hosts/web-2: radicale use secrets

hosts/storage-2: use secrets for basic auth
hosts/monitoring-3: use xmpp password from secrets
2023-05-02 20:52:00 +02:00 · 2023-05-02 20:40:30 +02:00 · 2023-05-02 20:27:03 +02:00
6 changed files with 38 additions and 7 deletions
--- a/hosts/monitoring-3/alertmanager.nix
+++ b/hosts/monitoring-3/alertmanager.nix
@@ -1,9 +1,14 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
+  age.secrets.xmpp-password = {
+    owner = "solid-xmpp-alarm";
+    group = "solid-xmpp-alarm";
+  };
+
  services.solid-xmpp-alarm = {
    enable = true;
    jid = "feuer@fem-net.de";
-    passwordFile = "/var/src/secrets/xmpp-alert/password";
+    passwordFile = config.age.secrets.xmpp-password.path;
    receiver = "clerie@fem-net.de";
  };

--- a/hosts/monitoring-3/secrets/xmpp-password.age
+++ b/hosts/monitoring-3/secrets/xmpp-password.age
--- a/hosts/storage-2/mixcloud.nix
+++ b/hosts/storage-2/mixcloud.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 with lib;

@@ -52,7 +52,7 @@ in {
      forceSSL = true;
      locations."/" = {
        alias = "/data/mixcloud/";
-        basicAuthFile = "/var/src/secrets/nginx/mixcloud.htpasswd";
+        basicAuthFile = config.age.secrets.mixcloud-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
@@ -60,7 +60,7 @@ in {
      };
      locations."/media/" = {
        alias = "/data/media/";
-        basicAuthFile = "/var/src/secrets/nginx/mixcloud.htpasswd";
+        basicAuthFile = config.age.secrets.mixcloud-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
--- a/hosts/storage-2/secrets/mixcloud-htpasswd.age
+++ b/hosts/storage-2/secrets/mixcloud-htpasswd.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 HwR33w Q6P3HFyTE3FEsrjnBx3TWIdv16GYLdAmnTZE2W5uex4
+A30r0PifK1ioVSgCTQen0gOlwKtbsAiD5YJPkQ98dIA
+-> ssh-ed25519 pI7EWw pFiBE+L4RrpIdOZH7EFHtQ+pVXSDMCtGbewbGAKDlkk
+5jicuCBcbH2Ob1jtoZrrm+jNNgw94Co3/A2tRrrNgxY
+-> :7)u]4Em-grease Xe>q ~'eWf Vx;#t
+fJtUbOaM0w5wrhpUl3dvjZ9BXimgrjK5eYs3g358AIEs/+BbuuR4ogCZsLyv9bXd
+smyFqW2xoxiANWGWWGY
+--- ba8304R6wM3M05dDRmIwZkwgrLUzwlrSGU3cGTpi00w
+~H<10><>a<EFBFBD>Hg<1D><>cެ|<05>v<1B><>|Js-β}<7D><><06><><EFBFBD>VF<56><46><EFBFBD>L<01><><1E>tme%<25>rqxC<78><43><10><>;Ғ<><D292><EFBFBD>֋7<1B>
--- a/hosts/web-2/radicale.nix
+++ b/hosts/web-2/radicale.nix
@@ -1,6 +1,11 @@
-{ ... }:
+{ config, ... }:

 {
+  age.secrets.radicale-htpasswd = {
+    owner = "radicale";
+    group = "radicale";
+  };
+
  services.radicale = {
    enable = true;
    settings = {
@@ -9,7 +14,7 @@
      };
      auth = {
        type = "htpasswd";
-        htpasswd_filename = "/var/src/secrets/radicale/htpasswd";
+        htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
        htpasswd_encryption = "bcrypt";
      };
      storage = {
--- a/hosts/web-2/secrets/radicale-htpasswd.age
+++ b/hosts/web-2/secrets/radicale-htpasswd.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 HwR33w +w13fgMLBeHKig0VX67/mlhQb0EPSJAFTu//velYNRY
+irMedsePNfFFOYhKksrqLcLdNdYHMxFy4iTPneIOtWU
+-> ssh-ed25519 1nn+0Q KpFGP/y4zZ8E8Jut8Gpea1DLH6rXGKODLE3IPTbzOUo
+p28M4shr97sqqTBAxB1fQRNCj2E+xio3TboKZ/6smb8
+-> rXRB4)-grease
+t3CdM1EbN2yfSeKURCJRMTZ4w9FtXu6+Y8PWxo2RTV0fyv6XJdrq1jn1n4IflQLP
+CV3H9FlQp4Lg/bdqVZDqDoMJ6dprVWK4rACnF6/tRRkZR4Ndfk4JRRWtWBOfR/ax
+GWNb
+--- yNRoOEai4ypvo0uGZYI1q/qwzS4wIZFXQEGYcW+H/wc
+<EFBFBD><EFBFBD>	<09>Z<><5A><EFBFBD><08><>e0<65><30><EFBFBD>_<EFBFBD><5F>D@<40>Ε<EFBFBD>><3E>[<5B>KOQBuP<75>9TGg<47><67>(<28>9<EFBFBD>p<EFBFBD><70>Z@1<>&RZ<52>O<EFBFBD><4F>C<EFBFBD>p$kr<6B><72><EFBFBD><EFBFBD><EFBFBD><13><0F><>lg!\<5C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>=W׃<57>(<28>Vq
Author	SHA1	Message	Date
clerie	a2deec6dfb	hosts/web-2: radicale use secrets	2023-05-02 20:52:00 +02:00
clerie	bf0a8a31c3	hosts/storage-2: use secrets for basic auth	2023-05-02 20:40:30 +02:00
clerie	b60824e796	hosts/monitoring-3: use xmpp password from secrets	2023-05-02 20:27:03 +02:00