oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki: move gitea postgres password to sops

This commit is contained in:
Oystein Kristoffer Tveit 2023-03-08 15:59:50 +01:00
parent a82a3f95c0
commit 5e2a5a939b
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/tsuki/services/gitea/default.nix
View File

@ -13,6 +13,12 @@
packages = with unstable-pkgs; [ gitea ]; packages = with unstable-pkgs; [ gitea ];
}; };
sops.secrets."postgres/gitea" = rec {
restartUnits = [ "gitea.service" ];
owner = config.services.gitea.user;
group = config.users.users.${owner}.group;
};
services.gitea = { services.gitea = {
enable = true; enable = true;
user = "git"; user = "git";
@ -32,7 +38,7 @@
database = { database = {
type = "postgres"; type = "postgres";
user = "gitea"; user = "gitea";
passwordFile = secrets.keys.postgres.gitea; passwordFile = config.sops.secrets."postgres/gitea".path;
createDatabase = false; createDatabase = false;
}; };

6
secrets/default.yaml
View File

@ -7,6 +7,8 @@ cloudflare:
drives: drives:
cirno: cirno:
credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str] credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str]
postgres:
gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -22,8 +24,8 @@ sops:
UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg== rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-08T13:59:50Z" lastmodified: "2023-03-08T14:35:20Z"
mac: ENC[AES256_GCM,data:NQdwXLJAd7eRGZ7wM/nO7DJWaqf8wJWw2X3fcc2NViZbmKToJjezmizU+23k5wcqp5kdSM/wfiu2SQn9fRiZ7aYMjTxsmXncUy6jmh4xSf7L7pVSEKMuzOCDifrhaok0U7Lc0F+1Q5I1IPrWVtEGKRMWBYo8vLAD6z47BWXiQ10=,iv:MKu+k8wN0ywXwhzrG/WYAk/aQv0C3N/Er7IKvQeKEY4=,tag:l6Jk3HH1K5ZgKGzLnB34Xg==,type:str] mac: ENC[AES256_GCM,data:V3LhoWRReZkj16s7/90zvS4GaAXDf7gY3qKGAoYRKPKrbBVDHS3Z6Vd+HZVTNcGZ0gfsJUeI8PXP2CnevN06/NKSIgyGP/8fDYSXCr2Qs3ccOnsWArAT6v83+xFxESIhlC9ww5plbAqCXPfUEHTg3SX7wa3vOQagOBjphKtPYD8=,iv:fYbmMGwbaMpyV7i8/rSTyOdK2TS0u4/0MUAPFZBV4E8=,tag:OIimZjzn6rvuweZVEmsnvw==,type:str]
pgp: pgp:
- created_at: "2023-03-07T12:32:53Z" - created_at: "2023-03-07T12:32:53Z"
enc: | enc: |