mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-22 00:21:34 +01:00
radicale: Use hashed instead of plain password
This commit is contained in:
parent
2240bc9c91
commit
6b8724f441
2 changed files with 41 additions and 41 deletions
|
|
@ -1,40 +1,40 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:5RF/qbpMl1zq0SAdDNyI4EaSkN7dwSyG2K8wsAs77tZEOQxNzNasLiuGeQwJdzNXVaVeIx53nWSGPtdYSBQjkGPN3Q+0YX/S+Q==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:tqmBxOc62IhJGxXvjzugYw==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:p/CZOdluFGXpY+Pqfd1XBQnjOo4bMYx4NNiEIVuLZXkEIJLQmXyQCpQ6jCszzcr6O6YIootcjyASyx3sFw==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:Nh+fP6VqpxfZpx8LliY6tw==,type:str]",
|
||||
"service-auth-key": "ENC[AES256_GCM,data:KLaSMrOXEeHI0RmKK83eTPjCsr07SMOJnk1ywmtg/VIire/629UYSIzOIu/AAeHxWUiUsku4ADzyAFnr6ak=,iv:1e7sWm+CEXOBt7p74b9O5Hhs5+NYv6v6QfdqiKHNn18=,tag:dql6J+VDZ3mAds1ogilceg==,type:str]"
|
||||
},
|
||||
"restic": {
|
||||
"password": "ENC[AES256_GCM,data:bHQGGxWLEeXtq/6Kcl8HzrEb8Z46WJwNQgNOJjZz,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:0og/qnjxvGsilAV2LWKSHw==,type:str]"
|
||||
},
|
||||
"backblaze": {
|
||||
"key-id": "ENC[AES256_GCM,data:tA0VKR3AhXqtHImTfiXDeIINCwkBxVNS/w==,iv:TEtsDdGmB5MVuIOPVr6UxOaLAfbGKOeZxXwaW86X+t8=,tag:JPKf8qUzfXDXTqNUl95+2Q==,type:str]",
|
||||
"application-key": "ENC[AES256_GCM,data:o1CFIZiPiuY1cdAFVQpmYRzog7/Lzu9sGbZqczd4vw==,iv:UTn1iz3fTCVleFSe1yP6fOJB4DKKQJEG7naZclJ+i2M=,tag:CIgb4GeFD/seHS0o7nxsgg==,type:str]"
|
||||
},
|
||||
"healthchecks": {
|
||||
"ping-key": "ENC[AES256_GCM,data:fUcldy97AWJOGIemkKwRzRNw5IUPzw==,iv:caY1tuMTxNyl8USsgKiSuAOIczvn/Xdx6Taj7BQRCyE=,tag:28ssHfDMjVnTG+GfBVjT2g==,type:str]"
|
||||
},
|
||||
"syncthing": {
|
||||
"cert": "ENC[AES256_GCM,data:8G697avMrmghzc8m1h7K0bbo4cK4tlToyaweU85N+GQgyjbHj34USvdMTBzdQs0yz/lgzhzxHURnwM/bWINCXUxhxI0aoH3ULU4KH0PvCV9I9Xbsvj4PNO+fBsMqExL11m0fyCngk7GwBavNpQw+X62a+SwGfyuPdLdjRUqSAdXgTpk9bZ3PIUjb+XLMpiQ2hElFKtzp85WTY1GcSyjG98ineSB/p31SX2svtvojy9dNwpVeYirXeh2ZJLj/EyS+hOfrYicQ6X8KnrGdH1FKXaci3xAhDg45PJLiuh0Dxi+sX1bZ62S3cHWDhq5S/GucwNrd1dZN5T8m9HPVmIaJcGk5mEst4oKiCugYEeio39JWShTDNgIBXlFm+Srt+2aKEqOrnukl1hnvnVPcTPfhYVaUiQdlQadWB3qLtZpTuSjvKvclrhpSzzFz/l1gjo3kWLBOQ+WaFMsHFi2Lx484NP6MkShRTvhDMDDByAP0neZGLMCB3Ckiavzl10Irp9ozjb2CIWJCdKoz1oeJ7knDAn1omCM3Dg12pKOjuy5Xh+WdZeatZyiM1HgJCBWxEhlFpLWPaSVgYsrp57ewBH0gfjBI8LTEx3hukabMM3QD7Xk1pdKlSAKaTcs4ZSqDPHN0CReDha/EKKG/Za3qy8IHAIokggkVp8cDbw+fI+Z3moV1YWHzU+nM6GaFUzboXZH7omYhhvlAQnRp+MHEZHk7wzhNUxKigOEiG2UBL9YpLOgSkZYz/DIw6qBp7CziVVwYu22ppYtpiMP00RwnBZEoB6llIvN6uKD5gq/4kE56XJU/nEet206E7ckvfMg96XScNIZrJNdQiyDZl3zIUEBBhMIuNL61wtr5+d8+JteAN5IFbEIaHGw7BY+yE9fHvi8yiSRXW/DYQYdHNtK9xyMEGs/TD8xubWVjjF9iYKAwy0uDEBOof7cNFVWBZJRcFoeuqg1CK8RoMxdVJo7KWERwC3e5z13t+SX62andWGtFfqS2zTHvyYGtvyjVBG89wROKfllS3Pl820LVHu4qiDudC2o3BlGYLhVbknU=,iv:bJfo1JZ8muYmxoZfCx3x40DOrnstSChjUnzF+ZJjc2s=,tag:OMtxG6KxSVQ2bbskeLIu1g==,type:str]",
|
||||
"key": "ENC[AES256_GCM,data:Lg+YGdXdJxV/3ixMi46BL+m7WkU2yJZg0ygrGEQHsqdfQ0Lqawid/TCchdf3ep00tnF+NNcfhDy8qMZ/Qy4EBIMOHyEBmaAP7XhfumMncLGdxWXpAdtclvjjfrIwLZTH9F2wV79uo3Ir3FxLe/OS32pH3vTeERod/l1uOEfwksXXCOcZg1bTF9nxoxtwGrc2QnH3xYRgc2RNp344p+v2HApfy6ctkG/bWQjhJmi8a1aBGzwOVEeWptU+A/sP7C8kntZvjlMHnr+4Lkg7HxKGya7AnpqcgWGyPWhK/Sa5aKBBn9yZzIGxI7181UhyHYHMs+CJFxoH71RR+C45tXP2vey+hwVZUAZQb3Y8ZO+tZ1q9kWyzW+k0VIsRxyjctsPl,iv:IXlcy7FmBJHf6fP0B/HhkcGZxKUu3VivhFm8u3jYxkc=,tag:CChxY4hOHY/Yua3p1veoCw==,type:str]"
|
||||
},
|
||||
"radicale": {
|
||||
"admin-password": "ENC[AES256_GCM,data:7ih6SO+ZSMGo59i+VL00lOvXpbRBmd1fpbErwRft,iv:/qElkFDygxJvcQKLIoQph3WyeWdtSx9DquuDs/x8HPU=,tag:zIWEaS93VNY4ulOXh45hHQ==,type:str]"
|
||||
},
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdEtRd2R6YzVUS0xtOUFM\nSmg2L0x0WnhrazN6dlNGK295OWFvNlV4ekY0CnpCQmtRSjErZlk3UUFuR2R3Yy9P\nREtRcEg2Y09WSFJkbWNwcVRJNnpRWVUKLS0tIHdpOWZBVlhrR203Q05tVXR4eTdV\nRzVHRncrdWV2eGtBUnl0SjhDTm1mWWsKH8YnoFLn8GZehS60rpWZ0dTtOKxpMOPM\ny0266elas/kr+w0DRlBH1HdtXv+kwo22KK3t/Q966Fkc5rxCYa++CQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcGVRNzRrM2RTeFJScDBR\nZUFSOUd2dXhZaGh3TDdVYVdWZVBYYjNDUm5nCnl3RHJBM0F0RUlIWjJ3ZEVRVEVI\neXZMSVkvbU1Qamc0VGZIeW1lekVTeFEKLS0tIHVpTGtoSytuZFlIdzBtNEI0a1lh\naURRQUR4cVBhNmRFOTQ2MFdBN3p3OEkKJjy8KnruglNwYOuOcWIspJZq3+0VqHGx\nV6cldtjSabCks3xtTUYjvb8/mMwHT1ANW/bRkJ/BrBClZGGEM3hZgQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-09-17T20:40:25Z",
|
||||
"mac": "ENC[AES256_GCM,data:QOG+QD86rh+GB+9fFD8JENzHocBMAG4fVPcY/KRK7kVpOPVAsNOy+AOiOMfGPoZw4yB5SjK65sd2py+KwIdGsveGxKlksMsgh55zLCswlM4hJ+IAFiC6DlSC1AIZY58fRyraOMjvDEnYj3Erv9DscdUna9hUpbMmNn9MSR2Gk/U=,iv:I6UV6V9N5i+y3xa7UWa8eoqoWEhGEejjhqe7hW5ayrI=,tag:ey9A5vrA/u3aJ4CH/S8fgw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
"seb-password": "ENC[AES256_GCM,data:5RF/qbpMl1zq0SAdDNyI4EaSkN7dwSyG2K8wsAs77tZEOQxNzNasLiuGeQwJdzNXVaVeIx53nWSGPtdYSBQjkGPN3Q+0YX/S+Q==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:tqmBxOc62IhJGxXvjzugYw==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:p/CZOdluFGXpY+Pqfd1XBQnjOo4bMYx4NNiEIVuLZXkEIJLQmXyQCpQ6jCszzcr6O6YIootcjyASyx3sFw==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:Nh+fP6VqpxfZpx8LliY6tw==,type:str]",
|
||||
"service-auth-key": "ENC[AES256_GCM,data:KLaSMrOXEeHI0RmKK83eTPjCsr07SMOJnk1ywmtg/VIire/629UYSIzOIu/AAeHxWUiUsku4ADzyAFnr6ak=,iv:1e7sWm+CEXOBt7p74b9O5Hhs5+NYv6v6QfdqiKHNn18=,tag:dql6J+VDZ3mAds1ogilceg==,type:str]"
|
||||
},
|
||||
"restic": {
|
||||
"password": "ENC[AES256_GCM,data:bHQGGxWLEeXtq/6Kcl8HzrEb8Z46WJwNQgNOJjZz,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:0og/qnjxvGsilAV2LWKSHw==,type:str]"
|
||||
},
|
||||
"backblaze": {
|
||||
"key-id": "ENC[AES256_GCM,data:tA0VKR3AhXqtHImTfiXDeIINCwkBxVNS/w==,iv:TEtsDdGmB5MVuIOPVr6UxOaLAfbGKOeZxXwaW86X+t8=,tag:JPKf8qUzfXDXTqNUl95+2Q==,type:str]",
|
||||
"application-key": "ENC[AES256_GCM,data:o1CFIZiPiuY1cdAFVQpmYRzog7/Lzu9sGbZqczd4vw==,iv:UTn1iz3fTCVleFSe1yP6fOJB4DKKQJEG7naZclJ+i2M=,tag:CIgb4GeFD/seHS0o7nxsgg==,type:str]"
|
||||
},
|
||||
"healthchecks": {
|
||||
"ping-key": "ENC[AES256_GCM,data:fUcldy97AWJOGIemkKwRzRNw5IUPzw==,iv:caY1tuMTxNyl8USsgKiSuAOIczvn/Xdx6Taj7BQRCyE=,tag:28ssHfDMjVnTG+GfBVjT2g==,type:str]"
|
||||
},
|
||||
"syncthing": {
|
||||
"cert": "ENC[AES256_GCM,data:8G697avMrmghzc8m1h7K0bbo4cK4tlToyaweU85N+GQgyjbHj34USvdMTBzdQs0yz/lgzhzxHURnwM/bWINCXUxhxI0aoH3ULU4KH0PvCV9I9Xbsvj4PNO+fBsMqExL11m0fyCngk7GwBavNpQw+X62a+SwGfyuPdLdjRUqSAdXgTpk9bZ3PIUjb+XLMpiQ2hElFKtzp85WTY1GcSyjG98ineSB/p31SX2svtvojy9dNwpVeYirXeh2ZJLj/EyS+hOfrYicQ6X8KnrGdH1FKXaci3xAhDg45PJLiuh0Dxi+sX1bZ62S3cHWDhq5S/GucwNrd1dZN5T8m9HPVmIaJcGk5mEst4oKiCugYEeio39JWShTDNgIBXlFm+Srt+2aKEqOrnukl1hnvnVPcTPfhYVaUiQdlQadWB3qLtZpTuSjvKvclrhpSzzFz/l1gjo3kWLBOQ+WaFMsHFi2Lx484NP6MkShRTvhDMDDByAP0neZGLMCB3Ckiavzl10Irp9ozjb2CIWJCdKoz1oeJ7knDAn1omCM3Dg12pKOjuy5Xh+WdZeatZyiM1HgJCBWxEhlFpLWPaSVgYsrp57ewBH0gfjBI8LTEx3hukabMM3QD7Xk1pdKlSAKaTcs4ZSqDPHN0CReDha/EKKG/Za3qy8IHAIokggkVp8cDbw+fI+Z3moV1YWHzU+nM6GaFUzboXZH7omYhhvlAQnRp+MHEZHk7wzhNUxKigOEiG2UBL9YpLOgSkZYz/DIw6qBp7CziVVwYu22ppYtpiMP00RwnBZEoB6llIvN6uKD5gq/4kE56XJU/nEet206E7ckvfMg96XScNIZrJNdQiyDZl3zIUEBBhMIuNL61wtr5+d8+JteAN5IFbEIaHGw7BY+yE9fHvi8yiSRXW/DYQYdHNtK9xyMEGs/TD8xubWVjjF9iYKAwy0uDEBOof7cNFVWBZJRcFoeuqg1CK8RoMxdVJo7KWERwC3e5z13t+SX62andWGtFfqS2zTHvyYGtvyjVBG89wROKfllS3Pl820LVHu4qiDudC2o3BlGYLhVbknU=,iv:bJfo1JZ8muYmxoZfCx3x40DOrnstSChjUnzF+ZJjc2s=,tag:OMtxG6KxSVQ2bbskeLIu1g==,type:str]",
|
||||
"key": "ENC[AES256_GCM,data:Lg+YGdXdJxV/3ixMi46BL+m7WkU2yJZg0ygrGEQHsqdfQ0Lqawid/TCchdf3ep00tnF+NNcfhDy8qMZ/Qy4EBIMOHyEBmaAP7XhfumMncLGdxWXpAdtclvjjfrIwLZTH9F2wV79uo3Ir3FxLe/OS32pH3vTeERod/l1uOEfwksXXCOcZg1bTF9nxoxtwGrc2QnH3xYRgc2RNp344p+v2HApfy6ctkG/bWQjhJmi8a1aBGzwOVEeWptU+A/sP7C8kntZvjlMHnr+4Lkg7HxKGya7AnpqcgWGyPWhK/Sa5aKBBn9yZzIGxI7181UhyHYHMs+CJFxoH71RR+C45tXP2vey+hwVZUAZQb3Y8ZO+tZ1q9kWyzW+k0VIsRxyjctsPl,iv:IXlcy7FmBJHf6fP0B/HhkcGZxKUu3VivhFm8u3jYxkc=,tag:CChxY4hOHY/Yua3p1veoCw==,type:str]"
|
||||
},
|
||||
"radicale": {
|
||||
"seb-password": "ENC[AES256_GCM,data:0r9+B52+U2cI7WaHvQJAv03UPS149AcBaUq65943npP0+97sFEm/58egtqHjW5WRaBkUnP6dnFSSQwQn,iv:x95hIJKqvqZPryccTsl5b7uL4xyK192Hwla1HUWDCB4=,tag:7desX0XrW5xuwgTvvrsYSA==,type:str]"
|
||||
},
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdEtRd2R6YzVUS0xtOUFM\nSmg2L0x0WnhrazN6dlNGK295OWFvNlV4ekY0CnpCQmtRSjErZlk3UUFuR2R3Yy9P\nREtRcEg2Y09WSFJkbWNwcVRJNnpRWVUKLS0tIHdpOWZBVlhrR203Q05tVXR4eTdV\nRzVHRncrdWV2eGtBUnl0SjhDTm1mWWsKH8YnoFLn8GZehS60rpWZ0dTtOKxpMOPM\ny0266elas/kr+w0DRlBH1HdtXv+kwo22KK3t/Q966Fkc5rxCYa++CQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qz04yg4h4g22wxqca2pd5k0z574223f6m5c9jy5ny37nlgcd6u4styf06t",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcGVRNzRrM2RTeFJScDBR\nZUFSOUd2dXhZaGh3TDdVYVdWZVBYYjNDUm5nCnl3RHJBM0F0RUlIWjJ3ZEVRVEVI\neXZMSVkvbU1Qamc0VGZIeW1lekVTeFEKLS0tIHVpTGtoSytuZFlIdzBtNEI0a1lh\naURRQUR4cVBhNmRFOTQ2MFdBN3p3OEkKJjy8KnruglNwYOuOcWIspJZq3+0VqHGx\nV6cldtjSabCks3xtTUYjvb8/mMwHT1ANW/bRkJ/BrBClZGGEM3hZgQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-09-18T13:35:54Z",
|
||||
"mac": "ENC[AES256_GCM,data:bzM1Z/7KtQTPKrDDuHkFWEZnA4mPwDo+eDwcKpboyKJbZsyIi0Qnk+Wm4bTl6KTIg1gZtbGnO050D4cnUL/kxzlbaXCN1GB7wEBe7RSNS3vuel8TEsd/XbfEIzoxo7slNsUMnrg+4eKQwxOPGBsI93ulZHSHpArr/3MBkj7aNck=,iv:NT0WMuL8fqJjzRZNmhxqm1Ymw1n7a3a+umxiuIJPmgE=,tag:aJoFjoYrj2m+7v2i4WcO6g==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ in
|
|||
};
|
||||
|
||||
sops = {
|
||||
secrets."radicale/admin-password" = { };
|
||||
secrets."radicale/seb-password" = { };
|
||||
templates."radicale/htpasswd" = {
|
||||
owner = config.users.users.radicale.name;
|
||||
content = "seb:${config.sops.placeholder."radicale/admin-password"}";
|
||||
content = "seb:${config.sops.placeholder."radicale/seb-password"}";
|
||||
restartUnits = [ "radicale.service" ];
|
||||
};
|
||||
};
|
||||
|
|
@ -44,7 +44,7 @@ in
|
|||
auth = {
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = config.sops.templates."radicale/htpasswd".path;
|
||||
htpasswd_encryption = "plain";
|
||||
htpasswd_encryption = "bcrypt";
|
||||
};
|
||||
storage.filesystem_folder = "/var/lib/radicale/collections";
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue