Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

A sops test in practice, not tested yet

Browse source
This commit is contained in:
Lillian Violet 2023-11-20 15:36:39 +01:00
parent 0896f3fb01
commit e0ea1c9f06
3 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/queen/configuration.nix
View file

@ -122,6 +122,7 @@
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
shell = pkgs.zsh;
};
nextcloud.extraGroups = [config.sops.secrets.queen-Lillian."nextcloudadmin" config.sops.secrets.queen-Lillian."nextclouddb"];
};
# Enable completion of system packages by zsh

6
nixos/queen/nextcloud.nix
View file

@ -42,6 +42,8 @@
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
configureRedis = true;
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
@ -51,10 +53,10 @@
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
dbpassFile = config.sops.secrets.queen-Lillian."nextclouddb".path;
#TODO: work with sops to set this instead of a file & make sure the db setup is the same as on the previous server for easy migration
adminpassFile = "/var/nextcloud-admin-pass";
adminpassFile = config.sops.secrets.queen-Lillian."nextcloudadmin".path;
adminuser = "admin";
};
};

22
secrets/queen-Lillian.yaml Normal file
View file

@ -0,0 +1,22 @@
nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
nextclouddb: ENC[AES256_GCM,data:Jl2Lz2n64tQYVmj0t/ZIfae3KNk=,iv:e/ne3VfIMhCX1ohgGyhFK2tHGwuXJGFhxtNIR0ZHe3I=,tag:Vr1Nn2279t91LvD1XVbJKg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMmlWMEsrVHhYT2ZuN05a
alAzNWlPMDVJeVdGMTQzQXNlTmw0V3E3UHljCmQ3WnNuY0liOGtqdmNiRmQyV1RN
d0ZKQVUyeWFjOXpXWVVSSFlPVXhjUmcKLS0tIFA0RkltN01XVXZnR3p4SWxkVnAr
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-20T14:35:52Z"
mac: ENC[AES256_GCM,data:IZg0gpsnLu4/dSjeiV3nf2ZW+ifq3FvshLeYE/fNOpNWTdCRm8OhCJNxY0kTuTBae7vCQXcjUQHCuAd+1eZPQD4juBOUd7CVOE5Chn4/o01HyEncjBjwha7uxLazqe15Q3gIFxC+8vqnAbV1BVTh1gIpkSaM61nE8Thr5sE8kvg=,iv:Dg8tUPT2V+IQK7/7DhrZHcnWoxC1APwQcM9owTzU+PU=,tag:qbypt7U5r0O3RRuNdOswIQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1