diff --git a/hosts/spacestation/secrets.nix b/hosts/spacestation/secrets.nix index 06a3cf0..1c96dec 100644 --- a/hosts/spacestation/secrets.nix +++ b/hosts/spacestation/secrets.nix @@ -34,6 +34,8 @@ in { owner = config.users.users."guz".name; }; + sops.secrets."muse/secrets" = {}; + sops.secrets."forgejo/user1/name" = mkIf config.services.forgejo.enable { owner = config.services.forgejo.user; }; diff --git a/hosts/spacestation/services.nix b/hosts/spacestation/services.nix index 15faa92..36e62b8 100644 --- a/hosts/spacestation/services.nix +++ b/hosts/spacestation/services.nix @@ -105,28 +105,40 @@ in { docker.enable = true; oci-containers = { backend = "docker"; - containers.homarr = { - image = "ghcr.io/ajnart/homarr:latest"; - autoStart = true; - ports = ["${toString secrets.services.homarr.port}:7575"]; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/homarr/configs:/app/data/configs" - "/var/lib/homarr/data:/data" - "/var/lib/homarr/icons:/app/public/icons" - ]; - environment = { - NODE_TLS_REJECT_UNAUTHORIZED = "0"; + containers = { + homarr = { + image = "ghcr.io/ajnart/homarr:latest"; + autoStart = true; + ports = ["${toString secrets.services.homarr.port}:7575"]; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + "/var/lib/homarr/configs:/app/data/configs" + "/var/lib/homarr/data:/data" + "/var/lib/homarr/icons:/app/public/icons" + ]; + environment = { + NODE_TLS_REJECT_UNAUTHORIZED = "0"; + }; + }; + dashdot = { + image = "mauricenino/dashdot"; + autoStart = true; + ports = ["${toString secrets.services.dashdot.port}:3001"]; + extraOptions = ["--privileged"]; + volumes = [ + "/:/mnt/host:ro" + ]; + }; + muse-discord-bot = { + image = "codetheweb/muse:latest"; + autoStart = true; + volumes = [ + "/var/lib/muse/data:/data" + ]; + environmentFiles = [ + (/. + config.sops.secrets."muse/secrets".path) + ]; }; - }; - containers.dashdot = { - image = "mauricenino/dashdot"; - autoStart = true; - ports = ["${toString secrets.services.dashdot.port}:3001"]; - extraOptions = ["--privileged"]; - volumes = [ - "/:/mnt/host:ro" - ]; }; }; }; diff --git a/secrets/spacestation-secrets.yaml b/secrets/spacestation-secrets.yaml index a0db620..e24c150 100644 --- a/secrets/spacestation-secrets.yaml +++ b/secrets/spacestation-secrets.yaml @@ -14,6 +14,8 @@ nextcloud: name: ENC[AES256_GCM,data:VJ2K,iv:RbCyfKweGteghP1X2II3WXQ6xjAqBz1PvFA+w6r6WA8=,tag:dRDTMXdvTFzS7xl9L1xbVA==,type:str] password: ENC[AES256_GCM,data:u2F2aBuVt7CByfZcUA==,iv:YvRX13U/f6UTs4bvnwEMiNJydzaCM0etkRo/Uh7hf/Y=,tag:aqG10k2p0i8LAqWRQ92xjQ==,type:str] email: ENC[AES256_GCM,data:J/xFtIs3+sUeHll0VPkpRX1dEwpX9RxH,iv:SikaNGysgIVXJgp4zKLkPrhuNN9lZa0nXmB5bTUdbOQ=,tag:CIiVsYRkig4H6j94293qbw==,type:str] +muse: + secrets: ENC[AES256_GCM,data:Kz9nq9uxrwjlbg38F8M0a7s0wuSpnZ42iGT6NOQa9LyEVr07PRHeqxAtAloPEX7gmAlTKyHY9hmkA/yUxrkioiaEd6PW5rF5Fq7wKSEYhyh9kUnwAf6NdQhFBj2UMnfWHpz50WQ27msJ2UzgJKzXQ24GYAXGlQwgyHkixpYPQ63t873YUNPaa53mx7STh7vRk//o940aP+Uar4OnMEdTGrmPqWLluR5/eVyNnDANhGWcCg626uZS26nZFO+gyrWJk2e1RsSVmzfjcIyaVkdTaEj1RQRUGxn/AS3FvqfGJ7tF9tWSaZ1PY2U2IdQv9usfa9m4Y6bRcoGN,iv:L4Y2F88NCSiB/KNL9HQ/49QRQwj2HfKuBEs8jsqpfR8=,tag://7BxypNznXIpWP2Mfvseg==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +31,8 @@ sops: amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO 4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-10T22:08:45Z" - mac: ENC[AES256_GCM,data:/qNQmTB1qVDzsXqfkrT60/evSLYSp3N2u5dozwTdDcYWckj09UwhxS03HJQvRspmmV+d1g7t1A8VYNEouFqL44IYw0xnbaVnPvSFCR+6Sp2hiFGR90brqRLb6TUmEfvIvIpvsjfHPvvq4pyP1+ap8mubhGsk01vMsAoHNOsEnIQ=,iv:8kmSjECxv8MGwIPAPw2lK+b521vGs3rYrdqhaj3PUpo=,tag:EmQcKMs3K1rqCXiOTNf5TA==,type:str] + lastmodified: "2024-05-11T14:18:33Z" + mac: ENC[AES256_GCM,data:VbvpmpSadpIQVwGWOa2A9VLn1+k8V8t95lgDhuv49NFkX7LnJQ4YPoSXINfDw52oaBL0nb4BtICpifCLY7kVtSTVDRHmXhmpXLz/8axNUQZtcHviUU+QlTYuyghxr0y+1ZMlVH4gOqCkoSYwfjN3/c8KR5ukf47lIxwoogXyLKo=,iv:4OYVcV2PUx7N+QHyA7wp0307+VM1yZcBH7PNDONn+qU=,tag:8El/gNZGnNEVD8k5aMRc/w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1