diff --git a/hosts/stratus/containers/nspawn/forgejo/default.nix b/hosts/stratus/containers/nspawn/forgejo/default.nix index d07fa3d..a80dad0 100644 --- a/hosts/stratus/containers/nspawn/forgejo/default.nix +++ b/hosts/stratus/containers/nspawn/forgejo/default.nix @@ -18,9 +18,9 @@ in { imports = [ ./backup.nix ]; - sops.secrets."forgejo-admin-password" = { - owner = config.users.users.forgejo.name; - inherit (config.users.users.forgejo) group; + sops.secrets."admin-password" = { + owner = userName; + group = groupName; }; systemd.tmpfiles.rules = [ @@ -47,7 +47,9 @@ in systemd.services.forgejo.preStart = '' create="${lib.getExe config.services.forgejo.package} admin user create" - $create --admin --email "sebastian.stork@pm.me" --username seb --password "$(cat ${config.sops.secrets.forgejo-admin-password.path})" || true + $create --admin --email "sebastian.stork@pm.me" --username seb --password "$(cat ${ + config.sops.secrets."admin-password".path + })" || true ''; myConfig.tailscale = { diff --git a/hosts/stratus/containers/nspawn/forgejo/secrets.yaml b/hosts/stratus/containers/nspawn/forgejo/secrets.yaml index a5d8f95..2e900e1 100644 --- a/hosts/stratus/containers/nspawn/forgejo/secrets.yaml +++ b/hosts/stratus/containers/nspawn/forgejo/secrets.yaml @@ -1,5 +1,5 @@ tailscale-auth-key: ENC[AES256_GCM,data:9jqpLTuBWvonEsTuzxxtgOnw4bvjQG49wu6VrxwdnrwI7VmLcTcVzotyU+Vqsmys5dTMR5JtMLkN+OOw6zg=,iv:HM819F8A2W+5oBi+QLaRW//4kPKzmqG4EQicWm9aGKc=,tag:XzFSLI4WNGmgPBiffv4rXQ==,type:str] -forgejo-admin-password: ENC[AES256_GCM,data:l/6pYXwUEsu6dvEXQAhN46dXk08XCk33G1GeoLrm,iv:Z635DD5ca4wZ9vO2VAlo1rzockKL/XC0/GrQPV/59XA=,tag:XZVQS5tOPdBfYAIURfZ5vQ==,type:str] +admin-password: ENC[AES256_GCM,data:f7rbPet7zkNQWZZ1r1zf4Yi+rBLbAypv/mxhK6d0,iv:MrMWa9tm32PIrM/k9/Qd+VsxGXjKQuqVEvZcn4bfy48=,tag:yjrgnPUWE33GMlzKVsbL+g==,type:str] restic: environment: ENC[AES256_GCM,data:il37oo0OywyZR+YpculEzkdzDwE0eZ+X21oX2yZ7hDa/91a+bn3Y/HJVpnh0qaxraupoL9OQJeGevI6xW6MSmpjiutofUSPzqg0dbXuw4/lE54y1CZUn1rRNoTeUja8zcyA=,iv:irIAnO7tizrgkdvZLFJGbL5HYgLee1DHDrqsiCJFxSE=,tag:a7hLwMLtmtCZDm7vrdgZJg==,type:str] password: ENC[AES256_GCM,data:tmzBte5NDAzTfqakXlNn8cctwfWq6xzOzoRJ7cAi,iv:R4wGPjQPV42p+i7lp6Q2LDThv8OKKCO462eOVMnlyO8=,tag:owA+MdJ0pEf+0cuAzHdUwA==,type:str] @@ -28,8 +28,8 @@ sops: YzNSUG5HWStBemtRZ0s4NzNOOTZRWDAKJHKjfzIPOQUoizt5SffPP/n4d+hOfGLg bXsKSa99E5JMxskzYZQGH0G4OLZrJEMzegRW0DsJtEFwj8YORmn6iw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-14T10:12:04Z" - mac: ENC[AES256_GCM,data:6RKzMLVWCI9szPEXyJany873xSwIaWTR8Oi+L2+qIQC5JRpnvKYk8tnECcXJUO/dQehLtixNiofAuiNCbN/SD3tE7sppBfp/wgdfn6uZpl5rE6X3Gbdgj2+9/ANMjD2S+Vd02MSq4WVvGmtFWmYWFWhqeBS6X5slRs5ug6wRktg=,iv:ati1h8fB/iadMiEfNMb3vpiv/DKg5BUdMN3cHLi6Kj4=,tag:n02eCi3sdt8yMOeXB+5kCw==,type:str] + lastmodified: "2024-09-18T17:47:10Z" + mac: ENC[AES256_GCM,data:SgCb2jDxUztO5PuhoHmcz9wn35f0vpGs/Qx7LJpTbfjtVNJ3UMAq1MCyZmOg2NS3kvqpiE7a32HC0Y+froLU3LgoEXwtRYdg1jrzgur5sjFgEWXKhhR3Ly2JVKJdb+L6iJH0AnoTBR0ufGdPQZ8Y4OYbrFUZ0WtI07fF4umfE2A=,iv:sU6c55msG5epdZzCdp/MFCFg6NJrtFmrBAzd4VUXysE=,tag:9H2KFubRTRnSs+G6eocbqQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/hosts/stratus/containers/nspawn/nextcloud/default.nix b/hosts/stratus/containers/nspawn/nextcloud/default.nix index 83407c5..2a22e66 100644 --- a/hosts/stratus/containers/nspawn/nextcloud/default.nix +++ b/hosts/stratus/containers/nspawn/nextcloud/default.nix @@ -22,9 +22,9 @@ in ./backup.nix ]; - sops.secrets."nextcloud/admin-password" = { - owner = config.users.users.nextcloud.name; - inherit (config.users.users.nextcloud) group; + sops.secrets."admin-password" = { + owner = userName; + group = groupName; }; systemd.tmpfiles.rules = [ @@ -44,7 +44,7 @@ in config = { dbtype = "pgsql"; adminuser = "admin"; - adminpassFile = config.sops.secrets."nextcloud/admin-password".path; + adminpassFile = config.sops.secrets."admin-password".path; }; https = true; diff --git a/hosts/stratus/containers/nspawn/nextcloud/email-server.nix b/hosts/stratus/containers/nspawn/nextcloud/email-server.nix index f650a83..604a7ef 100644 --- a/hosts/stratus/containers/nspawn/nextcloud/email-server.nix +++ b/hosts/stratus/containers/nspawn/nextcloud/email-server.nix @@ -1,6 +1,6 @@ { config, ... }: { - sops.secrets."nextcloud/gmail-password" = { }; + sops.secrets."gmail-password" = { }; services.nextcloud.settings = { mail_smtpmode = "sendmail"; @@ -16,7 +16,7 @@ port = "587"; user = "nextcloud.stork"; from = "nextcloud.stork@gmail.com"; - passwordeval = "cat ${config.sops.secrets."nextcloud/gmail-password".path}"; + passwordeval = "cat ${config.sops.secrets."gmail-password".path}"; }; }; } diff --git a/hosts/stratus/containers/nspawn/nextcloud/secrets.yaml b/hosts/stratus/containers/nspawn/nextcloud/secrets.yaml index cd0581c..29973c8 100644 --- a/hosts/stratus/containers/nspawn/nextcloud/secrets.yaml +++ b/hosts/stratus/containers/nspawn/nextcloud/secrets.yaml @@ -1,7 +1,6 @@ tailscale-auth-key: ENC[AES256_GCM,data:HLRjtK6MXLSlzEsu76mUye9V9gAD4Grxbd0UU1RySEGekG4StMeO3yo+wHYHNU2UcRdZEW4OKaZyLbRCHpg=,iv:Kbey9sU5tCqH9pnas30bns1HyTGYlAL0pR3WcVeVvrY=,tag:NiFLtMWJ1FCN+EYR/ZHrrg==,type:str] -nextcloud: - admin-password: ENC[AES256_GCM,data:RaFNoEJj2flmwIu2Q/5UgRbITve7CzFg8udQclJO,iv:d95Vo9HMRzmoSU3gcQqO5uP7yW6n7PF6Nx3s6A9bgmc=,tag:ruIW8Ov+wQPOPBWV61MnWw==,type:str] - gmail-password: ENC[AES256_GCM,data:RJXg4KYYwjg2CyzQM9wovDSqB8M=,iv:Tf8egrzoG3rRbzufJGHCTr6W+nCEnJJaSe6hpvr1AmM=,tag:GjlgIEqQDUtjn3mm1QT1uw==,type:str] +admin-password: ENC[AES256_GCM,data:E1BSDKAeInmXTW1zuTL4LJZTtsP0Dd/Bfz20VQLV,iv:ilZgom7Ka+Wsv8Nwemb2C6j+kHovqHe7Xa5S5rzo5Zk=,tag:BYb9K8wWG9zWPuQScVJKjg==,type:str] +gmail-password: ENC[AES256_GCM,data:E3kxSudXdE4uH9qB1wVJWm+tGsc=,iv:h49oGGfNJpU6RKPPP0RKDZ3NILb9FsuWTuS82yxxe/k=,tag:mY1OREVPyWHpL1YpaNE9/w==,type:str] restic: environment: ENC[AES256_GCM,data:bYC7JBKvOMUdqB3X/Z9Nh4g8mhSJpqo63vU3zIrdSO+zlRF+PT+n4yofZe8D47Wz46YGAfwnKXGvAy2WQwHsDcMfdWW85e/1ttV5eESWMotSBM7WzpyFRjNDg+vCy4nWkWI=,iv:RVBMlsOwJCehMuJ2Hzls+gnzUIJM8MjdLu5uMJczugw=,tag:hds43pJX/hpBLwXTujiJ8w==,type:str] password: ENC[AES256_GCM,data:yMs1EG39X1+RYcgeM3SFi38ypOU=,iv:vsEl9jLR3DcqRxJmH5cpIe1+I2W49Hj12oOfwrymznI=,tag:uevinZPEfj0J4KFkTLsV5g==,type:str] @@ -30,8 +29,8 @@ sops: aWFqYXYrMmJBbEQwQWxza1lrdmU4bmMKm0QbJP1QiNVOA7slpocaPxkq9orE8jrP xxrDtRUZhvEOEZuCD61wWTfgdeI7SFWaSJkN6MgPlvRyuYQ+3TZh3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-14T10:12:52Z" - mac: ENC[AES256_GCM,data:d+G+0m8WX9Fk3XmB+Hd4oSKgKYp6fGv9UIHhVIjy+XH0XNNZXFDCB2komQ/9K9EAuVDTfRspS2WJMT97o4CXEDiltz+iCfSGVL4TDpPjzOwEyyHJs9aD0cYoxLgL36H9OEDsf1tTAqy4tvRGJVWTNtXEh/og7pssH8hGXa2dqV4=,iv:aioBwBRPXVp/dLK536REJSi9tYFMTMqkKRHPfwmElXs=,tag:JZuaN4jAoybTLpZ9yX+khg==,type:str] + lastmodified: "2024-09-18T18:38:36Z" + mac: ENC[AES256_GCM,data:YJDQWeSHOuYZ5WieOJ18t0G6Lh3YFPR4RKPN+vA4gmFJp43frnwwXa70IbTcRd1hYQJfiKA5JjZ5rWKZnZOFEKoYUNDhDl39zFxLRv4h9ie6lspXI9ZnpeWfKX0KO6lE30lPVZLSwkdDg7PAntz0+Cp/eK0O2r8zrJ99VWxkJFw=,iv:QGZlAqs7UAJg5TL+qatMUzpau5iu54n86Dr0hgIMUlM=,tag:GL+NphBCkOQITXKJBY2i8g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/hosts/stratus/containers/nspawn/paperless/default.nix b/hosts/stratus/containers/nspawn/paperless/default.nix index e6dfaea..297ecfb 100644 --- a/hosts/stratus/containers/nspawn/paperless/default.nix +++ b/hosts/stratus/containers/nspawn/paperless/default.nix @@ -13,12 +13,12 @@ in { imports = [ ./backup.nix ]; - sops.secrets."paperless-admin-password" = { }; + sops.secrets."admin-password" = { }; services.paperless = { enable = true; inherit dataDir; - passwordFile = config.sops.secrets."paperless-admin-password".path; + passwordFile = config.sops.secrets."admin-password".path; settings.PAPERLESS_OCR_LANGUAGE = "deu+eng"; }; diff --git a/hosts/stratus/containers/nspawn/paperless/secrets.yaml b/hosts/stratus/containers/nspawn/paperless/secrets.yaml index 8091d2b..6ae40f0 100644 --- a/hosts/stratus/containers/nspawn/paperless/secrets.yaml +++ b/hosts/stratus/containers/nspawn/paperless/secrets.yaml @@ -1,5 +1,5 @@ tailscale-auth-key: ENC[AES256_GCM,data:qXVu6U3gcDUq0+eWAtgFn8CZja9Dc4r3z7qZoaAqDm7r8uqpZsZ7JaX3AIBeipvRrBG11IDabP5DM38D8PQ=,iv:FKf7duFw+cV1wH2fd2oDNkbuokuQxgOW0gHgR+oSc7U=,tag:1aOb8XOL61cn/ESW3I/ocQ==,type:str] -paperless-admin-password: ENC[AES256_GCM,data:7xjn0fXEFZCYDvzjP7P5R5reZR8=,iv:jMIJNbqEo7IcHDYwvTmQnArYdt2PR9tp8coOXCZHkQw=,tag:kCejUFStTuosRblkbQMdew==,type:str] +admin-password: ENC[AES256_GCM,data:cHi+UfaxyLGBxJKjV3M/4js/Nmc=,iv:zmTrC9Icy8D1Wlw0sL7lO1ft8BlXk3AsnNmUyAqANTI=,tag:pMXE0844vwbdPN0wWw6BnQ==,type:str] restic: environment: ENC[AES256_GCM,data:JRwMFhbVLg4hkmJsNw+yNdCBX3Cud5ADbGL+nkRFUjpMkF1c3JubWnNI4lG/ehfJ0GJmHveOyMD304XEykPWuK89KVNNmqTuaa2hGUIykQPyqAqvkChOsOZAfGA/gHrC8tY=,iv:xsXanfAtI8ppOxwtsu89+3KWwNXtXPyT1k+Toe6f6Vw=,tag:hUO7jaTgzX+z4eiLK9CQ7g==,type:str] password: ENC[AES256_GCM,data:txtSW2r1HTFeZXEmkkMBYhPkdms=,iv:kTI52zpI7vUU6IxO/qwzoAtdNZnHrhU69WovA1dBYi0=,tag:6XF1BUOA2Brao/qR3DNe0g==,type:str] @@ -28,8 +28,8 @@ sops: cmFJeFpHdnRzMFA2a1NML1A1RFB6clEK+FH8x1dccz8TnUuEFc0EkTSzG6Ody0IF tCNrHN2h3AzqYxKFYucquMmnE9WGJuzShijIXAv1W7JE2JZw9XnS4w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-14T10:14:08Z" - mac: ENC[AES256_GCM,data:f4Qi8ES+cZG9dBwVnOErmZ5FQZOpQ5aoU60CEvD/TlLpdnQ/V/ZbiAq0xCP8VT1Jxas6szZaFaArxWrRWeFQsdhYUn+4CyNhABCe6MXllMHIN9gfmKAvE9LCz2UzgbCZkjprPFsGIKusSzDZhSaNe5azI9TQaHdqG2T0eLKrkpc=,iv:L5tBbbOC3/3YQJqFSZk/SpaYll89bWXb1pdE2eAF2G0=,tag:8FbE7yrdlo/d1NXnwAuArQ==,type:str] + lastmodified: "2024-09-18T18:26:53Z" + mac: ENC[AES256_GCM,data:/WomZ6f0OUXtLTXRsTkugr9GQBE3Cb6b9t40BZRT0d4zq9CmYDqw9S4UZJRyB1TZFermsqZ4yjPiw4hQL/1g87ds9l9N+GOnxl/nhRZ166fl61hpe6SUEhuiFMDG3RBx0LbyYgZF8yi6gRAZOyIWPnCa6L0g1WIvcu5txbzXZ9U=,iv:gT2ik8izbHMFys0XCWotHWb+U+C243PG70Q7R6Sc9lo=,tag:3NHjEbt89aTKlK2/3oeQAg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0