services: forgejo: pin secret key
All checks were successful
flake / build (push) Successful in 3m18s
All checks were successful
flake / build (push) Successful in 3m18s
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
30d55d5792
commit
35dcf3d3ba
|
@ -1,4 +1,5 @@
|
|||
forgejo:
|
||||
secret-key: ENC[AES256_GCM,data:rGASpDPdyTWUt73MRcpzdVLCcRIyp0+8wOcWBJ0gMy8nlKK9bVhJ3IHh4FZ/1Ol4QNkF9DdWmUOGihqi8l6rEQ==,iv:/KIcl7MzwO4XC3xLttcF99d6lSN75xNVMftnL5UDZw8=,tag:KnsayAuke3IvtDq4yxqILg==,type:str]
|
||||
mail:
|
||||
host: ENC[AES256_GCM,data:pezxEQq+Etvf2WPI6YAv+aNS,iv:8wWcA58Wvdf2cNxccaiZyu0NAKa34sJuYKssUPWeZLA=,tag:MJr16+zDev6GCpe574FgHw==,type:str]
|
||||
password: ENC[AES256_GCM,data:tJhV6Wx2/+A4UZHXZzFwXYnwjZNufNPAmXFqk6ojL+XXaOdcD0SOaOjyh94X0nnOJfPHR6goG58vljuQPmOkzQ==,iv:32rm482fe7NhwZiDE3myG9NDIZfJbmjBfHGxy/A1dnA=,tag:Ajufsg/8K7aiOpZGeTLP4A==,type:str]
|
||||
|
@ -44,8 +45,8 @@ sops:
|
|||
YVMzY2xiY1FBcHZicjBrKzlUZ2FyOEUKlMvpN5grIvL9/Lwf57V96jeZjOf9SJeA
|
||||
hxHUQDqiS5R5nUP5FRWEss8rUKCzuzVP3WqEIiYePZY7tZHvcemvWg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-24T11:23:27Z"
|
||||
mac: ENC[AES256_GCM,data:6WMNrzb6fcCnphhQwLV4lXNqtJp6T57jFqK6pbDYrAc5kVz7UjODNc2r0qmsEsQ4FHzjF1bLJkPqGHKdJdefWj7MHYu3ygxYiBPIoy3SwS1A8uqbywIxLFJzuoIaZ0t5Rtt4hni5eK4DKKzWyqgtgUD1WjPFiPH7unlAyowiQYM=,iv:m7pXlPv0tpoQY1OOy9jZuMXI/IpQHa1WCBWJtGO7zbU=,tag:AD3pBAa2LcI2HZkDFmCBjg==,type:str]
|
||||
lastmodified: "2024-08-24T11:24:50Z"
|
||||
mac: ENC[AES256_GCM,data:hLQFlPVWq4eMuHZPgYr3QaGe0lRk610yrXwLIN4l5iWT8vGTFlBNwHNDsZXKTs7v5f8CgCkY5ZsDM5fmflRiXI2eH/ZZF3sEnpLRX7Eh15xk714/fW/0Wr6HymhMNl/7Os6JtOekPb0SsyzpMqTVLh+sBnU3jPJ6aMQcFCTBDTE=,iv:R2gpV9gzhhiIUbR2C/yt19C8YJ1C8RUin9Gq7626Xmw=,tag:6P2WnUfJfLnp7/n+VeZerw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
|
@ -5,13 +5,19 @@ let
|
|||
fqdn = "git.${my.domain}";
|
||||
dataDir = "/mnt/data/forgejo";
|
||||
in {
|
||||
sops.secrets."forgejo/mail/host" = {
|
||||
sopsFile = ../secrets/sops/forgejo.yaml;
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
};
|
||||
sops.secrets."forgejo/mail/password" = {
|
||||
sopsFile = ../secrets/sops/forgejo.yaml;
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
sops.secrets = {
|
||||
"forgejo/mail/host" = {
|
||||
sopsFile = ../secrets/sops/forgejo.yaml;
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
};
|
||||
"forgejo/mail/password" = {
|
||||
sopsFile = ../secrets/sops/forgejo.yaml;
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
};
|
||||
"forgejo/secret-key" = {
|
||||
sopsFile = ../secrets/sops/forgejo.yaml;
|
||||
restartUnits = [ "forgejo.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.forgejo = {
|
||||
|
@ -106,6 +112,7 @@ in {
|
|||
SMTP_ADDR = secrets."forgejo/mail/host".path;
|
||||
PASSWD = secrets."forgejo/mail/password".path;
|
||||
};
|
||||
security.SECRET_KEY = lib.mkForce secrets."forgejo/secret-key".path;
|
||||
};
|
||||
dump = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue