m3tam3re
/
nix-configurations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added secrets via agenix for baserow container

This commit is contained in:
m3tam3re 2023-01-19 10:56:59 +01:00
parent a453346e4d
commit 223e533acf
4 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@ -24,7 +24,7 @@ nixosConfigurations = {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
./hosts/lkk-nix-1 ./hosts/lkk-nix-1
agenix.nixosModules.age agenix.nixosModule
]; ];
}; };
}; homeConfigurations = { }; homeConfigurations = {

10
hosts/lkk-nix-1/default.nix
View File

@ -14,7 +14,7 @@
services.openssh.passwordAuthentication = false; services.openssh.passwordAuthentication = false;
networking = { networking = {
hostName = "lkk-nix-1"; hostName = "lkk-nix-1";
firewall.enable = true; firewall.enable = false;
firewall.allowedTCPPortRanges = [{ firewall.allowedTCPPortRanges = [{
from = 3000; from = 3000;
to = 3100; to = 3100;
@ -26,6 +26,14 @@
} ]; } ];
}; };
age = {
secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
};
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
};
nix = { nix = {
gc = { gc = {
automatic = true; automatic = true;

8
hosts/lkk-nix-1/services/containers/baserow.nix
View File

@ -1,9 +1,13 @@
{ { config, outputs, ...}: {
virtualisation.oci-containers.containers."baserow" = { virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.13.3"; image = "docker.io/baserow/baserow:1.13.3";
environment = { environment = {
BASEROW_PUBLIC_URL = "https://db.lanakk.com"; BASEROW_PUBLIC_URL = "https://db.lanakk.com";
EMAIL_SMTP = "in-v3.mailjet.com";
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
EMAIL_SMTP_PORT = "587";
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
}; };
ports = [ "3001:80" ]; ports = [ "3001:80" ];
volumes = [ "baserow_data:/baserow/data" ]; volumes = [ "baserow_data:/baserow/data" ];

6
secrets.nix
View File

@ -1,6 +1,6 @@
let let
m3tam3re = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; root = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
in { in {
"mj-smtp-user.age".publicKeys = [ m3tam3re ]; "mj-smtp-user.age".publicKeys = [ root ];
"mj-smtp-pass.age".publicKeys = [ m3tam3re ]; "mj-smtp-pass.age".publicKeys = [ root ];
} }