From 236f9dbdc30cd463e2e2858a27bb1a47391d53f6 Mon Sep 17 00:00:00 2001 From: soraefir Date: Fri, 8 May 2026 20:50:13 +0200 Subject: [PATCH] Sops --- modules/server/sops/default.nix | 6 +++--- modules/server/sops/server.yaml | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/server/sops/default.nix b/modules/server/sops/default.nix index 73f2656..fc9d4b8 100644 --- a/modules/server/sops/default.nix +++ b/modules/server/sops/default.nix @@ -2,12 +2,12 @@ let listNames = config.syscfg.server.db; containerNames = lib.mapAttrsToList (name: cfg: name) - (lib.filterAttrs (name: cfg: cfg.db or cfg.sops or false) config.syscfg.server.containers); + (lib.filterAttrs (name: cfg: (cfg.db or cfg.sops or false)) config.syscfg.server.containers); allApps = lib.unique (listNames ++ containerNames); in{ sops.secrets = { - INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; }; - } // (lib.genAttrs (map (name: "${lib.toUpper name}") allApps) (name: { + CUSTOM = { sopsFile = ./server.yaml; }; + } // (lib.genAttrs (map (name: lib.toUpper name) allApps) (name: { owner = "postgres"; mode = "0644"; sopsFile = ./server.yaml; diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml index 319da05..694637b 100644 --- a/modules/server/sops/server.yaml +++ b/modules/server/sops/server.yaml @@ -1,4 +1,5 @@ -INFOMANIAK_API_KEY: ENC[AES256_GCM,data:LFAT94Wr/rggjpIkFa2RINJTSRIcrFAfgtZzI75hyGUK/sHuIgNtsvBJnztwKcUG99mC9hRjj8NoRtBHDM9JU+VNWi1rJVCq3jQg5kuU1Dk/js5lJRpqBJOfeigxfxkU+JiDcujNK7Q/,iv:DEvTTcdEvbmHsSx+qX+QDm1ISR5y7L4fKKLXjUFCopE=,tag:46uXjEHmnzH1P9Kb5z8j8g==,type:str] +CUSTOM: ENC[AES256_GCM,data:HYYOJP3ZzRWS,iv:BVwIJzfHzOxbKTrcA0yajCfIJkEjRXcztk3naqiqf6g=,tag:feuz1VIj0QWX7PpQRFO6iw==,type:str] +TRAEFIK: ENC[AES256_GCM,data:Ei+/OL7xwNaOEg3rSaz95N78nvp51lC63XCplNzeD+bBMGcK9G7HoyQxfpaJ7S0MkuMW0ZXT2nJ4GES40GoJCZIrnEiSBm2tpjDfNjlS/rFwxx0wVfM1nsEuBf3pL5dqiCNa9+Lad2Cd,iv:d1MH0ive+E8xuUK0CIOXZeEigHJKVGlFaq0iH4KSbZA=,tag:VTARuNeotr2I0+fdOk+iqA==,type:str] AUTHENTIK: ENC[AES256_GCM,data:dZ+Kf85ZjaZ82coYNeNOXe5zfD2M9rEeOB6jDNoaKmo3jMABhnha+iBvYJTI2NltkGzymPJQI+JV8F6GdT1l6cqcR8p0nNjQjS1BMk0rR7n8RCp6MazUTJuIjbEq6zEUrA4SXquw5gZDEp4FLo010PhoLaLinHg8OoqzjDsTxdcKevbQWmZeefDBrwXWpz6BlkRIQA3KazVb0w7l1jDTIkozUIWbvtvtk5ccGjzx3b+wCC36QYFcHHtPvFZwMDHzFPVBd90hWc/BwFfvCExONmH0S7GLFTp7I5NsBnWpT0AHUHHc5PlSR2dUy9H2DZ3IkORdNVzOaqESbYKymuWTQBDQuyI9IJdt4Cac0CV9i6p8rFXL6fQyQKZ9djHX8orpyCUeJXqFs8I6et+IzpTeZcmdv/76Q9tomBBi4k4PRMXpeff8Bn02bOSb7RSaj5NVeWxIhZkh3sEXUeva5/yrAYT30mrLpbwzWoCaKrPCPLIcFxvNrYxPUo6kVVz1jSlBurvcKefbreJGqA==,iv:Hj7aBfDLSqRBzueN8b9F9TutpjMESFloqrnirSmnH9U=,tag:1ikt1JvuhIZCx68nh/VzMA==,type:str] NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str] COLLABORA: ENC[AES256_GCM,data:tY4LLma/7Ut9J/6C3GRyjRn30CAP76hT573++cLqGj7/BSb8uEkU0sJ/CUmSEJvxLqnoFgjc+XWe+NJSiNMWKYfnHvf1DglMntkJB+BgvnbYvHAYOHOAJO6Jp7YhrYvXdy+HoT4DNaQbcDhYuYI=,iv:uPxznygpX6gtmJ7dZ/WrbxyuMjup0wtbBPS7xYinrwI=,tag:rdqrSIokAbkRzP4FLxqYLw==,type:str] @@ -23,8 +24,8 @@ sops: S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-08T18:32:30Z" - mac: ENC[AES256_GCM,data:6f4JGEHzItp2KLwl6/mUpyR3f1HxX2clrP29bFrAsmKYFQ9XhrDKdgmcF+Q85tBTUXPEkRPVIqKUBuiqyP6V9cEbFxVrMeCFPlCZ8xeSFtok70+9l5gpJ2xnHj5Y/Nnd5Aie901adzZo+o/vz/Rx/B5RgmTxNIt4y1j1Xe8LwJA=,iv:FZYCyvEcjcoDN+7WQ2FYg4+YJif4GBHms9BK2TW9yR8=,tag:C7+hEptijxIlrvLJOAjfpw==,type:str] + lastmodified: "2026-05-08T18:49:54Z" + mac: ENC[AES256_GCM,data:SJgQxg2OSrETwYqO1avsyw0T4jWDyfMJn4MwUCd916VXRl9LyG/uDMqXmfvo4r4etJcaavi1GnMlaAC9VTxDEDhvA2lku7GtpJyepAItUhi+17x8QQfJJ3sj3mexoL7QOzSekBukEz9P4vsgiOB72AiZW/rg4qZRwcxHRxN6h1I=,iv:mpaYdBwtr0CKmc9OD4ZeFup24qvihxpClmFG4S1HlFk=,tag:uS2ec0CeL8tFOsD7gy9AUw==,type:str] pgp: - created_at: "2026-05-05T23:46:27Z" enc: |-