Migrate forgejo to sops-nix
This commit is contained in:
parent
679f815d60
commit
74f35e704c
SSH key fingerprint:
SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 33 additions and 14 deletions
|
|
@ -61,6 +61,13 @@
|
|||
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
||||
};
|
||||
};
|
||||
secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret";
|
||||
secrets.mailer.PASSWD = "/run/secrets/forgejo-mailer-password";
|
||||
};
|
||||
|
||||
sops.secrets."forgejo-mailer-password" = {
|
||||
mode = "0440";
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,13 +0,0 @@
|
|||
{ keyCommandEnv, ... }:
|
||||
{
|
||||
deployment.keys = {
|
||||
"forgejo-mailer-password.secret" = {
|
||||
keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ];
|
||||
destDir = "/secrets";
|
||||
user = "forgejo";
|
||||
group = "forgejo";
|
||||
permissions = "0640";
|
||||
uploadAt = "pre-activation";
|
||||
};
|
||||
};
|
||||
}
|
||||
25
config/hosts/forgejo/secrets.yaml
Normal file
25
config/hosts/forgejo/secrets.yaml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
forgejo-mailer-password: ENC[AES256_GCM,data:bFUrFyE/reeTtKZCrb1T1CG8Ng9QbDwZo9AdxU67i8uNmKcn93k3dqY70tSqBTAc9hpsXyW3UTKnPpk+ffb0mw==,iv:p16td5KV0rTmrrtX8FMojotEa+2oiFmVizkc6mt9QyI=,tag:czg/IlNLkx75m2iSddUkUw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNjVaNlFWeG9vMW4vM2R3
|
||||
bWQyVk9jN1VkUUczbTBzUmdpZ2NyWlV4aVFjCmZwa0lDcXUzVDM4d1Mwa1B4Qm9q
|
||||
WjVKMXJBRVNtc0JzcmE0Y20zdCtzM3cKLS0tIEJWanpwZHdPMGJiL0lkME9yVGQ1
|
||||
a3ZvRGV3VENIbmlubG16MWF3SkdyQ00KZj5vuzVyCqbLH5gnQjhRpOfHtIB3RVZC
|
||||
m+VdnnAFIfShrxwfOekVavffaHmG3PWS7RUKoeZNSdtz1ScuwfazPw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1tf38ae8yzzzmtjp5cjyemf0a8cksq62dz0x0hsntyhsjk5pq6s6q3v9nm7
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYOEdadnQvSW1mcE9hSmFL
|
||||
aFlqdHpTejNZRXJCbTh4WjQyQXVobitaa2hFCjV1RU9UOGlqaXhIckNLMmYwb0s2
|
||||
eHY2VVpiQThzQUNuS1FLbFd3V2NGZk0KLS0tIGdOK3VEOUlNcldBQ1haRHhVS0cw
|
||||
N3ZoNWlVK2trVkJLQlhnaHFueFdqVEkK800paYmP1opnW7o2V8f2zzWNR5tOVYGs
|
||||
fl+SA7hE7uTpRrrGfuZq0jQgWOaeAbJ3+PzRuSrVlrXdWIyipcZM2Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1d5y8dx3e8pksvxr8fv8f02v0y7qg7kuwpxpmxksp7xlvrcpfju5sdz6guk
|
||||
lastmodified: "2026-05-17T00:50:59Z"
|
||||
mac: ENC[AES256_GCM,data:I3a9s9i6sFVTRQIAj94YZNyxQsDIWIvRhy9M/e6iMYpvoQyxFvMD3xAE0NQ1uX1QgMoi+6njTc8AmTXFJvSfoiqtVfHQH+HkLPMR27DZUY6kgZGMvUVswioSKfaF8fZxGEyWRPAuTDlynfOsGpr4Tqt5U8NBiYL1FDD6CPALaiY=,iv:RUbSPPTR6cTWwzvbnQRA/f9AjjjOpQUiEBrWvxqCpTQ=,tag:GcGsBgxWU/AXm06FkUI1LA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.13.0
|
||||
Loading…
Add table
Add a link
Reference in a new issue