set secret via systemd to avoid users entirely
This commit is contained in:
parent
0fd416429e
commit
56690ad45f
|
@ -14,7 +14,7 @@ sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8P
|
|||
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
||||
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
|
||||
mollysocket-vapid-key: ENC[AES256_GCM,data:w0tcRqjXrhjem+4rfZuSSfeex+Fpi0du3EhUdPsBRCuO7L2OdVml1CU2QA==,iv:bGfYc1T+21/rcGdkHAFqteSffXPUhvoateSqbiSPb10=,tag:XqrU5f5f0sxHTkARFdNVeA==,type:str]
|
||||
mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -30,8 +30,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-01-14T12:47:32Z"
|
||||
mac: ENC[AES256_GCM,data:HxttRqB9RgMP9xkVTPXUE9MyGon3VJ7DW6gyNIII3svgcZItl39HIG3aYTsS3jAWShZQ/iSxERXbwusAb/wAC8VNXNI04BZGK9WbExSJKXzAzBLXI4ajUsJ27POf+4mi/8fwdSSRpmZdfYhbxuzBs8jI6/CJ40B9Dbp/DtndXTk=,iv:GPSoTNfsBEFNwCqAnOpylbl0LJckrR5lCznzzi/BAI8=,tag:kRwqzIh0TWz4MR66vKwgSA==,type:str]
|
||||
lastmodified: "2025-01-14T13:43:37Z"
|
||||
mac: ENC[AES256_GCM,data:GK+WcmMgDbZ5xeqMK06CuquR6/ptd2oXzVJ9V74+n6lBx4XsyPu17puKGKgsGsIHeRYdbwtQh8tm42/XJ0tK8qJz1yGvfQxPasd+ibRBHatWWHzQ/czR3NIRWYqGF9/mxi2uHrftaKtku1/huxjzjb69blopMzn2LEH0vCzXCkc=,iv:K6Fbhmz9FAzLd8KcjDSriVre8MhCYrGTVXh+u6oGLaQ=,tag:4Ylrs+Mm54vAKFQyyo8Njg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
|
|
|
@ -1,26 +1,16 @@
|
|||
{config, ...}: let
|
||||
mollySocketUser = "mollysocket";
|
||||
in {
|
||||
{config, ...}: {
|
||||
sops.secrets."mollysocket-vapid-key".mode = "0440";
|
||||
sops.secrets."mollysocket-vapid-key" = {
|
||||
owner = mollySocketUser;
|
||||
group = mollySocketUser;
|
||||
};
|
||||
|
||||
services.mollysocket = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."mollysocket-vapid-key".path;
|
||||
settings = {
|
||||
port = 4381;
|
||||
vapid_key_file = config.sops.secrets."mollysocket-vapid-key".path;
|
||||
allowed_endpoints = ["molly.gladtherescake.eu" "nextcloud.gladtherescake.eu"];
|
||||
allowed_uuids = ["*"];
|
||||
webserver = true;
|
||||
};
|
||||
};
|
||||
systemd.services.mollysocket.serviceConfig = {
|
||||
User = mollySocketUser;
|
||||
Group = mollySocketUser;
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"molly.gladtherescake.eu" = {
|
||||
|
|
Loading…
Reference in a new issue