From eb91399a384930e333eba22a6c8ac5866de367b4 Mon Sep 17 00:00:00 2001 From: Ittihadyya Date: Thu, 21 Nov 2024 22:33:21 +0200 Subject: [PATCH] initial murmur stuff, still have to configure it properly and set up the reverse proxy --- secrets.yaml | 7 +++++-- services/murmur/murmur.mod.nix | 15 +++++++++++++++ sops.mod.nix | 10 ++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 services/murmur/murmur.mod.nix diff --git a/secrets.yaml b/secrets.yaml index 5418c27..24a475e 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -18,6 +18,9 @@ couchdb_admin_account: ENC[AES256_GCM,data:iyl1SLoPlpZYUw==,iv:TaA+KmlGeexpEW0H/ gts_db_pass: ENC[AES256_GCM,data:oEdBEFomImyOFiCLGYL3upJZ4yxAm/iACAZlr9AU0Wp9a60=,iv:VzcE8SM8rjkfdTddJVIohW5JLcJPxF2OSfM3T5KZiWQ=,tag:FKMaW+gB3Q4N72rE4kCmkw==,type:str] forgejo_db_pass: ENC[AES256_GCM,data:/whBxapqWGNMynXCXVxrQv/XS6ivdTUE6YkuKZ2Rk9kIojKQQcg6t52OgC8lgA3TUlGgeUnn,iv:KAIB0z+QvWpErdWYNJllV1Pv3A5MDwZpYP/9ofZkSBI=,tag:BLAtl9XdHf2Aa1KFVRnLGg==,type:str] postgresdb_admin_password: ENC[AES256_GCM,data:DopfWHTOAwihPa9+197pX3TE03dqWST/7+o=,iv:O9dzjYs9A1vBSp17Kyiz41KllUvpUORCmag0AYe8MNA=,tag:FS0v5us/ANMXweXrSIH2xQ==,type:str] +murmur_registry_pass: ENC[AES256_GCM,data:aX7aLS6hk3iFQ3o=,iv:SEbyujyXEh0Wk6yTRelqlel8t9YMpz/GwWNJCGlS4vM=,tag:3GoXgczJyqxvk5KgiZNHIw==,type:str] +murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8U+TXO3baH+fTexMZBfVqLvRkxQUp6P4tuTUiDaHORO1ezzF52Wfk9NjqMZyYowA62WRmqOoMh0cCUJKetMqly4/eS3/7kYoS9HJ0CP8ANpebUj0CiVBT0H4vNyg0pews3514dciVPN1++93II8IzSx+wXnivns/32ki0YmZrjhTREA==,iv:7scQhjy2uc0FL/26k3FbarA9Nm8GtQCqD7kod4lOlwM=,tag:wSm+6aodL+FD3L4C2+nzgg==,type:str] +murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +36,8 @@ sops: NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/ vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-03T14:04:07Z" - mac: ENC[AES256_GCM,data:Ux+VhisWUcu9zouDmRi/w8kQQggsIx9PLbFd4FcfNXoYO14QonFd/9FmU7dndzjUYaE5EGHW2rf9uB6zPzAky9F86Nb++iE9yHUWH0VbrWP2hJ5EbjOV/JQcjkC0284T877CVHBN7/FLUiTnIqy2LfPcWER1s3sWo0pm5ia5x0I=,iv:DHhPsc4Ok+hHyNyo9ht1kaw38IzQ4bBjk7cyQFfYngU=,tag:rvJLx3+bd3ystaHd7FGhoA==,type:str] + lastmodified: "2024-11-21T20:30:46Z" + mac: ENC[AES256_GCM,data:GA4QmHuYVFYVFX4dTJSXKTgWnkyQuBWOKpCBjWXC+aZ+d/ADzpL6g7mXY3dNz/3xBLirJctDLx0mfCPQ4It73r9CT+wI4gtRtpDXQNyBFHyj0sLrWa200tteoAlwKEY4jbrbvAM+9Vtb7czud4UgcDJhB0mTJ0QmL9HuhsNC6BM=,iv:tWpP0Wd+KlZxVN1WSA1fasJKdEsJ9+yCHX+SEwNOV4c=,tag:JW4Egs8f0fc5CSizYizbMA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/services/murmur/murmur.mod.nix b/services/murmur/murmur.mod.nix new file mode 100644 index 0000000..b707572 --- /dev/null +++ b/services/murmur/murmur.mod.nix @@ -0,0 +1,15 @@ +{ + glucose.modules = [ + ({pkgs, config, lib, ...}: { + services.murmur = { + enable = true; + + environmentFile = "${config.sops.templates."murmur.env.secrets.yaml".path}"; + + welcometext = "$MURMUR_WELCOME_MESSAGE"; + registerPassword = "$MURMUR_REGISTRY_PASSWORD"; + password = "$MURMUR_LOGIN_PASSWORD"; + }; + }) + ]; +} \ No newline at end of file diff --git a/sops.mod.nix b/sops.mod.nix index 658f756..20bc8d3 100644 --- a/sops.mod.nix +++ b/sops.mod.nix @@ -48,6 +48,16 @@ ''; } ) + ({config, ...}:{ + sops.secrets.murmur_registry_pass = { }; + sops.secrets.murmur_login_password = { }; + sops.secrets.murmur_welcome_message = { }; + sops.templates."murmur.env.secrets.yaml".content = '' + MURMUR_REGISTRY_PASSWORD="${config.sops.placeholder."murmur_registry_pass"}" + MURMUR_LOGIN_PASSWORD="${config.sops.placeholder."murmur_login_pass"}" + MURMUR_WELCOME_MESSAGE="${config.sops.placeholder."murmur_welcome_message"}" + ''; + }) ]; fructose.modules = [ (