From e1f0250d5c333f583faaf41fb8bc25931c897e38 Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 24 Jul 2023 13:42:13 +0200 Subject: Refactor(system/secrets/secrets.nix): Remove redundant secretlist --- system/secrets/secrets.nix | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 2fd4132..11c0655 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -3,15 +3,13 @@ let sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst"; server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnqsfIZjelH7rcvFvnLR5zUZuC8thsBupBlvjcMRBUm"; -in { - "keycloak/passwd.tix".publicKeys = [ - soispha - sils - server1 - ]; - "matrix-synapse/passwd.tix".publicKeys = [ + + allSecrets = [ soispha sils server1 ]; +in { + "keycloak/passwd.tix".publicKeys = allSecrets; + "matrix-synapse/passwd.tix".publicKeys = allSecrets; } -- cgit 1.4.1 From 317575461a640ddc601751741bc6da92a3edb867 Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 7 Aug 2023 12:40:14 +0200 Subject: Feat(system): Add invidious --- system/secrets/default.nix | 12 ++++++++++++ system/secrets/invidious/passwd.tix | 16 ++++++++++++++++ system/secrets/invidious/settings.tix | 14 ++++++++++++++ system/secrets/secrets.nix | 2 ++ system/services/default.nix | 1 + system/services/invidious/default.nix | 12 ++++++++++++ 6 files changed, 57 insertions(+) create mode 100644 system/secrets/invidious/passwd.tix create mode 100644 system/secrets/invidious/settings.tix create mode 100644 system/services/invidious/default.nix (limited to 'system/secrets') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 5cd401c..515c3e7 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -13,6 +13,18 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; + invidious = { + file = ./invidious/passwd.tix; + mode = "700"; + owner = "invidious"; + group = "invidious"; + }; + invidiousSettings = { + file = ./invidious/settings.tix; + mode = "700"; + owner = "invidious"; + group = "invidious"; + }; }; }; } diff --git a/system/secrets/invidious/passwd.tix b/system/secrets/invidious/passwd.tix new file mode 100644 index 0000000..beaee32 --- /dev/null +++ b/system/secrets/invidious/passwd.tix @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeHpwZFZEWXc0cGxZZ2dV +WDkvUmVFWXE5azZ1VlREM090bWJ6elgxR3hFCmhnNkhWZWVqdmxEcUJVTnFZaGw1 +YnVOYmpYOGd5YU1EaDlmc0ZrNk0zT0EKLT4gWDI1NTE5IEwyL1ptVzJ2bUdvSW1n +TzNod1BKZHQ3YXhUMkl5ZzRiT2Y3aUt0NGw4RVUKWTF3ampTMG1DYTBYTFcwNEp6 +bkFWbGl6WEVCcVdhQnVWY0piQ1VHMzk0SQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +TnFGVkQxTndPZ1l4c2J5dzNmT1YrZ0dQYytIMmtxaTN2Y01uZFdXOThqWQo2TDkv +MUJzc3BON1JwbGN3OW44WWZ5WUxWdWU2UnpJczVYVHBsdUFmdllJCi0+IHg5YmFB +eS1ncmVhc2UgYl9hXWlgIC5fIGpLaU1wWiN4ICczCkVmOHRibWptbDBxOS9Ic1VC +L0tFQXo5Sk45TDFlQlB5bnFleUF0dFlMSmdvd2dmUlZ3Ci0tLSBIN0MvMEduQVlR +bDVTQUxvZjB2TTljdjZkbGphN1l1QnZESWNZUjZzd1dVCmCWuxwFj1FyTEFasr8X +apyuQkXs6Cvfx82qMvwE1G4SLOEulJjVp/VDcICQ8RE8BE0HJGRjG64FqdtbHY2K +tPMADqfz/jt7kbXKSwB6zOHE9VNcTrGl+mx2Ki8HUG8GElj+hE2m0cWdGijcsGVW +lo2HKPa7F/d9vBUC9sLYo8U5VrnIRhBN1s4ECfAa4vj2RSsCZePCHkJMH7qFPGuC +PZST +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/invidious/settings.tix b/system/secrets/invidious/settings.tix new file mode 100644 index 0000000..fe80a7d --- /dev/null +++ b/system/secrets/invidious/settings.tix @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNzBJNXhlcGVJWk1nZERp +QXJrSEtxY2tyY0FwZnN6ZFB6dGVxZVVsdWtjCjI5cE85ZHhoRVBqcjdZaG9BWFJK +b09GblVERUZsR2ZPaW9aU1NCc25GM00KLT4gWDI1NTE5IHZwL3YraVBBVXVFVmpR +TENiaFoxdTJhUCtWcEFkU0ptaERpbEl1aGw3M00KWUozUTZxYm4rclN6L1IrTi9k +eEF0dVlYVEVNTnZ4Y0tUU0hwV2U0bXVCSQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +QkpGQ1RkVWhNQTFyMS9qRGYrT2s2djJHMEI0eFI5R3ZMVlRsa1JoMXIwawpRVG5z +TnZWMWhQSGxlL0VnUng1N0QvbTFuNS9WZmhnK3ZnVTdoMmtsejVJCi0+IDJNPHpY +LWdyZWFzZSBdVyBYZ3s8IG8ve0ByIHlrIkZkMwo4bmJOZU5yd3loSDlURWorZ0VZ +bWF2dHdLNkQ1ZUx5STZSa3dibVRsTCtQekdKWCtYNWlOR3BVQm5MRmQ2Z085Cmkw +OGhJU2kzR21MNk1OdkpHY29Gc21rNEh6VEZKWGkyCi0tLSBSemVvc2hlSnEyYUVM +UXRPSWtrd1hEcWtVTm95dzVFU085Y09adlFwYnhFCrbJEjFMSSaKqhW2GwuRilaw +N3U8GF22F10XHXyg+8csPFOpowRdS7ZBS52leGe/ve7oiVO5SBd3v7yWXa6ZInxo +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 11c0655..194ed3c 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -12,4 +12,6 @@ let in { "keycloak/passwd.tix".publicKeys = allSecrets; "matrix-synapse/passwd.tix".publicKeys = allSecrets; + "invidious/passwd.tix".publicKeys = allSecrets; + "invidious/settings.tix".publicKeys = allSecrets; } diff --git a/system/services/default.nix b/system/services/default.nix index 8f5540f..6c2670d 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,6 +1,7 @@ {...}: { imports = [ ./fail2ban + ./invidious ./keycloak ./mail ./matrix diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix new file mode 100644 index 0000000..50a32e8 --- /dev/null +++ b/system/services/invidious/default.nix @@ -0,0 +1,12 @@ +{config, ...}: { + services.invidious = { + enable = true; + database = { + createLocally = true; + passwordFile = "${config.age.secrets.invidious.path}"; + }; + domain = "invidious.vhack.eu"; + nginx.enable = true; + extraSettingsFile = "${config.age.secrets.invidiousSettings.path}"; + }; +} -- cgit 1.4.1 From 96857910fa87e996945bc3f2e5b6f4ef4a6166ea Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 7 Aug 2023 13:04:27 +0200 Subject: Fix(system): Binary substitution for debugging --- system/secrets/default.nix | 6 +++--- system/services/invidious/default.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 515c3e7..3b8029f 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -21,9 +21,9 @@ }; invidiousSettings = { file = ./invidious/settings.tix; - mode = "700"; - owner = "invidious"; - group = "invidious"; + #mode = "700"; + #owner = "invidious"; + #group = "invidious"; }; }; }; diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix index fd10eec..d03dee4 100644 --- a/system/services/invidious/default.nix +++ b/system/services/invidious/default.nix @@ -3,8 +3,8 @@ enable = true; database = { createLocally = true; - passwordFile = "${config.age.secrets.invidious.path}"; - host = "localhost"; + #passwordFile = "${config.age.secrets.invidious.path}"; + #host = "localhost"; }; domain = "invidious.vhack.eu"; nginx.enable = true; -- cgit 1.4.1 From c31ce7ffd20264952f6567dd8665ca7913a59c86 Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 7 Aug 2023 13:10:43 +0200 Subject: Fix(system/secrets): make invidious settings readable for invidious --- system/secrets/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 3b8029f..345354c 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -21,9 +21,9 @@ }; invidiousSettings = { file = ./invidious/settings.tix; - #mode = "700"; - #owner = "invidious"; - #group = "invidious"; + mode = "744"; + owner = "root"; + group = "root"; }; }; }; -- cgit 1.4.1 From 38c2bb6a2128215f01ede4102195c144f6dfc6ff Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 7 Aug 2023 13:16:31 +0200 Subject: Fix(system/secrets/invidious): Change formatting of invidiousSettings --- system/secrets/invidious/settings.tix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/invidious/settings.tix b/system/secrets/invidious/settings.tix index fe80a7d..1d00897 100644 --- a/system/secrets/invidious/settings.tix +++ b/system/secrets/invidious/settings.tix @@ -1,14 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNzBJNXhlcGVJWk1nZERp -QXJrSEtxY2tyY0FwZnN6ZFB6dGVxZVVsdWtjCjI5cE85ZHhoRVBqcjdZaG9BWFJK -b09GblVERUZsR2ZPaW9aU1NCc25GM00KLT4gWDI1NTE5IHZwL3YraVBBVXVFVmpR -TENiaFoxdTJhUCtWcEFkU0ptaERpbEl1aGw3M00KWUozUTZxYm4rclN6L1IrTi9k -eEF0dVlYVEVNTnZ4Y0tUU0hwV2U0bXVCSQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -QkpGQ1RkVWhNQTFyMS9qRGYrT2s2djJHMEI0eFI5R3ZMVlRsa1JoMXIwawpRVG5z -TnZWMWhQSGxlL0VnUng1N0QvbTFuNS9WZmhnK3ZnVTdoMmtsejVJCi0+IDJNPHpY -LWdyZWFzZSBdVyBYZ3s8IG8ve0ByIHlrIkZkMwo4bmJOZU5yd3loSDlURWorZ0VZ -bWF2dHdLNkQ1ZUx5STZSa3dibVRsTCtQekdKWCtYNWlOR3BVQm5MRmQ2Z085Cmkw -OGhJU2kzR21MNk1OdkpHY29Gc21rNEh6VEZKWGkyCi0tLSBSemVvc2hlSnEyYUVM -UXRPSWtrd1hEcWtVTm95dzVFU085Y09adlFwYnhFCrbJEjFMSSaKqhW2GwuRilaw -N3U8GF22F10XHXyg+8csPFOpowRdS7ZBS52leGe/ve7oiVO5SBd3v7yWXa6ZInxo +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaN09yQTF6QkYzMlhYZzdT +NnpoS3Z4d1FjaWFIbjc5QS9MTmQ0UWNaOVQ0Ci9Cd0NyL3ZtdEt5d0VKVUV1dmVp +cmF3TGtOSFBTdzBEcXUxRllNSTlCam8KLT4gWDI1NTE5IG9UUy93TWM0VnlCQm5n +T2hpSUxldjV6YTFKdzBFRFQ0UHl3Rk9CWjZ2eHMKVVFqdkNReWZLT2hUeWdISUVL +aUp2RzFPZnc0K1Yrb2kwMWNGQ3FBYkVYbwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +Z211aHp4RzVUYVdMbFB1ZXFQMElaeSs2MmpBdlhIYlVOc1IxdCttRDhWNApoT2Vm +OWhVd3RzY2R4R1krVlVIQjVrYnNGT1NEVWFrVkFiVzFBOHppOFJnCi0+IERRRzNT +OFYtZ3JlYXNlIElgfkBXQGQgflN9IG0/ICQzTj4wLCUqCkZyRnN4Z2FkMGNObzBM +cXk4K1J6TUdJZXovajZKV1FMZ2Z1TjdqaENrSjJzYWpoKzNvOXhDUEt6aWdUaWVw +a2oKRU1FdDlDbjBXN3psRElWcnlhSjJDQQotLS0gYnh6QUZtSG1FSCtHWkhZNG5r +RFNrWjczLzQ0S0gxUzZPTVBhb2YwS1VVVQoMo4QpyDyp22gd0d/AcxLsxzxSP7Bv +BGVNAROHFbvNZ0hhqqXEhc819makKyDWv90wDSYQ3R3rjEyzx0jyEwl7e82ANmwZ +HQ== -----END AGE ENCRYPTED FILE----- -- cgit 1.4.1 From b6d9d9692416a9b1f566eda9a72fce5304e28220 Mon Sep 17 00:00:00 2001 From: Soispha Date: Fri, 11 Aug 2023 09:14:05 +0200 Subject: Fix(system/services/invidious): Quote attr names in json config --- system/secrets/invidious/settings.tix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/invidious/settings.tix b/system/secrets/invidious/settings.tix index 1d00897..f760fa9 100644 --- a/system/secrets/invidious/settings.tix +++ b/system/secrets/invidious/settings.tix @@ -1,15 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaN09yQTF6QkYzMlhYZzdT -NnpoS3Z4d1FjaWFIbjc5QS9MTmQ0UWNaOVQ0Ci9Cd0NyL3ZtdEt5d0VKVUV1dmVp -cmF3TGtOSFBTdzBEcXUxRllNSTlCam8KLT4gWDI1NTE5IG9UUy93TWM0VnlCQm5n -T2hpSUxldjV6YTFKdzBFRFQ0UHl3Rk9CWjZ2eHMKVVFqdkNReWZLT2hUeWdISUVL -aUp2RzFPZnc0K1Yrb2kwMWNGQ3FBYkVYbwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -Z211aHp4RzVUYVdMbFB1ZXFQMElaeSs2MmpBdlhIYlVOc1IxdCttRDhWNApoT2Vm -OWhVd3RzY2R4R1krVlVIQjVrYnNGT1NEVWFrVkFiVzFBOHppOFJnCi0+IERRRzNT -OFYtZ3JlYXNlIElgfkBXQGQgflN9IG0/ICQzTj4wLCUqCkZyRnN4Z2FkMGNObzBM -cXk4K1J6TUdJZXovajZKV1FMZ2Z1TjdqaENrSjJzYWpoKzNvOXhDUEt6aWdUaWVw -a2oKRU1FdDlDbjBXN3psRElWcnlhSjJDQQotLS0gYnh6QUZtSG1FSCtHWkhZNG5r -RFNrWjczLzQ0S0gxUzZPTVBhb2YwS1VVVQoMo4QpyDyp22gd0d/AcxLsxzxSP7Bv -BGVNAROHFbvNZ0hhqqXEhc819makKyDWv90wDSYQ3R3rjEyzx0jyEwl7e82ANmwZ -HQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZGJGNzVGUWhsVTJFUGds +dFZmVnRnY1NrVTZBWEt2eFp1YU4yM0xoOUgwClZZNDNFQlp2aEx1eHVqbE5ZU29t +dVpMcStrMXd5WEFOaDJUVlVuUnJ4YkkKLT4gWDI1NTE5IEZSTVFhdk83RGRNWWdZ +bmQyd0FNTWhrUUxSRjVOQjAvWSsyU1Z4OWFvVUUKdkIraVRtRW5mUnZFbVRkcDBw +ME5NTDVkRUo1b0d1Z2xERWZnS0tMLzFhYwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +d09jY1doam1nc3B3MEVqN0grM3JWZzFwMW5WU2ZYdGh0TUZnM0VVdzJBSQppL3Qv +T0VDOTc1U3gyaTB6YVV4dDhEVU1OMzdlMnV2dC9zMVl1VkdkRmlBCi0+IGc/SEJa +aDZoLWdyZWFzZSBKPW1xOFRaIE9DUCBdfl1HXVUKL0I4MTJZT1ljOXE3cUtTR0Fv +S3E2UHcvYWxhUlU5QkdXVWZyUjU0SlcveG9GcjZZV242QXVwaDBQTjN0VldBCi0t +LSB6S0E2SWtmaXBnRkI5aFNIOU9VWkdhOHQrQ0x0MzJ3TC9aNkpJSTY5eDkwClOc +N6wSpWFX87Vbr+J8Sxn9O6uRbYAyNDmiJk5mDqYaqy/+PRPTx0gbmqRz911sW5Zx +aBKfDzSPjNx0CSKKL7ioTYlRrW0YyQ== -----END AGE ENCRYPTED FILE----- -- cgit 1.4.1 From 320cc252c1e59de8fed8993b3a527839bc0963a6 Mon Sep 17 00:00:00 2001 From: Soispha Date: Fri, 11 Aug 2023 09:28:16 +0200 Subject: Refactor(system/secrets/invidious): Remove unneeded files and improve names --- system/secrets/default.nix | 10 ++-------- system/secrets/invidious/hmac.tix | 14 ++++++++++++++ system/secrets/invidious/passwd.tix | 16 ---------------- system/secrets/invidious/settings.tix | 14 -------------- system/services/invidious/default.nix | 4 +--- 5 files changed, 17 insertions(+), 41 deletions(-) create mode 100644 system/secrets/invidious/hmac.tix delete mode 100644 system/secrets/invidious/passwd.tix delete mode 100644 system/secrets/invidious/settings.tix (limited to 'system/secrets') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 345354c..2269672 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -13,15 +13,9 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; - invidious = { - file = ./invidious/passwd.tix; + invidiousHmac = { + file = ./invidious/hmac.tix; mode = "700"; - owner = "invidious"; - group = "invidious"; - }; - invidiousSettings = { - file = ./invidious/settings.tix; - mode = "744"; owner = "root"; group = "root"; }; diff --git a/system/secrets/invidious/hmac.tix b/system/secrets/invidious/hmac.tix new file mode 100644 index 0000000..f760fa9 --- /dev/null +++ b/system/secrets/invidious/hmac.tix @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZGJGNzVGUWhsVTJFUGds +dFZmVnRnY1NrVTZBWEt2eFp1YU4yM0xoOUgwClZZNDNFQlp2aEx1eHVqbE5ZU29t +dVpMcStrMXd5WEFOaDJUVlVuUnJ4YkkKLT4gWDI1NTE5IEZSTVFhdk83RGRNWWdZ +bmQyd0FNTWhrUUxSRjVOQjAvWSsyU1Z4OWFvVUUKdkIraVRtRW5mUnZFbVRkcDBw +ME5NTDVkRUo1b0d1Z2xERWZnS0tMLzFhYwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +d09jY1doam1nc3B3MEVqN0grM3JWZzFwMW5WU2ZYdGh0TUZnM0VVdzJBSQppL3Qv +T0VDOTc1U3gyaTB6YVV4dDhEVU1OMzdlMnV2dC9zMVl1VkdkRmlBCi0+IGc/SEJa +aDZoLWdyZWFzZSBKPW1xOFRaIE9DUCBdfl1HXVUKL0I4MTJZT1ljOXE3cUtTR0Fv +S3E2UHcvYWxhUlU5QkdXVWZyUjU0SlcveG9GcjZZV242QXVwaDBQTjN0VldBCi0t +LSB6S0E2SWtmaXBnRkI5aFNIOU9VWkdhOHQrQ0x0MzJ3TC9aNkpJSTY5eDkwClOc +N6wSpWFX87Vbr+J8Sxn9O6uRbYAyNDmiJk5mDqYaqy/+PRPTx0gbmqRz911sW5Zx +aBKfDzSPjNx0CSKKL7ioTYlRrW0YyQ== +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/invidious/passwd.tix b/system/secrets/invidious/passwd.tix deleted file mode 100644 index beaee32..0000000 --- a/system/secrets/invidious/passwd.tix +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeHpwZFZEWXc0cGxZZ2dV -WDkvUmVFWXE5azZ1VlREM090bWJ6elgxR3hFCmhnNkhWZWVqdmxEcUJVTnFZaGw1 -YnVOYmpYOGd5YU1EaDlmc0ZrNk0zT0EKLT4gWDI1NTE5IEwyL1ptVzJ2bUdvSW1n -TzNod1BKZHQ3YXhUMkl5ZzRiT2Y3aUt0NGw4RVUKWTF3ampTMG1DYTBYTFcwNEp6 -bkFWbGl6WEVCcVdhQnVWY0piQ1VHMzk0SQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -TnFGVkQxTndPZ1l4c2J5dzNmT1YrZ0dQYytIMmtxaTN2Y01uZFdXOThqWQo2TDkv -MUJzc3BON1JwbGN3OW44WWZ5WUxWdWU2UnpJczVYVHBsdUFmdllJCi0+IHg5YmFB -eS1ncmVhc2UgYl9hXWlgIC5fIGpLaU1wWiN4ICczCkVmOHRibWptbDBxOS9Ic1VC -L0tFQXo5Sk45TDFlQlB5bnFleUF0dFlMSmdvd2dmUlZ3Ci0tLSBIN0MvMEduQVlR -bDVTQUxvZjB2TTljdjZkbGphN1l1QnZESWNZUjZzd1dVCmCWuxwFj1FyTEFasr8X -apyuQkXs6Cvfx82qMvwE1G4SLOEulJjVp/VDcICQ8RE8BE0HJGRjG64FqdtbHY2K -tPMADqfz/jt7kbXKSwB6zOHE9VNcTrGl+mx2Ki8HUG8GElj+hE2m0cWdGijcsGVW -lo2HKPa7F/d9vBUC9sLYo8U5VrnIRhBN1s4ECfAa4vj2RSsCZePCHkJMH7qFPGuC -PZST ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/invidious/settings.tix b/system/secrets/invidious/settings.tix deleted file mode 100644 index f760fa9..0000000 --- a/system/secrets/invidious/settings.tix +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZGJGNzVGUWhsVTJFUGds -dFZmVnRnY1NrVTZBWEt2eFp1YU4yM0xoOUgwClZZNDNFQlp2aEx1eHVqbE5ZU29t -dVpMcStrMXd5WEFOaDJUVlVuUnJ4YkkKLT4gWDI1NTE5IEZSTVFhdk83RGRNWWdZ -bmQyd0FNTWhrUUxSRjVOQjAvWSsyU1Z4OWFvVUUKdkIraVRtRW5mUnZFbVRkcDBw -ME5NTDVkRUo1b0d1Z2xERWZnS0tMLzFhYwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -d09jY1doam1nc3B3MEVqN0grM3JWZzFwMW5WU2ZYdGh0TUZnM0VVdzJBSQppL3Qv -T0VDOTc1U3gyaTB6YVV4dDhEVU1OMzdlMnV2dC9zMVl1VkdkRmlBCi0+IGc/SEJa -aDZoLWdyZWFzZSBKPW1xOFRaIE9DUCBdfl1HXVUKL0I4MTJZT1ljOXE3cUtTR0Fv -S3E2UHcvYWxhUlU5QkdXVWZyUjU0SlcveG9GcjZZV242QXVwaDBQTjN0VldBCi0t -LSB6S0E2SWtmaXBnRkI5aFNIOU9VWkdhOHQrQ0x0MzJ3TC9aNkpJSTY5eDkwClOc -N6wSpWFX87Vbr+J8Sxn9O6uRbYAyNDmiJk5mDqYaqy/+PRPTx0gbmqRz911sW5Zx -aBKfDzSPjNx0CSKKL7ioTYlRrW0YyQ== ------END AGE ENCRYPTED FILE----- diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix index d03dee4..7a37f50 100644 --- a/system/services/invidious/default.nix +++ b/system/services/invidious/default.nix @@ -3,11 +3,9 @@ enable = true; database = { createLocally = true; - #passwordFile = "${config.age.secrets.invidious.path}"; - #host = "localhost"; }; domain = "invidious.vhack.eu"; nginx.enable = true; - extraSettingsFile = "${config.age.secrets.invidiousSettings.path}"; + extraSettingsFile = "${config.age.secrets.invidiousHmac.path}"; }; } -- cgit 1.4.1 From 95b7f9d6b0e44ca4699e2dbb8c5fee940d82de42 Mon Sep 17 00:00:00 2001 From: sils Date: Sun, 13 Aug 2023 12:44:21 +0200 Subject: Fix(system/secrets): Tell (r)agenix new location of invidious hmac secret --- system/secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/secrets') diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 194ed3c..9fa9cc5 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -12,6 +12,6 @@ let in { "keycloak/passwd.tix".publicKeys = allSecrets; "matrix-synapse/passwd.tix".publicKeys = allSecrets; - "invidious/passwd.tix".publicKeys = allSecrets; + "invidious/hmac.tix".publicKeys = allSecrets; "invidious/settings.tix".publicKeys = allSecrets; } -- cgit 1.4.1 From 74e2c16b138c1bfe581cf9e033e06de7674f592e Mon Sep 17 00:00:00 2001 From: sils Date: Sun, 13 Aug 2023 12:46:30 +0200 Subject: chore(version): v0.9.0 --- system/secrets/CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 system/secrets/CHANGELOG.md (limited to 'system/secrets') diff --git a/system/secrets/CHANGELOG.md b/system/secrets/CHANGELOG.md new file mode 100644 index 0000000..cef729c --- /dev/null +++ b/system/secrets/CHANGELOG.md @@ -0,0 +1,30 @@ +# Changelog +All notable changes to this project will be documented in this file. See [conventional commits](https://www.conventionalcommits.org/) for commit guidelines. + +- - - +## v0.9.0 - 2023-08-13 +#### Bug Fixes +- **(system)** Binary substitution for debugging - (9685791) - sils +- **(system/secrets)** Tell (r)agenix new location of invidious hmac secret - (95b7f9d) - sils +- **(system/secrets)** make invidious settings readable for invidious - (c31ce7f) - sils +- **(system/secrets/invidious)** Change formatting of invidiousSettings - (38c2bb6) - sils +- **(system/service/invidious)** Copy their script, to remove shell escape - (542bb5d) - Soispha +- **(system/services/invidious)** Add interpreter to start script - (08eb773) - Soispha +- **(system/services/invidious)** Force the new script option to be applied - (df87e1d) - Soispha +- **(system/services/invidious)** Set correct access permissions on hmac - (c525e36) - Soispha +- **(system/services/invidious)** Check tables on startup - (b39d800) - Soispha +- **(system/services/invidious)** Quote attr names in json config - (b6d9d96) - Soispha +- **(system/services/invidious)** Specifiy database host - (704232e) - sils +#### Features +- **(system)** Add invidious - (3175754) - sils +#### Miscellaneous Chores +- **(Merge)** Branch 'invidious' - (e33c36f) - Soispha +- **(version)** v0.8.0 - (03ce680) - Soispha +- **(version)** v0.8.0 - (d9ac400) - Soispha +#### Refactoring +- **(system/secrets/invidious)** Remove unneeded files and improve names - (320cc25) - Soispha +- **(system/secrets/secrets.nix)** Remove redundant secretlist - (e1f0250) - sils + +- - - + +Changelog generated by [cocogitto](https://github.com/cocogitto/cocogitto). \ No newline at end of file -- cgit 1.4.1 From 112606a305a832f73bdbae9dd500294e0e426521 Mon Sep 17 00:00:00 2001 From: Soispha Date: Fri, 18 Aug 2023 20:36:19 +0200 Subject: Chore(Changelog): Delete branch specific changelogs --- CHANGELOG.md | 24 ++++++++++++++++++++++++ system/secrets/CHANGELOG.md | 30 ------------------------------ 2 files changed, 24 insertions(+), 30 deletions(-) delete mode 100644 system/secrets/CHANGELOG.md (limited to 'system/secrets') diff --git a/CHANGELOG.md b/CHANGELOG.md index b7aa2f1..08448d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,30 @@ # Changelog All notable changes to this project will be documented in this file. See [conventional commits](https://www.conventionalcommits.org/) for commit guidelines. +- - - +## v0.9.0 - 2023-08-13 +#### Bug Fixes +- **(system)** Binary substitution for debugging - (9685791) - sils +- **(system/secrets)** Tell (r)agenix new location of invidious hmac secret - (95b7f9d) - sils +- **(system/secrets)** make invidious settings readable for invidious - (c31ce7f) - sils +- **(system/secrets/invidious)** Change formatting of invidiousSettings - (38c2bb6) - sils +- **(system/service/invidious)** Copy their script, to remove shell escape - (542bb5d) - Soispha +- **(system/services/invidious)** Add interpreter to start script - (08eb773) - Soispha +- **(system/services/invidious)** Force the new script option to be applied - (df87e1d) - Soispha +- **(system/services/invidious)** Set correct access permissions on hmac - (c525e36) - Soispha +- **(system/services/invidious)** Check tables on startup - (b39d800) - Soispha +- **(system/services/invidious)** Quote attr names in json config - (b6d9d96) - Soispha +- **(system/services/invidious)** Specifiy database host - (704232e) - sils +#### Features +- **(system)** Add invidious - (3175754) - sils +#### Miscellaneous Chores +- **(Merge)** Branch 'invidious' - (e33c36f) - Soispha +- **(version)** v0.8.0 - (03ce680) - Soispha +- **(version)** v0.8.0 - (d9ac400) - Soispha +#### Refactoring +- **(system/secrets/invidious)** Remove unneeded files and improve names - (320cc25) - Soispha +- **(system/secrets/secrets.nix)** Remove redundant secretlist - (e1f0250) - sils + - - - ## v0.8.0 - 2023-08-11 #### Features diff --git a/system/secrets/CHANGELOG.md b/system/secrets/CHANGELOG.md deleted file mode 100644 index cef729c..0000000 --- a/system/secrets/CHANGELOG.md +++ /dev/null @@ -1,30 +0,0 @@ -# Changelog -All notable changes to this project will be documented in this file. See [conventional commits](https://www.conventionalcommits.org/) for commit guidelines. - -- - - -## v0.9.0 - 2023-08-13 -#### Bug Fixes -- **(system)** Binary substitution for debugging - (9685791) - sils -- **(system/secrets)** Tell (r)agenix new location of invidious hmac secret - (95b7f9d) - sils -- **(system/secrets)** make invidious settings readable for invidious - (c31ce7f) - sils -- **(system/secrets/invidious)** Change formatting of invidiousSettings - (38c2bb6) - sils -- **(system/service/invidious)** Copy their script, to remove shell escape - (542bb5d) - Soispha -- **(system/services/invidious)** Add interpreter to start script - (08eb773) - Soispha -- **(system/services/invidious)** Force the new script option to be applied - (df87e1d) - Soispha -- **(system/services/invidious)** Set correct access permissions on hmac - (c525e36) - Soispha -- **(system/services/invidious)** Check tables on startup - (b39d800) - Soispha -- **(system/services/invidious)** Quote attr names in json config - (b6d9d96) - Soispha -- **(system/services/invidious)** Specifiy database host - (704232e) - sils -#### Features -- **(system)** Add invidious - (3175754) - sils -#### Miscellaneous Chores -- **(Merge)** Branch 'invidious' - (e33c36f) - Soispha -- **(version)** v0.8.0 - (03ce680) - Soispha -- **(version)** v0.8.0 - (d9ac400) - Soispha -#### Refactoring -- **(system/secrets/invidious)** Remove unneeded files and improve names - (320cc25) - Soispha -- **(system/secrets/secrets.nix)** Remove redundant secretlist - (e1f0250) - sils - -- - - - -Changelog generated by [cocogitto](https://github.com/cocogitto/cocogitto). \ No newline at end of file -- cgit 1.4.1 From 932c45d2eb843bac1bb2f6e64a91613fe0fa3dd2 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 16:10:04 +0200 Subject: feat(system/services/miniflux): Init --- system/secrets/default.nix | 6 ++++++ system/secrets/miniflux/admin.tix | 20 ++++++++++++++++++++ system/secrets/secrets.nix | 1 + system/services/default.nix | 1 + system/services/miniflux/default.nix | 19 +++++++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 system/secrets/miniflux/admin.tix create mode 100644 system/services/miniflux/default.nix (limited to 'system/secrets') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 2269672..6cd7524 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -19,6 +19,12 @@ owner = "root"; group = "root"; }; + minifluxAdmin = { + file = ./miniflux/admin.tix; + mode = "700"; + owner = "root"; + group = "root"; + }; }; }; } diff --git a/system/secrets/miniflux/admin.tix b/system/secrets/miniflux/admin.tix new file mode 100644 index 0000000..5f9855b --- /dev/null +++ b/system/secrets/miniflux/admin.tix @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3a1AwRUpRS2dTVWc5dFFx +SWtnOHh0SWRVODBxUTlkWmQvOURvVk90d1hVCkNwTlZDWGhhSnNyYzZQa2N4aUxV +SUx3aWk3ditmVURjTjJCckNqOSs1QzAKLT4gWDI1NTE5IElQNHBVZnB3Umw0bW9R +K1lsQXlLc3Vld0ljanBjS1E4TGdHSE8rR3ZMemsKY3ZpVm5OSDZrNHlXMVh6bXIz +YnhFSmdFTTNCUUFkeEpCbCt6Z21SbCtEUQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +VGQxbTRiNkxRTUhRVFZEWkZiZ3ZoRStDbk5OZWFMb1BacEhmOWxjVmlRdwpidTlI +TXNnVHJPVUJjZXdGVWdMZkJ3WVZ2c3k2a3BrSDJDdWdTd1VLdVhjCi0+IExLOWst +Z3JlYXNlIC9kIDJYWlZDCkpXUW1IdFA3RjFoQXJHdG10bERLNk93ZFRvVVgxRjNY +QUlJcmpPVVU0RXYvVEZFZk5nTFNrWXVNWVg5Q0xzLzcKWWlDUUtPRWIwVWF3RXZt +M2dJenh3bk9nQ0paMTVweHlnQQotLS0gK3J4NTJ3Wkl1bDlVd3F1NVFlcVhWS0ZT +RlFxUFRBcXJEcC91M3pYaWNmYwoKAC8nGzAQewMVBhgwU4UxDIzm16OH1Te2N1Up +WjjAaHKGHeLcTG8UN6CgmIsjijV1EIN4qMLGQy1tJlMoim4/Q5kyTkHSEVAgLbKI +vUiW2/7mblgkTJzlVw0EB7wep6HPT9C7JYuirBRstUf0TdBIIB+u0Q/AGTnydcg8 +Kus1e4zuoanFxXoIFoUt48zC8T+EsPd3hMMe8h//rAfsBIxB3CJaqibxmQSWAPoA +yCuULWrmD48xjS6tzwZQo+Fx334HdH/hQSaZS0wJccwONbXaqexm+rEn+wmnBZW6 +lOFE86S9f3b1+GI3ze23yD4nbY+7txlP2QwADu815IZ3eOLBfxXjJR7K4+bEeiqz +0Q+t8fWZntB9sL0iELQlXa4uwcu7DlxLnopC/klTBisrEXizH4ALwVcr9Cxwp4Hj +vpOTqLt2Qxw= +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 9fa9cc5..cd27612 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -14,4 +14,5 @@ in { "matrix-synapse/passwd.tix".publicKeys = allSecrets; "invidious/hmac.tix".publicKeys = allSecrets; "invidious/settings.tix".publicKeys = allSecrets; + "miniflux/admin.tix".publicKeys = allSecrets; } diff --git a/system/services/default.nix b/system/services/default.nix index 3349b38..2530f3a 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -7,6 +7,7 @@ ./mail ./matrix ./minecraft + ./miniflux ./nginx ./nix ./nix-sync diff --git a/system/services/miniflux/default.nix b/system/services/miniflux/default.nix new file mode 100644 index 0000000..e42ebe2 --- /dev/null +++ b/system/services/miniflux/default.nix @@ -0,0 +1,19 @@ +{config, ...}: { + services.miniflux = { + enable = true; + config = { + LISTEN_ADDR = "127.0.0.1:5892"; + }; + adminCredentialsFile = config.secrets.age.minifluxAdmin.path; + }; + + services.nginx = { + enable = true; + virtualHosts."rss.vhack.eu" = { + locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}"; + + enableACME = true; + forceSSL = true; + }; + }; +} -- cgit 1.4.1 From ca1e35461cb2ec8984750dc69a6ef1497a134df4 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 16:19:12 +0200 Subject: fix(system/services/miniflux): Reduce password length --- system/secrets/miniflux/admin.tix | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'system/secrets') diff --git a/system/secrets/miniflux/admin.tix b/system/secrets/miniflux/admin.tix index 5f9855b..6b34ab0 100644 --- a/system/secrets/miniflux/admin.tix +++ b/system/secrets/miniflux/admin.tix @@ -1,20 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3a1AwRUpRS2dTVWc5dFFx -SWtnOHh0SWRVODBxUTlkWmQvOURvVk90d1hVCkNwTlZDWGhhSnNyYzZQa2N4aUxV -SUx3aWk3ditmVURjTjJCckNqOSs1QzAKLT4gWDI1NTE5IElQNHBVZnB3Umw0bW9R -K1lsQXlLc3Vld0ljanBjS1E4TGdHSE8rR3ZMemsKY3ZpVm5OSDZrNHlXMVh6bXIz -YnhFSmdFTTNCUUFkeEpCbCt6Z21SbCtEUQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -VGQxbTRiNkxRTUhRVFZEWkZiZ3ZoRStDbk5OZWFMb1BacEhmOWxjVmlRdwpidTlI -TXNnVHJPVUJjZXdGVWdMZkJ3WVZ2c3k2a3BrSDJDdWdTd1VLdVhjCi0+IExLOWst -Z3JlYXNlIC9kIDJYWlZDCkpXUW1IdFA3RjFoQXJHdG10bERLNk93ZFRvVVgxRjNY -QUlJcmpPVVU0RXYvVEZFZk5nTFNrWXVNWVg5Q0xzLzcKWWlDUUtPRWIwVWF3RXZt -M2dJenh3bk9nQ0paMTVweHlnQQotLS0gK3J4NTJ3Wkl1bDlVd3F1NVFlcVhWS0ZT -RlFxUFRBcXJEcC91M3pYaWNmYwoKAC8nGzAQewMVBhgwU4UxDIzm16OH1Te2N1Up -WjjAaHKGHeLcTG8UN6CgmIsjijV1EIN4qMLGQy1tJlMoim4/Q5kyTkHSEVAgLbKI -vUiW2/7mblgkTJzlVw0EB7wep6HPT9C7JYuirBRstUf0TdBIIB+u0Q/AGTnydcg8 -Kus1e4zuoanFxXoIFoUt48zC8T+EsPd3hMMe8h//rAfsBIxB3CJaqibxmQSWAPoA -yCuULWrmD48xjS6tzwZQo+Fx334HdH/hQSaZS0wJccwONbXaqexm+rEn+wmnBZW6 -lOFE86S9f3b1+GI3ze23yD4nbY+7txlP2QwADu815IZ3eOLBfxXjJR7K4+bEeiqz -0Q+t8fWZntB9sL0iELQlXa4uwcu7DlxLnopC/klTBisrEXizH4ALwVcr9Cxwp4Hj -vpOTqLt2Qxw= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZHJ3V0E3bjVLYUd5N2gx +eE15dlBldWt1ZGpBcGc3ZWcwMTNKSTcxR0Y0Cm03dEgxYzdhYjYvWFNNUVdtR3E1 +dW1lMlE3R3dlcUZ1Qm1GMElPQU8xYmMKLT4gWDI1NTE5IFJrc28wZzhWQ3RoeFFK +WFlTSmVzRGMzamxrQ0NSUG9KVWxSajJsQ1BablEKS0tFb096djZOdUJIVTdaSndH +b1ZMT3ZCZGVkaWMvU0hPSFhsMkY3RzBkNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +SWdGV1pSYzY3bWxadWJZeXVmTXBHeGpMTTYyak1IbE9jTjZQS3dwRXozUQo1UFlT +am9WNzh1TytMNTFsNjM4amh0N2JDdkxjYk9GL285UWUrZHV5L3p3Ci0+IEkqMS1n +cmVhc2UgZV4KRFlYWlRyNDFtZlJWcS9vZ1hiUkJxdE9saHpTTWQ3TitMc1N0UXBE +eWZ5SQotLS0gRzE4bmpSTWpjUnlHUlNHTTNWSjNNL0d3VFFpVFdOaVlMUERmRHNt +d2k3WQqd+49pa75kfJffbdCOmNvPLUN7N+d+lI4lXlPTyLWTNnM8qaVz+BAhMH40 +ri9BTHHtg4ql7bXZWXZt/CiBLUOuv+yKckm4u51vjOwyHwUjaMYF4bfXS+rChsQV +BL+XWihQZ5wNsUh1PRHMy3mrF1XSYROa4ApK/i5Sgm271cvBMI4C4G+oux0/wvkL -----END AGE ENCRYPTED FILE----- -- cgit 1.4.1 From 631e9c0fc66e7c0493ea447dfcfcfca93ce0d72c Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 20:49:27 +0200 Subject: feat(treewide): add mastodon --- system/impermanence/default.nix | 1 + system/impermanence/mods/mastodon.nix | 10 ++++++++++ system/secrets/default.nix | 6 ++++++ system/secrets/mastodon/mail.tix | 15 +++++++++++++++ system/secrets/secrets.nix | 1 + system/services/mail/users.nix | Bin 1138 -> 1303 bytes system/services/mastodon/default.nix | 17 +++++++++++++++++ 7 files changed, 50 insertions(+) create mode 100644 system/impermanence/mods/mastodon.nix create mode 100644 system/secrets/mastodon/mail.tix create mode 100644 system/services/mastodon/default.nix (limited to 'system/secrets') diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index f3d792d..f42c084 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -3,6 +3,7 @@ imports = [ ./mods/acme.nix ./mods/mail.nix + ./mods/mastodon.nix ./mods/matrix.nix ./mods/minecraft.nix ./mods/murmur.nix diff --git a/system/impermanence/mods/mastodon.nix b/system/impermanence/mods/mastodon.nix new file mode 100644 index 0000000..a5bdbfd --- /dev/null +++ b/system/impermanence/mods/mastodon.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/mastodon"; + user = "mastodon"; + group = "mastodon"; + mode = "0700"; + } + ]; +} diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 6cd7524..658679b 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -25,6 +25,12 @@ owner = "root"; group = "root"; }; + mastodonMail = { + file = ./mastodon/mail.tix; + mode = "700"; + owner = "mastodon"; + group = "mastodon"; + }; }; }; } diff --git a/system/secrets/mastodon/mail.tix b/system/secrets/mastodon/mail.tix new file mode 100644 index 0000000..c64a2e7 --- /dev/null +++ b/system/secrets/mastodon/mail.tix @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT05Uc2hrcFAwd1c5S1o0 +L3hhQURmdUVBbmxSYVFGczdGWThTck9VdkhRCktOZ1JSamN0Ly9pVXJDMDZ4Y0VZ +bmRyMTlaOU9HOEZ5SitzOVovUkhCNFUKLT4gWDI1NTE5IHlqUTFtODd6QXpNMFBY +WTY2cTJ2TFI5S0ZGc1doeEVEUi9veGRDKzN5UWsKUC9WZUtXVUs5cnkxL3Y5RlJs +RTRkNE5zQ0NtbG0vdStuZXZVUzFoeTBwNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +Um1qczl3YTM0S3dIb3AzQmpSNVNNUXFzMFNLNEEwQllOSUkrMHNzVy9uMApTdjhz +U250NGNpdk5SbWhPNjhjWWM0aWovRCt0MjR3M29JSTZjLy9IbTAwCi0+IEwtZ3Jl +YXNlIEp6KCk4by1jIF0Kd2xoKytCU3d3MGFxZmRmS2gxSDJiVFp1L3hOS2hJVEtz +NlFHWHhnRW5SNTZRMFFFRUJrVXo2blZvNlZTSXNqeQpVbWFLUmVHN1ptWGdLMkJT +RVJuUWxTVE4vcDhsCi0tLSA5ckxpdFhrQWErb2NkcXlWaHR6WmVndVppbjRIQ3cw +VjAxdTlnTEdmTkVrCou6/oezocFtYn7QDWLFzknFPlD5d1xBFutng6dvazWasZXD +qecouKvAmFFA4mQHUjbmD2QxWdorU7SyYpEPeTJ4rbOuayySkYPxUoo8gqvd7JkS +0VCavUuSb8nmfk24E3M= +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index cd27612..411f92e 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -15,4 +15,5 @@ in { "invidious/hmac.tix".publicKeys = allSecrets; "invidious/settings.tix".publicKeys = allSecrets; "miniflux/admin.tix".publicKeys = allSecrets; + "mastodon/mail.tix".publicKeys = allSecrets; } diff --git a/system/services/mail/users.nix b/system/services/mail/users.nix index a30d547..2104a8a 100644 Binary files a/system/services/mail/users.nix and b/system/services/mail/users.nix differ diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix new file mode 100644 index 0000000..6fb821e --- /dev/null +++ b/system/services/mastodon/default.nix @@ -0,0 +1,17 @@ +{config, ...}: let + emailAddress = "mastodon@vhack.eu"; +in { + services.mastodon = { + enable = true; + localDomain = "mstdn.vhack.eu"; + configureNginx = true; + smtp = { + authenticate = true; + createLocally = false; + fromAddress = emailAddress; + user = emailAddress; + host = "server1.vhack.eu"; + passwordFile = "${config.age.secrets.mastdonMail.path}"; + }; + }; +} -- cgit 1.4.1