tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

anki ssl & password

Browse source
This commit is contained in:
Tristan 2024-02-22 17:47:44 +00:00
parent c32ab6ba1f
commit fe3d338d1e
3 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/default.nix
View file

@ -79,6 +79,7 @@ in {
wget wget
unzip unzip
fzf fzf
sops
]; ];
programs.tmux.enable = true; programs.tmux.enable = true;

23
nixos/services/anki.nix
View file

@ -1,12 +1,31 @@
{...}: { {config, ...}:
let
anki = config.services.anki-sync-server;
secrets = config.sops.secrets;
domain = "tristans.cloud";
in {
sops.secrets."anki/password" = {
owner = "anki";
};
services.anki-sync-server = { services.anki-sync-server = {
enable = true; enable = true;
address = "0.0.0.0"; address = "0.0.0.0";
users = [ users = [
{ {
username = "tristan"; username = "tristan";
password = "password"; passwordFile = secrets."anki/password".path;
} }
]; ];
}; };
services.nginx.virtualHosts."anki.${domain}" = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString anki.port}";
};
# TODO: this really ought to be part of the nixpkgs anki-sync-server module
users.users.anki = { group = "anki"; isSystemUser = true; };
users.groups.anki = {};
systemd.services.anki-sync-server.serviceConfig.User = "anki";
} }

6
secrets/secrets.yaml
View file

@ -3,6 +3,8 @@ nextcloud:
oidc_client_secret: ENC[AES256_GCM,data:nIVLfC+22fEurR6FXdUwz4+rPuXzlM5HG4lnRI/m1lOaiw+C9DA3WV15DP5IXMn6BeBmDMnXbfdGt0hoV32y8bkfcals0C4wUitI63sYRJ6+f+N85IeAolfvYi+6gCwKZZhwRZdZJOQVOoFH8bvC0zLz6dzjL1/C5POX4C57URs=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:gEvApHIStThboRsP0YEoFw==,type:str] oidc_client_secret: ENC[AES256_GCM,data:nIVLfC+22fEurR6FXdUwz4+rPuXzlM5HG4lnRI/m1lOaiw+C9DA3WV15DP5IXMn6BeBmDMnXbfdGt0hoV32y8bkfcals0C4wUitI63sYRJ6+f+N85IeAolfvYi+6gCwKZZhwRZdZJOQVOoFH8bvC0zLz6dzjL1/C5POX4C57URs=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:gEvApHIStThboRsP0YEoFw==,type:str]
grafana: grafana:
oidc_client_secret: ENC[AES256_GCM,data:XU81XrM/aTZ/RDc3UPunOFQdfjJldKw3usMA5NfQkgxJYSq5NSu1ZQXsMuly4xbcYULiuUtkTAnb7Xzge+yIDoLfrZHab4mQgtLeK6hzZgLHYeSSEtQCXEYsL0p6ulA2OLrW6KoKl/o1EjiA+8htimgc7yNatdo6pBwwUXZFxpQ=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:1u0Wd9HRzbJRQtNbwDHOIQ==,type:str] oidc_client_secret: ENC[AES256_GCM,data:XU81XrM/aTZ/RDc3UPunOFQdfjJldKw3usMA5NfQkgxJYSq5NSu1ZQXsMuly4xbcYULiuUtkTAnb7Xzge+yIDoLfrZHab4mQgtLeK6hzZgLHYeSSEtQCXEYsL0p6ulA2OLrW6KoKl/o1EjiA+8htimgc7yNatdo6pBwwUXZFxpQ=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:1u0Wd9HRzbJRQtNbwDHOIQ==,type:str]
anki:
password: ENC[AES256_GCM,data:dZsz/Z0rdP8vVFEGlck=,iv:rLjrfKXnz7hiYSOOY+uTGQCmvMLZbo3Xle+069hAB+A=,tag:sNuvL9tGBXs9OPoFVfjdSw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -18,8 +20,8 @@ sops:
NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG
A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g== A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T13:04:06Z" lastmodified: "2024-02-22T17:24:48Z"
mac: ENC[AES256_GCM,data:iwwc4Yl6W8ALOTrgB+zSl46OxoZ6+fWkPLPQH7+Pmhr+AGA99nBj22a7u97i2DX7dZTzHYfPkmuHNYGAsYh//DBCWZFB/2uT9LasSlyu8Oa3fzseC/IthMNXdxIw6Iw29MvzlMIrLExsC6gk3AAaSgJLJxbUafQ1rBXZIpWnCd4=,iv:qq07Po3S+tQ32xqlUahxWv/WPdJSFOdVntifaG12L3E=,tag:2XByLW2YIe5ufaoT1Vtlrg==,type:str] mac: ENC[AES256_GCM,data:keBxJZqVLaIlSVRKKeOZALAbOPSVhPgenalfAVEC65WV0+8oDSGcsG/8Z66VDTUgbz48m7yNwLE9JAdFr/u2CZfww6IFR0Kz+sr7fNnRvb4HDcEt/47o5/e3UDQ39kfM11FKDzN6fVf6QKweGOUyylbVjpN+ZJ8xuuqucbd/IZA=,iv:EVZnJPEFOCQ7iHn4lY6gkQiHN6lR3WDVzh0pbBXQvqo=,tag:hwVDuxk8/gvPmDpMnZjAeg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1