From c9db8b1b8abc821bb80fc5964dcec3e6befea85a Mon Sep 17 00:00:00 2001 From: notohh Date: Sun, 14 May 2023 05:56:42 -0400 Subject: [PATCH] fix: foundry sops --- .sops.yaml | 9 ++++++++- modules/services/foundryvtt.nix | 10 +++++----- secrets/secrets.yaml | 8 ++++---- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c35109d..75392ac 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,12 @@ keys: - - ¬oh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn + - &users + - ¬oh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn + - &hosts + - &tsuki age19l9yutk47w8hdqyzy8p3ygxv7ql6dk42rswshxe7kj0kd28wxsyqxtscl7 + - &hime age1cmsu3ggxndzqdxvnc84g6f6skjgrt64kvjpj9qag5qxa2k9mf95svqp4aj + - &sutakku age1hd6upymmne2wf7ws8unrl2fnrwgq46u373tyjq643lgftjwpf45qm30l5s + - &sakura age1vzjyhapn9mqs6x0xwf2xfqaxtlts2dkxt3uudmv7p5868f4jcgrqgqdts + creation_rules: - path_regex: secrets/[^/]+\.yaml$ key_groups: diff --git a/modules/services/foundryvtt.nix b/modules/services/foundryvtt.nix index a319e05..550f447 100644 --- a/modules/services/foundryvtt.nix +++ b/modules/services/foundryvtt.nix @@ -1,13 +1,13 @@ -{inputs, ...}: { +{config, ...}: { virtualisation.oci-containers.containers.foundryvtt = { image = "felddy/foundryvtt:release"; ports = ["30000:30000"]; volumes = [ "/home/notoh/docker/foundryvtt:/data" ]; - environment = { - FOUNDRY_USERNAME = inputs.sops.secrets.foundry-username; - FOUNDRY_PASSWORD = inputs.sops.secrets.foundry-password; - }; + environmentFiles = [ + /run/secrets/foundry-username + /run/secrets/foundry-password + ]; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 9878019..d7f393a 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,5 +1,5 @@ -foundry-username: ENC[AES256_GCM,data:WgcWG577,iv:62k3mxXNAwvfugCE8uWfMIkG0TEmnW8YYMPF5Q5Q00g=,tag:hv2rqcwha12eZX2WmnKmMQ==,type:str] -foundry-password: ENC[AES256_GCM,data:xb2UNAhXvj0ayVsf3sTYTqH0n2FnEPQSqoli1zHVEIQ=,iv:B8Kh228CDIyggNweljqqU/CXfTpjQpxcz4J4MnKcgb4=,tag:KnsvAjvL4WGKEQKqlhYiZA==,type:str] +foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo74gqbYYJTy/edn1bOsEKjHyvmXPwp6D/t6vxE=,tag:G5Xt+dVT51pU6kYdDra0Rw==,type:str] +foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +15,8 @@ sops: YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-14T05:40:38Z" - mac: ENC[AES256_GCM,data:Yz8y7vgXcU3SWyQANTM835Od+za7QraqdEjkqVCVuySmACdt93HlT1YdRRnXFennvXnNIsr/J7td+X3tmIwJnOXxbLhSdtluLl0KC8rYjaLN9ijThbA0p6umY+0WMUqRNfugzFzM/3J2L6GbMhczS8+cZ94JsOGu+RNZlydAuVw=,iv:Aw3n05FbB9pV6SztHI6H7vGjbpUQrr4WG6HqjNDMCr8=,tag:mrr6QzeR9yHM9S2Ut7gzbg==,type:str] + lastmodified: "2023-05-14T09:51:37Z" + mac: ENC[AES256_GCM,data:h8TIVjEx2ufM6IUeeUiP0I7t2N52r9rwDikTvBeCkL0Da5oGTKtSHrdHjQ4eLhfbmIaQTLyNKkJDlAobvXi+0l+vZK6yPgS4WMyM+oT7AvDxpAKcm6IEkVVQdS4FfGjrlHUELhzNCKm/iceKkCgmMU3ttMBkmNCMqt9jY+yMdy4=,iv:+89CAvUg5I383mVyA7aBKqTG6GZr+H9s8tkrwOw2XsE=,tag:g92PMOt8o6wjE2Zx0hrsUg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3