chore(nix): add tt-rss secrets
This commit is contained in:
parent
7f89513b6c
commit
8570c7ee33
GPG key ID:
A4122FF3971B6865
|
|
@ -19,7 +19,6 @@
|
||||||
../../profiles/nixpkgs-dev.nix
|
../../profiles/nixpkgs-dev.nix
|
||||||
../../profiles/taskserver.nix
|
../../profiles/taskserver.nix
|
||||||
../../profiles/tt-rss.nix
|
../../profiles/tt-rss.nix
|
||||||
../../secrets/tt-rss.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
deployment.targetHost = "172.105.171.16";
|
deployment.targetHost = "172.105.171.16";
|
||||||
|
|
|
||||||
|
|
@ -5,12 +5,20 @@
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
age.secrets = {
|
||||||
|
tt-rss-dbpass = {
|
||||||
|
file = ../secrets/tt-rss-dbpass.age;
|
||||||
|
owner = "tt_rss";
|
||||||
|
group = "tt_rss";
|
||||||
|
mode = "0640";
|
||||||
|
};
|
||||||
|
};
|
||||||
services.tt-rss = {
|
services.tt-rss = {
|
||||||
enable = true; # Enable TT-RSS
|
enable = true; # Enable TT-RSS
|
||||||
database = {
|
database = {
|
||||||
# Configure the database
|
# Configure the database
|
||||||
type = "pgsql"; # Database type
|
type = "pgsql"; # Database type
|
||||||
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
|
passwordFile = config.age.secrets.tt-rss-dbpass; # Where to find the password
|
||||||
};
|
};
|
||||||
email = {
|
email = {
|
||||||
fromAddress = "news@mcwhirter.io"; # Address for outgoing email
|
fromAddress = "news@mcwhirter.io"; # Address for outgoing email
|
||||||
|
|
@ -39,16 +47,6 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
|
||||||
services = {
|
|
||||||
tt-rss = {
|
|
||||||
# Ensure tt-rss starts after nixops keys are loaded
|
|
||||||
after = ["tt-rss-dbpass-key.service"];
|
|
||||||
wants = ["tt-rss-dbpass-key.service"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresqlBackup.databases = ["tt_rss"];
|
services.postgresqlBackup.databases = ["tt_rss"];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
|
@ -65,6 +63,4 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
|
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
|
||||||
|
|
||||||
users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -45,4 +45,5 @@ in {
|
||||||
"xander.age".publicKeys = ops ++ systems;
|
"xander.age".publicKeys = ops ++ systems;
|
||||||
"nextcloud-dbpass.age".publicKeys = ops ++ systems;
|
"nextcloud-dbpass.age".publicKeys = ops ++ systems;
|
||||||
"nextcloud-adminpass.age".publicKeys = ops ++ systems;
|
"nextcloud-adminpass.age".publicKeys = ops ++ systems;
|
||||||
|
"tt-rss-dbpass.age".publicKeys = ops ++ systems;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
35
secrets/tt-rss-dbpass.age
Normal file
35
secrets/tt-rss-dbpass.age
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBsTzdO
|
||||||
|
clFOUVMzRGlUTkF6eGo2djFOWHhpWkpacG5GbEFXZHNKSHBBREZvCnRvSEVqSUpF
|
||||||
|
Yk5zNDNkY21jejM1OFNxUTNGMEVtRnliNzZvZndyZnliWFkKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgSk00dDZBIFBVV1doL1JrVEY5L1JXRExSQ1o3ZHYvaFF5eFcxcHVERjNHWExW
|
||||||
|
VGc2Z0kKaitHRHZ0U0hOeUpJTHJaUStKTk9qbHo4aU9nOEJBMytrVUhDM1FNSTZz
|
||||||
|
dwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgeDB1TmpjTmtzU1F6VjFBNUMxQWcxcFFV
|
||||||
|
MTA3d0huYlJ0Nk44Ym5Kd2JWMApDcE1GM1pKaW9TWW1Nd1QzclVlNHVDeGowVjhZ
|
||||||
|
T2F1NXZaUnQ4WWVHbVhZCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBNVXhYMW1DTXl1
|
||||||
|
QmJ0dGN6UDRzb0cxeXdMN21VdzJuekZmOGZwQmIxb1dBCi81ZC9TM3ZOcEdrMVpG
|
||||||
|
NzFKWlFOeVFkVHk0MVBBNS9ZMlVkK1RML3poZG8KLT4gc3NoLWVkMjU1MTkgV2c5
|
||||||
|
M3J3IFRvS0FUUStKdmRXbkRhemdwM2NKSUw3dmtKZkZ3Vk1VbllEZGpVOVVKUjAK
|
||||||
|
b1dnLzBEZGdSY0V4a05xVzJSYXdCTUdvVm9TL2ZjdGJwQ3lmc01hdEVQcwotPiBz
|
||||||
|
c2gtZWQyNTUxOSBQeEt3alEgb1ptc1J5ZWFsTEFETFdDbVVvZGhoRzZDaW9JYlE0
|
||||||
|
MnFoWHh1bG5aVGxrUQpvWVcwWDBvenZJYjMzUFNBV2kxWjAwa0xjT1gzYWx2K0pq
|
||||||
|
SlpzYnVqYytjCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA0K09ISzNlVVY1RzlyMWJU
|
||||||
|
ZHVRZWV5QmV6WmNmeVMrUnA1MlNjWU83OUhnClI2Z1U0cG1udC9JUGQ2Tk9YZ3Z4
|
||||||
|
azB3Mk02U0tPVUZaajJya1F4Q2twdjgKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHJF
|
||||||
|
dDU4RUxiYlNJMUtLdFJDbU1JUzE5R1U0dkIwRE9TdFNwRDh6TWRiMWcKY1pqdFlK
|
||||||
|
WC9EMFZJUkJxdit0cUJvMU5kNldmQlk2N3BmMnJWbGpGYThsWQotPiBzc2gtZWQy
|
||||||
|
NTUxOSAwZHBkZ1Ega0ppUFQvLytEQnZ6VEJ0QWZFc1J3R1RUNS9jQ3FSODhhazhn
|
||||||
|
N3NHUThuQQptYWtKdk9pd00zMkk0VWRXbUZGN0ZnNjBWMUorZkdOaWRjeVFGa3NX
|
||||||
|
RXdJCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBkWkFXN25SeU1sMWJTVS9Bc0JJdzkw
|
||||||
|
MVRkekIwaVFCOTB0cVREc2dWSFVFCkNxMmF4Vk01L2N5R0haQ2Z6cjdQdHRzTHEx
|
||||||
|
VHZKbGpGQ2pZUmRhdVpGTmsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IEZZV0plaWpJ
|
||||||
|
bnFqVStFK2dNV25ZYUtRa0Q5RDQwckZQQXlYbEFEaUQ1RWMKekFjNDZRaC9TTHpQ
|
||||||
|
OEJ6bU5tYXhXTktmMUJsMXRlZ0dUSEthcWVteDU5bwotPiBzc2gtZWQyNTUxOSB6
|
||||||
|
RzMrMXcgZ3liVlF5M0pKMVExTzVjWVBjWUFIQjZaUE9ISmJXQUo0ay9HSjEydXdS
|
||||||
|
Zwo1cFEyMFBCWGd3NnR1Q1ZORnhnMmJWQXkzcDlRQVRnRjJWZUFjd2x4WFVZCi0+
|
||||||
|
IDFfTGpoM20tZ3JlYXNlIHFDUzF4Un4KZ0RKV29ZY2UxQ0dFTERGdU1TQk9pWEF2
|
||||||
|
aHVtUUwzd2p6c1dKRzFKekNyTno4Z202Z2RkS2JhdnF2N0tHUWZJWgowalNzN3pE
|
||||||
|
NzdtQ09zWDRwYzU5b0VaemFUUGljUncKLS0tIHdXNWhtWi83QnQ5bXFNZXp0MFR3
|
||||||
|
UkI2TTlMd1lSS0toRnFwYWg1UHUyVmcK4yZHPD4ymOHd8MKfXFnyndhFbZrMdIIl
|
||||||
|
+nmCeTJWL6oVaf2fXnE39io5AuRD8TkQGpg5VvkJwvPZ
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
Loading…
Reference in a new issue