schrottkatze/katzen-cafe
1
0
Fork 0
mirror of https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git synced 2024-11-05 07:26:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

switch to pass for key management

Browse source
This commit is contained in:
Schrottkatze 2023-08-06 20:17:41 +02:00
parent 57a9d854ae
commit 70a7ee395d
10 changed files with 14 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -9,17 +9,15 @@ This is the repository for the NixOS configurations of the Katzen Café (Katzen
- [x] Keycloak - [x] Keycloak
- [x] Penpot - [x] Penpot
- [x] Forgejo - [x] Forgejo
- [ ] Vault
- [x] Jitsi - [x] Jitsi
- [x] Mumble - [x] Mumble
- [ ] Nextcloud - [x] Nextcloud
- [ ] Karton - [ ] Karton
- [ ] A plain ol' website - [ ] A plain ol' website
- [ ] Mail sender - [x] Mail sender
- [ ] Vaultwarden - [ ] Vaultwarden
- [x] Calckey - [x] Calckey
- [ ] Some matrix server - [x] <del>Some matrix server</del> conduit
- [x] minecraft
- [ ] Wiki for service and administration doc - [ ] Wiki for service and administration doc
- [ ] Some external monitoring - [ ] Some external monitoring

4
flake.nix
View file

@ -17,8 +17,7 @@
hostPkgs = import nixpkgs { system = "x86_64-linux"; }; hostPkgs = import nixpkgs { system = "x86_64-linux"; };
in { in {
devShell."x86_64-linux" = with hostPkgs; mkShell { devShell."x86_64-linux" = with hostPkgs; mkShell {
buildInputs = [ colmena vault ]; buildInputs = [ colmena pass ];
VAULT_ADDR = "https://hc-vault.katzen.cafe";
}; };
colmena = { colmena = {
meta = { meta = {
@ -57,7 +56,6 @@
./modules/mumble.nix ./modules/mumble.nix
./modules/modded-mc.nix ./modules/modded-mc.nix
#./modules/prosody.nix #./modules/prosody.nix
./modules/vault.nix
./modules/monitoring.nix ./modules/monitoring.nix
./modules/mailserver.nix ./modules/mailserver.nix
]; ];

4
modules/containers/katzencafe-wiki.nix
View file

@ -86,12 +86,12 @@
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work. # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
# i should figure out why to make this work when setting up new instances... # i should figure out why to make this work when setting up new instances...
"katzenwikiPwFile" = { "katzenwikiPwFile" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-passwordFile" ]; keyCommand = [ "pass" "wikis/katzenwiki/password" ];
destDir = "/katzenwiki"; destDir = "/katzenwiki";
name = "passwordFile"; name = "passwordFile";
}; };
"katzenwikiKeycloakClientSecret" = { "katzenwikiKeycloakClientSecret" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-keycloak-secret" ]; keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
destDir = "/katzenwiki"; destDir = "/katzenwiki";
name = "keycloakClientSecret"; name = "keycloakClientSecret";
permissions = "0604"; permissions = "0604";

2
modules/containers/nextcloud.nix
View file

@ -56,7 +56,7 @@
}; };
deployment.keys = { deployment.keys = {
"nextcloud-admin-pass" = { "nextcloud-admin-pass" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/nextcloud-admin-pass" ]; keyCommand = [ "pass" "nextcloud/admin-password" ];
destDir = "/nextcloud/secret"; destDir = "/nextcloud/secret";
permissions = "0604"; permissions = "0604";
}; };

2
modules/containers/penpot.nix
View file

@ -84,7 +84,7 @@
}; };
deployment.keys = { deployment.keys = {
"penpot-secrets" = { "penpot-secrets" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/penpot-secrets" ]; keyCommand = [ "pass" "penpot/envfile" ];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
}; };

4
modules/containers/phtanumb-wiki.nix
View file

@ -109,11 +109,11 @@
}; };
deployment.keys = { deployment.keys = {
"passwordFile" = { "passwordFile" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-passwordFile" ]; keyCommand = [ "pass" "wikis/phtanumb/password" ];
destDir = "/phtanum-b/wiki"; destDir = "/phtanum-b/wiki";
}; };
"keycloakClientSecret" = { "keycloakClientSecret" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-keycloak-secret" ]; keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
destDir = "/phtanum-b/wiki"; destDir = "/phtanum-b/wiki";
permissions = "0604"; permissions = "0604";
}; };

2
modules/forgejo.nix
View file

@ -42,7 +42,7 @@
}; };
deployment.keys = { deployment.keys = {
"noreply-mail-pw-plain" = { "noreply-mail-pw-plain" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-pw-plain" ]; keyCommand = [ "pass" "mailpws/plain/noreply" ];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
permissions = "0604"; permissions = "0604";
}; };

2
modules/keycloak.nix
View file

@ -29,7 +29,7 @@
}; };
}; };
deployment.keys."keycloakDbPw" = { deployment.keys."keycloakDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ]; keyCommand = [ "pass" "keycloak/db-pass" ];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
} }

4
modules/mailserver.nix
View file

@ -19,11 +19,11 @@
}; };
deployment.keys = { deployment.keys = {
"admin-mail-pw" = { "admin-mail-pw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/admin-mail-pw" ]; keyCommand = [ "pass" "mailpws/hashes/admin" ];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
"noreply-mail-pw" = { "noreply-mail-pw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-pw" ]; keyCommand = [ "pass" "mailpws/hashes/noreply" ];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
}; };

7
modules/proxy.nix
View file

@ -177,13 +177,6 @@
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
''; '';
}; };
"hc-vault.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8200";
};
};
}; };
}; };
} }