diff --git a/homelab/stacks/coder/docker-compose.yml b/homelab/stacks/coder/docker-compose.yml index c92cbc54..c52ed685 100644 --- a/homelab/stacks/coder/docker-compose.yml +++ b/homelab/stacks/coder/docker-compose.yml @@ -4,7 +4,8 @@ services: container_name: coder_coder restart: "no" env_file: - - secrets.env + - path: /run/secrets/coder + required: true environment: - CODER_ACCESS_URL="https://coder.jafner.net" - CODER_HTTP_ADDRESS="0.0.0.0:7080" @@ -13,7 +14,7 @@ services: - web - coder volumes: - - ${DOCKER_DATA}/coder:/home/coder/.config + - $APPDATA/coder:/home/coder/.config - /var/run/docker.sock:/var/run/docker.sock:ro labels: - traefik.http.routers.coder.rule=Host(`coder.jafner.net`) @@ -29,7 +30,8 @@ services: image: postgres:16 container_name: coder_postgres env_file: - - secrets.env + - path: /run/secrets/coder + required: true networks: - coder healthcheck: diff --git a/homelab/stacks/coder/secrets.env b/homelab/stacks/coder/secrets.env index 8f590dd2..ffc77e50 100644 --- a/homelab/stacks/coder/secrets.env +++ b/homelab/stacks/coder/secrets.env @@ -1,61 +1,23 @@ { - "PGUSERNAME": "ENC[AES256_GCM,data:teLs8XNHOQ9tDlkVhPxeR0t9Rcvq2g==,iv:gqKQdJ2q9MioaVoEo9dJ+PuONyjA1+t3+yp7UiuaHps=,tag:efrINB7Yint9Ng2gCgB05g==,type:str]", - "PGPASSWORD": "ENC[AES256_GCM,data:VkHt/5CEQTa01ncvArN4D0gG7fpjWA==,iv:gvSivz9WJQA9CUHXEGtqzGddqYz3iqRfQBUkM3udvYM=,tag:Crv2nK0/YJSAm7X8A/xyWw==,type:str]", + "PGUSERNAME": "ENC[AES256_GCM,data:88XjkDLtgZe9czxUNeOA2XCDczywWQ==,iv:GQfm/MUEDacMZrmlCtfubsIkZkXDc1F5KpznGQuBjLg=,tag:o2nNVBwwNr/UGqcuWCAMMw==,type:str]", + "PGPASSWORD": "ENC[AES256_GCM,data:9qCuqkEnRAuE85kdpeJHJIQPImtHCw==,iv:KUGgmKQHWt5eMf1EWkiRDT9jkNGF9ZeabZqvQ+3MlpQ=,tag:91DArPLFPPOJDc7z7wLl1w==,type:str]", "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVWJDN1BEam5yNTJSN3ZO\nTzg5L2xNMDN6d1U4cklyMUtzcFJKR041OVNVCnFLTzN6RkpMWkJQUTdUYmJmckg0\nLzZqTUFJdFdjK3JkOFZ1aUJmamFBNGMKLS0tIHg5YW5WVjBNSGdnQXNIUVpmN3R0\nZFRhZUoxcXpIVlFuclFTQ0cvYmNHY00KhuoxXTREDLx+Tp4sv0cE8N8R63iqKByh\nCRJ1VW1ueVaKxqRvnNqpqI8j0qiDC0RZ8NjoOm7TKiPXHTnDzJX8y+g=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSTllekhyZDMxQWVtL0VN\nQXVST28zK2diOTAvc0RINi96NjhQblo2M0hnCkR0MDA3MFUvbkt6U0pJQkhHQ3Nm\nS0JNTCtNUWdBRDR1MVVOM2lPOFZPd3cKLS0tIFNLNlNRU0JuWDg2ZDlNTzdWOUs4\nVkVDQmV4TGpySStybmNkR1M4RGJwcUkKWA1FKlTYg2GZyJ/WET9RjfGRbn8XX6zh\nA7XLo6uczkM4NdnrI4peM+ObY4ep3HwfVvogWRpcbl7mfPg6bXKbAF4=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcW05SUlYYnVseE1JSXdS\nYUlMYm5WN0puTjFycVNjWS82bGdrYVpKemxnCnAyNG1Vb2t2djlNZWFyMnMyUjh5\nbDVXaVU1NjJzeGk4ZmU1WFd4cXlzcVEKLS0tIFlFb1RyNERFaVplR09SRzEyVFdk\ndGRWQ0R6SzEwVHA5SitUVk9UZVEzdUkKb11m92rd/9yEj6HASJF9hF+v8Kj7mbJd\nEHIvJMnwQUyYITP4ccj+b2JCc7hsIE6W5vsTgYnl+vSfa6PIRW/mJrU=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZFdKYzNNaTVzOUhwY09s\nUWlzcVFUcjRKZjF4ZElxOUdJZHczaFBPMFI4Cld2WGIrS1dDd0d2YnBzQjdwWHZq\nMi85UXhpSVlDTmV5V3ZOdUJWY2ZuSWsKLS0tIDFpVnZCelRIdDlTT09JNkJLU1dQ\ndGRWelBVZEF3MUVXbitQbTA0bVo1TVUK9z7k/N8L+ljYuCPGZivH05vFomPG8rBI\nOvezLeyU9/OrfWhFU6Q/erikSxd4LhEoIleOsV5C7t+cm4DhmMueRkg=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYW1veXFPUkpiQTFCWitD\nL1djdTNVM2FvaHhuVENvVlFFdXRiVW9tSlFnCkJaMjJ0TE1JSktJb2JUZkI5eWdu\ndjhmUjRia05lbkFTSVF5QlZHUkh3c2sKLS0tIGxBQTJBZEM0cXpWWmxuQ2d5NE1N\nbXBHREpkR2xzYktySHJQcnJ6akpsb0kKS1r19AQetaBNddyUXImToWHN5jOgTX4E\nQ3Wga4ICmtn9oAmTtIi3Te5mnXcd8/7f+V5HrGjAptLJJoW+w77ZF/4=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1m0jpnk4t7hph5tdva3y9ap7scl8vfly9ufazr0h3cuwpcytlsulqjrt58y", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldk93enZKbDFVWEdBSkZn\nK0RSOHd4VTAwK3ZYYmpoM2c0eGNERkN5QlhZCkpSVENMbk1kWWtCdHhLYUN1V3hP\nRTVtbGlDaUxrU0lFeU5FdTQ5eTlLRWMKLS0tIEdjRE1aeEVESHRZK3JOZ1F0OU1z\nVDNPdnFzOWl4dTlMOGlBdzlrUjhoU0UK8Nh0/KiEzu7mBe/Lxyhx8fJE9F40b6SV\n5hgp+QoH6HYb3CbGL/Biz7rh22cqaMudjGStDZ2iMen9EIw52zdrdS4=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], "kms": null, "gcp_kms": null, "azure_kv": null, "hc_vault": null, - "age": null, - "lastmodified": "2024-12-31T18:50:24Z", - "mac": "ENC[AES256_GCM,data:0Zspn2fmS1LURX0TJc+t6HwmcabpugYRiTnxfXyFHD/k6R2NBHhY/yADtE01T94JVI0SoWXmmF5MycVkMeP8YhcLYgQBMCoUj+Q8DMB7iPjewTKsTvDDR4wn+fs1+pjDyzv/nG2im/l4dc3KekHoCVKG+4C6gN3kmsjf3PEGsSU=,iv:I6WgovNtkQK93UfyDjH1s+0x8RwBkUVIILf8wTdFPTE=,tag:rd9ejGwxYEUkh1vvYP5xUg==,type:str]", + "age": [ + { + "recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaWVWMm9NQklsMVFjb0Zm\nTnpzeG81R0t0d015R0JodS9xVGlSdGhSa1ZzCjFKR0pMaDJzOWtMK2JVSm5hRzNZ\nbzJ2bHFYcXBZakNRcWFENWJibDlHc0EKLS0tIEZhSXY2ZW8ySkRnQ3Y3TzBzZEtt\ndWtLbklIWExCWVZYcEpwRnVLbHV3ZWMKVbqau8AGcw6NYuL0lOvrXvGrVOLkajqR\nDgceKFkO0hovSzWGNYCadIgtYnRi4hTJzBP98uN1WJ3e/Y9DJFdm1w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMUw5ajN2bFBmSTBHR3pq\na2Zzek1kdkNXODRkbTZ5b2FVZmN3YlBTU2g4Cm5KWE5BQyt2czdkSGs3eE5CdWVS\nSTkzamRnNHpOcW53emZlN2pVMWNTdDQKLS0tIHFJdFl0dmk0TWF1SzkyK0wrRzUw\ncFhMNGplNWlTZlFyNkhwSDl0czVlWUUK+gMy8Qems6finqmDjUd86sCm1Bn/VMoi\nUGHjgn5fCpQ/ATuAtt0fFH9ZLjZFGGg+27YURum9fEm8KM8JlO61Iw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-02-01T06:13:55Z", + "mac": "ENC[AES256_GCM,data:W+OPsII16XKEeAnxwgHpickaCibqqgAiW9e6rDnfrIWScqc2xV6fusEGN0XeqZtN612Gm8WIgad1hdTDmBLIOI4oakp0jz2/Uemk0bKHef/4smOtcmpR7W0aMh/kJl3bQFFIeFPsZOShoOxIw5zAOZ7f8FUWJ8M0NxGs4sNPips=,iv:FJXG9gbPMvsZVVNw1O3DdQwl4N5mn3/yjhVCjgKKp3Y=,tag:sZ/Y1Xp3n2DlkKJsgLrCjA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.9.2" diff --git a/homelab/stacks/coder/stack.nix b/homelab/stacks/coder/stack.nix new file mode 100644 index 00000000..6de69e9e --- /dev/null +++ b/homelab/stacks/coder/stack.nix @@ -0,0 +1,21 @@ +{ sys, ... }: let stack = "coder"; in { + home-manager.users."${sys.username}".home.file = { + "${stack}" = { + enable = true; + recursive = true; + source = ./.; + target = "stacks/${stack}/"; + }; + "${stack}/.env" = { + enable = true; + text = ''APPDATA=${sys.dataDirs.appdata}''; + target = "stacks/${stack}/.env"; + }; + }; + sops.secrets."${stack}" = { + sopsFile = ./secrets.env; + key = ""; + mode = "0440"; + owner = sys.username; + }; +} \ No newline at end of file