Replace agenix with sops-nix
This commit is contained in:
parent
bb1f091fbb
commit
726beabb9c
33 changed files with 296 additions and 332 deletions
|
|
@ -2,7 +2,7 @@
|
|||
kubernetes.resources =
|
||||
let
|
||||
atticSettings = {
|
||||
database.url = "ref+sops://secrets/sops.yaml#attic/databaseURL";
|
||||
database.url = "ref+sops://secrets/kubernetes.yaml#attic/databaseURL";
|
||||
|
||||
storage = {
|
||||
type = "local";
|
||||
|
|
@ -38,13 +38,13 @@
|
|||
in
|
||||
{
|
||||
configMaps = {
|
||||
attic-env.data.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = "ref+sops://secrets/sops.yaml#attic/jwtToken";
|
||||
attic-env.data.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = "ref+sops://secrets/kubernetes.yaml#attic/jwtToken";
|
||||
attic-config.data.config = builtins.readFile generatedConfig;
|
||||
|
||||
attic-db-env.data = {
|
||||
POSTGRES_DB = "attic";
|
||||
POSTGRES_USER = "attic";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/attic/databasePassword";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/attic/databasePassword";
|
||||
PGDATA = "/pgdata/data";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
kubernetes.resources = {
|
||||
secrets.atuin.stringData = {
|
||||
databasePassword = "ref+sops://secrets/sops.yaml#/atuin/databasePassword";
|
||||
databaseURL = "ref+sops://secrets/sops.yaml#/atuin/databaseURL";
|
||||
databasePassword = "ref+sops://secrets/kubernetes.yaml#/atuin/databasePassword";
|
||||
databaseURL = "ref+sops://secrets/kubernetes.yaml#/atuin/databaseURL";
|
||||
};
|
||||
|
||||
deployments.atuin = {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
SSH_PORT = 56287;
|
||||
SSH_LISTEN_PORT = 22;
|
||||
LFS_START_SERVER = true;
|
||||
LFS_JWT_SECRET = "ref+sops://secrets/sops.yaml#/forgejo/lfsJwtSecret";
|
||||
LFS_JWT_SECRET = "ref+sops://secrets/kubernetes.yaml#/forgejo/lfsJwtSecret";
|
||||
OFFLINE_MODE = false;
|
||||
};
|
||||
|
||||
|
|
@ -77,7 +77,7 @@
|
|||
SECRET_KEY = "";
|
||||
REVERSE_PROXY_LIMIT = 1;
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = "*";
|
||||
INTERNAL_TOKEN = "ref+sops://secrets/sops.yaml#/forgejo/internalToken";
|
||||
INTERNAL_TOKEN = "ref+sops://secrets/kubernetes.yaml#/forgejo/internalToken";
|
||||
PASSWORD_HASH_ALGO = "pbkdf2";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
PUBLISHED_PORT = "443";
|
||||
};
|
||||
|
||||
secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/sops.yaml#/freshrss/password";
|
||||
secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
|
||||
|
||||
deployments.freshrss = {
|
||||
metadata.labels.app = "freshrss";
|
||||
|
|
|
|||
|
|
@ -18,14 +18,14 @@
|
|||
hedgedoc-db-env.data = {
|
||||
POSTGRES_DB = "hedgedoc";
|
||||
POSTGRES_USER = "hedgedoc";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/hedgedoc/databasePassword";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/hedgedoc/databasePassword";
|
||||
PGDATA = "/pgdata/data";
|
||||
};
|
||||
};
|
||||
|
||||
secrets.hedgedoc.stringData = {
|
||||
databaseURL = "ref+sops://secrets/sops.yaml#/hedgedoc/databaseURL";
|
||||
sessionSecret = "ref+sops://secrets/sops.yaml#/hedgedoc/sessionSecret";
|
||||
databaseURL = "ref+sops://secrets/kubernetes.yaml#/hedgedoc/databaseURL";
|
||||
sessionSecret = "ref+sops://secrets/kubernetes.yaml#/hedgedoc/sessionSecret";
|
||||
};
|
||||
|
||||
deployments = {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
kubernetes.resources = {
|
||||
secrets.kitchenowl.stringData.jwtSecretKey = "ref+sops://secrets/sops.yaml#/kitchenowl/jwtSecretKey";
|
||||
secrets.kitchenowl.stringData.jwtSecretKey = "ref+sops://secrets/kubernetes.yaml#/kitchenowl/jwtSecretKey";
|
||||
|
||||
deployments.kitchenowl = {
|
||||
metadata.labels.app = "kitchenowl";
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@
|
|||
nextcloud-db-env.data = {
|
||||
POSTGRES_DB = "nextcloud";
|
||||
POSTGRES_USER = "nextcloud";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
|
||||
PGDATA = "/pgdata/data";
|
||||
};
|
||||
};
|
||||
|
||||
secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";
|
||||
secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/kubernetes.yaml#/nextcloud/databasePassword";
|
||||
|
||||
deployments = {
|
||||
nextcloud = {
|
||||
|
|
|
|||
|
|
@ -20,14 +20,14 @@
|
|||
paperless-db-env.data = {
|
||||
POSTGRES_DB = "paperless";
|
||||
POSTGRES_USER = "paperless";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/paperless/databasePassword";
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
|
||||
PGDATA = "/pgdata/data";
|
||||
};
|
||||
};
|
||||
|
||||
secrets.paperless.stringData = {
|
||||
databasePassword = "ref+sops://secrets/sops.yaml#/paperless/databasePassword";
|
||||
secretKey = "ref+sops://secrets/sops.yaml#/paperless/secretKey";
|
||||
databasePassword = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword";
|
||||
secretKey = "ref+sops://secrets/kubernetes.yaml#/paperless/secretKey";
|
||||
};
|
||||
|
||||
deployments = {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
PIHOLE_DNS_ = "192.168.30.1";
|
||||
};
|
||||
|
||||
secrets.pihole.stringData.webPassword = "ref+sops://secrets/sops.yaml#/pihole/password";
|
||||
secrets.pihole.stringData.webPassword = "ref+sops://secrets/kubernetes.yaml#/pihole/password";
|
||||
|
||||
deployments.pihole = {
|
||||
metadata.labels.app = "pihole";
|
||||
|
|
|
|||
Reference in a new issue