Add SECRET_KEY_BASE for phoenix project.
parent
0e55eb7d9a
commit
498aa3b51e
|
@ -2,7 +2,7 @@ keys:
|
||||||
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
||||||
- &server_phobos age1lmx6334s0y2ecfpve00vcjemyechycda2g8c5nnpzs5py2qay9pqx8m3vs
|
- &server_phobos age1lmx6334s0y2ecfpve00vcjemyechycda2g8c5nnpzs5py2qay9pqx8m3vs
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: phobos/[^/]+\.(yaml|json|env|ini)$
|
- path_regex: phobos/[^/]+\.(yaml|json|env|ini|enc)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *admin_jrpotter
|
- *admin_jrpotter
|
||||||
|
|
|
@ -152,11 +152,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701615100,
|
"lastModified": 1701805708,
|
||||||
"narHash": "sha256-7VI84NGBvlCTduw2aHLVB62NvCiZUlALLqBe5v684Aw=",
|
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e9f06adb793d1cca5384907b3b8a4071d5d7cb19",
|
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -208,7 +208,7 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1,
|
"lastModified": 1,
|
||||||
"narHash": "sha256-/ZJi6zwrTNAJihWJDtLqmvnJEoZFXI2BqVesNqLP1xM=",
|
"narHash": "sha256-Gze86YwZxMbiW01weBEoPXyNEdAuj+hBTtT/shr/wSo=",
|
||||||
"path": "./phobos",
|
"path": "./phobos",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
|
|
|
@ -87,11 +87,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701615100,
|
"lastModified": 1701805708,
|
||||||
"narHash": "sha256-7VI84NGBvlCTduw2aHLVB62NvCiZUlALLqBe5v684Aw=",
|
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e9f06adb793d1cca5384907b3b8a4071d5d7cb19",
|
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -3,9 +3,7 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
boardwise = {
|
boardwise.url = "github:boardwise-gg/website/v0.1.0";
|
||||||
url = "github:boardwise-gg/website/v0.1.0";
|
|
||||||
};
|
|
||||||
sops-nix = {
|
sops-nix = {
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -34,23 +32,43 @@
|
||||||
package = pkgs.postgresql_15;
|
package = pkgs.postgresql_15;
|
||||||
ensureDatabases = [ "boardwise" ];
|
ensureDatabases = [ "boardwise" ];
|
||||||
authentication = lib.mkOverride 10 ''
|
authentication = lib.mkOverride 10 ''
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
local all all trust
|
local all all trust
|
||||||
|
host all all 127.0.0.1/32 trust
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
environment = {
|
systemd = {
|
||||||
systemPackages = [
|
services.boardwise = {
|
||||||
boardwise.packages.${system}.app
|
enable = true;
|
||||||
];
|
description = "BoardWise Server";
|
||||||
variables = {
|
after = [ "postgresql.service" ];
|
||||||
DATABASE_URL="ecto://postgres:postgres@localhost/boardwise";
|
requires = [ "postgresql.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Environment = [
|
||||||
|
"PORT=80"
|
||||||
|
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
|
||||||
|
];
|
||||||
|
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
|
||||||
|
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
|
||||||
|
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
|
||||||
|
Restart = "on-failure";
|
||||||
|
};
|
||||||
|
unitConfig = {
|
||||||
|
ConditionPathExists = "/run/secrets/SECRET_KEY_BASE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
paths.SECRET_KEY_BASE = {
|
||||||
|
enable = true;
|
||||||
|
pathConfig = {
|
||||||
|
PathExists = "/run/secrets/SECRET_KEY_BASE";
|
||||||
|
Unit = "boardwise.service";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
sops.secrets.example-key = {};
|
sops.secrets.SECRET_KEY_BASE = {};
|
||||||
sops.secrets."myservice/my_subdir/my_secret" = {};
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,10 +1,4 @@
|
||||||
#ENC[AES256_GCM,data:pkTmy1WX4sI6CHkuiMO/873FBuGKjtDyDuqGIY69b7LYXAyOeKU=,iv:CjqG2mlzIieeTJqrwAGklZQ1l7upH4dXTT0aoqKWQFY=,tag:25gMrm0gi21DhgnIdrki4A==,type:comment]
|
SECRET_KEY_BASE: ENC[AES256_GCM,data:1p8IKwVEPRCtrhIitv3WztJmCo9LsbWgYuroQ2DzdHJWEtN1Ye/0sIhmrjEBugiRT5zVUEKip16VQRvq9i6DkVFi3cF2qlvslc1dycGtbtQ=,iv:Q2Tm87vSH8JLQbHcKU649X3KcLJtEOPcneHEYBjmSPY=,tag:RYOXrShhwBvdrguq/lbSKQ==,type:str]
|
||||||
example-key: ENC[AES256_GCM,data:1ywkHMSLq1aAiZl9JA==,iv:1ip/LHeptLnpYq3O29xjNeDIUZr77xiAdGFmPPKIy3c=,tag:Q5BeX1XS6ySIqKcLv86yrg==,type:str]
|
|
||||||
#ENC[AES256_GCM,data:t4SrnsLqfNlxLqoEwuDtameoUYBZ4TpUDYQ2nQ133vEig6MuNgsKVQPs+3J3K3jXSqJHu8TvV9k=,iv:IDhuYa6LnPLREq3TFUBdkkdbFoxWxRuDw4rNYX+Q294=,tag:H+1n+P4NN4/4MHyXjDsOEg==,type:comment]
|
|
||||||
#ENC[AES256_GCM,data:DHudM+N5MDuM/tRKFcUNHn1pkSdSzJRgg4ROkAxOlWQy03x6up3MtTCbuZ1gW2aLAA8sHxB3ki1WOLQ6jeU67Hk6DMsP+sOS,iv:p9ry0MmeUXXdtmZYKlqs4dJ9uopHD4Z9YVf25PVKjIc=,tag:3WmKGQyrIpL2Aw+b2ANIxA==,type:comment]
|
|
||||||
myservice:
|
|
||||||
my_subdir:
|
|
||||||
my_secret: ENC[AES256_GCM,data:uZOzai2mhtkM,iv:Uo+RuNxwaaMPr56pcNfN7stZXterbvfbhbwr3gyH+PI=,tag:kzQav/0gDRELwdmOMJjn7g==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,23 +8,23 @@ sops:
|
||||||
- recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
- recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyN0d4VDcvZ085Sm9SL2ZE
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbXdCWVllY0xzaVJ4K3VL
|
||||||
MW5rUlpNQWdLV3UrVHlkMDFQazRuaGZLUlVVClo4a0ZreVU3MGV4MUovZXZVWm10
|
anJsd0FFN1J1amlKTVpzaHE1dlVKL05ObDJBCnVKa1ZFZmNyTS9mRlJyM0NiaGFO
|
||||||
dTZ3OEc4ZlJqQ21TYmJEc2FJNDAyazAKLS0tIEZxVzk4ZEo3MjFHMVZDV0JTWmRo
|
TDh2ak1wZmNqSXYwOEF4M1ZlY1BlcjAKLS0tIDZWbXVpSzkyS2lBK1hZVUI0Zklk
|
||||||
YzRDWjZ2ZFlQdEw5N2N5SG9oVDdPMFkKHPz6J4TL6lPSH1a806iVBrgJUnV297uh
|
RDMveTJ0UkdmRE1HV3BaQlpvWTlXOUkKwrhRj5eqNafOUqYrwT20hMm+ocJxSv+X
|
||||||
1sacjMW5ncEktozngq7gqQnrKEfapYqq3rAVpxGLY3C6mxwPDTgT5g==
|
eV4+7r6m4Y142XsQENvfk4ow0fLO8h1Fuvh09GHLoBAZGAfbNCop9Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lmx6334s0y2ecfpve00vcjemyechycda2g8c5nnpzs5py2qay9pqx8m3vs
|
- recipient: age1lmx6334s0y2ecfpve00vcjemyechycda2g8c5nnpzs5py2qay9pqx8m3vs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmtQcWF5Rm50MWxQYjRB
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb3oyOW9mUmp5YWg1Ulln
|
||||||
bHBYK25BMThvN3Ivd1JxSTJKOThxS0N6TEZFCnVvS2RKZEQ3WEpCN1V6ekd3Sjhv
|
bXgxRlhxQi9lZGFhK3NpblRVS0lRTDNtK2pzCnVFdzBHSGUyNGlDV2VaLzhEeS8x
|
||||||
N0UwbUJTck9PSXhDcGI3aDNUYmNPVVEKLS0tIDBuc2xmdEpYZVZpbGczQ2RlRS9U
|
a0txMU0zNHMyRnlrTlMvT09vVG5GTWsKLS0tIGNyRWVsRTFOYkhxY0J2Qks4ZFYv
|
||||||
YXV1UEl0Q3RTZSt0ak1sU3BkcFIwdWcKwfNMcaDdud0Ve+ibJq5bRc63hiDgaTp9
|
VmhpRjhXZEQ0WlZaOVhXZWx6SXpPczAKNJh8yms/llCJanKKcTBHmnUgUdwzRFfJ
|
||||||
5GKaIaU4TOkB2K3/N8DIU3KW0scl+5foWTaQbrVSMy9x31H0jTdlgQ==
|
/jB3RhjIAehrt3zFl7b6hW8sWJipjkhwXkl9KmXGkmgVvrEdfmM5kg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-12-08T18:51:48Z"
|
lastmodified: "2023-12-09T00:29:20Z"
|
||||||
mac: ENC[AES256_GCM,data:/pnQDn4ADDkyYNRYAMzOnxc6HkyJ94izk8Em+v6oY3oKEw8m0I51ClS1glaXTL+FFocYnKAu/TuuX49QI8mnY3qhHrg1s2ruGtjRhDJGEvsCCgK6BcuclktTS7r046rRa7S0kahotI9C9ZHKilRoc5tTGNVKnGg+Xq+zG2ch6Cc=,iv:muBqr7RR0taT9VYwZoBMJn76kc5Zk0h6d8vcZJOxwT8=,tag:wF/6Q6fkDzyJ+XtEB9Vzog==,type:str]
|
mac: ENC[AES256_GCM,data:jVA9UKjBfLJzlOnU0Wvzq8MTsIXURpB3d5ER9OuFz9t/aBuMzPsFcOE5zzgYYisc1s4UnHowuGz72ZAAbIZTP6GaaJ2Mta3rbqUvJrYZMmD+1AujedGzKHbwD6Pc8V70v17PoMCiX3psJy8B+COksIX4nhJEnh4rpgv4HHRehGk=,iv:LA4Zgpbyd8AaKhsN7ei72sSWJr5Qpt8AbON7F99Qyv4=,tag:1DCjPbQldhGIwSGNpKvgNQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in New Issue