SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add gitlab login to hedgedoc

Browse source
This commit is contained in:
SebastianStork 2025-05-24 15:15:24 +02:00
parent 637670655d
commit 529bf4abec
2 changed files with 28 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/cirrus/secrets.yaml
View file

@ -2,15 +2,12 @@ seb-password: ENC[AES256_GCM,data:/J83cgpBhjl6VveVZTX0ElEyexn3G3pZp6RKgfbR39QoG/
tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn0j08nL6a1Vg4n94LjkWYlcLIj9Axj9UCRurgPVwNpA0=,iv:iKZzHTD00h9/vwkewo14Ox+9EMuo5GawemRVjn1gLuM=,tag:ikLoAEbMDNlRZ3PGke2OZQ==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn0j08nL6a1Vg4n94LjkWYlcLIj9Axj9UCRurgPVwNpA0=,iv:iKZzHTD00h9/vwkewo14Ox+9EMuo5GawemRVjn1gLuM=,tag:ikLoAEbMDNlRZ3PGke2OZQ==,type:str]
hedgedoc: hedgedoc:
seb-password: ENC[AES256_GCM,data:hzUFWZ3m6oIUOySTHfRyEDSNqYIfJndYSg==,iv:wg8aMAEbvCYVfqMhikF1tbEdB+CYzLB4azlLN6OU/HE=,tag:Yf7xUBwIetnkUnncOi/V8Q==,type:str] seb-password: ENC[AES256_GCM,data:hzUFWZ3m6oIUOySTHfRyEDSNqYIfJndYSg==,iv:wg8aMAEbvCYVfqMhikF1tbEdB+CYzLB4azlLN6OU/HE=,tag:Yf7xUBwIetnkUnncOi/V8Q==,type:str]
gitlab-auth-secret: ENC[AES256_GCM,data:vxgXbP+6mtWpjgfsEaFHJd5IVM+oPPHhYNqwO76+Zw9j2fZZane4T9YUixUvM3kYQwW+Ml/gRHn9GjgM1fIYRRKAsbO1wA==,iv:lyfWZFwZjdP005X4USGKM1OWKu3W8YTZ0oWODhF/uPI=,tag:3Kj1/pUjMo8GjIDTdPBo1A==,type:str]
restic: restic:
environment: ENC[AES256_GCM,data:oPgJ20N7eO0W+SnRPA/uaGDbYBpKX3jWixuVIG0+eBRRlaPWBFpJKA7CK9oVvwuqQUtGiRnoR2gqO42C22WRSiHXqe1zoarhvQMcXy8CTQd6Y+k5iMspSzMZynfkMapooK4=,iv:Ub1ONOcoEZ52E8W1qK93xpmYXMUiVszFbHoO/pUa/Mo=,tag:2yTJZmirhPIN01cB5F0Lsw==,type:str] environment: ENC[AES256_GCM,data:oPgJ20N7eO0W+SnRPA/uaGDbYBpKX3jWixuVIG0+eBRRlaPWBFpJKA7CK9oVvwuqQUtGiRnoR2gqO42C22WRSiHXqe1zoarhvQMcXy8CTQd6Y+k5iMspSzMZynfkMapooK4=,iv:Ub1ONOcoEZ52E8W1qK93xpmYXMUiVszFbHoO/pUa/Mo=,tag:2yTJZmirhPIN01cB5F0Lsw==,type:str]
password: ENC[AES256_GCM,data:gMd4G8o83r3sTZEH1kRkn05Mye96sHV2mdRWNbbS,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:CeFrP3pO1VmGxcvj7b7pYA==,type:str] password: ENC[AES256_GCM,data:gMd4G8o83r3sTZEH1kRkn05Mye96sHV2mdRWNbbS,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:CeFrP3pO1VmGxcvj7b7pYA==,type:str]
healthchecks-ping-key: ENC[AES256_GCM,data:HT6bEtZ4ii3na8VDRA59GHtRuaOV+w==,iv:ZZlnpDPoPUYgq/jHOfCqHMUmKpPUTpXmZp3GWxYAL3I=,tag:Lg97lItvoGzXqoz6Pwadfw==,type:str] healthchecks-ping-key: ENC[AES256_GCM,data:HT6bEtZ4ii3na8VDRA59GHtRuaOV+w==,iv:ZZlnpDPoPUYgq/jHOfCqHMUmKpPUTpXmZp3GWxYAL3I=,tag:Lg97lItvoGzXqoz6Pwadfw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5 - recipient: age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5
enc: | enc: |
@ -30,8 +27,7 @@ sops:
aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae
XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg== XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T23:03:03Z" lastmodified: "2025-05-24T12:58:09Z"
mac: ENC[AES256_GCM,data:gLqjsRMjDl3ajmnKlwarUfCCJ+IyiNru5PXQvcsPI8QZTs4W24h3Addhrvz0B6/LlfH9KsE1Jt1WT0BIiCsFE0yn6caiVOgW/LQWl8OxAsfe9oNdF7IDNO7qwf3C8KbPJvmOB7RFwRp06RV/AM+AX8ECHfTi+lBgJKr2hzXcIxU=,iv:fL+SphEEX7U+nam055YXqs3iXlMD7QXknl7c5JPhU1g=,tag:xgQVKaUIzTwwkHM6Ex3skg==,type:str] mac: ENC[AES256_GCM,data:V9bfym3Qm6Rf11UJY3VeWXfeA6wg/nFqroz9SMOSJHs6G8+QQ9NrOs6/5JP9mEZE9d6pR4Sqi/5WOFboi24dbAwx/0LVWDiWOMKzIDnOEB6FPYACefSBafrW7OAd5M9xacNTsLAHZMZytGpH0P+WW3EgQz2HuSJl/L42TunmyZo=,iv:KhoDvgOOOKu/RkDOE9DgGZdVB0TibAWjPLJBFNvPNuw=,tag:q3F8PdSDP1ORDpOiy8W+4Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.10.2

22
modules/system/hedgedoc/default.nix
View file

@ -26,14 +26,29 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."hedgedoc/seb-password" = { sops = {
secrets = {
"hedgedoc/seb-password" = {
owner = user; owner = user;
inherit group; inherit group;
}; };
"hedgedoc/gitlab-auth-secret" = {
owner = user;
inherit group;
};
};
templates."hedgedoc/environment" = {
owner = user;
inherit group;
content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
};
};
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
environmentFile = config.sops.templates."hedgedoc/environment".path;
settings = { settings = {
domain = "${cfg.subdomain}.${config.networking.domain}"; domain = "${cfg.subdomain}.${config.networking.domain}";
inherit (cfg) port; inherit (cfg) port;
@ -42,6 +57,11 @@ in
allowEmailRegister = false; allowEmailRegister = false;
defaultPermission = "limited"; defaultPermission = "limited";
sessionSecret = "$SESSION_SECRET"; sessionSecret = "$SESSION_SECRET";
gitlab = {
baseURL = "https://code.fbi.h-da.de";
clientID = "dc71d7ec1525ce3b425d7d41d602f67e1a06cef981259605a87841a6be62cc58";
clientSecret = "$GITLAB_CLIENTSECRET";
};
}; };
}; };