r
/
nixos-configuration
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prefix secrets with service name.

main
Joshua Potter 2024-01-10 10:44:20 -07:00
parent d2921e0985
commit 140bae68cc
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/boardwise/default.nix
View File

@ -36,7 +36,7 @@ in
Environment = [ Environment = [
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise" "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
]; ];
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE"; EnvironmentFile = "/run/secrets/BOARDWISE_SECRET_KEY_BASE";
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate"; ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start"; ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
Restart = "on-failure"; Restart = "on-failure";
@ -49,6 +49,6 @@ in
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets.SECRET_KEY_BASE = {}; secrets.BOARDWISE_SECRET_KEY_BASE = {};
}; };
} }

8
services/boardwise/secrets.yaml
View File

@ -1,4 +1,4 @@
SECRET_KEY_BASE: ENC[AES256_GCM,data:7momHRbT88d1hVkABk9altYurje6s/NQCuDRttBZm9JND1Gtdlf/xaPBHHBH/S0zYGZirzFsYHUYsCNeSNDao9Wa6zpb/ISt9gdMJ4kng3s=,iv:xcPtA1h1LapQpH2A2cyRIh22w5obrIibatE3b2EKpQ8=,tag:pxatJLQv2lBCFja6a/lSzQ==,type:str] BOARDWISE_SECRET_KEY_BASE: ENC[AES256_GCM,data:cXN04jWbIZOYxf5BJNtnebAFBDDn2b/Rj3d5LVZ028Q12y8KLmEuaj+s43Pcmgypvo7xQGhjT89p7TWkiciIzbNFTN0hrvQP3qpQCFWtrf0=,iv:obSPCWPoFLYvj9MulY4lBJnmaMlQsuM1NHsrCJnfywY=,tag:vrZgceJ9VRRgQjBF7FnXBA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +23,8 @@ sops:
eVRiNzAyRk9mUXpPZmRCcU5BVitjQW8KPFKtQSwOKtp5pLI2mlAXtkc8nJYoXjo0 eVRiNzAyRk9mUXpPZmRCcU5BVitjQW8KPFKtQSwOKtp5pLI2mlAXtkc8nJYoXjo0
jdqxptc4a7uKywi8s1lffUSkV/ifMxVc9uH2M+0ry227aU+r2Lk0tA== jdqxptc4a7uKywi8s1lffUSkV/ifMxVc9uH2M+0ry227aU+r2Lk0tA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-12T16:25:49Z" lastmodified: "2024-01-10T17:43:15Z"
mac: ENC[AES256_GCM,data:EBzV8XbfwfTOBBmq3Tn6DptH93klcqxoz24f12wh6OtSahpBA3IK9OEOg0W3TrxdJ67Ymp/vKeM5/reMbVlQmiabEsZ4gDYaqeulQJWhRroBD4kEoqvCUF0Od7JFDwSFN5LsoT3Me95rNJMN1e8ZIpzGLfjYSIlJ/xvJGv73vvo=,iv:uV9Rs6HguHedQt/SSjLbiwOLrV2omtY2IqDKldkL8mg=,tag:Qev2BlCVcpAcN5Xo/bcioQ==,type:str] mac: ENC[AES256_GCM,data:YzJ0VhC1TIcnRdBT05NjnAihcfDwuDBYqCabOG0Z5yPqBH5GgChQ9TKxWQ9kVV9PSRr9cvJdVr5LxasjcmxMpCYDFP1EytikX3N47GXK6Y2ydnZ+Z5YMJLYMFAuEiePZvI7ksrQVISKDoZzzMV37gRn70aovWQBG0O9mo/2INiM=,iv:hE7z2YB8exHVJDRybeHObefOfRGkAt9I9pdovIEYgH0=,tag:hzZ1CoG+PjBSyCkFH3VwQw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1