chore(nix): add tt-rss secrets
This commit is contained in:
parent
d2318bae7c
commit
d87c0e5ba1
|
@ -19,7 +19,6 @@
|
|||
../../profiles/nixpkgs-dev.nix
|
||||
../../profiles/taskserver.nix
|
||||
../../profiles/tt-rss.nix
|
||||
../../secrets/tt-rss.nix
|
||||
];
|
||||
|
||||
deployment.targetHost = "172.105.171.16";
|
||||
|
|
|
@ -5,12 +5,20 @@
|
|||
lib,
|
||||
...
|
||||
}: {
|
||||
age.secrets = {
|
||||
tt-rss-dbpass = {
|
||||
file = ../secrets/tt-rss-dbpass.age;
|
||||
owner = "tt_rss";
|
||||
group = "tt_rss";
|
||||
mode = "0640";
|
||||
};
|
||||
};
|
||||
services.tt-rss = {
|
||||
enable = true; # Enable TT-RSS
|
||||
database = {
|
||||
# Configure the database
|
||||
type = "pgsql"; # Database type
|
||||
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
|
||||
passwordFile = config.age.secrets.tt-rss-dbpass; # Where to find the password
|
||||
};
|
||||
email = {
|
||||
fromAddress = "news@mcwhirter.io"; # Address for outgoing email
|
||||
|
@ -39,16 +47,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
tt-rss = {
|
||||
# Ensure tt-rss starts after nixops keys are loaded
|
||||
after = ["tt-rss-dbpass-key.service"];
|
||||
wants = ["tt-rss-dbpass-key.service"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresqlBackup.databases = ["tt_rss"];
|
||||
|
||||
services.nginx = {
|
||||
|
@ -65,6 +63,4 @@
|
|||
};
|
||||
|
||||
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
|
||||
|
||||
users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204
|
||||
}
|
||||
|
|
|
@ -45,4 +45,5 @@ in {
|
|||
"xander.age".publicKeys = ops ++ systems;
|
||||
"nextcloud-dbpass.age".publicKeys = ops ++ systems;
|
||||
"nextcloud-adminpass.age".publicKeys = ops ++ systems;
|
||||
"tt-rss-dbpass.age".publicKeys = ops ++ systems;
|
||||
}
|
||||
|
|
35
secrets/tt-rss-dbpass.age
Normal file
35
secrets/tt-rss-dbpass.age
Normal file
|
@ -0,0 +1,35 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBsTzdO
|
||||
clFOUVMzRGlUTkF6eGo2djFOWHhpWkpacG5GbEFXZHNKSHBBREZvCnRvSEVqSUpF
|
||||
Yk5zNDNkY21jejM1OFNxUTNGMEVtRnliNzZvZndyZnliWFkKLT4gc3NoLWVkMjU1
|
||||
MTkgSk00dDZBIFBVV1doL1JrVEY5L1JXRExSQ1o3ZHYvaFF5eFcxcHVERjNHWExW
|
||||
VGc2Z0kKaitHRHZ0U0hOeUpJTHJaUStKTk9qbHo4aU9nOEJBMytrVUhDM1FNSTZz
|
||||
dwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgeDB1TmpjTmtzU1F6VjFBNUMxQWcxcFFV
|
||||
MTA3d0huYlJ0Nk44Ym5Kd2JWMApDcE1GM1pKaW9TWW1Nd1QzclVlNHVDeGowVjhZ
|
||||
T2F1NXZaUnQ4WWVHbVhZCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBNVXhYMW1DTXl1
|
||||
QmJ0dGN6UDRzb0cxeXdMN21VdzJuekZmOGZwQmIxb1dBCi81ZC9TM3ZOcEdrMVpG
|
||||
NzFKWlFOeVFkVHk0MVBBNS9ZMlVkK1RML3poZG8KLT4gc3NoLWVkMjU1MTkgV2c5
|
||||
M3J3IFRvS0FUUStKdmRXbkRhemdwM2NKSUw3dmtKZkZ3Vk1VbllEZGpVOVVKUjAK
|
||||
b1dnLzBEZGdSY0V4a05xVzJSYXdCTUdvVm9TL2ZjdGJwQ3lmc01hdEVQcwotPiBz
|
||||
c2gtZWQyNTUxOSBQeEt3alEgb1ptc1J5ZWFsTEFETFdDbVVvZGhoRzZDaW9JYlE0
|
||||
MnFoWHh1bG5aVGxrUQpvWVcwWDBvenZJYjMzUFNBV2kxWjAwa0xjT1gzYWx2K0pq
|
||||
SlpzYnVqYytjCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA0K09ISzNlVVY1RzlyMWJU
|
||||
ZHVRZWV5QmV6WmNmeVMrUnA1MlNjWU83OUhnClI2Z1U0cG1udC9JUGQ2Tk9YZ3Z4
|
||||
azB3Mk02U0tPVUZaajJya1F4Q2twdjgKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHJF
|
||||
dDU4RUxiYlNJMUtLdFJDbU1JUzE5R1U0dkIwRE9TdFNwRDh6TWRiMWcKY1pqdFlK
|
||||
WC9EMFZJUkJxdit0cUJvMU5kNldmQlk2N3BmMnJWbGpGYThsWQotPiBzc2gtZWQy
|
||||
NTUxOSAwZHBkZ1Ega0ppUFQvLytEQnZ6VEJ0QWZFc1J3R1RUNS9jQ3FSODhhazhn
|
||||
N3NHUThuQQptYWtKdk9pd00zMkk0VWRXbUZGN0ZnNjBWMUorZkdOaWRjeVFGa3NX
|
||||
RXdJCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBkWkFXN25SeU1sMWJTVS9Bc0JJdzkw
|
||||
MVRkekIwaVFCOTB0cVREc2dWSFVFCkNxMmF4Vk01L2N5R0haQ2Z6cjdQdHRzTHEx
|
||||
VHZKbGpGQ2pZUmRhdVpGTmsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IEZZV0plaWpJ
|
||||
bnFqVStFK2dNV25ZYUtRa0Q5RDQwckZQQXlYbEFEaUQ1RWMKekFjNDZRaC9TTHpQ
|
||||
OEJ6bU5tYXhXTktmMUJsMXRlZ0dUSEthcWVteDU5bwotPiBzc2gtZWQyNTUxOSB6
|
||||
RzMrMXcgZ3liVlF5M0pKMVExTzVjWVBjWUFIQjZaUE9ISmJXQUo0ay9HSjEydXdS
|
||||
Zwo1cFEyMFBCWGd3NnR1Q1ZORnhnMmJWQXkzcDlRQVRnRjJWZUFjd2x4WFVZCi0+
|
||||
IDFfTGpoM20tZ3JlYXNlIHFDUzF4Un4KZ0RKV29ZY2UxQ0dFTERGdU1TQk9pWEF2
|
||||
aHVtUUwzd2p6c1dKRzFKekNyTno4Z202Z2RkS2JhdnF2N0tHUWZJWgowalNzN3pE
|
||||
NzdtQ09zWDRwYzU5b0VaemFUUGljUncKLS0tIHdXNWhtWi83QnQ5bXFNZXp0MFR3
|
||||
UkI2TTlMd1lSS0toRnFwYWg1UHUyVmcK4yZHPD4ymOHd8MKfXFnyndhFbZrMdIIl
|
||||
+nmCeTJWL6oVaf2fXnE39io5AuRD8TkQGpg5VvkJwvPZ
|
||||
-----END AGE ENCRYPTED FILE-----
|
Loading…
Reference in a new issue