diff --git a/.sops.yaml b/.sops.yaml index 03c5be9..bfc4fd6 100755 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,5 +3,5 @@ keys: creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - - *oqyude \ No newline at end of file + - age: + - *oqyude diff --git a/devices/mini-pc.nix b/devices/mini-pc.nix index 6c4960f..6986d18 100755 --- a/devices/mini-pc.nix +++ b/devices/mini-pc.nix @@ -24,6 +24,11 @@ let self.homeConfigurations.root.nixosModule ]; + sops = { + defaultSopsFile = ./secrets/example.yaml; + age.keyFile = "/var/lib/sops-nix/key.txt"; + }; + fileSystems = { "${inputs.zeroq.dirs.therima-drive}" = { device = "/dev/disk/by-uuid/C0A2DDEFA2DDEA44"; diff --git a/devices/server.nix b/devices/server.nix index 87ee0bb..3877da6 100755 --- a/devices/server.nix +++ b/devices/server.nix @@ -8,7 +8,6 @@ let ... }: let - last-stable = import inputs.nixpkgs-last-unstable { system = "x86_64-linux"; }; in { @@ -26,6 +25,11 @@ let self.homeConfigurations.server.nixosModule # home-manager configuration module ]; + sops = { + defaultSopsFile = ./secrets/example.yaml; + age.keyFile = "/var/lib/sops-nix/key.txt"; + }; + boot = { kernelPackages = pkgs.linuxPackages_xanmod_stable; hardwareScan = true; diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix index 1512184..7dfafa1 100755 --- a/modules/server/nextcloud.nix +++ b/modules/server/nextcloud.nix @@ -6,6 +6,10 @@ ... }: { + environment.etc."/sops-secrets/nextcloud/admin-pass" = { + text = sops.secrets.services.nextcloud.admin-pass; + mode = "0640"; # Права доступа к файлу (опционально) + }; services = { # nextcloud-whiteboard-server = { # enable = true; @@ -26,7 +30,7 @@ #dbhost = "/run/postgresql"; dbname = "nextcloud"; adminuser = "oqyude"; - adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt"; + adminpassFile = "/etc/sops-nix/nextcloud/admin-pass"; # "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt"; }; settings = { appstoreEnable = false; diff --git a/secrets/example.yaml b/secrets/example.yaml new file mode 100644 index 0000000..afe94e6 --- /dev/null +++ b/secrets/example.yaml @@ -0,0 +1,18 @@ +services: + nextcloud: + admin-pass: ENC[AES256_GCM,data:24E1tKwHxY94Cf+edRbvhL5J9G4=,iv:EbzcCdHnBvdW5CEapb/yGBE6lIi80BEp8HB2tMCM9oU=,tag:L5WthzTT5vNZim6n3DNOnQ==,type:str] +sops: + age: + - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0gvNnVtdUZjdWtZZ0Nq + M3lsbUEzQnl1NGNWQjJxaVlhU3VFRzEzdFdrCnpTSks3V3lxck12MnR4anlUOWpu + eGpFWVJ2WHhqQXlKNEZvU1RqS2VGUlUKLS0tIEZaTktZZWpPbmdaSDg2cGk5b2FS + MVpCNWpoUG9TdHBLUk9YZW05WXlCWm8K0he5wgWY21Csk1LlVbEVIe5x2hmYjUAb + 5JpaydRfVjGZ9JBkn3GTEPhZwnK6tkZ9S7LWHL3/di3w0Js2DJ2OvQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-26T18:22:44Z" + mac: ENC[AES256_GCM,data:j8X6Q0SrCGRHZkNqZpEB5AMbjK1FLFH7/6/teYcQ+qwRNyeUkN4KZmQk2Xb/wZe9oFYpBqIKE+RxSf6E26WFVpLlUV9yEB4RnEapGRIXQz23hqRyiLvLtXcc0APJhF87tQw6VCghXv0j4x7c7EuOQm+wkfgI4p0OXwmTTazNero=,iv:inWHL4wEO4UXHDWkiFaTdzf8Uky2P2fJYaRXUURBrAA=,tag:3qgo38OYqE/d8OpzxUM2ww==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2