c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Migrate mucbot away from secrets repo

This commit is contained in:
Sandro - 2024-04-15 15:31:37 +02:00
parent 10af49371f
commit 355a121a22
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
5 changed files with 216 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.sops.yaml
View File

@ -329,6 +329,14 @@ creation_rules:
age:
- *mobilizon
- *polygon-snowflake
- path_regex: hosts/mucbot/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mucbot
- *polygon-snowflake
- path_regex: hosts/oparl/secrets\.yaml$
key_groups:
- pgp: *admins

11
flake.lock
View File

@ -816,15 +816,16 @@
"tigger": {
"flake": false,
"locked": {
"lastModified": 1712348405,
"narHash": "sha256-CF7eygcN0ZwWeXgfJrK6hNctk7Nm3pPg3XcwSrqwVdc=",
"owner": "astro",
"lastModified": 1713187505,
"narHash": "sha256-Iq5K+wJazHMPeqtC/KXQ6bvWjhgWmmL7fAswUewBkmo=",
"owner": "SuperSandro2000",
"repo": "tigger",
"rev": "a39fb1248521d6f6b2f8a193c884b4d7c7d7002c",
"rev": "ea49c444dc5a494f00d5d6d23aad97fd76bc1ec3",
"type": "github"
},
"original": {
"owner": "astro",
"owner": "SuperSandro2000",
"ref": "password-file",
"repo": "tigger",
"type": "github"
}

8
flake.nix
View File

@ -197,7 +197,9 @@
};
};
tigger = {
url = "github:astro/tigger";
# url = "github:astro/tigger";
# https://github.com/astro/tigger/pull/45
url = "github:SuperSandro2000/tigger/password-file";
flake = false;
};
tracer = {
@ -500,10 +502,6 @@
mucbot = nixosSystem' {
modules = [
"${tigger}/module.nix"
{
# TODO: migrate to sops
nixpkgs.overlays = [ secrets.overlays.mucbot ];
}
./hosts/mucbot
self.nixosModules.cluster-options
self.nixosModules.microvm

27
hosts/mucbot/default.nix
View File

@ -1,24 +1,35 @@
{ pkgs, ... }:
{ config, ... }:
{
c3d2.deployment.server = "server10";
networking.hostName = "mucbot";
users.users.tigger = {
createHome = true;
isNormalUser = true;
group = "tigger";
};
users.groups.tigger = { };
services.tigger = {
enable = true;
user = "tigger";
group = "tigger";
jid = "astrobot@jabber.c3d2.de";
inherit (pkgs.mucbot) password;
passwordFile = config.sops.secrets."mucbot/password".path;
mucs = [ "c3d2@chat.c3d2.de/Astrobot" "international@chat.c3d2.de/Astrobot" ];
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"mucbot/password".owner = "tigger";
};
};
system.stateVersion = "18.09";
users = {
groups.tigger = { };
users.tigger = {
createHome = true;
isNormalUser = true;
group = "tigger";
};
};
}

180
hosts/mucbot/secrets.yaml Normal file
View File

@ -0,0 +1,180 @@
mucbot:
password: ENC[AES256_GCM,data:v1nRBPi20vZvPw==,iv:EByBbBWMw1cEDHhUSQuLktzaSK4Pbikb23xkfRk24KA=,tag:qUMfpJHT0+Y8tq1JpJAShA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVUcxVHpDWCtjMGdLQmxs
TGd1S1JQb1NJb1o1ejlabHRVQzhmNzRqS1FjCkxjRkR2N3QyVFNrb2FmK2NsaWlE
Y3orMGNZcTZqSW9FUXlCZmFBY0gzOHMKLS0tIEJ5RmtaQUI3M1EwbjA3cDZlTnFj
MWxtVVRHcGJkYWx1TURjeWlQY00rbTQKIQ6Whb5dySsrsnQnWOGieUBUxzCK8Z2S
m+XW4LMbbVCAQ1HxiHlu01MfeAjWapUa/qwshJaaL1/z9NGRFojukA==
-----END AGE ENCRYPTED FILE-----
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDejZGWm5lWHY1bXp0cFQ0
Zk5UR1NVVzk1ZndRNkZZaGRXYm5tT3pIVDJzCnh1UEdwdmJpOXpvdStkenpvazRw
ZGluRVVtVEQ3bzZzOWExN0ZJeG5Dc0EKLS0tIEVkd3lKR0tiaGZsaDlNOUhQeXdG
TXZyQWtCK3VZNm1hZHYwTHBSRkRFelEKobyicCt7iO9QFUBZ2XnavxaNI9m0wd4H
9GgiDLYbMvkJpKuXj7L50LUmpYjIdIvOk70VbMgAD38RlyT/xUgf7A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-15T13:31:21Z"
mac: ENC[AES256_GCM,data:Y1tnGTS3Wr3zbpZej+5wlIy1jaOoqHcKHP00hmKpWWR39RberESVkPQViPhP8DmwkKdbU/k+HRgb9Pn+1wgTwv8dFQyYmtWWQ3QHtB6exP3DGvQfI1Jms1Y8FaBIcFyv0BP0Fc8XipKyTG4K+T2j8TPszBCqRrUzgqiezj5Pei0=,iv:8dTU5Hi9qyx5VIGdouR2FVbc9VE4j16tiliv7KvZ0Zs=,tag:zfm2pKWmA0t2tccNinpaNA==,type:str]
pgp:
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7zUOKwzpAE7AQ//VIhYHVy0KRL1r0+UWbpQBxOMVmHpgkXo+ztVWEZkb5Gg
h6UBJehzjPh5FnKTbgAUabVYsD4AC/sUd9nwKWwYFog/YmuPvChdb5D8ItLvFfZa
/Ksc7IUbKCfirXMQGXG6GIB1HvFu7qWdg/oxz0BLkf18A/e21EzypaTLJt6Z4vQE
gIbPddxZR9lKeo4Hzp62AGtpAMorDKuUhSH6zyf1Xhap8/BBzR+5lGGxGWuX4+nx
E8gyv8ZMGYIODYwyNRzuNr+R11AcNwnLjQHFL20wAwqvPnSnEDPEBRxYGIcGkMP4
VFzAvWPAmUapuzsyjVMUuZj/DcmM+E9gJFw/Rewp6kE6nvOBTJWxSzuN3ZQ4jKMu
skfc+MXxMnW90mxcELWCuCWyQ4NVO5YQyT+uV87iRQqz8d1l1FPFSbI2FSOIcoj4
VLw86wCrzt+3MTTDdYL8XCwoIUFR1Or5Zlrs/zS7R6W5TbURNUKa5ZQGEO3OO+qD
SZx5zRNL752Giq24ThbRF1WycEbKTLBc5RU3bGeMbDKU6AiPY8xsY0Q+PFIJ6JVp
cd6tBjJBjXhKQoKtYB5WPXOOUJkM6S4yYv3CWzIdpeL1Lqw8pwJQeMiutwCp7Lho
/2GZJiGWeGAfdYfWcxmvS+L5Sk/D4ziL4UDB/JUXaSnY1608Enw0CzLyVg06G4/S
XgHQn4BYNMQ8c7Cx236lIyH8d77YM542o6F25lZZ3goBxKmtVOf0WwQ3Jgpyhax2
dDYR6vUFuo/koqbmi88TSILF2wW4wK+/+FFXudb4eR5CuR5xwiInWTbPk4S5rKs=
=JJfN
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6j84+xkv3y7AQ//fBBalBW+GS0LMIla3ycuxhfqr242nHFR568nekJb9Nhr
BNL1ihgszHCr4pwQafUrMP3Fcb9lu55A0oVsLQSmsoIH+S+iGDW0I3mKZrEqn8B/
4/ihY9RjY81ECUyIhp7NbnmL0yRLI6DpxmwDsp5kcy+oG3CYIGVNvupFAkVdlK05
4h95zNpDWhp2hAZAaS6iSGS+a1ivdqf8cKBW4B1Hl2kP1yFIwhlTZ6V8MrAIPEJd
STwbInoqk3Rt1s7omc/tmEwEy0p8xPro35DkrUJwRkINdX96zneYu6i+w28YNDAK
h7olqaShVE/DQThkYBD9NDynDvoCVdiAD99qdeWoZ2ZXuUgabbl7VmFLuUYYRdA/
5LJBWydMr3vqUx1oFLbJtXAepE4xfEBRsWSfnLBstW+dCS2FCwBdZdj+HZQw+I//
E4wOngvk4FnOWJi/buniyGBbXIfxW1u2qDOSwhZ4WnHG2xHB27F/6H5X9mwupI/6
Vcws2ETNJr736ZDFc/B9dsY/OEkzxpVSYRK8B+jPiKcVD6TvwlzCCT3zh67mObC2
9AQOdKBp079HQ/G0QMaFOO2sRoS/c8WTg2mPt1nDnhKsk/d27lxk9CtrGAbxqjLR
8YYTLKMGeKw/ZBf3fOftaVa3/jfr3gbSHX9dlcY9KkrJ23V7JP5Z0S++3YwWIWHS
XgHFMAaTOdpqhhBTvluO9kWmX+SUb95j83+Y+Lt/EtP0bjxRu7vNyq7WTdWFh3IU
m73iUTA0PPEUcLRUlfLwtOtzaZk+zlcMGBVK89A7ZZxNwhN3Gfqws5djO+B0BkU=
=TfwI
-----END PGP MESSAGE-----
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DqDJbhoEBo+ISAQdA23U0ZOjdeyNq3YQib4t3T/cxbkVQlMcdjrdsJXvUuAkw
2zDmbO+qBpKFH9iwI0yt9oRCGTjwVuK0G4e8OOqwdAwYV3KylJxh7gZ5FvsBBa2A
1GgBCQIQx1Cnctk1OiUbCoKQPK2gyYj8p755lfKYGwwEv5pdNGcwh5QgHHUTkBFg
VWtuGi6kJy1O9V6vJoZfsqXsJ9YzxdZzyFlC38xlwCHYShpFEICOvSBJjlaBlGfb
ZpItK61mI3bUyA==
=cgA3
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwMCBBrc/JA6ARAAuQlOImp2nIx3iyZWFpbvuZDZpBn6wjU2fCdKhJ4zGJXT
U3GX4/PZkdhPdHrjq0/zJq+UNgSWJUeoVTzmhCsp4+N8zGlwZvbFCFevlf+xnr7w
Q1NUdrRXi67A6az6+ARmRxASt3RP0HIDPjhJ9cZBffq1BNpfGLC9pULyCUV+hMJu
dtnGV3ZacTyKJ4yc7OXhhbBV0dg9kDz9ATmetOutwbXic5YJt2e5nRyMtdawj4IJ
JYyY5QVBNgOTchURRN1M9EuHmjXstDcrcGdhqCsNhRZZHBGAE/tRoggsA2VdYiQo
2kRP+w5zxji2tLoxSluZ6HovX/kpfMkFLwfcEs3aBdPZTfzrNuAPlU27FePGeDt9
slH7UIhGP+6lpRod2UHrQtrpvjhX/rT/9tJJNUIIuRLHc2GqG+6VUxj2Uc010P8I
4nYYWmNrXVfpcXUXRKasguyRqDd9X3wkBFBF5kv+/rU7bZLP2t1LcWaXmhcLUgYP
z8Gljwuu9ankVzHU6Yp2wsL2SJn9w0wis0kJ2glMsrlFqBGatFgul9CCnqYEJsVD
OQEYns9InDCfbbr9EUh85ioHXXMoZVfKXubbqO/5MdyWDFssWLr6keUL0HpS6SrU
vAqmA+9xo5zAlzcFSTBdD/Pg+Q5iEIquOnDRA9P7BeVnqRMbhn/udcH0h15cEkXS
kgHg1m8+EZsVbSOX3C6/m/u1KzRlhRQcF1IIGJcEbSggtlf4X3rbbIU5SRsllCUQ
Bo6abk9ugX8L7wApgt9HQYpArrqQhaTEjDM1GYpxAGtrg9p87S5l0kSFHHJaFQ6J
qKczePCWhOpIFaGc8Qbn50yZIhJRBtiElwV6iHDVfHdyCQe/XnXEvbECgwC7hMgn
KHOg
=JGrE
-----END PGP MESSAGE-----
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/9FHse931rENsf8w8nRMSFqu0tzbUBBp9cUlxzqN4uspaZ
0tqL2ozA2P+g+/gtrrMvJ4kDn5EXWdCypub8WVl2HGt1+VqxTV+20M+W/158kwcw
VbUlYgO3RxS7FTV9gkGPcSE7lJ+GmjmXQyjTPD4PmLmS/m9OxVBLysCZiWqp4Cg1
vwxmrnsXfomq1GLYTY5CMutrrk4SXqfQSmlP7hJz17eKIbbh56RZRw+IrqHcJtuC
XJAvCJiQrXyOHDNc76mTvGn+tgCV0aZIxnE6wLfO/JpETWyBN2riady04Sk+Hl9T
tjQ9PUP7zgKX0DUW6U7rinI4myGVoWhpY98yqSBcwkpuBsq6nGrpNlvkw0IwQuDp
Z3mdgpUHEcyQZmfSUQNlfIG9ErihYgX8derZjHoeajkfAX0+pAbzOZOt22EhG/sq
u/opsw1nD/gJd+nxC2v48lrHAX832gF8xN9aU7xXPqaoGCz8xAXzh8RFu7DhPYmp
knKrT4YJgmynSFwj6O4hU2fkKbr3QQ6jLWGUDI+ypwgU0XCDV5KwTDL8ev84swV5
FBwPHXeZn/ZCEZYjpG//kCn5/kxCbBSoLvz+c6yYxKf5h8PgBBbCFku4QgQYVIDW
JE4Qm/JDaO/eNkz8xq/TnS9ptysf5LnKD9nkg/NsHnLq76OaiMl1/6rC0MyiKVXS
XgGxCUddQq+8xAJ+pyNs08qBMbjbe+XA/boNxmbQA8RX6oGPNIdo6bsoC8g7c+/D
5X5bHrTdIvBRwQBkzGEhwDS5ERsB7gUGx6n42ueahSZesm+Iehv8ihmMfgj4sJY=
=czRd
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9qJIVK2WMV7AQ//WmLkcPFb3MlTs4+uVbq/w2qKxK4C6Mp++CreylCv5Zo/
2ueemyY5MwVzLrwgHTU9KaTEfdvHzWPeiojG/JqUucctoN8iD7nHVN9DDKZ9hWqG
dfXs6rQ4nqBYlxsWH2xeYl2jpqkzpPFy5HDEU7aWvAhxnGdM3GW4NHuCUengDCDk
T5yc+LmNKXZoZUev6qhI2mCM2xA3EZFnVhw2hswA/SLqlvYxRxD0tnDXjzGWWMMH
nxakQmxHR9q1ZUwrjtlaeOQJG52Qcq720LhzLLZdnfLAlgarQSgnr84CICHBGmXX
VtFhnedzBYPkriUN3RctT0ISIQDmxzH7h0ha3Y5iezTy0cLo/hIGsr+RtnoWEAny
6EmNOJx7PTY3yHiGMJ32AC2VDVhX2DGO/oHDLU7FPgC1BM0FzVjZI+vpUpMc5ZRA
vl8pyHqrvK8iGAcYna0NZWwOSj0tQ60hJFwMqRG/5LV+SW88KNnh5QQESrIyIV2g
voZAyKLKHbDiZtosu2VnI6lyELEKDHF4gQHINrpEBw6FOAnQrtJ9HKJQkiouX9t4
jLmtNiI91zb1iczeR5bc0pOlWJuvSHRG/GX+04wB1Zv9uMb91Beh1T+TB2P+LRmk
+l/yrEL0UFWkEN5nGUH6D9QTTw2yNJbLIiNapfb4AqrRQfq3uvK/Q8hoDZgfw4HS
XgGJYUHKEpkRJDdFhJPbpIf7WHKlKmbdN8ceMro2hPBKDjGrdduRG/PdmlJcucZ3
9Aawfm9fo3RJ9/jAeWl2Jdu6v8/qnSY0sAQ5vzQXxqpeGsIjxc2XOZmd/M50XSY=
=MlEi
-----END PGP MESSAGE-----
fp: 53B26AEDC08246715E15504B236B6291555E8401
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9XEenRNYVGHAQ//V0OzBwN3EHPPNdhxCGS64/Pk+02FX2iX1jhcXl1EVv0l
bO2NpPe18y9UF4UUy2xnjcZHvWI1boFYYvuG+16RiViZKruUmfUoWKeG38t+F9OX
14B28iwPJDJrFMEkUOy3fX2UdAeC2XMirxxJTs4y09FruGL19yCf7QIjudzgXcqS
V5QWN43RPvVMD10XfN1qGv41C8NwCOch0RCAE8m70PkA39905QQVg+ORFWqV+oOP
Rq4QrFsArJnnvESnSWZkj6SOO/rJBgythiUMJsDodG7E0Yh/Z37vQ+89En9Ei6Ht
DSPpJh5zO7Wl9CH3TRi+AkAX0R//jMqLOlNfKLecYK8hGvj8cvdHpAB/mRva3rz1
QRd3SxhDMFehtMlS/KSIhbMInILY0LpNZQXHe9IXFEljjOR26tNkhQkLHdSCnrPS
Frj+cN8an1Gg31zWcMIIAOTPYX+GAiURfWbqRKEkNK6ZZEsr1DJew++O50XfcVl+
dAlmTp2GjvARTRKQoF5fl4Ln7NSH1nDl7HZsIHU0KbBs9cs6zo2WMTnlbS9TVGbg
Kb8QNf7QVXONsTDe52AuL5nnVLn277ZkIEV6HJ4axtioxfl6uPZGFEI3tca0U2GX
ZBDz0xpyfdLbCsdGC66Ds96KjQi3Hn1rwU1FwrsYKLnnvHexPkYJvr+vxWBXgDjS
XgFFzTgljq7dguSIG660lUP9kLhOC/152a9Fwri4sNHIv9UsyMZ4VMhg9CP4Ocf0
spUzcaUXBUrep/UlQ0Pct4mQhVATQtU1EklndJrvoWSjR3x90BIr2PAV6yGCjng=
=nhtZ
-----END PGP MESSAGE-----
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
- created_at: "2024-04-15T13:30:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA45bZkLXmBFpAQf+I3J99YpcXxnfeWxv/VfeP0myHDP5J/YCT1Si3sOk3wRZ
uYhTLnFXdaIkuzLFiH+Ygf0jTpLTMRQz26h3/r5om/XuTyT4J9sf8Xf0+V0S95JA
rS86HFypq4UuoiKAbsTXmdCEX04SGnZXbeEFaNrHD7s07mdw5wvtDK3S777hnGEG
ipq6cr7XosdQ2M69OGKIIoCL/YMUxjHYJbzWy+DmKgkVmDR4ksEyx1LPKZGAVYZY
kQOvpy/KMQjJaLH8PZNq6Q7Zk3qUTQT8vhaJcpHAO60de116zf8kOekgcHmle/v1
PX+DPTZ/2hpBI+4Wij7WHlrziy7vfMgklo1UarUkCtJeAQNqPmw9VtzEFCd9b9T7
HoLKa9FYrjuyGq3c/0LNQb+0AJIqYZ0qqzDn+wRtZ7mPx9WW4oW4LHt4hcIDx+q1
xBW+ZRneSCqvp/MBptLn4TVrhUbgYNkTL2BAlVMWqQ==
=zqg8
-----END PGP MESSAGE-----
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
unencrypted_suffix: _unencrypted
version: 3.8.1