forked from fi/nix-infra
Migrate searx to sops-nix
This commit is contained in:
parent
b5d6055f36
commit
6282e3fed9
SSH key fingerprint:
SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 33 additions and 12 deletions
|
|
@ -24,6 +24,13 @@
|
|||
ui.static_use_hash = true;
|
||||
enabled_plugins = [ "Hash plugin" "Self Informations" "Tracker URL remover" "Ahmia blacklist" ];
|
||||
};
|
||||
environmentFile = "/secrets/searx-secret-key.secret";
|
||||
environmentFile = "/run/secrets/searx-secret-key";
|
||||
};
|
||||
|
||||
sops.secrets."searx-secret-key" = {
|
||||
mode = "0440";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
restartUnits = [ "searx.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
{ keyCommandEnv, ... }:
|
||||
{
|
||||
deployment.keys."searx-secret-key.secret" = {
|
||||
keyCommand = keyCommandEnv ++ [ "pass" "searx/secret-key" ];
|
||||
destDir = "/secrets";
|
||||
user = "root";
|
||||
group = "root";
|
||||
permissions = "0640";
|
||||
uploadAt = "pre-activation";
|
||||
};
|
||||
}
|
||||
25
config/hosts/searx/secrets.yaml
Normal file
25
config/hosts/searx/secrets.yaml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
searx-secret-key: ENC[AES256_GCM,data:FH/TfmvtaDIwVCDf69EJBgUljeUFGEzBBF2nUNPxZL5HKh4zPR5peVW1vld2OSNWd3UD72H+/F/7TArcV3nEJgqNc/rU9BXsUeS4tvsrZqlI,iv:p5Rdz8clGb8mBF8mVqSjYhDPXrsIVM4KC2WcXwAs8O4=,tag:C/wZoqqF+mcYRGjVUSLjhQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWVN5bnY5OTZlT3MwVFZR
|
||||
YjhTR3Z6Q3QrRDVHN0pvVDl4ZTJXMHNLVEdBCjZHcW9uWStQUXBBcWRrZHlhbjlx
|
||||
blhGOWRRS0UzSVFTQmJSWUZrQ3kwZlUKLS0tIFBLcDROOU1aU05hVFR0NGJWY0xY
|
||||
Q2VmY0lHUmhKSGtWT01NN2t6amVVMzQKgpe5zffX6Pc1GDJ8zA7ipa257zG5ZRho
|
||||
rLdQBJkA+N4crKj12lPLYf5fd4sowfFMTfsdyuxcZUD7Wwq8SO7aQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age1tf38ae8yzzzmtjp5cjyemf0a8cksq62dz0x0hsntyhsjk5pq6s6q3v9nm7
|
||||
- enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTmhNeUdMRnpWQ0JoWmRJ
|
||||
Uk5ubUF3K3l2eDUzYnB4ZXQvRUJ5dnJmOXd3CnlhUEJHK0NvNVA5dWp0eGV5VWR1
|
||||
ZzV6S3hneiszZU4vaEg0R2laOU1XbTAKLS0tIDU2ZkFWcXl5TE9Sd1AxVjZ1Rzlq
|
||||
UUFXZEQ2cDlsS2hnTVVlNWxDK3VyeWMKMvH2PBlKpyHt4WVp9BLJwAGm2h8QPMa1
|
||||
LCxybdE3+Gs6uQboKX6uo5pMXMQPOedyJZFBDhdu74BOd46u0rcMoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
recipient: age17h3js5v8s5vezcankky6kqxcrvtfxanmvhp3axmnqs4y9s2lr9yqvc6zrn
|
||||
lastmodified: "2026-05-23T23:16:55Z"
|
||||
mac: ENC[AES256_GCM,data:yx+gxeRcl89iokWwH+a+t/OVtOUZUN3Sws/85o9hymtefBxNLqX7GGTMZfa/nQloD4avevWTU71TkYZWRZZj/qlW2B29BSPoIfadbba5rgJHu5D/ij4XrYY14wK3SwMTKpwkjhSBiFOFZLml0zADPWaJH0F6QCTSshUsFQapAW8=,iv:vZt/ejbutG+1UuIU+mQIVXbsl0TQhE+nrulvP0rIVpI=,tag:iSSbw67/A8oMknEzcoOgXw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.13.0
|
||||
Loading…
Add table
Add a link
Reference in a new issue