From 648af577625a0142ec98e5eaf44bfb070c1aceba Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Fri, 16 Aug 2024 15:35:18 +0200 Subject: [PATCH] Let's set a db password too --- nixos/hosts/queen/secrets/sops.yaml | 5 +++-- nixos/server/package-configs/writefreely/default.nix | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 68d0e73..2213774 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -12,6 +12,7 @@ coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYis grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] +writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] sops: kms: [] gcp_kms: [] @@ -27,8 +28,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-16T13:19:27Z" - mac: ENC[AES256_GCM,data:C/wU6gDxhgkmzFEOw+NJNRNyDctnCgt8/FsJUhysJ18f344GlCZcLNTOKT04bklfP1y/LGWeALZPWB5crump3k2YuK6kwQsoOkder9BO2GY/bPaLty03KY5xALYFP7vQwfLx7Z/pO76jHVRT19Eh0/tXqb0BHs8qXtvot81g5HU=,iv:GbEt2IFMc/QaUCOcrVhjYVbLUh4monovspYl9DxTA/w=,tag:5dt+5yK/kNOhkn56ufYDxg==,type:str] + lastmodified: "2024-08-16T13:34:43Z" + mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/nixos/server/package-configs/writefreely/default.nix b/nixos/server/package-configs/writefreely/default.nix index e196004..8021324 100644 --- a/nixos/server/package-configs/writefreely/default.nix +++ b/nixos/server/package-configs/writefreely/default.nix @@ -5,6 +5,8 @@ }: { sops.secrets."writefreely".mode = "0440"; sops.secrets."writefreely".owner = config.users.users.writefreely.name; + sops.secrets."writefreelymysql".mode = "0440"; + sops.secrets."writefreelymysql".owner = config.users.users.writefreely.name; services.writefreely = { enable = true; host = "writefreely.gladtherescake.eu"; @@ -14,6 +16,7 @@ database = { type = "mysql"; createLocally = true; + passwordFile = config.sops.secrets."writefreelymysql".path; }; admin = { initialPasswordFile = config.sops.secrets."writefreely".path;