Move all services with some data store to the same machine.

2024-01-18 06:21:11 -07:00 · 2024-01-18 06:21:11 -07:00 · d4f506e08a
parent adb31da38f
commit d4f506e08a
4 changed files with 33 additions and 18 deletions
--- a/hive/thebe/default.nix
+++ b/hive/thebe/default.nix
@ -3,6 +3,8 @@
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    sops-nix.nixosModules.sops
    ../../digital-ocean/configuration.nix
+    ../../services/boardwise
+    ../../services/forgejo.nix
    ../../services/plausible
  ];

--- a/services/boardwise/default.nix
+++ b/services/boardwise/default.nix
@ -48,7 +48,8 @@ in
  ];

  sops = {
-    defaultSopsFile = ./secrets.yaml;
-    secrets.BOARDWISE_SECRET_KEY_BASE = {};
+    secrets.BOARDWISE_SECRET_KEY_BASE = {
+      sopsFile = ./secrets.yaml;
+    };
  };
 }
--- a/services/boardwise/secrets.yaml
+++ b/services/boardwise/secrets.yaml
@ -1,4 +1,4 @@
-BOARDWISE_SECRET_KEY_BASE: ENC[AES256_GCM,data:cXN04jWbIZOYxf5BJNtnebAFBDDn2b/Rj3d5LVZ028Q12y8KLmEuaj+s43Pcmgypvo7xQGhjT89p7TWkiciIzbNFTN0hrvQP3qpQCFWtrf0=,iv:obSPCWPoFLYvj9MulY4lBJnmaMlQsuM1NHsrCJnfywY=,tag:vrZgceJ9VRRgQjBF7FnXBA==,type:str]
+BOARDWISE_SECRET_KEY_BASE: ENC[AES256_GCM,data:2Fsko9ufmsk/WxOyoGOHaWRup2mSKOElzcfdG00PZfmb4aAoFUpNbeScVl/YxjFOO5rD1a2OfRZga/r9uVX6fd0vqGWggRA1OyGYSRwx74E=,iv:obSPCWPoFLYvj9MulY4lBJnmaMlQsuM1NHsrCJnfywY=,tag:5Rd7OBDO2ssvAPjAIOx7KA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -8,23 +8,32 @@ sops:
        - recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvalIvZDJGbTl6bW1yRWxN
-            MTUzOG5NTEV4YUZYYU1jajhrc25GaVJ2SzIwCm1NN0Z4TFFyRFpwUTgvRTBIVzFo
-            dUhLSytmc3h2WmI5d29ueFdJU1hxSlkKLS0tIEdxN3FHS0IxMGtHMTBqRVNkQkdt
-            aXdEZWttYm9nK0NGQ3FnNHozWkRYcE0KLYe1ObAipGDJlP51n6p9i5cUuyv2yGob
-            BkAb0MKZSe3itmr2YCvdq4ZhR6HEO56DDdOgWA7lN62Aml8L4y51IQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaXlaTkxmOVJqV1JKL0tx
+            anFiSzZ3by9YY0VYMnZLazcvWnBwV2JvWkg4Cm5XOTVBbFo4WVNuN0hMZ1BGTmlD
+            UnBIc09YeUZHN1YyR1lRWkFGNFlpR00KLS0tIFZWN0tHNGFUaGI0cCt3aU5YSW4w
+            NEpGV1cvRkxXaENnUXRFNTQwWWk0T1kKkgAKg3+PeGsw0znQy/e1Fu2yRhOm5FA5
+            dshbwxtW7g5dJbrP1JIKRSA+JAYvnOSuOlu4T5MuCUbJd/HXiAJKGQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age16twzd97nh7tstk5meh277w02le6dxqmv7wzrjlemn87n36dzlyfq7uusj2
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZDJHOFd6STlZM1ZSc1pX
-            bmh0eXNDQ1FvZlpLWkpQcGxrMXVuSXUxaUFrCkc5QjdEM2xlV1N0K0MxUi9MeVhU
-            dmp3U2lBQVcrTld2T2RHR2t2UjVJd3MKLS0tIHJhamRwQ3ZmZWFrSFA5dEpDVm1n
-            eVRiNzAyRk9mUXpPZmRCcU5BVitjQW8KPFKtQSwOKtp5pLI2mlAXtkc8nJYoXjo0
-            jdqxptc4a7uKywi8s1lffUSkV/ifMxVc9uH2M+0ry227aU+r2Lk0tA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBobEloNFpxTHpDQkovZDI5
+            aXFYVFgxdzVUNlJPMytHclBzWXBTdERZSWpBCjlVRldUaitTMHdwaUVhZEZWL3hP
+            L0s3ZG5yamhMRnlpUG4rUTU4Z1NWR1kKLS0tIDRQdUQ4V0dNbmlkZmpKcE5oWXQ5
+            akdvdDU4by9aTjIzOFRySTk1dFRGUGMKOxLXlJHptJ++8yVN7JmLyAUWgs4Ff/3t
+            QYy/XBotUqC84nSZnS11dZvoApyogcQ1azirXqahLgvz/OsvgWo0NA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-10T17:43:15Z"
-    mac: ENC[AES256_GCM,data:YzJ0VhC1TIcnRdBT05NjnAihcfDwuDBYqCabOG0Z5yPqBH5GgChQ9TKxWQ9kVV9PSRr9cvJdVr5LxasjcmxMpCYDFP1EytikX3N47GXK6Y2ydnZ+Z5YMJLYMFAuEiePZvI7ksrQVISKDoZzzMV37gRn70aovWQBG0O9mo/2INiM=,iv:hE7z2YB8exHVJDRybeHObefOfRGkAt9I9pdovIEYgH0=,tag:hzZ1CoG+PjBSyCkFH3VwQw==,type:str]
+        - recipient: age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybDFOSzR5ZWFjbitmRFNW
+            UmZoU1BKaGhKNWJWM2FJR1VTK2M4QkdIVEFFCmwvYmdpaENBaFJSY3oyaVVnSXd0
+            WWhQV3A4T2FLV0tlU2ZGZmdhc2daWnMKLS0tIFU0MEI1RDJySVpYNk5Gc2UwYWQ1
+            Nk4yYnl6Q2hBNFR1ZWY3bmlnL0VvODgKnHD8IEneA19BOzpKYyNprU+rMukGlahm
+            V2l7y4FJZwlhlAChDSzKZXCRVV816pdAm96URJ07WRzlOfLD5NErqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-18T13:20:52Z"
+    mac: ENC[AES256_GCM,data:UDjPQO+Uc6LpozNHBRd4uYU3Ohrz9ZWCzQkeyPGeSB0qaMASz3sHTmMbgkPGrGAgN9rlyVnohV8c5aimCcfSw8LcmPcSKwqhIiS7Wn6BIgZ8JgMV3/ymeMYdSE+9Mm5UoxT+cxeBrPlo2FaXIjk3s30D3xjVoNdjMOmCa1PDTUA=,iv:E3zD57d19lBaHVOt/ka+hLdor9ckcJ3vcJDEMmbF07s=,tag:rtjDJDA41Oo/4eicy2FruA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/services/plausible/default.nix
+++ b/services/plausible/default.nix
@ -27,8 +27,11 @@
  };

  sops = {
-    defaultSopsFile = ./secrets.yaml;
-    secrets.PLAUSIBLE_ADMIN_PWD = {};
-    secrets.PLAUSIBLE_SECRET_KEY_BASE = {};
+    secrets.PLAUSIBLE_ADMIN_PWD = {
+      sopsFile = ./secrets.yaml;
+    };
+    secrets.PLAUSIBLE_SECRET_KEY_BASE = {
+      sopsFile = ./secrets.yaml;
+    };
  };
 }