jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops (workstation part)

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-24 19:05:59 -06:00
parent fad070358b
commit b915bbe4f3
4 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/servers/jellyfin.nix
View File

@ -15,8 +15,8 @@ in {
enable = true; enable = true;
appendHttpConfig = '' appendHttpConfig = ''
# JELLYFIN # JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m; proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off; proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=1d use_temp_path=off;
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
''; '';

12
modules/servers/nextcloud.nix
View File

@ -24,6 +24,13 @@ in {
}; };
config = lib.mkIf config = lib.mkIf
(config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) { (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
sops.secrets = {
smtp-password = { };
nextcloud-adminpass = {
owner = config.users.users.jawz.nextcloud;
inherit (config.users.users.jawz) group;
};
};
nixpkgs.config.permittedInsecurePackages = nixpkgs.config.permittedInsecurePackages =
[ "nodejs-14.21.3" "openssl-1.1.1v" ]; [ "nodejs-14.21.3" "openssl-1.1.1v" ];
environment.systemPackages = with pkgs; [ mediainfo dlib ]; environment.systemPackages = with pkgs; [ mediainfo dlib ];
@ -53,7 +60,7 @@ in {
tls = true; tls = true;
from = "stunner6399@gmail.com"; from = "stunner6399@gmail.com";
user = "stunner6399@gmail.com"; user = "stunner6399@gmail.com";
password = "eqyctcgjdykqeuwt"; passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
}; };
}; };
services = { services = {
@ -71,8 +78,7 @@ in {
inherit (config.services.nextcloud.package.packages.apps) calendar; inherit (config.services.nextcloud.package.packages.apps) calendar;
}; };
config = { config = {
adminpassFile = "${pkgs.writeText "adminpass" adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
"Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = config.my.postgresSocket; dbhost = config.my.postgresSocket;
dbtableprefix = "oc_"; dbtableprefix = "oc_";

5
secrets/env.yaml
View File

@ -3,6 +3,7 @@ ryot: ENC[AES256_GCM,data:Vlo6pv2+LuQxvdprI53BoQpngRfUWhqE07o+9ZKLZiaJBC6FCdFbeu
mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str] mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str] maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str]
multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str] multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:x1O0CEOVkwMBEZGppduQomKrc3oYQOUKQLo9Tp/NHdg1+TjyRHPGNfbqYLhbrFxWpokf2goZk70BkTOun9AgA5JUCbz8QgW/I44HC39m3hGABxeuHgfmmmkbqc6y4HMzxZWGqhbfkVKkJIdx8J9aJWxjjjK1/NeaXD0s49G9G6zeXeMA1Q0dZSrLw3orFUpnhwiMcc/qmQWoX8+8s9/WUg+/Jhbq/ig486AmXeayOv3xH7WNElv/8mqz5hvLMrDeKVFISNiV1xRvq8PsvbmgPdI6Vv7yIuu44LiqEFzrzgIbIj6ueBjiodd4jTf0tpqTpus8VV8QH/mtCdJodaHkHrI=,iv:xgIdZSUFi+bBBiDdAA2nLc7mXPSd2NG4Vz0tvZJ+Mpc=,tag:t3gnwb783Tub7cofG2Ppjg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -45,8 +46,8 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-23T01:19:23Z" lastmodified: "2024-06-25T01:05:24Z"
mac: ENC[AES256_GCM,data:LoLGUFWe23p0KKPxfOnpVylNk5G5uTTpUYGS8vNhEO8ERTfT5PmLQQgnLTNkPGq4ehA+BPDXJtkBpUrpVs7EsVNOzxruLAiGksBlJ0nUd7K4/LKCrInRubkgK1Ipo6kNipPVyeQiypyyaFB7rTTRPsDwd3BNtOT53fdT8zRP5ug=,iv:+mymI1XDKfIp1tDFDZMMJ/LIO7qcwE+tKRD5OD2HRkA=,tag:gvizKWQZqXsAd2egQfeMoA==,type:str] mac: ENC[AES256_GCM,data:hJZxqNIjxWM3FyKuzx1pU7c7kKElk/ptEs19uXnHU9GtCuWccys+kmCOU1Y/RbhBmBCTdnNUcWPisXniRIb38Zgh8qWRulUPcQV1qW7RnBaNqp9cK+GEUoTmYnw+QaSWmsOqskp39SMOuOyzIbpy1C55jRvPvJLyAk1MSMSCJ8Q=,iv:Bsl7u5SMLyX5F+TXbSlhJRTLNpsdsFoH0yFIJ5oID0M=,tag:49nZEnoleMZR1Z0rRwiRNw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

6
secrets/secrets.yaml
View File

@ -1,4 +1,6 @@
jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str] jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
resilio: resilio:
host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str] host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str] user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
@ -46,8 +48,8 @@ sops:
RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw== QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-23T01:19:22Z" lastmodified: "2024-06-25T00:47:48Z"
mac: ENC[AES256_GCM,data:59icrE+rEiuzBY0V8DwZ1XXupMXHUrSBszIOYX3knCAecW5rckeu2tWECJMHAoiXF+NdvCB3MgF+PZ8Gr4GKdz6Og/x2qX0q9pmoHxZCEt2poagcTG5HQ91aH5niTE0wRgzkFSuayldB9lXIJUvsl1CJw2OhjrVDm6ZRAE0fN5I=,iv:wlm4O6zHYFbRxh+XXQIW/v0aC2dqyKyFOuUh1C2HIG4=,tag:WZ2N16qIwZts+Exn12Jg7g==,type:str] mac: ENC[AES256_GCM,data:410HyLmJ4FhCp6pFqAG9Mf7cwIQdalsh6bZ5feAu8P1vcJrTLefZskWIbjD6aQNKucDjS5CMPJd/7oP8wyc2XHKRqFO9CLSJ7wi6OmNaw/qevQxy4PSj5w44gd5/OI5aE2nN+X1R03PYSYEIs5SImwHBxN/fYR+WprAsbO1Ygrw=,iv:fgG5i3+rNtN4YzIL97+6cHP4cL2xXf0pgfsYbetGE2g=,tag:qu7vzzDnhDpW1dwu8TYCXg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1