pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity

feat: add nextcloud secrets

Browse source
This commit is contained in:
Benjamin Bädorf 2023-10-28 18:53:02 +02:00
parent 9244a42a20
commit ece8e9156a
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346
3 changed files with 37 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/nachtigall/apps/nextcloud.nix
View file

@ -1,12 +1,18 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
age.secrets."nextcloud-secrets" = {
file = "${flake.self}/secrets/nextcloud-secrets.age";
mode = "400";
owner = config.services.mastodon.user;
};
services.nextcloud = { services.nextcloud = {
hostName = "cloud.pub.solar"; hostName = "cloud.pub.solar";
home = "/var/lib/nextcloud"; home = "/var/lib/nextcloud";
enable = true; enable = true;
https = true; https = true;
secretFile = ""; # secret secretFile = config.age.secrets."nextcloud-secrets".path; # secret
configureRedis = true; configureRedis = true;

28
secrets/nextcloud-secrets.age Normal file
View file

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY
rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48
-> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ
bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI
-> ssh-rsa kFDS0A
pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a
PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA
mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP
gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4
7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4
XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD
HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX
ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30
65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0
DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg
3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk
-> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U
OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80
-> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0
zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs
-> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw
WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc
-> wcj`iUv7-grease <d5F W
dXdOZ0LN94OwYEvaS4paokqfZm7hqw
--- oEfnrJu0i9DSupMbQS0hKyVuI9mguqQXDcvXjXUIFS0
<EFBFBD>—ãaãW(?ÍRÏêþ­v¥Ô9S$« :ʉ{Içñ½ô< ¾|&Øy$ؼ9UÑC>}ˆSs¶Q!½ê·/ª4ªöY)þV\Q\y_»Ûg+ÅHÚ„Ho@™w§d† à@ ¯‹ª<: <0B>NO ¼Òí»X±°„!Ëâ£/̬Y7Þ_ ³«Ë‚Ê ³¤¹¢Ñ¦A}^»q
«Øƒ <0A>àïÄúÉ<C3BA>`:/"i²ÀqjÙÃG³½c[ó„§>YõäètT­Æ:ƒh$ŽšO¡hù#,¢Üû R£[×¥F€žŽ3a]©ù€¯{JÑ·×þ÷"Æ¢æ¤Þª<C39E>ã

2
secrets/secrets.nix
View file

@ -35,4 +35,6 @@ in {
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
} }