From 6d356b56c57d7f1f5a1f0e81b18223d58065387c Mon Sep 17 00:00:00 2001 From: soraefir Date: Sun, 31 May 2026 12:32:37 +0200 Subject: [PATCH] gitea token --- modules/server/containers/apps/gitea.nix | 11 +++++++++++ modules/server/containers/apps/jellyfin.nix | 1 - modules/server/sops/server.yaml | 6 +++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/modules/server/containers/apps/gitea.nix b/modules/server/containers/apps/gitea.nix index 1484683..7459e13 100644 --- a/modules/server/containers/apps/gitea.nix +++ b/modules/server/containers/apps/gitea.nix @@ -138,6 +138,17 @@ in { --synchronize-users ''} + PSQL="${pkgs.postgresql}/bin/psql -U postgres" + TOKEN_STRING="$HOMEPAGE_VAR_GITEA_API" + SALT=$(${nixpkgs.coreutils}/bin/cat /dev/urandom | ${nixpkgs.gnugrep}/bin/tr -dc 'a-zA-Z0-9' | ${nixpkgs.coreutils}/bin/head -c 10) + COMBINED_STRING="${SALT}${TOKEN_STRING}" + HASH=$(echo -n "$COMBINED_STRING" | ${nixpkgs.openssl}/bin/openssl dgst -sha256 | ${nixpkgs.coreutils}/bin/cut -d' ' -f2) + LAST_8="${TOKEN_STRING: -8}" + NOW=$(${nixpkgs.coreutils}/bin/date +%s) + $PSQL -d "gitea_db" -e \ + "INSERT INTO access_token (uid, name, token_hash, token_salt, token_last_eight, created_unix, updated_unix) \ +VALUES (1, 'homepage-dashboard', '$HASH', '$SALT', '$LAST_8', $NOW, $NOW);" + echo "Completed Gitea Setup" ''; diff --git a/modules/server/containers/apps/jellyfin.nix b/modules/server/containers/apps/jellyfin.nix index e779349..71d7c62 100644 --- a/modules/server/containers/apps/jellyfin.nix +++ b/modules/server/containers/apps/jellyfin.nix @@ -173,7 +173,6 @@ in { INSERT OR IGNORE INTO ApiKeys (Id, AccessToken, Name, DateCreated, DateLastActivity) VALUES ( 1, "$HOMEPAGE_VAR_JELLYFIN_API", 'Home', strftime('%Y-%m-%d %H:%M:%S', 'now'), strftime('%Y-%m-%d %H:%M:%S', 'now')); EOF - echo "Completed Setup" ''; diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml index 1666fd6..f52defe 100644 --- a/modules/server/sops/server.yaml +++ b/modules/server/sops/server.yaml @@ -1,4 +1,4 @@ -CUSTOM: ENC[AES256_GCM,data:D631R3IKaUkJuunXNIlCV17RQFpCoubu6umifFJQyi4d0E54f6bkqju3mEDSFQXTW84e9PYvgEFPgKmwVnGd0NUuabfQ57VtjIeTgmcNBgWhMAKBmPxEouAlDVPfFHvhXuqQqZr/pZh5qaBhwe0hBZoAxAevBcGJj7xSuIwkL71pKszfxBS4igm+WzNPH5pi7HdefAE8H7hcauS0EU2R7C4kIixzFtnPh7lY8I8PTDtRpaVtsnKyW/GZzR0WwWjj4r7xetw1vRbZ5aedcHwbV3gtPrRdhAboq0fE1Gsm9D33EMyK5mDRSZ7PXuJhv97pV9eNyb7s/b4r6JYLQnWgF14YZJOAVtWXyI0BWXhXzYsCaE/qwU0iB+DJHukAIZu3Ur6JiGINEDZD+dBcW13RNKI/tlnT1CaI5wK8GJLfxZZtL43iLIW6ApuzTAys/oe827hgaUeLB7BE0kijSTzHDpxUaidpxAAwErRZtsxWzxeUtRGmX4j5EAS3ymKG4Tvts5dSwYnjG0WRYr/rRN62p1H2HjE3daQuR9MipaW3BkG+wjc+IhqwT+eaJsGeUegb4veXuAdmL/A0g29x0YNAABGNZxCx+zMFoQ4CP+RYGj10A8yk77k+EmoCpb0crK4Q4XXn1gL4VD92Df9Wg+QoerT8sKmc9gLcuzX4h+edHSlLabXCixguIdjwKGBzipwd85XN2w==,iv:7RyHfM2qHrKLUOgBBDIQ9qz8EJYp8ymomOMElxWKb/E=,tag:XH83vTZdVGlcfgs9xL/1uw==,type:str] +CUSTOM: ENC[AES256_GCM,data:IKlbkJ4te4kHcFlk5aNDKeyEmCsqqSf0f3JraYobasPZkzQWBgTsMTPmhUIfP6N63GCuCJrzUZSuUDV+puRidR81TyV5u9lKCJfqtm9EF7QdnKaacwa44P2SgtJZL4cPVsMjiA5EDNSIkcJv9jGLD01yJDyhHvcTKeQf/mDG9oOoIyvUj3Gh/lbT4pmHroZUh8FhqKETlPggeYPobaL3EycXtAqzrQuImII3vVehnzpgwTbgo3LlBo26nmpywWNxWoZrdaDc8oHrF3SG/Xn3+wFarpUuMGXRJ24JFs9TvoSUtOSWhI3wZi3XI/xNGaIjIpdAuG2UCoZsZdcq8z5pa8z3XNBWl/F5IXiUSfLTf6R2QeUK7Xs3H98Jy/rYLufK43s4YJEzY4nJMaicqdxRejfyI6B+/h8pg2ZKZFdXY3FjoRa/loiRUcGZ5uQmHyz56GuaZ+KeD0UZXdJNpgAPkbyroBBhP9oZM+iTQK1yfFSpSrc1YQ9qv+aYIhzNU1j3cC4UTx8PMqL31zXQVpTj3HbHK9CT7g5hchkUI0UoGagtDXkQnsUHrJxYCcHrlg4CwZZi76UwvN5szEjb4Jbbi0OYhYBVmVPqbeeKzHjTgr/siJRjvxjtrb4UglaCQC7wb5gofZOvqnVH9LMXicLqHZ9mrndVFBSUGBEOaMHORUx2BhK/ychPCkMBmVFeScl5IANm+NGDCvAJwr+YGXRhe5dn9MlZJiCnlaqYwztMVmTnzh6IoTX1vhhCV7SdI6DXPR2r2aW2l4oAF6Nt,iv:B8QxoYDYv9GvwwGp5xmSA8AOezF6hY5kS32EgwL7PMU=,tag:2p4s1Ag2dWtgJzx5OMoqjA==,type:str] TRAEFIK: ENC[AES256_GCM,data:Ei+/OL7xwNaOEg3rSaz95N78nvp51lC63XCplNzeD+bBMGcK9G7HoyQxfpaJ7S0MkuMW0ZXT2nJ4GES40GoJCZIrnEiSBm2tpjDfNjlS/rFwxx0wVfM1nsEuBf3pL5dqiCNa9+Lad2Cd,iv:d1MH0ive+E8xuUK0CIOXZeEigHJKVGlFaq0iH4KSbZA=,tag:VTARuNeotr2I0+fdOk+iqA==,type:str] AUTHENTIK: ENC[AES256_GCM,data:HlUFb7JjzSMTM345miSLlUE4SEXgaRAx7SkDDQzaJzs9VuifJKtOE2M4PCKc35VjVt9xIFH+YoIE93re10Rwbe+QEaUphPOgb/G7jRhaaPV/roBYuv6uO5xy68jaVJZpobxajOSVUmJa1JANCh1qrX0+Imr6udYULvK6wQzAnu2tEDkElQ3eZtezUa4E5ia1j7RCYTTPW9oie+YEVJl5Aws2HzPK5q0wKojZOmHanbnKzij3KnSgtsMc3ftL1Fam3wlSk2n3Tw0nz8aBag9IPwYje5zdBkDJY6qiBwYKcBPQUIW+Na0xX2JHymwJSzMdKmW8cEV9b1fXCPsnYVXulb4VMVkTk4MibZ3YT57wlFhqhSy7D39ZTySllIZg8sOrj8cKhpJ3HlSbceD1GnPJatVzZkDkDeyICLu9sYX3B+KrCDlL5sUMPagUFc3g3HUAPxLVPltoP69ro69acUoz5w8gkAwHlE45I3biC/jLz4telEcW8GkF868j3gsHiayE3f87T5MOPvuvhAFdSMl3SF1ND3mWjJq7+FmA6BhxgESg4m+vPnYyVumcbXJnbgfW69BgPYcL1CWZcA+SP6OWg9GOYT5SuWixkaGn2TgRAUj3nlCcAja8,iv:uXAyOIBl9lGYBvALMdvp2hf6cj6QGWRcyUvEsjIDr1I=,tag:iLxO/qYT2zafXhFGVVUYkA==,type:str] NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str] @@ -32,8 +32,8 @@ sops: S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-31T09:37:49Z" - mac: ENC[AES256_GCM,data:LH3FQ4yUwSLghZ+lrKyBkTS6Tp+xcf96pSKsozdqtesOWXaEs4qkVnjA/bitjSymoiLZicMl7GBP8GYGBtIbXoTYQnqkEeGGBqdNbrFHLjBZ6Lfs6u+OtjOd6pPx6X9FiiNdZvxS+XfK5IbhaYt42Kvleb5HoX+7YJ0CTEpm0Pw=,iv:x1ENFTpPjLlZMGq3Lddw7pYZGFl2j/rdV9SjRalal+0=,tag:X9LCng6AQAYA9dDs/wA7BQ==,type:str] + lastmodified: "2026-05-31T10:25:10Z" + mac: ENC[AES256_GCM,data:rtnrusrWoIu9OHVpJUcmqoD/iegbU3dg1DAr/Z53r2tNrjqh6zcUwdMPfQvutyYoSeqE03Ak7rIhygNlpAl+EexUe2GzdQIHmI0n6yRVn2KxnmfoyW0Nsvs7JDWFfAO1N/w3bRiFi/d6/tpGR4xFKTxvRe6BzHve7tVE/uqd/PY=,iv:NWT3gJl3elArelheoK518aG4rumQwzwLsB6Se4z3PGc=,tag:4Y/7KnJlBioPFxvh7bv0Mw==,type:str] pgp: - created_at: "2026-05-05T23:46:27Z" enc: |-