Revert "test managing gitea credential with sops-nix"
This reverts commit 1c2fcb7951
.
sops-nix fails with weird error:
/nix/store/165rsdw1119rajybq1p0dm5g55k0vxyl-sops-install-secrets-0.0.1/bin/sops-install-secrets: failed to decrypt '/nix/store/q7sarwpv46yvv1lkj0f8adlsilv2x25w-secrets.yaml': Error getting data key: 0 successful groups required, got 0
No clue why.
This commit is contained in:
parent
1c2fcb7951
commit
78e26c8dd0
@ -1,9 +0,0 @@
|
|||||||
keys:
|
|
||||||
- &admin age13flq29rfu03np26ujargsjml3wdhlruvhqyjnfhlq87s56lrxy2sgl8z6h
|
|
||||||
- &server_netbox: age1y5y2k2zn9w3ss2drqw3d295ny0t0xww5855dkuh4g2f934gt74eqxgmhvh
|
|
||||||
creation_rules:
|
|
||||||
- path_regex: boxes/netbox/secrets.yaml
|
|
||||||
key_groups:
|
|
||||||
- age:
|
|
||||||
- *admin
|
|
||||||
- *server_netbox
|
|
@ -4,7 +4,6 @@
|
|||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../lib/bootstrap.nix
|
../../lib/bootstrap.nix
|
||||||
./sops.nix
|
|
||||||
|
|
||||||
./franklincce.nix
|
./franklincce.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
{ config, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
appName = "beepboop.systems"; # Give the site a name
|
appName = "beepboop.systems"; # Give the site a name
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
passwordFile = config.sops.secrets."gitea/postgres-password".path;
|
passwordFile = "/etc/gittea-pass";
|
||||||
};
|
};
|
||||||
settings.security.INSTALL_LOCK = true;
|
settings.security.INSTALL_LOCK = true;
|
||||||
settings.service = {
|
settings.service = {
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
gitea:
|
|
||||||
postgres-password: ENC[AES256_GCM,data:lcF+qOUo3PuCM/ymuIsxrZ/Ui5lwWuto8FMAQNY2nGWEvtf/yjcRzFwWIyqfszb19Wl3Z70a3i5fyurCdQ+izwAL83TOMA==,iv:+ValvmW5P4geg/2LdvrR28mp1lbB2a/Lu1zpHsxg6Uo=,tag:fayiaAf3MTSJE6Fnic9RPw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age13flq29rfu03np26ujargsjml3wdhlruvhqyjnfhlq87s56lrxy2sgl8z6h
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UkFWVm5GanMvQXdUZUc1
|
|
||||||
TFhxVDhWSDZwb3BMUHNnZHg5c2sxbmY0Y2lVCjF1T3FFdUE0bVJ1T3BaNnpjeThH
|
|
||||||
Sld6K2gydVN0YmJvUHdlTmd3VkV0ZTgKLS0tIE1VSElDbXdDUkd6aWFGSW02VTRP
|
|
||||||
MGwzY3dySzJHQzJWUTArVDU4MSszakUK3u5xVX+Oey1Ax6I4PH8IuJ/eQAWMgFyK
|
|
||||||
SaEgS7z/pHSEKQZeGmZwrk5+1ahI+qkjX4XPiTxiM4rxjiluxhyqQg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-12-27T03:59:29Z"
|
|
||||||
mac: ENC[AES256_GCM,data:BJQOgkeU71G9Cy9tRxSCNJce4NDlc73ZKoWfpMkYcIbBIkpQotmnEzmWvjmDjcR9hEayDoDHVXZA4DWtpPPSYCuls5tkHV0wFg3usLRAFWWhMOWLL4D9ZJl9C8uuW21c8mlhDf+5n+sWY5UGaRSD5SBqYdqn68E62bunLm6kHrM=,iv:Z7A686d5B7oG1GODtUDdMG9zsf2tSyqWLrofdBC9PLo=,tag:U5sf23+BRBDuqXkdb/LYGw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
@ -1,14 +0,0 @@
|
|||||||
{ inputs, config, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
inputs.sops-nix.nixosModules.sops
|
|
||||||
];
|
|
||||||
|
|
||||||
sops = {
|
|
||||||
defaultSopsFile = ./secrets.yaml;
|
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
||||||
secrets = {
|
|
||||||
"gitea/postgres-password" = {};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -2,9 +2,11 @@
|
|||||||
description = "stupidcomputer's nixos flake";
|
description = "stupidcomputer's nixos flake";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
|
# regular nixos stuff
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
simple-nixos-mailserver = {
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
|
Loading…
Reference in New Issue
Block a user