From 7cfbd927bd4dea52de4a345983ac2398787e692f Mon Sep 17 00:00:00 2001 From: Matt Nish-Lapidus Date: Sun, 13 Apr 2025 15:08:07 -0400 Subject: [PATCH] server --- homes/emenel/secrets.yaml | 24 ++++++++++++++---------- modules/system/forgejo.nix | 20 ++++++++++---------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/homes/emenel/secrets.yaml b/homes/emenel/secrets.yaml index 6ebb611..19ab246 100644 --- a/homes/emenel/secrets.yaml +++ b/homes/emenel/secrets.yaml @@ -7,22 +7,26 @@ taskchamp-id: ENC[AES256_GCM,data:Aou7f+fj8oeC+w3dmCfj1MP7RvSPzF5eRRz6cw99Nb1hJJ taskchamp-key: ENC[AES256_GCM,data:9MAT3Q3Olw8JDA==,iv:5JBugxClwi+loeP6/7taRHAOzdpXMDMn5elwqUSKJus=,tag:Kt2wjRW90h8q3Nia7mIT5g==,type:str] icloud: ENC[AES256_GCM,data:W1fk/XZYYM1fLZE=,iv:o7fPNUZJjYv+lLdizn01x7atYOQd/t9jk8ifXTJjuZY=,tag:7UWLpKUm/vV/rwg8c7M+rQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM0J2TnF5ZHNETnNrWTlj - SEViczZqOHRuNThhUHF0bllVZTNnZDdtWnhVCnZxTkVGczRRTzlDUDF2TmtjUVMw - QVV2cTYxS1d5QXU3aUNyajZWelUyQmcKLS0tIG1oYjU3M0pBL2lBUmN1cFoyTXdB - RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC - Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZERQcmQxM0NSdVpEdHhM + akZhT2xOem83RFlWc0lyblVOWG1IaXZFRGtBCjJ2NlpkNWwwbXFEUjM1M1hUdE9x + S2tCVFNQYVdyemE3SDNPY3dVYmZONUUKLS0tIFlZSGZGSm0yV0E1VElCQW4rNmdo + UXdWSzMrTjh6UHpwSVVJbzhtWGxkNkEK9sx6aJkTQtZNeZe74IQqZBvWdBP0tfy5 + nKRaNSSU9hjuzaDcPzCAMtRpMJJrtTD8K3cHXQJvGnlI5Qt+mEYqZA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg4u9d90r64a7gesg778cgx8pkcxkh4wjkddz299u6lelpc6yypsgza06c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTlBVMW83YStsUzMwYVB4 + ajBuTDZUbHh1eTJ0QzdGV3BERWZrNER1UnpVCmRndHdBVTExQ081UElmN1oxY3Rp + dFdPMElUZWc4Tmo1ZnNwWWF4dEthaXcKLS0tIGc5S2oyQmZNRlFWQUVEU0NXRzU5 + dWM4Ym9KQVlTME9MQitrNnNrUDBUeUEKCJe95n0berZpygwedi4TsNfxS7swVrOX + ACr2tDfFcjV4jhm1cltrm4o3lLV09gUFqUXUQo098d2pUZRlUX+pPQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-29T21:43:51Z" mac: ENC[AES256_GCM,data:tOr5xkd8sJ6+qPPTvRbrVvznCR4kbhoMnqnim8uGmAmbAtFCU3sDCsAQUl5KZVEHz8W3bzYrhW2Qrm0EpSt6Hc7TohnT/aUgEj2eZW6cSKHP7ob2YA2BdG5gE39PAazFQ/CI/xkS2j+ioXZsJeis3//rfvVZa4EbJmuK5AnI+Fc=,iv:Kh8+Y+aMeVl0uQ46LklYkbYQABdWYy2VzuIAl18+NjE=,tag:Nh1wb2WHPg3Z4etk936rFg==,type:str] - pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/modules/system/forgejo.nix b/modules/system/forgejo.nix index d01d8f8..1e9f53e 100644 --- a/modules/system/forgejo.nix +++ b/modules/system/forgejo.nix @@ -45,15 +45,15 @@ # }; }; -# sops.secrets.forgejo-admin-password.owner = "forgejo"; -# systemd.services.forgejo.preStart = let -# adminCmd = "${lib.getExe pkgs.forgejo} admin user"; -# pwd = config.sops.secrets.forgejo-admin-password; -# user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin" -# in '' -# ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true -# ## uncomment this line to change an admin user which was already created -# # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true -# ''; + sops.secrets.forgejoemenel.owner = "forgejo"; + systemd.services.forgejo.preStart = let + adminCmd = "${lib.getExe pkgs.forgejo} admin user"; + pwd = config.sops.secrets.forgejoemenel; + user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin" + in '' + ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true + ## uncomment this line to change an admin user which was already created + # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true +''; }