From cab3b9b7b3b208fef71731bf5fb1639f8ac25e06 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Fri, 28 Jul 2023 02:41:21 -0500 Subject: [PATCH] Update flake lock --- os/linux/nix/flake.lock | 8 +++--- os/linux/nix/machines/beefcake.nix | 26 +++++++++++++------ .../nix/secrets/beefcake/api-lyte-dev.json | 26 +++++++++++++++++++ 3 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 os/linux/nix/secrets/beefcake/api-lyte-dev.json diff --git a/os/linux/nix/flake.lock b/os/linux/nix/flake.lock index 034d284..578a368 100644 --- a/os/linux/nix/flake.lock +++ b/os/linux/nix/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1690528331, - "narHash": "sha256-5FTIFs4QbXJ/wq/Q4y0//111HVTKR1jG0sG/m/KuXjQ=", + "lastModified": 1690530040, + "narHash": "sha256-xuEvYkll4AB++/aatW3x8eXCsv9Kz7rujfOK3uzxTIQ=", "ref": "refs/heads/master", - "rev": "0bf3b9073f33a06c7c12f97f7123a2728b996a0d", - "revCount": 61, + "rev": "8aab004307252563e0b2c8de55e13bdf9891c892", + "revCount": 63, "type": "git", "url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git" }, diff --git a/os/linux/nix/machines/beefcake.nix b/os/linux/nix/machines/beefcake.nix index 30ebf00..18f9beb 100644 --- a/os/linux/nix/machines/beefcake.nix +++ b/os/linux/nix/machines/beefcake.nix @@ -2,13 +2,19 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ pkgs, inputs, ... }: { +{ config, pkgs, ... }: rec { nix.settings.experimental-features = [ "nix-command" "flakes" ]; imports = [ # ./beefcake-hardware.nix ]; + services.api-lyte-dev = { + enable = true; + port = 5757; + configFile = sops.secrets.api-lyte-dev.path; + }; + sops = { defaultSopsFile = ../secrets/beefcake/example.yaml; age = { @@ -17,6 +23,15 @@ generateKey = true; }; secrets = { + api-lyte-dev = { + sopsFile = ../secrets/beefcake/api-lyte-dev.json; + format = "json"; + path = "${services.api-lyte-dev.stateDir}/secrets.json"; + mode = "0440"; + owner = services.api-lyte-dev.user; + group = services.api-lyte-dev.group; + }; + example-key = { # see these and other options' documentation here: # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it @@ -103,7 +118,7 @@ extraGroups = [ ]; }; - + users.users.ben = { isNormalUser = true; packages = with pkgs; [ @@ -201,11 +216,6 @@ }; }; - services.api-lyte-dev = { - enable = true; - port = 5757; - }; - services.smartd.enable = true; services.caddy = { enable = true; @@ -576,4 +586,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/os/linux/nix/secrets/beefcake/api-lyte-dev.json b/os/linux/nix/secrets/beefcake/api-lyte-dev.json new file mode 100644 index 0000000..9e349bd --- /dev/null +++ b/os/linux/nix/secrets/beefcake/api-lyte-dev.json @@ -0,0 +1,26 @@ +{ + "DISCORD_BOT_TOKEN": "ENC[AES256_GCM,data:oRMz8tyyFO/ztTUQTjz+X4VLPJDkpDM8Jn6gCbvZk4FzDHpHI784msX3UPGJFE9ZbvVc5etpXYTMeCQ=,iv:Q0LqiD3+2U48LLb91yrC/hXdXf1jS+Dq7xEtq9qwhAo=,tag:rsNykECJ15SskVOnQxrONg==,type:str]", + "DISCORD_OWNER_USER_ID": "ENC[AES256_GCM,data:ImAA85aKgOwdoLSdXTJ6Fodd,iv:1DjAgq5OU56kee6PMRjsHOVCEcQ7XZ3HAWMv51A+OnY=,tag:KfjwuZuWKGOjD2Zi/V1zMw==,type:str]", + "OPENAI_TOKEN": "ENC[AES256_GCM,data:mM0D+UXD0cu45gfEeLKaJioHcJ8lM5TA1ao+IzYHdGc8L1IBNiKN+/D8rkr6wFwrpBQQ,iv:99UAkefC+PlAU5bJILQExZAoHR48RhMvvMVJbXRyIwE=,tag:NLYoaJcjFRsjGwmwu37qwA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdXdGQ1Y4UHMzdnpNQ2tJ\nQzNTNHpCN3JyRVdPTmYwQ0ZSQ1E1czZMVnkwCnc0M2ZXbHVscWJIYXA3ejArMTB3\neXZnYWV3b1Q5VzlrRWFMbUVmb3pLNVEKLS0tIGtXVGYrTnh4dCtvVWdVd21VZWQr\nOEdSZk5CYXJDUHBwbFhIZW1Ob0dQU00K7Vc9lRZAljJ4HjHyQqcj82wIRT4MMkuV\n9105iqIbCLW+3Jc9BQkDgq6lIdZ62xhuHMa0vycvD/DOKJuyUwerAQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5WWpXeFR6YVZDcXkxcTUz\nbm9KTkF6bVhybDJYR3RuNVlScit2eHAxNmdBCnlPZzB3azA1Nzlhbm84N1czNDZJ\ndjdpdkcvRVgzcTg0UnBOdmo0bnB5eFUKLS0tIFVNZzk3WlEwQTNrVUtFZU5YM2Q3\nRmZDUUw4eHBOZXpwN3B2SDlXZmtPT2sKCgvPtxgRehJmfz4b1qIQLauwh8SddVK3\ndAtU8W5UcNYiDd8de2is2mxzcuNzvD3R0BorrO1SSpulQSdPj6gabw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-07-28T07:39:26Z", + "mac": "ENC[AES256_GCM,data:IfjCRLyAPQpMMGqDLFxkw/McYdWeNwVayvcMhzU6XDnC79LFYhUcAw2927pnHawezS6qI1Aaj5rY8eT93MZ5K3Gk1JW0S/wuitmUGvOT0VaRbVskqd9VFgg/5bcFntfpKUDgwmvs7vfDfdFY0v0S2cAQ5nP9GAkcet4+stCYzOM=,iv:CqMhU52vSdhL9jOnaD3mZ2tmo8c3u4dOvr9qsZY/v0U=,tag:wnmTTnW2iq5dowoTROICcA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file