Migrate jellyfin to sops-nix
This commit is contained in:
parent
74f35e704c
commit
985c4c9040
SSH key fingerprint:
SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 32 additions and 12 deletions
|
|
@ -5,7 +5,7 @@
|
|||
fsType = "cifs";
|
||||
options = [
|
||||
"username=jellyfin"
|
||||
"credentials=/secrets/samba-credentials.secret"
|
||||
"credentials=/run/secrets/samba-credentials"
|
||||
"iocharset=utf8"
|
||||
"vers=3.1.1"
|
||||
"uid=jellyfin"
|
||||
|
|
@ -13,4 +13,10 @@
|
|||
"_netdev"
|
||||
];
|
||||
};
|
||||
|
||||
sops.secrets."samba-credentials" = {
|
||||
mode = "0440";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
{ keyCommandEnv, ... }:
|
||||
{
|
||||
deployment.keys."samba-credentials.secret" = {
|
||||
keyCommand = keyCommandEnv ++ [ "pass" "jellyfin/samba-credentials" ];
|
||||
destDir = "/secrets";
|
||||
user = "root";
|
||||
group = "root";
|
||||
permissions = "0640";
|
||||
uploadAt = "pre-activation";
|
||||
};
|
||||
}
|
||||
25
config/hosts/jellyfin/secrets.yaml
Normal file
25
config/hosts/jellyfin/secrets.yaml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
samba-credentials: ENC[AES256_GCM,data:9txZMLLwlyAMzI3Naag3tUD1zSXLAf/zoJFoJZYTChhmkPpuhuuaIANFcYmH2sUYSsvZLXlbBuLXRryjTix0zK9ZfkZW8/R1vg==,iv:cF3S9S2+Vk+VAb8gyFyxZ12fqmohHSD3GG0fTILrxRM=,tag:m4BqpUlKmUoPbXTEjFmjaA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzb3dQYWM4SHVraHFPZEx6
|
||||
aGpDcTEyVjZ6Y0h6YzM4aVliRXpqZFpLcnprCmNEOHFrby9IdEE1MTZIYWxrS3BS
|
||||
ZHZTSmYxUW9pek5XblIyZ2FDVlV0TEkKLS0tIEN6NnErRXI3ejc3cVBiSVR6NlpC
|
||||
a2tnWWxDaXgwQ3hmc0dreTNIRnl0cTAKCSaj/epLw16tVDX4OMCzutxlnARL8MDf
|
||||
pUVDonkZ7sB7d1+mnyG+gMQuFDhiDcV9WS2h3M83xoSKoHnCkca9Ew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1tf38ae8yzzzmtjp5cjyemf0a8cksq62dz0x0hsntyhsjk5pq6s6q3v9nm7
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbUdFMlZvVXlzc3FPSmE4
|
||||
Rk1jeUpDVUJMeUlJZDlYeHhwK2l6UkJNRVFVCjNUVS9ZMjI2ME9qTFM0Umc3dXZC
|
||||
Z0todzhYSXZ5Yk5odUdOZGg3VnE3QW8KLS0tIGd1emhUMFVHT3JiZ1JhY0FWOU1i
|
||||
cW9PWk9oRHZGeFlSdlVLSlJ6TVg4WnMKikUhDJNyuKdiazCUcKBo834NO3U6ZfjB
|
||||
GbDn3wUKb465CDYw7GPcvZtM2mNufsoInZh+Oq/07Hi+seAXfX2y7A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age10huhyn3va02zjysyanf8fd6lpfvjv3k3u6qymanz9jtcmfp3kqfskth7yt
|
||||
lastmodified: "2026-05-17T00:58:22Z"
|
||||
mac: ENC[AES256_GCM,data:0WF8JU4d+5nHHB5iBmqdS6TkZem2AHrYNx6zDm4yoIKip7ZVTfCPCyhZ4c3QseEBn1G2IXsTMEtIk6RVI2JigSJPLjyXOTJOeWjVtPD5+1I+mrU7z+YWN+sK5i4F1hQX7/E4JbTDh/h+NbqZ6I9pBq7Nm12QUtZdp/7R5qChXs4=,iv:DBdSDx/X8fh7SXiC073AtDMPDB9idKItzEz2fl7xe+g=,tag:0O1pZp6+Y2Uf2DlijwZLeg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.13.0
|
||||
Loading…
Add table
Add a link
Reference in a new issue