Feature: Init stack.nix for books, rotate secrets.env
This commit is contained in:
parent
aea2dd0b5d
commit
d1436f8491
GPG Key ID:
6D9A24EF2F389E55
@ -1,6 +0,0 @@
|
|||||||
EBOOKS_LIBRARY=/mnt/nas/books/ebooks
|
|
||||||
AUDIOBOOKS_LIBRARY=/mnt/nas/books/audiobooks
|
|
||||||
DOCKER_DATA=/home/admin/data/books
|
|
||||||
NZB_COMPLETED=/mnt/iscsi/barbarian/torrenting/NZB
|
|
||||||
NZB_INCOMPLETE=/mnt/iscsi/barbarian/torrenting/NZB_incomplete
|
|
||||||
LIBRARY_DIR=/mnt/nas/calibre-web
|
|
||||||
@ -64,10 +64,12 @@ services:
|
|||||||
- seccomp:unconfined
|
- seccomp:unconfined
|
||||||
networks:
|
networks:
|
||||||
- web
|
- web
|
||||||
|
env_file:
|
||||||
|
- path: /run/secrets/books
|
||||||
|
required: true
|
||||||
environment:
|
environment:
|
||||||
CALIBRE_OVERRIDE_DATABASE_PATH: /config/metadata.db
|
CALIBRE_OVERRIDE_DATABASE_PATH: /config/metadata.db
|
||||||
CUSTOM_USER: admin
|
CUSTOM_USER: admin
|
||||||
PASSWORD: ${calibre_PASSWORD}
|
|
||||||
PGID: "1001"
|
PGID: "1001"
|
||||||
PUID: "1001"
|
PUID: "1001"
|
||||||
TZ: America/Los_Angeles
|
TZ: America/Los_Angeles
|
||||||
|
|||||||
@ -1,58 +1,24 @@
|
|||||||
{
|
{
|
||||||
"calibre_PASSWORD": "ENC[AES256_GCM,data:UnbJ8E0RlgSBUzOxb4NvdsgiP/cquhr2,iv:HeR8rZliBQxqs3jNlFAp5ryN7y9ddHYN5WuS/xikixs=,tag:K9cjdJV5sg5rNlZea8UsMQ==,type:str]",
|
"PASSWORD": "ENC[AES256_GCM,data:MfhgVPzU8r9ppnJGYnShFQUoNebFSEs5,iv:gVRLLMxXFiQy87TUk71NzBEO6GFkUXsu3msDtS51WE4=,tag:GUih16U4eoaxhl4y0rasgw==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"shamir_threshold": 2,
|
|
||||||
"key_groups": [
|
|
||||||
{
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTmVyQ2RuOEtOajNVbTVt\nbHEyeTRCMnB5KzN4L21JK0NUeWYvMWMyMXp3ClRFNm5JZDR2Q3JQK2U1aUQxNk8z\nOGg2M0FaUUZlendxRmJxNmY2Y3o3SkEKLS0tIEtDU2xsWTZ6NTFXbCsvZjQvU2V0\nNjlacHRVNW03SnA1Y2FYYk4vUEVuQTQKXoWnbeUyAN7NMWrt5pCywn/Eg6JndGbA\nWh6SGtPqvl5a1TrQTE60byRBstO0LQgUD01lJI/xNxj3jOUbHkwqZZQ=\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU1h0ZkRLUzhCMWplQWVr\nQlNoMHFWdHkzNXJMeWRrRzdlZkhoVEpIWVhnCnVtN3BhYWJrRHBqUmFKSVEyekE2\nY0laQmZFeFY5eHN4QUZCQW1nbXh0U1UKLS0tIHpnaW55Wmt2M200eUVVbVFBYXox\ndmZCOCtER01yalpieWJnS3JzVnZRbGMKvUg2IVsNvoqjsEdjgESwcDvPfnsz5C9o\nU7qxgc2x0qktTn12dQGXTZ0hiqPu7hy0w3mcRNa0M3l3vrVtzi2Nzuo=\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzeGpCWWNYQyswSFRHSllJ\na2h3d1JvS2cxMkQrZHdCcHp2c2U1YW9hcTFvClp2Q09aRmJjaWFCUlZhQjJSd3Y3\nWHNMUUVsRm1YL2t4STlzTHhhVGZzRDgKLS0tIHFET1RpZkU4QWRGNG9qaU8vNXY4\nM0VrTFZGWlZudjRiYzVtdTZkZHhHRFEKETkOEPaFg1ifv/fM/sQ2N/Aj0O2oraDq\nE5dMzKRuzvCh4Y0WzyUhpDLOp7JTulTS4N009BxaeNDhfjQ7FDtMqUc=\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"hc_vault": null,
|
|
||||||
"age": [
|
|
||||||
{
|
|
||||||
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzazNTOU5yYXZ6RXh6NlBj\nK2VQb1V5MmlQcys1ZkVCanhqbDVUaVcySzFVCkhRYnV6Y3hlckc5UmVGVmV3UXBD\nbHZScTd3S3RIbTZ5aWZIamtqaU9Qb1kKLS0tIG14VHNhOFNTcmU5STNQMHpxZzZW\nZk14NW9mTEdRVlZBK1orMW0wRDZsMU0K1uKNXNnx9uiG2dPu3LpUakGNONhSexDb\nQ8I3Y+N0AoZFjm8eg/7Yd/YSLY+YEp8VrKwb8pPGu3sEFPej4ZaD8vs=\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
|
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtN0x3cEZicDgvUmVhWjhR\nd1U4NWtIc1B4SkgydzkwSVpLcm9jMVF6a1FBCjNKeEdMQ25EYmZ1M0VsK2lZNTky\nem05Y0EwT0lwelg5ZGZGa3hvYWdQRzAKLS0tIE5yL1kxeG9iOEJYU0I4cExNd3k3\nRS9Kei91dTUwMkU1RkNQNGQzTFFQaTAKiXohYWN7kImXhj7ZDz2OnQc1MeUxEjbN\n96AWvHFfAibbuSMN4rLvyPI/8qqx8xxMfHcNY98qOLuPIajIeT8BXpY=\n-----END AGE ENCRYPTED FILE-----\n"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
"azure_kv": null,
|
"azure_kv": null,
|
||||||
"hc_vault": null,
|
"hc_vault": null,
|
||||||
"age": null,
|
"age": [
|
||||||
"lastmodified": "2024-08-29T21:23:23Z",
|
{
|
||||||
"mac": "ENC[AES256_GCM,data:s/DN+3Js4z5UAez6ePHa8/mUu3eyRE/plg3hZAIy1yUBJbkGiLvsfIZDEg2AWWAZm8XiWlluhn971Ini3gVZIIRVsmYOznzdsOAOvTjo0nbvJsLj4yRMBlUmGVtQi6YUi28yg42Jf6qr2Kj68x/PqjnjfqOyn5/x3Eu00XQ/aMA=,iv:4eaLrM/TBWI73xl0+vxyRRfJrxNlTprRNDM8/PU0hvk=,tag:Ot94YcHit6xQP0Eg3oLYyQ==,type:str]",
|
"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWndlTG9ENXpFdnZNUzEz\nWW8wRFB4bXZCa1lBeUxkcjhsSHNWVkdhdkVVCmhRZUVrOHFUWTZWRE9KQTZna2tX\na1FIckY1QkZrTzNENW8zcWp1VVo1cHMKLS0tIDVFWEFPQm5XK2N6V0padkZaZEMy\nSU9Bb2FTcFpqbWU3QytTWW5BODBENUUK7m4qSzrrUZvosESiXnO3q3yCVSJZCo4x\nyBUC3YkGzSDiyAQzf5saQ8rqhviPCOxmUjnTjFS5uUf2C+dKey9eXA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUlphQ2lVMjA3ODFQUERU\naGNSSzJ2NnpOS3FTT1dOMFR5bTBNRHdEZlJ3ClpkWUFpNWtFTVVsYkV1QjhTcDla\nRzF0akp1MCtxRGQ4dmxaekN3RTJNVWsKLS0tIExaUGtvZnMrUDc1THhWcU1lU29h\ncVhqN0FlSGt6S3VHWUJ6MFJBaTlvRGMK3TAfwg8upmi2knuLOC5bv/O5qjzsFKvi\nIopHJpAhneW4wOyUukBQroEhrTEQr2wdwMmIH46nU9i0QzsnO1Clzg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2025-02-01T07:31:19Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:NLN01gnYS7zOBWIRbOOTBaRFsPY/FejpEhXU10mbVBnLhLI3AjtYZPXqM16G4VwA/MIcbKSp3/78KjuQODkoGprrD8DNtjCVId3tTb/DvYHLNE7lLevCP3C0FuR024d+02gy7i2Qz2O8YT6yv/UxjbEo6/1YYKjrGKwHaZ2eI4g=,iv:XsfslmnVAUkLiqaEfPs/mNCJRhabhBBPrrUXGQUOVgU=,tag:/jDr1ebE8z5z62hBMFBQrA==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.9.0"
|
"version": "3.9.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
28
homelab/stacks/books/stack.nix
Normal file
28
homelab/stacks/books/stack.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{ sys, ... }: let stack = "books"; in {
|
||||||
|
home-manager.users."${sys.username}".home.file = {
|
||||||
|
"${stack}" = {
|
||||||
|
enable = true;
|
||||||
|
recursive = true;
|
||||||
|
source = ./.;
|
||||||
|
target = "stacks/${stack}/";
|
||||||
|
};
|
||||||
|
"${stack}/.env" = {
|
||||||
|
enable = true;
|
||||||
|
text = ''
|
||||||
|
APPDATA=${sys.dataDirs.appdata}/books
|
||||||
|
EBOOKS_LIBRARY=${sys.dataDirs.library.books}/ebooks
|
||||||
|
AUDIOBOOKS_LIBRARY=${sys.dataDirs.library.books}/audiobooks
|
||||||
|
NZB_COMPLETED=${sys.dataDirs.appdata}/torrenting/NZB
|
||||||
|
NZB_INCOMPLETE=${sys.dataDirs.appdata}/torrenting/NZB_incomplete
|
||||||
|
LIBRARY_DIR=${sys.dataDirs.library.books}/Calibre
|
||||||
|
'';
|
||||||
|
target = "stacks/${stack}/.env";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sops.secrets."${stack}" = {
|
||||||
|
sopsFile = ./secrets.env;
|
||||||
|
key = "";
|
||||||
|
mode = "0440";
|
||||||
|
owner = sys.username;
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user