From 58d30c64273a754065c87ce7fd2bb4468e5a20b4 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 25 Nov 2023 16:44:55 +0100 Subject: [PATCH] Add secret erlang cookie --- nixos/queen/akkoma.nix | 2 ++ nixos/queen/configuration.nix | 2 ++ secrets/queen-Lillian.yaml | 5 +++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/nixos/queen/akkoma.nix b/nixos/queen/akkoma.nix index 2a8e235..c150c83 100644 --- a/nixos/queen/akkoma.nix +++ b/nixos/queen/akkoma.nix @@ -24,6 +24,8 @@ forceSSL = true; serverName = "akkoma.gladtherescake.eu"; }; + dist.cookie._secret = config.sops.secrets."releaseCookie".path; + config = { ":pleroma".":admin_token" = "uknJWzFoYtEyZXXsCCtAMYzojXMQoHas"; ":pleroma".":instance" = { diff --git a/nixos/queen/configuration.nix b/nixos/queen/configuration.nix index 35957e9..974817d 100644 --- a/nixos/queen/configuration.nix +++ b/nixos/queen/configuration.nix @@ -62,6 +62,8 @@ sops.secrets."local.json".owner = config.users.users.onlyoffice.name; sops.secrets."mailpass".mode = "0440"; sops.secrets."mailpass".owner = config.users.users.virtualMail.name; + sops.secrets."releaseCookie".mode = "0440"; + sops.secrets."releaseCookie".owner = config.users.users.akkoma.name; nix = { gc = { diff --git a/secrets/queen-Lillian.yaml b/secrets/queen-Lillian.yaml index 7e81193..fc2c77e 100644 --- a/secrets/queen-Lillian.yaml +++ b/secrets/queen-Lillian.yaml @@ -2,6 +2,7 @@ nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfU nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str] local.json: ENC[AES256_GCM,data:EWMZTvnP9DmJKZq3mejvlSc8e2BZxcREn+XB1tAM5NLS0G2fdWJThkkgRz2owdAiZV2BLc/yqr4DqJzDIXiOxWWBGAbqRFH5kPw2mAdkAcW76F8tUNQSBtQXM+Gu3W3EwjQwNiwVlb1jB0BNWU4TJfZGfdk2Vt0R7ggTJhRIAwQiXC1VtMWmlAOyRIaiMzaY4ktEMJT/nxF8koZV79kiCFcAGHzoYynW16y2QkaxFca/4bTvBJCAMBuK0lLF9xeipyGZUgxPV/OAQkrQGAqHcrHL+FmQiFEIuLUBzTDQp57kV1EKKCevRUcPCX/NhQGgLYVgDrsLTb1ftB30yHjWUap+JttKXBk2HElnQVEdS37zADyQ8tYrD+2l2CLrBGctVpg6K61OP44=,iv:VbJgmvIN1/FjQJl58KBsDNTyUWtIAYbBB0iPe6I0+hE=,tag:if16JgRVPeC+m8vFeYhKtA==,type:str] mailpass: ENC[AES256_GCM,data:UVrc1RUV0xJFPiZ8J4refglR0p35gUd21EvvTSoeXHVE9/xC0biKmjdPu8cBmimNPmKJMvZRf8wOz+/x,iv:zIYI9JY/bfUc3nNPNopKMbh09B6KUotMUAmNDzVUBN8=,tag:53N8WlQ5CDlrp/KIEQiHgQ==,type:str] +releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/J0AP0o3qw==,iv:zS12xjcNbLaLaLd3VQT8+o9hDqTo1cZdxoPjjhiExDU=,tag:nJFelasEUjebEBpvmfcDEA==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-24T14:30:34Z" - mac: ENC[AES256_GCM,data:Tl4eqh2SUEcgfOynbLoclpJKhMHkkaeV3bvkYB4dc3tv9hEWuX5HR1iI67+HVImdLcJ1zTyWkNSl+89MOWkSB85Rb643uCa5myDFQ30PHWN2ubPVoY3XzucW0nzBllZZsH6lPakNXwHTLkcf1etnWzL+/sXnYff2S/WPqTAdkwU=,iv:aWlA7jfBGStCELf/6ij2aT7EAwRp/RQP5Sw4WMPqbtE=,tag:bvSiyFrqPP0uB71zQTH08Q==,type:str] + lastmodified: "2023-11-25T15:44:36Z" + mac: ENC[AES256_GCM,data:W8TbF2J1OmvWYB59ZzGW7NKmzlKNln4jsNwh6XAIh2X3fOAplmvDZj6MzyK/UNiVzS4b5GfaYas140yVh9YUNkI9QL4CCAgSph+axwtPibjqCUfdMw2xWsgRlm6X9nxsDw0DFCGdJaM12G7thYBGJmIlCmOE2a9qiRv0ZDEXiMY=,iv:EZpeOqxDke5MxqpKCHjECefWYQJYEz0X8k3ebPyhawk=,tag:QUxAtB1hzFAoU2Qd5xA3VQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1