
||||
# basicAuth = {
|
||||
# guest = basicAuthPass;
|
||||
# };
|
||||
# basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
|
||||
# };
|
||||
# };
|
||||
};
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
# Arion works with Docker, but for NixOS-based containers, you need Podman
|
||||
# since NixOS 21.05.
|
||||
virtualisation.docker.enable = false;
|
||||
virtualisation.podman.enable = true;
|
||||
virtualisation.podman.dockerSocket.enable = true;
|
||||
virtualisation.podman.defaultNetwork.dnsname.enable = true;
|
||||
|
||||
# Use your username instead of `myuser`
|
||||
users.extraUsers.gunalx.extraGroups = ["podman"];
|
||||
}
|
Loading…
Reference in New Issue