Skip to content

Commit

Permalink
update sops
Browse files Browse the repository at this point in the history
  • Loading branch information
@isabelroses
isabelroses committed Oct 14, 2023
2 parents 7b59e17 + ff3afc6 commit 99b6dc4
Show file tree
Hide file tree
Showing 7 changed files with 63 additions and 60 deletions.
3 changes: 3 additions & 0 deletions .editorconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,8 @@ end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset

[secrets.yaml]
indent_size = unset

[*.lock]
indent_size = unset
70 changes: 35 additions & 35 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@

# More up to date auto-cpufreq
auto-cpufreq = {
url = "github:adnanhodzic/auto-cpufreq";
url = "github:isabelroses/auto-cpufreq";
inputs.nixpkgs.follows = "nixpkgs";
};

Expand Down
2 changes: 1 addition & 1 deletion flake/programs/pre-commit.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
check.enable = true;

settings = {
excludes = ["flake.lock"];
excludes = ["flake.lock" "secrets.yaml"];

hooks = {
alejandra.enable = true;
Expand Down
2 changes: 1 addition & 1 deletion modules/common/secrets/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ in {
mailserver-database.path = mailserverPath + "/database";

mailserver-grafana.path = mailserverPath + "/grafana";
mailserver-grafana-nohash = {
mailserver-grafana-nohash = mkIf services.monitoring.grafana.enable {
path = mailserverPath + "/grafana-nohash";
owner = "grafana";
group = "grafana";
Expand Down
40 changes: 20 additions & 20 deletions modules/common/secrets/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ vaultwarden-env: ENC[AES256_GCM,data:RZltkcbeTObbSVPIx4x2yP/e6o/WvAuChfmLki8gkX0
miniflux-env: ENC[AES256_GCM,data:v7miyr71dg2fcMHKtmBlnlFQXafkfXLQBPOGfIA2EYs8Ew3VzhFMDfPe+zZ6upVACIZlXNcd,iv:s2SQno1o0ZyV/aZlUsXDwlOHckvTmdq41VXHzdAPaQ8=,tag:/0vFN4sR5gebiHYjPd/QXw==,type:str]
wakapi: ENC[AES256_GCM,data:UvEIqRA=,iv:HAlUVfWN/Ge6yVPJAD8hPGO9RqHOpZXUJrfoMpw1SXk=,tag:7iiqY4c23BPXK1/YQOF+dg==,type:str]
matrix: ENC[AES256_GCM,data:LEUjNHM6aANmKERyoNupklMev2ulWJ259wSmqBaaX3dyNZJ7DrddATPEd6MpM6t2b0l7mm3XQdu2f2ar3VGUqjxi7hpTMv/TtbvVG5BIlCK8w6g06sYSI0nt7BXd,iv:PBwnavu02rk10eJQA6hCpoOzG6mzrrPHvTCOQYpFFaM=,tag:LtxowRBRB9OFBhTuv+zMiA==,type:str]
mongodb-passwd: ENC[AES256_GCM,data:DRekPgzwmERBvA==,iv:bnC5IGKFnTYFofYDqPn73InWxP2vWeO1SFeXB8ba/BU=,tag:IQGL1p70tq0u92uWay12/g==,type:str]
mongodb-passwd: ENC[AES256_GCM,data:kfQ+T/g75y1T,iv:tQz573dac3xKIHFpsjHZK0SJUanidXYTxXIKhOUf8Oo=,tag:v1YoQFk0zI3PigK1TkZv1w==,type:str]
git-credentials: ENC[AES256_GCM,data:MEqWBzmGoAi1H88oXQ17Az7J4FLfS9sXryCCFjh6btOZHdURZ4M5gGf2xErjiWdlwTGa95EsS0Ez2WY3sZR8iMxlws04MWc=,iv:hjgqCiiGFBY2ypX6ZZO5t5HWlCvPvFzZzzxIGBQwMr0=,tag:hSra3Wasnod0OQRqTbHJ6A==,type:str]
gh-key: ENC[AES256_GCM,data:MZdpFYTLeYOifCe2dpyON62PjWad0mdgZLAwFYCW2tp7tv+l2s+qUgKnvQdyrAWeI4PdGTlcPWyYhoY3a4R6OV9kYX6HYy2RbNRwHFKJiDlQB22ZA69E41ur9GjLjSMzSvKb8I8OGacihAEx5JeDjGxZHjeBypWIgdunolvY6SfDs85kEG+bMlPkuA3kgWKGb5DN9QNVl6cJTLjg9DJW71f+C5tKZKlgVJCeaXDXfVXlmHdliNoZ1YwR4xheAXPTqT1c4F57AaJ7ZrH6lanzb40bwTK4FsTvBLdWOazxt68AoYCNJYExZz//z2ZKAyHQdUtpilM8xMuYj6sFN4+hMIX13ZQQ/BpGcUAPChKi13i728WhU54UzK8IkiBTAnix1luvuD4fCPaHU/sn5AkCHkt+rGTX53ZzzMUzXsyYuLFYPpPOFenBB4ft6BBYCNEePeUjlreInkG4IX8myBFbFy6ciXHkwtqXXNq+Wh3MbIs40tA45k2nFqZeoyC1br+vhz8LRejdTN7PCz3pIgCGC8h0ZNwumf7gTQhcO36gq2NsDS8=,iv:648FzsZqu6SJAzG4kdITPovXHnDukKMJyuZL03xoET4=,tag:apqEhJlLUrC2E/bJL97mNg==,type:str]
gh-key-pub: ENC[AES256_GCM,data:MJy8bIwRp1F6mPT/WhMTN89t63SlMn8dfp3NhLVcwHwPtPc0Og2LnWlCR3XanL0x5Bxn6QBedOM+V9cwzXJNHBsA93ZGeJkQSgqtq/Avsv+9CWPVV5U3bPMOj22lbsPhdfwKNraeug==,iv:SyJTUHwE6mxXADCXGBD4e6ag9Mdnl7mkac2TdU1Kkfw=,tag:CSKUFOJsKG/tMhizHRjYww==,type:str]
Expand All @@ -26,22 +26,22 @@ nixos-key: ENC[AES256_GCM,data:A8+3orqtWwyRrWsU/NmaXdPLh4C+Fj5x2rl9XY1pbzX3wnSHF
nixos-key-pub: ENC[AES256_GCM,data:jcjYHWVtspuLtY6na/pKq7OjwYnHtIr/IvihLUNefDOOVAl+nUlB7sCnB1t1Uer0OubGDZrMemJcmS0Os2LuX0vbkN6IjHKmBxBJo+f53Cd4faIyKSkck73ZGq3JbOk/PomEytOv8AClZHUuNGPHYUnayZnBjej/ef6NsQIaWyHXcMRiUSJ/E246m15gn+EMHhF9U8rH9/OnwNrxvy7oEnD3RzfnjS+eHuTV1z/gL/MY8Xc21KtGs5EBwLA4x5ssW5u4rUK4zQ0WfM9gw2jQ4RBimXtAwjs7IyjT8fylkzunAfvDaq57aTR63booRbSMfNJC1gIbXswZJ2IqXv+shsEThbBsU/q2vmfcmy7MUu99h8naCx41UPwyqHryb4gxEwksOyczjAelk0Q6l7XYY5+mRtR6qvsaCplYeeFJrFjC/10UJ/t1QznlqdCXWevl502psP2WbjPOqthqDALJk6RFUsDEZUHQj/r6m5yCEf7C7phmQnKUxuhg0txxQydex3ffsrueikNtJ+/Lp2L7HS//BxtdNP9E/czFma+ODtRWwOCD+LG4wRRuiGoMvHX5FhLXBkE90ygBGh599w4IJ5qHVlHmZB9I1tDcgbrV+vNef+a143XBxZFCMBzFlhEtm31KozbvsEitVYi1a/t/RbDulMQTvYhukulGGEBFc0Sd1p+RDOLxKQIaxzxXdLZ6eEZNhR3o9OjP1/aF/CSD2qP918eUjrlNHta5Gy+0/A==,iv:8SEpjM5d1jf0gNrOh58dqgVPqkKeK3jYdf8Bcj4iw/4=,tag:KM72ii3BtPxKgNxSt0d95A==,type:str]
amity-key: ENC[AES256_GCM,data:YOqI+DT9EXkQuLaepKXXG44CG95KZ/mUdmmwaizjpw3kFzZkCDbm+Wuau4gCM7Y/BX0J46ZHxU85jo7Sh0kOi84ZmxlU/fCc62P7woxhTbWRUmBsmjH+PeZ4XORXPKQxVkLNl+vdLZxI9nag2+xE00CC9FeOFUJB7qlOyG1Tjn7xr8XpPgvrYfy5qdhl2X2sZfnBCvDTJsfL5c5nceriJsFDgH7AHsvk0k7XvY9TlH/FFTrTZ9MWUeHP9K/0wHC7glvl86RX8ME87CmDRMOfXY/mua3e/5cEqfzHwxU1pt4npEu7m+5whlNCzeLZ7GgA3Mr03soKky0YBctdrP/dOvvbMD9M9nEgFBOSfodkwyYJsUFT8TvTFl4BqPm+IfmQkJV4sP9BqMQT3I5fKSqqUnkh4q2H1Xfk0YlKZhtQRz/a8tUR/I6t6z7c79KzeDKVBT1DgAyEXdAhyFjoOvQcJuOHHQkYvu/SYxdwPgCiItwio77izljy9yOn9Da2v5L88i/TmIkz3N7Ddh4SVSkmWXHxO6V4yN8Yvrd6pyeN3V+gLy1M95/isj8mjB9g4qaVOLhtYRjqEs66/Zu9OB9rhY+9uwCi2OOGKrb4ifnur25bNQPQEsd6o9oISIsqAxhuApcVyyR/mBMsZm0hl2QGo3Rn4kkpFRfqf9PwFSVltvdW5GrMUwc0OVau8ZMHxfypck7/Ti6FeLR2Y+LS6g3LnWsanpgy9V6xIAOqs6zh+n3zNp8yIH9QvEr/aICHeo9QZ0l9OcGIgWJmsBb0FCacSPIuS3jp5MTB6x7z4NEddmQNIB7GHydI7Ai5GhfePKAzwicX4ZkxTnjPX888gILv/YikrNhSJs8s6nhbKZ6HtlxI/rm0E6knKbNzP+WNdeJW+xgLJS55hXFhaOFDlSPalZ3KDYVDLOKjEliJffIGxpBZvbhZhdw80Y2Va3I6fuBchP1LT3LBlbgV7pJ8fhgvsidJYTieR9ciPSTO5bvXIRShP71txiJxDfI23NVXsKbAIMJWa0990co3HW3RsphRp02CU3XvWrq268CgfeC7QHvLV4GoVqX3uyOMPxEFtWBzC4I+TtgQc5MiA7Ox6U3ujVYs+F6iMopcmXGdzku56EbFu+RJsKcfnRaCqv/WR3JU9JRD9Uvux6iyhthIusaUu0t6LQ47eVSjcfC3p16bGLqjGxotvI2KWrKfqRjRTTpXDWIiLCf4J34vOyrLPZM5JeWzaZH7Muyo/3EJMBT7AKtREpZ/MggyRX6XLTrXNbx/u3ciidqLcKk8kRGiP2SB3c/FWlPUUDIHowZ/hMIXYBxZFIbfYmBBRKmRtWqqDdlPEAv/dy+T/HEocKbOGXUIF7XeujOVQePhXpd4Lo7trpEHh52MWselL0+3O2kFXMQBtwZl9pypZWlbimx04TCfl78Pi1kv0mMQ1CvsQscB/8OMGVv451z9/8ZOWt+kOdRM/nCbIR3UuufJ+0uao+iSqLDNlHhROoUrABbViffVHjhOaWAk+ITgzrVnVugqpV1K40M0uRoDwUe+9a/pdXe2QbbS4f86052dmwQioMuvkV00A09YbwWa4twKTifODMDwiD/AFNlgCSNyF4W47vhwNJ8HdgTsM0K1LRovi5ouSuanDtQ+KL5Ww1r+0blq9GybP9eIgvrSi7Y084Z8w5DQfCCsFS9gcqaA1Wx6/0XLzVmMAeEtY/LfkvKW+udX/yyCBXBwm/6rl8GAYpmJFGn2gVg0K/bKm1bgLXBtxg9Vc1dQb+m+7M+RAPb51msKSl7C7V5hPCQwBUyx6RNe7MbfQXURkTG8CsAW8hRprpLyYFohVyeEznfrjnIGyJ7rLbVSlprygr8jbCURyu4Qduq95PkXrWiUTqEpDZEhiF9IYxaLAPqckeSlRjw2clB8de0Ic4+8ptrlRA/qsJoJ52IGDMRiyuOQCNybrTr0ZXfezESfF8B+USSlXZFGCZeQb4qF1gHJByllEEtnFNds97gR2JdR5uewKQO/UOuKc8HjbQbGgFTToFtoA0OPM/BlJ2QXJkAsfl9tg8drjPuruOkNxtZqYOyG+KyzUOifx+3g8clUmf8B4RI+idWfGiLOYplMxnlnulQb9DIj0e3BHyRneMa3SdqyYqYB2yhHltppKn+nrsXtQ8H1CGuC6bYnmYtMbjpvaKkaNJZrnEQA8JkoK3gZV3vN/ArVN5+20mPGnnTc9YjmgF8xI/KSR/Q5OXVtBVRM4UbsKuPeypjQZzAFnwbOF9IK1O+BTIoM1+S3ocztLnXQ2AGN6RyG9+dI93svGTMbUb82+YzhZryRTkLwpR4OeGD6+ERk7yzM/DhX/mOytledOJ1FjAuWrNpc9hgyEHjPQxPwyPp5D1Jvnnl4HJNBuNKe786qwyP4IQf6FoT+K308CBTzi2doRsezxoZ6qjukAxi8HeekXe4GSo77GEk1GLr7Txjq7+5EI5jX6ctIBFj8sK8OLPQaq3miqkljaTlLC7ZQgljbuuVujNCG09W+FiekIhHfoBMgHJJeu4+llwNcxLxfE2qxt2AQScRvJV66HJbbW1Ar9h8jJq9jhO8y8h+ObWRRrfiKZ+TczvzpgGmSQGqXJLqc7zuNIisMyhFOZ3g+whreZNbytU7nTYh3A2/dZAtCa0WSzPQX6omnz2+KulfrteqRGG8+kjTFi217zqDFMUiMQbHnPt4fPKr36ut5XSLOy8NX4pjJhwy5y+rvWTKt+t2g5r4OvdJlLeXDZRl2+5hDz72ZtP4m+NfLaG5wrenm5upEK2xSxiLjGoFNa3Jm8jtu24KOLogYBnkZRZedQSNr9ZMs/hAiDnLLeJ+7SsgSkyhwO5O+Lzll1VbMMFuyyssZwRanmJnxt7epW8UY8b2PgjYuiyILWp9cjN85OmgGPHDU7kwWs5Sj0Z0NFevUjbe4k+1Hob12iP2yrFCc9DX4ff6YhEvHNww+6RmjV8MYpvDMb24zMXeyu2QYgT9izJ9M4byq/fZyq4GSZDiY2OtprudLbaQUCBAKD43gMG+1gSrS7n4oc/+CqNjNlxicgFoa0HoMdJg4s6OYOPl1QQZJ2+0fxTFIVFgznT7fu96CSwD/Oq/d3e/EgMah9yZKlUTKe8XNLDDFFEaX2DF9vhCsWeJ+QK/TD9jFAO3q8vY0XO3UE191lawBV4vvbwkpeawJjq0Kdsb5rvcxhHEzlVKheKN2WkH8RExhOhEDBLkbAruNZbYWm71qsEEvN1YNenXzr7LHBKETwQnavag7yChcGNNUE+kuwCaYbv8LwB04RBTuyC+dVqOiF8nX5U7VNpI3CCzj0Ny08jwRxnzT0OM7gv/csxCJ9rBd40m/EtW47Nt6GzKLHCXRfFOgQm3R39inSqz/K/fXiNQqkuQwcN9iMATnQXzTbCllOoUPyzvcz+T4eEXF23mFFO+ridibha2HdsgylPnAqXTweAjm0Tg/WQ==,iv:s7/Q+eQJpRnKLFKweNfI4NXM3TWm97KPDHIFu8cAwqM=,tag:HXJDO/YmKtZiUKhI0VSEuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1882yv8el2gg07yfzsd0ul46qpvarn39g45za8uxx03v2ww56vdyqa37qcp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dGdqY2x6UkM0QjZHT1BL
dmtEL2pGODNyeVNLTlpNQ0N2aUxWMUhnRUFNClZYSytiQjBhRkZsVWhRMnVyS2pr
SktHU0xoSHJuWmNyTWpBRXRDaFZKdXMKLS0tIFcwNFl0SG9maWZGMk43eE5EcXdF
cDRpZkkxZWhiVmN1Y1FSRm5seVpmbnMKl7CHdNdXOr67tCjYp+jhUSYImndyvhQP
heUpcdBCJADlE9oG6lDr4ngwdHFqVrN757uMqZWEbT80hzZUXVRArw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-14T00:58:48Z"
mac: ENC[AES256_GCM,data:qn/1ZxpYzBKwJhTGW3Q7XXaphcndXfScVJXelWk4hoLhd21cIxUsGOVvnVuH6ngLme+BkQgVGJQq8bHELaZ6qol0UcwG6rGzMcWBPZLLVPEcMamcaSguaWlUgU1zd513aEmMlMAuBQ+K2vJvYyANopRczQbuvF222eZegQisCLA=,iv:7qEp9XN/apsWSJPM8LZ8MaB7uW1sp9wb8ewsrEHm0V8=,tag:dheMJ/de5Tw3tNyZKiL5+Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1882yv8el2gg07yfzsd0ul46qpvarn39g45za8uxx03v2ww56vdyqa37qcp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dGdqY2x6UkM0QjZHT1BL
dmtEL2pGODNyeVNLTlpNQ0N2aUxWMUhnRUFNClZYSytiQjBhRkZsVWhRMnVyS2pr
SktHU0xoSHJuWmNyTWpBRXRDaFZKdXMKLS0tIFcwNFl0SG9maWZGMk43eE5EcXdF
cDRpZkkxZWhiVmN1Y1FSRm5seVpmbnMKl7CHdNdXOr67tCjYp+jhUSYImndyvhQP
heUpcdBCJADlE9oG6lDr4ngwdHFqVrN757uMqZWEbT80hzZUXVRArw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T17:48:02Z"
mac: ENC[AES256_GCM,data:rMMz8wkOIruPq1MtFI4uCEtBHg3ffFN7FbOVRDRpaaHI1mAbAjv22SSqRoh6tsHPk7wRFo1kUri86SxfUNyrxjFHjDgnlzHOKXIta5z105Ln8fZmq94S4rOioFgpnvIstk5HZc0PfGMBzsREXYsrWR5eHcMzEAbmekKGdJTOu1E=,iv:qCBWaWVaj+Iiq3tO0D25XJhfiyKBbZj5DhxvtNTK0zI=,tag:gTXrmaZ0ClB/HYH28F0JbQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0
4 changes: 2 additions & 2 deletions modules/options/services/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

# ifOneEnabled takes a parent option and 3 child options and checks if at least one of them is enabled
# => ifOneEnabled config.modules.services "service1" "service2" "service3"
ifOneEnabled = cfg: a: b: c: cfg.a || cfg.b || cfg.c;
# ifOneEnabled = cfg: a: b: c: cfg.a || cfg.b || cfg.c;

# mkEnableOption is the same as mkEnableOption but with the default value being equal to cfg.monitoring.enable
mkEnableOption' = desc: mkEnableOption "${desc}" // {default = cfg.monitoring.enable;};
Expand All @@ -37,7 +37,7 @@ in {

# monitoring tools
monitoring = {
enable = mkEnableOption "system monitoring services" // {default = ifOneEnabled cfg "grafana" "prometheus" "loki";};
enable = mkEnableOption "system monitoring services"; # // {default = ifOneEnabled cfg "grafana" "prometheus" "loki";};
prometheus.enable = mkEnableOption' "Prometheus monitoring service";
grafana.enable = mkEnableOption' "Grafana monitoring service";
loki.enable = mkEnableOption' "Loki monitoring service";
Expand Down

0 comments on commit 99b6dc4

Please sign in to comment.