diff --git a/.sops.yaml b/.sops.yaml index 9bc74708..c6be1268 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -348,3 +348,9 @@ creation_rules: age: - *prometheus - *polygon-snowflake + - path_regex: hosts/stream/[^/]+\.yaml$ + key_groups: + - pgp: *admins + age: + - *stream + - *polygon-snowflake diff --git a/hosts/stream/default.nix b/hosts/stream/default.nix index 76ccac53..a6fb904b 100644 --- a/hosts/stream/default.nix +++ b/hosts/stream/default.nix @@ -1,7 +1,4 @@ { zentralwerk, config, hostRegistry, lib, pkgs, ... }: -let - authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; -in { networking.hostName = "stream"; c3d2.hq.statistics.enable = true; @@ -48,6 +45,11 @@ in }; services.jackett.enable = true; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User; + }; + services.nginx = { enable = true; virtualHosts."stream.hq.c3d2.de" = { @@ -59,7 +61,7 @@ in proxyWebsockets = true; extraConfig = '' auth_basic "Stream"; - auth_basic_user_file ${authFile}; + auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; ''; }; }; @@ -70,7 +72,7 @@ in proxyPass = "http://127.0.0.1:9117"; extraConfig = '' auth_basic "Torrents"; - auth_basic_user_file ${authFile}; + auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; ''; }; }; diff --git a/hosts/stream/secrets.yaml b/hosts/stream/secrets.yaml new file mode 100644 index 00000000..a90c8df5 --- /dev/null +++ b/hosts/stream/secrets.yaml @@ -0,0 +1,201 @@ +nginx: + httpAuth: ENC[AES256_GCM,data:Om2ow5xTUahuAfZWgWtHgBU=,iv:yVLc94lT4Anlbw5Qd/xJ/2kEQcZxiikGMF1173gIMR4=,tag:StKZYTytyZYxBwxadklMKQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1j5csp5v5s2g8am47dd85kcke8986e0qc88f0vfgd3kmvwu8azg3smslk92 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WXJ5MWJSTVpDWmdYMTdY + aXA5RXN0UEdJYmdzUEFtdUlFNWtKcnhkRDNRCnRrOTJHOS9vNE83QWk4SEd5Qktx + SDZJY1JnU1FBOHZERDhCY3JmK1h1dlUKLS0tIE9tSDlNQllSNFFUV3kxL1ZLMy81 + NnBmVVVjRzZCNmhtOC83bnJaTDhRcFUKwDE+ok9bsHy378KffumjqX7bx+o8iX2R + pG/33VRkUAB8pD0wvBZtz5v8Qcz95GR1w4XcJMS/fox6mnLyNBC8aQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxc05ieHVlYmxudlF0Y3Bn + Ri9UZVI3TEVkMm9MMENZU3F3WmkyTG5aOEhBCmJrdFBIbW4yc0xBcXBCaFdZckJt + QW1lTjJCVkE3WnlkdkRHVVMrMzVTY00KLS0tIDkzY25uR0tVaXFpbnBzcTJFaVVF + UWtqU0hBYzVFbkVlMzJMYXJBZFQvcTQKrsbWfrNUCfl3ycHdDKBg6sQrNZ56bKrV + u7BgTUjlryB35jwdrI+as3QzxqTdyjdXTfBMeEQQEkfqsNVu+j7vmQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-07T23:27:53Z" + mac: ENC[AES256_GCM,data:+C6FOuncSKwj13MjV4I8Zk/wZ6vRPfHMLkOJnfoCjzKRY9/xmuXuDmeHzxp1de7qJKI/lKMQ799assfcX8wJNiFjHM+XV3TYeH6FBYABjR7xAgr14dfTgryp59bVp59vDYhGaFsIYYKwtqqxsPeIkxxioqE6WI0iEUGQVBWgij8=,iv:Z5LZe/biKdYpBr8qIo/fx0OQHI5kh0Zkpggpl5qC35c=,tag:/crmeTUW/8ie/Ed23cC+eQ==,type:str] + pgp: + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA6j84+xkv3y7ARAAk6nuflGhk3S8qdgS3pxdExTZ+bxMeWwuvOVnI6tZdRoB + ow1ULUvfKCBp0zJoC3vKhtrAQc51sh2Dqsst3Bo+HGTqLEWHQUjQ+QXOwXadcpo+ + YyoBpcl5lXD1eEchHRFdpOu6ZGzf7ETpePH+bQQYBtw7YWPKmY0DpHv1+3vYLtXT + xczBg9k+uQMc6tvaoLdT6PTiAov9IvT3mvVbnmKoa96nTF/tZqcW4hDrrDOy9iQ2 + zibhMK4lyoybMd4Wl8IL0wkaRxhgeCCVv0ygQ4JtdvNx4C5ifJR2dO5p2VtACAe9 + 8XAOdItx8Wh4h/OeO78BO5Sf68lG7NHU9utvrIrv3n2+iPlejhqL7VZ6kI7TtdeR + tjS14dUhhau2KEPPKgx3i434hSVyptAV2n1wMe5WSUiZlBKLPVI6yC1GV6X24+eQ + 3bq+A7h+sIZxFlylaN2CamVwu7X10jQdNrpjSMoXJ2hccYQutdNATDolISHISfq0 + 2i1al/npdQXhntWFleCqgfLnkp+J60kgwTsgUkFGwQKkSPoYGfZn1W1ttAi4vQ7N + ADhn5HuEbxB/54ud87iy6EqFm4qDF8Cq7hH2jGJEJGl79J+XANS+L0t6H1SWaDZQ + nrOIMsnMjnvGhQCkGUhFgmibRvNLJPq660IrbyblLNDsv8RpVtUKjVBFJ/LQv3fS + UQGv3xKTRzWK716mkxdbXAF0ZEgp8PM5RgsTk1ZzqoVPySRqVOu1JxE9C8YtPISv + 4xfj58IFn/KX/l8+ePIo/HdUurUsGecfRP4w+Oqe0bp6iQ== + =us88 + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA8zMZ+ak7y/zAQ/8CF0XQrlmThc/OU0wZ78k9/Q5M/pBRDf5JAaHu+sqtlSh + 2y9/bofbuz43sZqKsekCHT/kS0lMHPtbb1DM6l3Rs3VRjz2sggcLEorNN+vg6+2R + q3Aq07U6IkwP3mvTb5KO5U/+oTYi5B5yoTVtOWSx+RxctqHnWbxYj9IAV+73Ydj6 + i7hRfd5lv00rTX/xLDCLsyq1MO451O9ccrVOVRE/heTf7AxQYMG+oYUfEpSII5RI + udl3bUUO7GYg3B5fZxMQSmtqAFZxVzmDDfxRZlIHQVbF4pke9rvIQYk9APLaCiZL + 1/BLzZC8fS8Tn9sowvw0hRjftYI/Wi243xwgdIsHWYxlZ/YlefopW5uLbk2Hl+bP + kLw5/U5Q9tAKciiNxtFd5K8wyyEH0HUcoio5OzckbCuHAs/I8VZ1Rpoo5Lckxju9 + GwZOhIbAXqOQQfRzcrhkZiBMhvZQl3DybUMZvJBJUY1RzRZcSMpWXIptuDd1wHmo + zxtqLPSHUVDvWUEWLD0YN8h+NIgFmOOKkH3as/rk6orzcuV+jSL+6x9sWjqM0XD+ + QDd9jZ39Jh9PUAixL/bOHFoJz4NQdLlMGlluIekp+iMgaxkdOjyyjQbW21YDiB4C + Ne+vZApHhhnPSib7jyXBB6oSuNpidsVo5geAwFxZXbbU/pco+kv9k7L1E6ECvgrS + UQHeUZO5GVhCgNTeAn6RFUIwKUhBRVTRF4EBZ1FzSKJ9QRh/IV6cU7x//VSiNNcp + 4x5IoueqsSDrGGIL7UuC6LH6CAbrX7u5aaJ5MNrRi0bGqQ== + =Q64C + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA45bZkLXmBFpAQf/WKeXAV7Frbt3+WW9U9kAXpEK7jvgLEbjyVLNAza4dEYd + y4x4iUiDxZw6l6pJFELHM9ngSgqsdLU/MCFzZymgmgLSYww7mfZXTv39GnhmLsjY + L7srNOqFsyhWPfC/epWXNsdmJdyM4S7j6YXr0oL9t83Mqpu9WoHPT8hFUfLhlnGk + EvzuATPbg3b77qrBJVI9hK3qRXPKNUhVsAB/CqiycaC3eIBMe9GtAyafFXc1oTAC + /flMdYFP+whHfTcMi9d7ZbqmPChuujUI2QdKg6dML9TT6gqUvY6lEWJI12KfliD3 + +8yyme+kCDev4QJCOfzIyyT4WELTw5ELe51z2LL1+NJRAX95uUAEuGYRjFveoYKw + 7XCazAU3T510WuuJKsR9kgT2k47IHO5V904zawh11etOijgoPs8jIUlm12pkwX4Z + RRGhz0ttPyqu2HsyY3CmV1F2 + =Kfi1 + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAwMCBBrc/JA6AQ//fEfEcVozIxrNDB6qaj/F2SC9qHvaptcZbSgr/7xUOFvE + ByRwIMITycaxVhPt9Ph8VyyhZzHfDueKFb0uVmPGlx0aP8X/hpiA+ZMtDfGfR+pY + w68vCyLue7x/A6Wb5NSP/STvcgPDyT8cZRITNRLQEtwqAUHO3lSC+f7FEH47ehZX + SWpSx3sCRFNJBFiA3GsPZTRXZmHrRIuFnCDm5I8p4qW1SfC+HV8BfQY8Qgo3ysuO + m0asnFJPB2o7chZ7bxTVgOd4Vd9lJd6H8LQqNwSJBXQKNffqs7toU/RdVJJw4EEY + 0lzrfCDa0yPM4aIm3LSYBdn8JQe2SaS3WtdBphZvKc13r4ZlJ7RVJz+RiNGl4P2P + OA1xgvqzd9OlqKD6Ulq3X8VgKSsskHyxfqbmH2SgLLebTg4Z1J6onkh+SdRCkgRk + OJRacZiJdGPbJhQeR7soqop/DDasUXchCcd86dL94kCLLjkMGtjPt50EHJ2LqaMe + jgfh6IjmMmXEWPkjKqQaBZ8G8acfpArRZZzNznunyUsQZ7MSzScYn4CmR5rIgsRw + /KRRInpY9cDSUJbqk73r5cjGIhXhjnKTCflN8/IE2QJILBK+uaAd6p01ks1kw1A2 + thSvRzcmiSEH/RvETeOIXY4z5PfxxGaQi/+o4RRY3NydTnvqYsMhi6gQqLBKiyXS + UQH+UjVTas+BdcpJ+Lqn548/BgCRf72YFMEQgsyTfXsaCYF1iW0AmUyPjlsSXvzc + CT5iSAqT6CIxIKW3BU10mEBSFOMrVhwxhtsLzJLZLWpWAg== + =euNq + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9XEenRNYVGHAQ//bSh0jHk5UiwadJNFpZTuEOMCgeMZQTmcGi93YZbQCOtV + WcJF/qNjo4lZHeNqAAOxolU6tA2c4Kv1UO/XVNpOu3O+DNizEXG8gq9jBOPNxl2O + 1OTxLwg3BIdQjS7OvlP1q/3ZSD+8NinrWiHxICdgTVmC/JWmo4coTrqAyPgKgaJV + yqzwhoQUfS6dMtHMdCSqFOjP64ZGcTKqJ2UbtBP/vFpGiSciyg1OYe6Wbyjjx2Kt + WVB3MHhZSL5IKVwU/nYIP2ZZ1uugPRBLNKtmZjZWvl5heImAKhVf5WbVXwAExYLl + m0Xeb8sYqHXNTOUvYK8CuyYwnBLz1BEBSeEMlLxzSZ+KAh7jkM9DTy8BN0aOempC + Qtxt5X5bwITV2UBuCvFAog2+kguO8lX2l3nH3KqLsWGAD9adrJhGJVstI2N50bcV + WLyAMNx6Wyb7p+JPS5qyJKfdvJWJJQp1DQmBaW49d6h/wVw2PinHgt4pi0ujum/0 + NCC3N1n7vTFP2SXHRGCgiZ0c7DQP3SHkKUh7QfOiB79lyuA7iapBhlXcuqhcUcVj + gSXQTkCwD7WH/jzietSZD581hEe0NbUFlcnX6KjXg++HXXOV6ECZM4COQSbyqs/3 + LrBWku207kUypcXYoQR8cJFM83094cb84dJM1UuJ71fnrdeQWtvialmDcWCB82fS + UQFOvgXY0jQTnc0GLSm9bvcoTu8AsJ5rGY/G/l5INtPa5+J6tlPWCcRArb3Ppt5V + DcEKnT6QdA/4p5PooRmGQB7Wwrs9pQEnjmafEf7oJJy7HQ== + =NMVb + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQgAhIjff77caU9YPiV89NaEtqYbRSLwNLTopbI6Mkzfisss + 0KoFI9Iu1GKov7lmGyjyfoQzUQG8qn5pueCPDVyeFLWPtbtfZopIIsBoqTbQDxSt + PfDqB42zCdf1XQWeKvNO74cGIkhYPDyvWE2z/JBloeVOhLL039t0RNgxRU1AFksP + Xn10cfrxwsROPAzw4jMd3EOwxmKRuR1/SBav1B3HBfiYeyBAS7OLhL6Ah1XGWNC6 + l7HsdRmnrzeFRbENXRXlrKFAyTtxGgghNfANhYf2+ErbfGHUNvpvw1Xr06gExQRb + UnyE9c70XKAgWseS6ilHpn25ojwp5Ta3m3KNUb2fxtJRAVGk8qcGkBDKdIbeYqZV + pfbJyDNo5BAXAGzeEcPAxAHFBW6jrFpNDefkaMIZsm3gBsYL70i7HOPOm6Z2bbL4 + hjHEcr+rzDANAc1cuIgtHzWm + =Ooxv + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7AQ/9HujZNSHp8HSGVqLvg3niuR+x9cYsvkSE0jEq/f2PM1VA + z+qzcXV2ysBk9WZ8ubwLP5MNw6cGukdOT7wepXztMU2UWmBCDdZ7yjQgH3JhIcGq + jKcqxzMRs91WqkvJNWrdwKnyGeOSd/ZYrXX0poqhZy9wjIjlKxdYfFwXYORwXzCA + 9m6dAqycqkehmNBJOs93QC2JAtrLP4WOVy0Llys+uoS8pWaqG4pDPpxM7WFFe70p + /eXL9pRev9X74WCUdvWSUUDTy2orOgetsHWjzeP6swCEhllhtDnuQAdyH3y9O+PE + Lx+I1n0Etlo4yBeBMp+kyxnlEy6e12PvknDy4+eFi4vBTkHMQIw0z7J+iZ/B1ACg + XGeZTIAFHd0qJHABAVbb5vbTv9a3wdMxbfiIpzDgxAooka4zaXH4phMvAowx/L2Q + k0eOrPCUHO7xYAkqj0/6SckWB82QCoGyyw6gOUdJgK1aqI6NBqok1u+Hg489R3Q2 + /m0Q5v2fD8Wejr8KjUc7eJwoR0NLlNlxKBmacAN1SZdu9wHVw4sAIlNALz/hZqvV + BXK4TxmVJcSXjvTj5hOSKtcsHa4qDgTZuuUlHdsJ9Q8RyRaQZR2izoCecQHM5MtH + 9Lu81AYnYhR30e4GxxxhVsz6VAsojwTajBoNa3dB0y/Tgye7G3y8JZF7SSpXm7TS + UQF+YNwXAZtHktefn4ugfoFD6d39uaSyWKDnHuhmc+39mD/I3ekIVQ0fnLcg2Qfp + u72FaELVQU6yib216Yade7/DW1uuD3ppDa0as8EBQQYsGw== + =W4Dg + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA/YLzOYaRIJJAQ//YaO5qqVj9SypZx8bkilfggoZYNosv8wN8B0V5jNrAA9T + TVu021ELVXAGGnZ/nqnf1TEuYebFye4Jc6NRh1r0GS1kjtBmqlSmuZ2IlrFdwz/K + Cryi6JYel7Sh6ZBX8fqRJoac6KE1vTthr1GvxoJF89VWUxKJwNsqN90yTq3f0aLP + 3eu8YjF72fPoSzPifB6ze89BjxxOBpDhWBqGc/WbsCHFRK3rWsadWI0MIaJ1Lume + f0or8HQfDSjxh6DTb6DHpV/QLxPfmgWQO1CuopB2MJVz5C9WBWkFNWPO1o5KM/uR + hUxaj9Ak5N+ACtWUL8S8rT/T9XGY7NQMMS/WXCiAstyaXwhv0Lt8OefRaF5/RpG5 + 2w+ZDGPFM1RTaHcwNY1slXy1MJAB58qM2UlID8jIOCpyctRlu8uuOY2niHI81L3K + C5tYxVPRmvoFnYG5eiF6+YqUpPxZiTc4B8Rx8/gmRIzuaMjvZIQ9LWICpnB7tkxJ + coumUVq2R8t0oY0b0hGpT9DEjEAvOlLlYS11YjN6cBF6X9BYdOH68NId/EebghH9 + dBrbRQ1nBOGRtK08vx689H+k7RM3D5h7DPSvYzku+1GPzaABCKxzGOGdBqtBF2Qh + YIHK9NE9qL6YDQiQguWmVcyVEAua4cSd5JWcVbIk5i7jj93N65Xu6AvmG3TsMuXS + UQE+ayMj/+frB4IkUp8FjD9A0fEzT3FcaDACTMJJup4zDOzsdgVK6fDxkRTpK71Y + HmIDiMpGWBNUa5M93vWzk2iWmj5u3PKgHSTmWN7oynujMw== + =f0sW + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2023-06-07T23:27:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ/+JVSJGoklxiQ8Mjc61znOy4mx7Ufr8Z8MDWZaEGZU2RF5 + GQC2JNLfnCckW7Yhpzi7r+BgxUcUOjZK8SSEgxCwNdmtQii4AkoMC54ObLB2Zubf + guMuByUR0zHEy9/fW7yaZ7rvIyUh87n/YwYYgJwBk5+o/S9xhN9GDdLmOLZXlp4P + 5ryLe3dHfVqQLtc3mQJN2WbbmZJRRYrC+/MAsZ82KQL/8jbxINaw9lM+g9g8KJsg + UbldUd1PULPLttVwip9E8c9SMmW4xMYvSim6kV2mGDpyYybhna+4Y5xsF9gzKYQP + Haf1evA/50m/vtZJVa/fwDM0vStDplBioxX9wpLPx6tHOUjpJ52UYlYlVFdoxTTK + A6mTVe98JFZ9Xb2tkTiljzGITlZVhq+2rHarpX9DqXrl+y1UjLYyg6/RsYDDT6Xc + Vf64TUVF66r33+HvYtojD9kG/EejfcbvXwGv5Shfyca0BeUjtnx7wsE0rWVZ5g8i + f+uKQEffAycS2zQIDhz8EPdARMF4DbaKtAejV/Q65WUGKwNIpdYHClRN6HyH89hy + 0+pRu2ANSOznnzyWJsjer1anThE0trUU5L4T9recgCC6xWlQoumMVeLcbO0KIOAB + H9ILe1LozGPqN+YZAD9l+OhIv6X5rckfH3oOGcMe0P7XreI+Z/ihQ0JH++or973S + UQE98jCRWp6pfgV6kHgIbqDOf3gXslEeMYG0De56w2eI2wDxGtQVNxBVPEa7U5CJ + xU/9WgISfvK9LlW+311hW3flDYGqADJsfl/CNJcaDDaNlA== + =h1xD + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3