dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

feat: move cloudflare tunnel token to sops secret

Browse Source
This commit is contained in:
Guz
2025-04-04 20:51:38 -03:00
parent 3d17feec71
commit d94ef00183
4 changed files with 13 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
capytal/network.nix
View File

@@ -30,7 +30,7 @@
};
};
virtualisation.oci-containers.containers.cloudflare-funnel = let
virtualisation.oci-containers.containers.cloudflare-tunnel = let
secrets = config.spacestation-secrets.lesser;
in {
image = "cloudflare/cloudflared:latest";
@@ -42,10 +42,11 @@
"tunnel"
"--no-autoupdate"
"run"
"--token"
secrets.capytal.cloudflare-funnel
# secrets.capytal.cloudflare-funnel
];
environmentFiles = [
config.sops.secrets."cloudflared/tunnel-env".path
];
environment = {};
};
networking.firewall.allowedTCPPorts = [

2
capytal/websites.nix
View File

@@ -21,7 +21,7 @@
services.keikos.web = {
enable = true;
port = 7030;
envFile = config.sops.secrets."keiko/envFile".path;
envFile = config.sops.secrets."keiko/env-file".path;
};
services.caddy.virtualHosts.":${toString (config.services.keikos.web.port + 1)}" = {
extraConfig = ''

8
secrets.nix
View File

@@ -34,7 +34,7 @@ in {
owner = config.users.users."guz".name;
};
sops.secrets."keiko/envFile" = {
sops.secrets."keiko/env-file" = {
owner = config.services.keikos.web.user;
};
@@ -51,11 +51,7 @@ in {
owner = config.services.forgejo.user;
};
sops.secrets."discord/muse-bot/environment" = {};
sops.secrets."caddy/capytal/env" = mkIf config.services.caddy.enable {
owner = config.services.caddy.user;
};
sops.secrets."cloudflared/tunnel-env" = {};
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
};

14
secrets/spacestation.yaml
View File

@@ -1,7 +1,9 @@
cloudflared:
tunnel-env: ENC[AES256_GCM,data:jYtDMez3w5BzSH3/xwqEsAtPo6EMxx6dBcd3bnfdCOm/eZzampXPyUfPsqkO4mtL2dGmjT7W+3prGxrEQtC/Eu9R7ojCflbJBFyH8+BDusomQdqjr5d0Utur/oK7ElKgpl0OF17n8sOngxEXZBtWHTbKoL+v50QzHEO07hPHjhrF5n/P+0I78rXPn9OEvJ1B5u0dg3XxXg3l4rtmkYdSwu+2+cUh6pe0AWNTigkkwy70hwKKaz+5Lb5mAp1mpl4r7xaCUqvP,iv:PVmrMzTq2upZXgu5fHPQMis0cXNipMbXahevF1/zJSU=,tag:F75o8plR7XMAv1ngL65ntQ==,type:str]
guz:
password: ENC[AES256_GCM,data:zlO5xSFho7TXjFv62lgFir9SAgn+UE6XjdNEvIAgmQG9oDkthfgxO84wYdI0mQDwRIIs2PmSdBRfo0DPc3hji+ySCrItolPL8g==,iv:MZfhTxwfcbmXh5C6DkQhnY9NQGdE8zEwwvFOHQiUgKY=,tag:JjJN2bYcSXNN3ueGj5RNLg==,type:str]
keiko:
envFile: ENC[AES256_GCM,data:CNDVam0LFlk/Fdtd/xB1m6krZbC1Tm3bYqn1Iyl59oDdigd8xNnougzzzFYVpn12mUg/obBcWcjkX0Ft1JYV2YDpHseVIm4z9jb0ISIeD7IsAZcWx0CImq4DjHqhmrBff5boruTHSC2uJFf9AIv4/SGnpd1QZLPWfZslxcA5Ky4h0aPsSsBKv+KTgQtANq3diRgGJw1IoMZurzzC,iv:mZN0RkkZoOQ46yZ95BBq8pTnQbxew9JjmLBMPb96dzY=,tag:HV1Bz/vZF0NUmnYdtnGQMQ==,type:str]
env-file: ENC[AES256_GCM,data:up0VMFlG92ZAmnDk1b3DNrGJ9zUoyu3pi5poP1cgaYMAaVotRtrQkDAWLPdMKrRaXZlMFhmR0Vmy4n5wauZwiUN6nhMQOEkLZ5QOa8wiyA93JTmu0982bvMeZ+dk1HTy7nU1UI1OaejjEoGFlFV5g06qGfXnC1CFHyqwM1WeTgI6Syv431q0wutz2J6lcDvyxOU8zem3zSOpf5fg,iv:hxixIs/OoUS8Cntr7yJXZxeo5PpyPGfQLfDROQ07mr4=,tag:YUgrrP/C0ZY/SIs/wszW/w==,type:str]
network:
ip: ENC[AES256_GCM,data:AkbNOQLXRKLYjU2ywg==,iv:xqdTPCUYiT/cPe2zAbBJ7fUiEMViW9LZND4j0DdydLY=,tag:tq6nA5fGH4/mAvF6InUFgQ==,type:str]
localIp: ENC[AES256_GCM,data:PK8THL9NW//2sal1,iv:9h3f255rIgedYToVaUGuQ9RzD33V8sczRWsZe+rTyC0=,tag:OoJbes6k0FqxXzGQ8ZG0aA==,type:str]
@@ -11,12 +13,6 @@ forgejo:
name: ENC[AES256_GCM,data:UL3g,iv:+ftGx57fhzN06DuLItxZTc7lXX2g4MhqrEqnDjk4Aug=,tag:ZNpwWuPYhBzDjRQBKikCDA==,type:str]
password: ENC[AES256_GCM,data:9nMuj2/VIB7Pbw==,iv:+96/NZ+gmRkpXr05nFuUfRl2rGqElUA/LuMBYBQHCHQ=,tag:hMEO40iGeyWsMd8VPOV4Yg==,type:str]
email: ENC[AES256_GCM,data:e6GOwBzRBxa00CHYHgV8,iv:oerF3kJWzjzOatND8Tngp3MADw2kaBKyigeFxtH/ypQ=,tag:1q093JG9hRDxs6OzOIU3vw==,type:str]
discord:
muse-bot:
environment: ENC[AES256_GCM,data:014h9/uoqKr6LDd4eDK/Ji91i8MR42q+p3sS4U2fx3VgjX34Xlx1KHxdXaX6BF4QBO9saQNfW2QjN/qE6qILDEGd9uZA4DiRnjoJCOYAETWyiMiK9Se6kE4QbN33IwpIphcxpRm+HP0x5R08WIbWJ+CHSoSpgEcez8iuwqTdK1sC7jrILmqQLMGPmF+yYZcxbaPfNRj0mu0jPpRt6fnhDuHvJ00wXHDC1n5bgsxi7oUdsGYJegLhFcRqAsdgq5qB/vO+d5GVJ9IkF0CsYiSUQVvUVdbOHvcA657jLjB8Fz+KIqW/AM2mMcgRdpRReOLYEsVAaS6gRdZr,iv:hdhTSfBZHgabivcAQTtL8Nfy+Pog+OD5SOJTtL8sJJA=,tag:JxUgFpiHG+55OWOb5TCnKw==,type:str]
caddy:
capytal:
env: ENC[AES256_GCM,data:7t9Vv+S9LFzNIR/STpXzVeH9MCnog9Yb27gvrV3HGCWwN0139qvX36ja95iwLPpRK9SLFYTA+ToiMLiU4HK+imBC/4ZXbxKIPFGCoEx44fwxFrri/2s74BHLzGvo8kJujZ2GX+3TGSYxzqMB7VSIeBgefl9qu3Byn/hMJ4bTsBLjIrSAtlnhGbbGsU5xbU+sjPeqFHLmQm0vPYovW437j3/Ok+NxvxquKr+iPiCOuysldzaccOmuflrG8NhKZSAcAzJCiMVMyj7ERtUL6M4s+vdImVW1cDqavvXmt97v+pZPzGjrEeIzn8k9YUppvWYgN0tlL76mm4C9CbS6dMpaOXW6+s1ylPzdykhZ9Gq+Ye33qSs4Sw7taCplZr9T6c/UmBZ5ouABLHxiOuWPjUjyABhLvkMd2SLCsANOJOzgHWNpFERX5PFqeUWlSSVWoprWclUgBQ==,iv:pgEzAQHH/Vm66W+/QYulQc37/m3XJwY7krEBwgK0cTY=,tag:8BHfKFElXTFLRK6SINuRxw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -32,8 +28,8 @@ sops:
amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-30T20:59:44Z"
mac: ENC[AES256_GCM,data:n+NFOq2K+8mhKlWw3jnTcY0L37YhxEKfbovHYOqhvMsss9DI5UxnCGOkkFpCcTzoYGur17SYa9m52twy2bLOhUXw3YwPK+NeA3fIzp6QYHsxjdR88KmIVsQT0JbPdztOK7WVplNXqIZP3jZ62R06Uug66ZQLtKwWoPeFS+lVxZA=,iv:njOfRED0pyKkqd4biwPVmhyprgBL05biDfE1GkJ6wyM=,tag:drHZYAmrzQl7p/kH3h1zNA==,type:str]
lastmodified: "2025-04-04T23:36:47Z"
mac: ENC[AES256_GCM,data:CkcI8nfzNw9aBPDxyWdVAVXTjy5vIrRwgVfTtRGwPL2BlX8K6kOehSfCOgSv0LMGgKfhUeB//0AxFnuwUFU2r91jLFeFefNkXUung2VwlxBCE9WG6O2h3IHjysdlVcOs9+ljvTvelADqYYGTgIUAjPnbzT2EyA9C+qGC9+IqbXo=,iv:dpcd0BJbpYS6MjjFv1XUKfvo4vUYZTuNqaHaMYft23U=,tag:9XHQX2mt6rN1JSiy+7IfKQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4