oysteikt/nix-dotfiles
oysteikt/nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/osuchan: use sops template for secrets

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit 2024-11-29 00:17:35 +01:00
parent 1d42923e3e
commit edf81976ac
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/tsuki/services/osuchan.nix
View File

@ -1,12 +1,26 @@
{ config, ... }:
{
sops.secrets."osuchan/envfile" = {
sops = {
secrets = {
"osuchan/env/channel_access_token" = { };
"osuchan/env/channel_id" = { };
"osuchan/env/channel_secret" = { };
};
templates."osuchan.env" = {
restartUnits = [ "osuchan.service" ];
content = let
inherit (config.sops) placeholder;
in ''
CHANNEL_ACCESS_TOKEN=${placeholder."osuchan/env/channel_access_token"}
CHANNEL_ID=${placeholder."osuchan/env/channel_id"}
CHANNEL_SECRET=${placeholder."osuchan/env/channel_secret"}
'';
};
};
services.osuchan = {
enable = true;
port = 9283;
secretFile = config.sops.secrets."osuchan/envfile".path;
secretFile = config.sops.templates."osuchan.env".path;
};
}

9
secrets/tsuki.yaml
View File

@ -37,7 +37,10 @@ matrix_synapse:
registration_secret: ENC[AES256_GCM,data:Sc5piAESWk9HUe3ZOQ+7ZB9aCZwjTdFrfYkU+XFuXGUZ3xCkCt7QDPmDQBIs+lYOLV9Y165cObKDgMNHBaMkRQ5wXVBrd0l9js70h9LC3IGuK+BOa5tZa4u0zku4zStRuN7xCeGNeAWFOPCQ4a5rQMqbDz6iwWkMQvlHqwzBYtP7PuTuAocwkjlo+3AOnw92DjY4xODPgHR7w4rNSvoSZIUjlAIk3yyHNLV68UiTPoJ5lUqGleLznCpqjLhpxAycfEbWUXCNx8Z5oJ+czptWzhb/hhjH/SgeMvflk8KFwJAYBXxA+YgM+unlWS500OGsgYIbhPyvSzSrs1JkDQBVXA==,iv:/Q4gTEe6WU7XID2ayCFq6xmF6J5UrQw4OjmpU4dhZSA=,tag:kLTdqoanqUAlVrRcKZRxcw==,type:str]
turn_shared_secret: ENC[AES256_GCM,data:ay8VETIPaaRHmmy+DFaqsOD8svfxcrJtaf9QEB8QxqE=,iv:VzHs5zHADvl/7cl9FgwFfgQbdv9/ujPFz9rojgHsyo4=,tag:atRZGV1dj7pa1e5TycLFKg==,type:str]
osuchan:
envfile: ENC[AES256_GCM,data:pMt7n2nEBH4sEW9RZxyyvpnScHsSbSKgMKihwplGcj37TugGb5F30iJatiBhAoeptRSSYgrMjRBLoyWAdxzFiBvKZmkNdka4afy1Cl/LT2hZ+jjkjLBCFv6A8Z0HoWZlvzjuYpybqO9dNdWbQYKDJr0xcVAnaNkv0ThtpZV0CqVfcdJvzx9NyzJzHfIu0p+2BEwzVzr7pt5XwwGcRNru6/x/90d5W6btU4jW33oSBErcuNwdFjmVSgJdHfCxaKgYoIMTYrwepHJ5M7tmA/uJp4JmxCQvgvK78Rp0ooEIyd2aN+r8HAXGnFaskdjELaxBRM76PhTqgaiHfmuiTqesnYSPYJyCIb/r,iv:lRjpv0MziFmWvJgwAFdoP+QtRXEEwgZWLR6krvaV8VE=,tag:prYGTXnhFRecc10ND3Gg3Q==,type:str]
env:
channel_access_token: ENC[AES256_GCM,data:DjE+92zPa7nOR1T2ggXSU9CWM6ruZCKQsVzj04mwacNyZcGBn7ydNnit2yaTaAWemAaFZkHCmJChvEXUtVXX02W3xjP3kuFNSod4x8KIEeAwP10SAfyaXlrYLTrhf0fhNqQDsSO9OxYaP1X/k9JFiakb3E3ZAqdhznaNfEfbRjABligAyxAFU8lm1V2bhe6BX91dZ+rwuLSpI72NLAhgkXD8AtVTdb66kEGRyw==,iv:BtVka/U9NVoSTrvSTt+4I9XGsARTkkj5DEtV8v12zy4=,tag:CrOf4CW0QNaRRh+IcxE4Gg==,type:str]
channel_id: ENC[AES256_GCM,data:qS4no9fC2EI+Bw==,iv:+2Q0ceJBZ7Il4bwtyx0+n69bLV1P7RtZxhWTaUrricM=,tag:+q9plSfQ9I6Xe+nvuG9yQg==,type:str]
channel_secret: ENC[AES256_GCM,data:p6N7AOyNs/LsmSd5J4WfyWszg4sjv60ZL/3k1IdeGZg=,iv:pSp+3gR76u1GbgROSZXcflRWSO1wYV0M4d11nEIG/k0=,tag:RO+3kpZ1ZmYU5PKaC96CFQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -53,8 +56,8 @@ sops:
MThmQ1Iza0F6Q0Y4N1JpT2V5a0FrTGMKIzpNe4dyCLuyKjjXjadZepRYvULr3j3i
7SSwFgVvESj0aVwcGMW1swkhdb2evZgcghhrJpiK8kKIPrWEuFiCcw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T14:01:15Z"
mac: ENC[AES256_GCM,data:x5EUjXx2SeNWkxeMDiYtWCz938dPZv5zlxTjGf4ewWnJ6FJP6GAuY+aKucK9L21AlbQ39osTPRbH/fTLBP/hmZM5yvarFmelfhFZzXyRj1t4USy8Ms+VwwelWcG0WClbMGVT/SUCvyK5IoUL6J4ZYC1aqAPr3q8MR/y/wYW5QPU=,iv:bF24zQk0+G/EtBoIvlxKZz6v/Ud1URguExOJg2Nf5O0=,tag:0VAzdDyB8MgQhUDjz7S1jQ==,type:str]
lastmodified: "2024-11-28T23:15:15Z"
mac: ENC[AES256_GCM,data:fG5F0YWkCEc8HdJHx+EVeIMB8u/Lab9mV1Kp3+n1iCWmia9CmlAyrQipexVcgObMJ5GUX2c3sMcMqJiv83HsExtiPz8Ut5oAXltSdJWzUWS0e0+NbokEIGUha/+eMeCvu7phjmuzmEgiXHe/OwWz1wJh+J6eI1SGz2TsKy3/5Nk=,iv:xx2DycXq8hUUiXXC1e5fMcqsHJOtB1uiK8+gO9E/mVs=,tag:tZrxW3TrWq79MZZFvUoaDg==,type:str]
pgp:
- created_at: "2024-06-25T17:16:27Z"
enc: |-