diff --git a/homelab/stacks/manyfold/.env b/homelab/stacks/manyfold/.env deleted file mode 100644 index 832a9133..00000000 --- a/homelab/stacks/manyfold/.env +++ /dev/null @@ -1 +0,0 @@ -STL_DIR="/mnt/nas/3DPrinting/Model Library/VanDAM" \ No newline at end of file diff --git a/homelab/stacks/manyfold/docker-compose.yml b/homelab/stacks/manyfold/docker-compose.yml index 0e55e7df..dbd92041 100644 --- a/homelab/stacks/manyfold/docker-compose.yml +++ b/homelab/stacks/manyfold/docker-compose.yml @@ -11,10 +11,10 @@ services: DATABASE_USER: "manyfold" DATABASE_NAME: "manyfold" env_file: - - path: ./manyfold.secrets + - path: /run/secrets/manyfold/manyfold required: true volumes: - - ${STL_DIR}:/libraries + - $LIBRARY:/libraries networks: - web - manyfold @@ -34,10 +34,10 @@ services: environment: POSTGRES_USER: manyfold env_file: - - path: ./postgres.secrets + - path: /run/secrets/manyfold/postgres required: true volumes: - - postgres_data:/var/lib/postgresql/data + - $APPDATA:/var/lib/postgresql/data redis: image: redis:7 @@ -45,9 +45,6 @@ services: - manyfold container_name: manyfold_redis -volumes: - postgres_data: - networks: web: external: true diff --git a/homelab/stacks/manyfold/manyfold.secrets b/homelab/stacks/manyfold/manyfold.secrets index 5cd76054..dadeae4b 100644 --- a/homelab/stacks/manyfold/manyfold.secrets +++ b/homelab/stacks/manyfold/manyfold.secrets @@ -1,54 +1,21 @@ { "data": "ENC[AES256_GCM,data:/rLRtCdOwj3TWKs/HL3VQiSagekUueSs+A1F9SwrswgOF7bdR8DsrNMCgmb6Insg+djIj7a9D23AuoSsDTroQzgGHdAWEn9l8YKKTr/n909EBhDsszqtM9mK5PxcDnQUJydTZbK6BY4K0hkQiOuBpRcq4WCh+M78xboVYgOPTTmusCAs,iv:kFPdTG+sOuRy4ey7j5w3Fx41ODX6VYSTJCi/5jD0cAs=,tag:3td1E9sMkBjQJ+8sTBo0mg==,type:str]", "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY1BhOTltekVMU2E3Rm8z\ndjNJR3ZXVjdZdi9jVURGNDlUN3Bocm5SMWhRCkVFL1k1TytxL1BuV0x2NmFwdWEr\nSURLNUkzWU9ObzNHMms3eE9iSEtRQncKLS0tIEtBVE52eUc0aTB4OHRNUlpQMTBW\nTHcyZFdmYVErdCtHMnc3S3d4cHVMVW8KKPbqsFNbZrIpQWsHFT+rELNc256XpfI5\nn/YjKoItQisiq9bTV2uakAfOHbEMIJLfaa63skTlAuAE7Y72ulz02bI=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxc29HTk53bGJpOHRXNW1h\ncDhNVU9YL2w4TE14UkxycG5FZWl6Tmk1aFdZClQ5Y0tQUy9YaG9ORHFoVXNxa0dS\nUjRHVUtYYXJzSUtqbFBwZ3dvMjF0Yk0KLS0tIGdtZEY4bkswQnBWRTkxbFJoMEVM\nb28rWnVtT0ErUjhHVG9LVkhoR2hYenMKHvSZjkQSYD1cAcaFJvt5dm1gP5irqmv+\ny/pjWgP0v2TirS03Cao3yMg9apu77ACYMLjsRetqwNuOV7uqZtOs7d4=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQjQ2K3h3YytsQWZkUWww\nSHZwRDYvQ1JFSzd1RFRBeGhoTEZMS2sxcEZnClZ4QnZWNE9Qb3lYMlVkWHlBWk9E\nQVY5ZHM0anpvemhNdVJuUXIwanJaOW8KLS0tIHE0cDRDSTR2c1JXT3FIOXBlMDhR\nWUluUEVYd21uSHUvLzJqQ2d4TnF3TFUK7ATZTe1SnO4gepF+lwQEmFGvoiBUvCM9\nYlR3vtwklFDXr1nk5ldjePRownCpG/Yb/nWRXAOh3rNkrUniEA3VeeA=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaSXU1OU1SR0lmSHlxNGNO\nTWRpRkE2YngzcHlWUlkyaGI2dkhYZzBYekhjCksxd1EzaUJDUC9xMDZkVEI2M3VL\nWWloeHBKeXY2WjZ3d0pjeTVvN25EaFUKLS0tIG9sOGwwVTE5M3hYb2RxTE9iQlYy\ndmdqNytKRURsV2Zod2d5VWh4WlVoRncK0Lf+BCDkDh3W/MSbntWBaayY3271Id7M\ns0es3/cLGoIj25XCsShFNKvCqZdpCnOlcBwSucKbQI04zUnPhy7D6GM=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcDBQQlkvQytSWmd6dmd3\ndzIvZkpmdU5lZS9jN1VXaGg4ZzFMaHkxM0FNCkw4d2IzWWw4U3V3Ty9UNjdQU3Vv\nMEszZTArbTFMQnNEREgxcnZwNGlrQjQKLS0tIFg3aUZqOVM1QndRNXE5dGtENXFu\nSHRVQ0RoTGg2WlRaSDZmQzh4TlIyVDgKp9k8Hakqeulcq1aB0EhRj6g2QO7eIqgu\n2bZ/na1+hTjzE7uXDITS7m7P/XBImXk2wupYNQWjPiqFKP/30F7nNck=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], + "shamir_threshold": 1, "kms": null, "gcp_kms": null, "azure_kv": null, "hc_vault": null, - "age": null, + "age": [ + { + "recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bjk0amlLNlhiNGZUaFA1\nVEc2WUpvWDMzbEhDYVpOYlZ5ZXlKcUR5NmxNCkhxOTRIV1haYk9iajNkeTNmUEJo\nc1pydEZvbHpPcWMwVmppVFpRQWY0WUkKLS0tIFVaWlBhM1lseTA2SGhwR0pWRmRa\ndTNzM3BHMnAzWWIyNkk2bXVIaXJaOFUKoancGO2PhiHdpspCZrUGlQMNlZYSbvky\ni6c53CZHE+xTVocnrYUI6DRrjRhnypEEVjoR5yebuSG9gSU+q9BLgw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMEJxcTNDNEhFbG5hdDZj\nTldMYWdBZFhOaWRjMlFYTFoyOXBtcy9nNEJrClFYN2tsRUJZakRDdWRsNHdZT21U\nd2Y5a0s1NDVhbitxNnNOc1g2TUNoU2MKLS0tIFFvUzdxUVNsZmNpYWlrc1B3NDFz\nSTk4YlpJdTk0c013Y3NSRHRXeUlLRm8KHGCo8i6aKQXO0PzN4kS7G+XsPmnYGggS\nM/x9YhQsCwl3aReX1FSwVnKZBc9+S2LmyXu1ofkVPEgXpz484VF4nQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], "lastmodified": "2024-10-08T18:54:39Z", "mac": "ENC[AES256_GCM,data:9om/bmA4LAovlO5D0Q/TLLSY4IGeUXaBG6EAx7S0NmEOp8ctBXDq4f2DBWJyUVsI443wX1rTLArO1lyG84TgpB0/JXPdwVLa4vsqnJJCvm/rGU7X3rCk32GuktE9MaIkKQQJbQH1dSBLt+swyKTGH8qztolcenngP6pp5nciLec=,iv:bLmB5Q+mVERTR1VLLB1d+gxhSV8QGPpN/MCpwK6rGYA=,tag:sBRJWDo3RrmLotHuuNIZcg==,type:str]", "pgp": null, diff --git a/homelab/stacks/manyfold/postgres.secrets b/homelab/stacks/manyfold/postgres.secrets index 3568a773..07ff231a 100644 --- a/homelab/stacks/manyfold/postgres.secrets +++ b/homelab/stacks/manyfold/postgres.secrets @@ -1,54 +1,21 @@ { "data": "ENC[AES256_GCM,data:YVUtJ7/TMEHZt1a+vruciEfG/veqNGFGBHyKWH7/+xDeHvE8nZ4iF5h9tEGA6XmIVQfHN21K8v4wmhKvxJKfhAc3,iv:pthOj8UfK2mPhiG+VfLaBt36IQAQX516vlSkAu4q6bo=,tag:XBWRS4/71VFLIvhxuFwI8w==,type:str]", "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxcGZLdWhwNzF5YUNKdlVD\nVytzdXlSRmRIYlpROHFZZThMZWhLTktwQnlRClhjdkxYV2hDOTRIcVNXUXphMUtC\nam5XWnIxOFFaSkthM2w5QVZac0RBVXMKLS0tIFdLY3pndmNwTHRxV0VWOEEzVlR2\nL0tUVWZCSUQ3VDJOZWxNMUhSeUNpNkEKkRqifh3mIhUGZ+BT2vZLaefpd7pDH9/p\n9sAcVETkjlDY1wVEOHXJGTeOpy5PbamDvVuHPlIq3lL1qDbtYZTHodQ=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByQ3NwNGpCdlhPSVB3RThM\nSVpDSmtPS2djOUNHVUNQNFBodlVoRmRka0Y0CkRMa0x5eGNiZFVTdStTa3Yzb3Ny\nckVwTTUzNzRkM3N5QmtrZU95RTV2S2MKLS0tIGpTSmJhRnRPNFY2Wmk2cllSd0VO\nU3dsVWRtaDc0N0lDTy95eUFNTlNvbEkKt3Oe8Jm+4NOcvXYT7pbpyVy1gdJQ1WSC\nZdLobZsEJScuTmlRdG6jb37Z5tjq4jBcmnAOg8Z+i2xy8uAODMIzgcw=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHdXlRNzlwSy9XTVFzc3hX\nTmxRZTNETGhqUmJjRTNPUldDa0NSZGNqcWpnClExaFM2czRCa2xNSENMS3kybFp3\nTk9QSE5ISFlqQ1VZRjJJUzI1cXFjaHcKLS0tIDRFNXNKbktwSFFRQXRoT3dJdzE2\nMnBJbkhpMUJzZnZjUDByelRLb0xvNUEKwPSHI4jY2Cw2tsvdY30TJgYkJb8KNREy\nc+XjlKez3vuuuCmeUNeCBTcBOw+qJjB/BkraXR3f/C6AJ1hZrg1g1Zk=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVGhKbkV3ZUdGWU1vb1A5\nem9nNzcxaTdlY3lVV3ROcHJIWFhvdDVXNlJnCksrODNQc0g3ZzR6VlR4ekFvTWxl\na01ka25HU2YvYWhYTVc0NmtjTHBpc28KLS0tIG4yYkhIRmRNcG1EWGxnRC9OclNT\nOW1CQnZXZFBkNjg4TDloWDNQQ3ZkMTQKgbFSxtERB1vBfObKIIj/EWOK9RYa2/Y8\nrbpkxqEtFmtSPJ7wMM/IxpLsYSuLm9ZnlpjQlWvnpO1aJ201qgnY8BM=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ3ZvbGpxd3p2U21LNkps\ncVNvdnc5MUp6Nk5Ed0crb3lTSVIzOWJ6SlJnCk90TE5FZU54T3BwUmlaRE5KUDVT\nbkt2U1ZUOEdqNjVPOHo0ZmlOTzhpYUkKLS0tIGxOYVVIc1djZVIwSXlYV09IVkh4\nbllqZkJTTFI0ZDM3Y3pObTd4a2VPbTAKQHhjG5bRazEilzGkHLwNio8hkvZNqgvI\nxGH7HPh2KKe/3UkiTNA2jdEmdCSC5DA+R01nDgBNX8shNz7NPUY2uew=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], + "shamir_threshold": 1, "kms": null, "gcp_kms": null, "azure_kv": null, "hc_vault": null, - "age": null, + "age": [ + { + "recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWT21IdHNWS3hvbmVBY0h0\nL05UdHZWQ1FIcWx3enRJTHFpYThPVEJ4cUNRCkJ1eDlVZEx2SHNYc25hK29vTG1I\namYvYWQrbkNoSDg3RTlqaUNBTjkvaHMKLS0tICtaSlJXdUxnS0tBbmcrQmhIYWVC\nRHRkam9DS3VKQjYzYkdGYkowUHFybXMKP0PcRfOM1wwPKHpVqLIVROTfiytmnJa5\nlsBWe6loQJyjf/DDu/F44TdcJitjcVdEWuyPdXlwaUFvSA5ge+bYlw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYN3o4MTdOc3ZrUXpoS1ln\ncHlaeU1kRnVSY256UktwVlVRM3NQRnRtNURNCkN1Rk43VDdFbTZmZGZkMzhudVA2\nMkVnNitha0xMR2FISTN5cm5FY1BlRGMKLS0tIElDMFBDZjQvVXVVRTcwMGNJaGZj\ndzgzWjNxY1hkQW1PcWNnUTZsTGZXajQKg9fCh3KgPQbPZoCpUxRw7TpvsqD9vRIo\n4fBobk0Xb2t08YLnZtLJf4LZBuwnvnJX3CFi5ciPr2bbOU/2TXpPww==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], "lastmodified": "2024-10-08T18:54:39Z", "mac": "ENC[AES256_GCM,data:szIgJj+CaEms9yg6PV7FffMyVRb1X3WsPcXTCzPlflNp05tlqY64gCuCwNiIIu8BxZgNi2LDTrIuvwwunKxFxW5xONdz4Ji7r1swmhY4c0BJggQXAMmLDg7t+p0n4rXAxGPrNHTiBWkha+IxI9faydHUpiZ0dMEvIRdJRmUqnN8=,iv:I6wMEPRLl3S3J349R63hWCCLgZRp83mU80zJNdsvD14=,tag:FntjWMXkNWy9JT0KiIXMlw==,type:str]", "pgp": null, diff --git a/homelab/stacks/manyfold/stack.nix b/homelab/stacks/manyfold/stack.nix new file mode 100644 index 00000000..1770e7ee --- /dev/null +++ b/homelab/stacks/manyfold/stack.nix @@ -0,0 +1,30 @@ +{ sys, ... }: let stack = "manyfold"; in { + home-manager.users."${sys.username}".home.file = { + "${stack}" = { + enable = true; + recursive = true; + source = ./.; + target = "stacks/${stack}/"; + }; + "${stack}/.env" = { + enable = true; + text = '' + APPDATA=${sys.dataDirs.appdata}/${stack} + LIBRARY=${sys.dataDirs.library.digitalModels}/Model Library/VanDAM + ''; + target = "stacks/${stack}/.env"; + }; + }; + sops.secrets."${stack}/manyfold" = { + sopsFile = ./manyfold.secrets; + key = ""; + mode = "0440"; + owner = sys.username; + }; + sops.secrets."${stack}/postgres" = { + sopsFile = ./postgres.secrets; + key = ""; + mode = "0440"; + owner = sys.username; + }; +} \ No newline at end of file