{tsuki,dosei}: use sops templates for wstunnel
This commit is contained in:
parent
cf90dd577c
commit
967d92ae48
@ -7,11 +7,16 @@
|
|||||||
"services/networking/wstunnel.nix"
|
"services/networking/wstunnel.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
# NOTE: Contains
|
sops = {
|
||||||
# - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
|
secrets."wstunnel/http-upgrade-path-prefix" = {
|
||||||
# - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
|
sopsFile = ../../../secrets/common.yaml;
|
||||||
sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
|
};
|
||||||
sopsFile = ../../../secrets/common.yaml;
|
templates."wstunnel-environment.env".content = let
|
||||||
|
inherit (config.sops) placeholder;
|
||||||
|
in ''
|
||||||
|
WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
|
||||||
|
WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.wstunnel = {
|
services.wstunnel = {
|
||||||
@ -21,7 +26,7 @@
|
|||||||
localToRemote = [
|
localToRemote = [
|
||||||
"tcp://10022:localhost:22"
|
"tcp://10022:localhost:22"
|
||||||
];
|
];
|
||||||
environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
|
environmentFile = config.sops.templates."wstunnel-environment.env".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -7,11 +7,16 @@
|
|||||||
"services/networking/wstunnel.nix"
|
"services/networking/wstunnel.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
# NOTE: Contains
|
sops = {
|
||||||
# - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
|
secrets."wstunnel/http-upgrade-path-prefix" = {
|
||||||
# - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
|
sopsFile = ../../../secrets/common.yaml;
|
||||||
sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
|
};
|
||||||
sopsFile = ../../../secrets/common.yaml;
|
templates."wstunnel-environment.env".content = let
|
||||||
|
inherit (config.sops) placeholder;
|
||||||
|
in ''
|
||||||
|
WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
|
||||||
|
WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.wstunnel = {
|
services.wstunnel = {
|
||||||
@ -22,7 +27,7 @@
|
|||||||
port = 8789;
|
port = 8789;
|
||||||
};
|
};
|
||||||
enableHTTPS = false;
|
enableHTTPS = false;
|
||||||
environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
|
environmentFile = config.sops.templates."wstunnel-environment.env".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
nix:
|
nix:
|
||||||
access-tokens: ENC[AES256_GCM,data:LqviV34jmMPif7jLiVJM0V2cyyIzF7sPVxKlhDiX2lptmGZ6NLs8dh9xmPeU2YGVrd6fvEq/5tiNYVD8pln5phSOPH16EeBd0e51Tm+8Km2Sp9Q4rWpuE+wrIKtYrZZEvGys2Xu9umI+sFJf4zol0glkcZYPbsuISg==,iv:bdMMGlkqdmfuySAuAr2OcgtVJ7FsKbxpcWMrmHA3eE8=,tag:Kil/ioH5l3VmU9mK597LMA==,type:str]
|
access-tokens: ENC[AES256_GCM,data:I2wXlh6XQL89k3Fko4uNvgxU26qKvRjTwq6dQXytW8tId51WRaHGs1qqEyxiVnwtpjXWcD4/5iAip/oSEyQzlR1zhTu01QwgeHYI6kxzyJDFGg4IbYZ6ReWy5RYIh8jji0+hfVzuLenmZLY365DjGAwg+z5KXDy2tKm4zEL8c+Pbv4Wt6LGQdYS74/xrc0KqPGNRMz/T/EALradx9T9+gdgnLBAPGfJV130fBbQijDuaCw==,iv:enw8eyh0yuqTyVucXCrQ+zSbNEaOrlTPqec8brUNA6M=,tag:pL4vYTE6lLKLjD10mVeAXw==,type:str]
|
||||||
wstunnel:
|
wstunnel:
|
||||||
http-upgrade-path-prefix-envvars: ENC[AES256_GCM,data:aS7Kvpj9aHtaiKZiakDuvdiDcVYFMkYv9FIH060Dbkahk6v+2bbxzgKcRtnDnLlphtGlZD7yWRcbvlYiG7Y5mRNS1X5PkspQwFKKnwGGHiWgfun9yxB6VHvPdb4W4SNA8QfRmqH4XmJUfDSPmZfh5Ggzhy7/74avC0vfqKBvQ+ml4fjqTmdS6EkFGrrUwIXFrjiCqdxnNYmp8I/L1b22R5YoY/JTsc4mG6N9s3B75GvsYI2EDG4vQ7EMyktd2CHsXJgNFRQUM+GzBbkO4VvG,iv:EbuV/2L+p4A+aloC6uQYiFFF7Lsz5A5RTGMuHMqtTpI=,tag:DThZOERbXuUdDJso7ertbg==,type:str]
|
http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str]
|
||||||
ssh:
|
ssh:
|
||||||
secret-config: ""
|
secret-config: ""
|
||||||
nix-builders:
|
nix-builders:
|
||||||
@ -65,8 +65,8 @@ sops:
|
|||||||
cm15UjQ4S0xoclpLV0pYcmJzM1g2eDAKAjJUhGgicEG3dj8BdMjPvr9MC/c+oIGx
|
cm15UjQ4S0xoclpLV0pYcmJzM1g2eDAKAjJUhGgicEG3dj8BdMjPvr9MC/c+oIGx
|
||||||
kPxtKQ5REb5UolEuBBsWapKhKeXLFtTsV/qGOokO34HT1PqZI37Ikw==
|
kPxtKQ5REb5UolEuBBsWapKhKeXLFtTsV/qGOokO34HT1PqZI37Ikw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-29T07:17:06Z"
|
lastmodified: "2024-11-25T09:09:38Z"
|
||||||
mac: ENC[AES256_GCM,data:KkW9TTekjw+jB2MWvCa5CEL6fVLgaCnAtIFw6aJUGkpMpyf20xMsHmWbRI0/p7wqFZx919f7klA+yOUfZje8MC60CB6ZHHFE2wnVwOSqSpK4J9Cpr30uvpiffeyseHJVz1HTX7Y8vQ5e4OpueC6e+ndRrkZeKcJCc7/vQPipLrU=,iv:iN3yMOxam2s1FI3D/Nw7vecIUMj4pg6QRgKwi4FF+nY=,tag:s/LJ8hgN1KEvQ+a9pCX6lA==,type:str]
|
mac: ENC[AES256_GCM,data:virqHg0KoyhLVP9yynReVwSGhTBWz2mO5uBRXqzae7plALvRS+mzErfR+h63bX4TF/iLxQ/pJZb+KqQugweWEon9cycIyoKfRaIqaIZ4t8SnVWmDt6xEebkZC4JT7FD9xf27YTzxnamyINRdiCirTfJOeF4PKEow0EjH0WoS1DQ=,iv:giJ6JOXJQInavkdZbkDABG66B45ciNTetGHcwcz73dA=,tag:rvCbdxNFwoYjGuFi/YwI2Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-07-17T14:18:35Z"
|
- created_at: "2024-07-17T14:18:35Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
@ -89,4 +89,4 @@ sops:
|
|||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.1
|
||||||
|
Loading…
Reference in New Issue
Block a user