oysteikt/nix-dotfiles
oysteikt/nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

{tsuki,dosei}: use sops templates for wstunnel

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit 2024-12-02 08:14:38 +01:00
parent cf90dd577c
commit 967d92ae48
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/dosei/services/wstunnel.nix
View File

@ -7,12 +7,17 @@
"services/networking/wstunnel.nix"
];
# NOTE: Contains
# - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
# - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
sops = {
secrets."wstunnel/http-upgrade-path-prefix" = {
sopsFile = ../../../secrets/common.yaml;
};
templates."wstunnel-environment.env".content = let
inherit (config.sops) placeholder;
in ''
WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
'';
};
services.wstunnel = {
enable = true;
@ -21,7 +26,7 @@
localToRemote = [
"tcp://10022:localhost:22"
];
environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
environmentFile = config.sops.templates."wstunnel-environment.env".path;
};
};
}

15
hosts/tsuki/services/wstunnel.nix
View File

@ -7,12 +7,17 @@
"services/networking/wstunnel.nix"
];
# NOTE: Contains
# - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
# - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
sops = {
secrets."wstunnel/http-upgrade-path-prefix" = {
sopsFile = ../../../secrets/common.yaml;
};
templates."wstunnel-environment.env".content = let
inherit (config.sops) placeholder;
in ''
WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
'';
};
services.wstunnel = {
enable = true;
@ -22,7 +27,7 @@
port = 8789;
};
enableHTTPS = false;
environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
environmentFile = config.sops.templates."wstunnel-environment.env".path;
};
};
}

10
secrets/common.yaml
View File

@ -1,7 +1,7 @@
nix:
access-tokens: ENC[AES256_GCM,data:LqviV34jmMPif7jLiVJM0V2cyyIzF7sPVxKlhDiX2lptmGZ6NLs8dh9xmPeU2YGVrd6fvEq/5tiNYVD8pln5phSOPH16EeBd0e51Tm+8Km2Sp9Q4rWpuE+wrIKtYrZZEvGys2Xu9umI+sFJf4zol0glkcZYPbsuISg==,iv:bdMMGlkqdmfuySAuAr2OcgtVJ7FsKbxpcWMrmHA3eE8=,tag:Kil/ioH5l3VmU9mK597LMA==,type:str]
access-tokens: ENC[AES256_GCM,data:I2wXlh6XQL89k3Fko4uNvgxU26qKvRjTwq6dQXytW8tId51WRaHGs1qqEyxiVnwtpjXWcD4/5iAip/oSEyQzlR1zhTu01QwgeHYI6kxzyJDFGg4IbYZ6ReWy5RYIh8jji0+hfVzuLenmZLY365DjGAwg+z5KXDy2tKm4zEL8c+Pbv4Wt6LGQdYS74/xrc0KqPGNRMz/T/EALradx9T9+gdgnLBAPGfJV130fBbQijDuaCw==,iv:enw8eyh0yuqTyVucXCrQ+zSbNEaOrlTPqec8brUNA6M=,tag:pL4vYTE6lLKLjD10mVeAXw==,type:str]
wstunnel:
http-upgrade-path-prefix-envvars: ENC[AES256_GCM,data:aS7Kvpj9aHtaiKZiakDuvdiDcVYFMkYv9FIH060Dbkahk6v+2bbxzgKcRtnDnLlphtGlZD7yWRcbvlYiG7Y5mRNS1X5PkspQwFKKnwGGHiWgfun9yxB6VHvPdb4W4SNA8QfRmqH4XmJUfDSPmZfh5Ggzhy7/74avC0vfqKBvQ+ml4fjqTmdS6EkFGrrUwIXFrjiCqdxnNYmp8I/L1b22R5YoY/JTsc4mG6N9s3B75GvsYI2EDG4vQ7EMyktd2CHsXJgNFRQUM+GzBbkO4VvG,iv:EbuV/2L+p4A+aloC6uQYiFFF7Lsz5A5RTGMuHMqtTpI=,tag:DThZOERbXuUdDJso7ertbg==,type:str]
http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str]
ssh:
secret-config: ""
nix-builders:
@ -65,8 +65,8 @@ sops:
cm15UjQ4S0xoclpLV0pYcmJzM1g2eDAKAjJUhGgicEG3dj8BdMjPvr9MC/c+oIGx
kPxtKQ5REb5UolEuBBsWapKhKeXLFtTsV/qGOokO34HT1PqZI37Ikw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-29T07:17:06Z"
mac: ENC[AES256_GCM,data:KkW9TTekjw+jB2MWvCa5CEL6fVLgaCnAtIFw6aJUGkpMpyf20xMsHmWbRI0/p7wqFZx919f7klA+yOUfZje8MC60CB6ZHHFE2wnVwOSqSpK4J9Cpr30uvpiffeyseHJVz1HTX7Y8vQ5e4OpueC6e+ndRrkZeKcJCc7/vQPipLrU=,iv:iN3yMOxam2s1FI3D/Nw7vecIUMj4pg6QRgKwi4FF+nY=,tag:s/LJ8hgN1KEvQ+a9pCX6lA==,type:str]
lastmodified: "2024-11-25T09:09:38Z"
mac: ENC[AES256_GCM,data:virqHg0KoyhLVP9yynReVwSGhTBWz2mO5uBRXqzae7plALvRS+mzErfR+h63bX4TF/iLxQ/pJZb+KqQugweWEon9cycIyoKfRaIqaIZ4t8SnVWmDt6xEebkZC4JT7FD9xf27YTzxnamyINRdiCirTfJOeF4PKEow0EjH0WoS1DQ=,iv:giJ6JOXJQInavkdZbkDABG66B45ciNTetGHcwcz73dA=,tag:rvCbdxNFwoYjGuFi/YwI2Q==,type:str]
pgp:
- created_at: "2024-07-17T14:18:35Z"
enc: |-
@ -89,4 +89,4 @@ sops:
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.1