From 7af53a711803d24cbfa2e3a5a7ab82f03a42b14a Mon Sep 17 00:00:00 2001 From: prescientmoon Date: Mon, 10 Feb 2025 23:54:03 +0100 Subject: [PATCH] Add api token to glass server --- hosts/nixos/lapetus/secrets.yaml | 5 +++-- hosts/nixos/lapetus/services/glass-server/default.nix | 9 ++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index b7461a1..3437071 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -11,6 +11,7 @@ vpn_env: ENC[AES256_GCM,data:+61Ft1xj1WnaGH6SdUj3sQunDeTWTQ/G2GVQr1KxXVmLehAdO3W guacamole_users: ENC[AES256_GCM,data:0oJdvTX/9SXV5fBdY0qr9BmSO1HMXX/7+R/f7UxeC/eQcFC9uptkdmLUYfghPvNFlmDNE8yllDylqqTk76qdFFYez78IhBmwj3MbY3C5C81PLI8yNroU0odaW1vgBvg9f8TdoQikMunnl8usNk71t8zxtZAtEbs3nogAbxFMouVy75TSnV+fx+Tb+SdSOQef3XgGrCK8BxaGnR+5LitXiFAIQwwiLV8NIf8alhklHrs3anQ1my83mSfeDYbyNd+ycTtlDa/9HVSGd/UErFP+guM4PNSuzVpNc91/3nm2gFYshMbVb36Z3zmG08fr1o3aoIs0X82XQLQuPmTDaH13RRNlTKPzoUjmXcBziryqqd3OBFRMM9BKlj7An1gZCbTzp2oNYjW2ReNQl6PyDhTZChf+Fgzx3wVXFYcGTueYQ3a1cuBWNvLrzNDFwTiYDfIP6scbEL2A07O2lhQArAGRFlvifNnhEayvzFR3Pzj10UoRhhyMSIWu2CThVKWVfRKCdvwLpTMCY4Yfn89krQu3UBYN2tFpJ9xiqRBmGCyjLNU2X6a5YxCMJkd56ptvnoc+TBF63c9W3sK91R4uLH673xf+LW+izLNFU4eQ66jtMGVx0MkX9uPAbP5+Pp+/J/OiQgsm6dL8r75lEGhKP0sMABc5I5oUNnAy6y52NY5BLOnJp5M/ulGvC4+cSdyaO0Ey2Zj+iPotxmyS60iY+mn0TMT5RnGF/Dx7q5YKzZKV2Gd5Trdum+pFta1k/ljwdLE0EwYZ0Y5bKVjV/tHYabZctrmrqmjmBHjraeYww6yqJka7HeyceBqFCt/fSAIi5WyhPlqYG4QSxM41fR50C6Y4BWeFlVmISoqx2fyq4HOZKbmG9qxvt/AofFi/X+YoBJ5w78MpOVBWRG/bRjqN2AfBFZIEpkUFXT3P1KHIqKXk6ueaMl50ftCZt0wZ770V6TNsssChsA==,iv:L5jR23mTV5oMNGM4s41Qe0fubj2PNZpjhNpNJakgUvM=,tag:IBELh0mxyHdGlAtRuQo9Uw==,type:str] glass_server_admin_password: ENC[AES256_GCM,data:i6nLp5Jo4LmdsBQilSh9,iv:E3ukSNRlZWe+bmSANRXP0m1GBfA8GKhWAzEdT8Kyncw=,tag:M0gD9kv2P9Kv+PjwX8WuGQ==,type:str] glass_server_secret_key: ENC[AES256_GCM,data:lfrUSUfNk9yuX++2UxDZddP5iyk+zYdA2lbTNwOvrZRRQLVHky0HE8G/D3g=,iv:E6ET35pG/4Xo83sOo9Ukb4b+zvussaDsq2Nr5vyDFRI=,tag:1CamjtZNnlMjqdO75TKTBg==,type:str] +glass_server_admin_token: ENC[AES256_GCM,data:VkJtLAGcK3j5jAOJKKVk3fe3xNQ5RmljQP/XCCmej3VNU+w1byT2TQOeAQ==,iv:EJOpNit3ykEWvyZpJZC//2zad5dRYy3paN+gKggLVOY=,tag:LPWE0DMCc33KnMhNnZBHZQ==,type:str] sops: kms: [] gcp_kms: [] @@ -53,8 +54,8 @@ sops: RkpibTJpVzVtR0txL1dHbmFkdlkvUk0KDgqO8c7CggeXhEMzx/tcLqtMG6MmuOi/ UmG9eSUO9im0Q7q7FG4Z+/lZ7+Iu15Dj8qA2/5MtDYPW+vxN3gzZrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-07T14:19:08Z" - mac: ENC[AES256_GCM,data:Wb0+mRwt/FAihMIf2+pU+mYDAfk38VU6oPk9nXTZRbD2bQnry9Qqbqqmz3I/HUm99C0pPrqD0KbEsj/D7x0QD+mE7nbfQCtKXqHNZNRnv9CSXTWo63ZL2jzg2QRknANRMNXb7mZCnnRCzB/KWgTxQN7jqR2K/QxXV/2zJXOdbzo=,iv:Gj6Q/h+xy7vwFqPb/yqUI6ZTLhwl0KqCdVu9Ega85L4=,tag:Mv6MGHr0xsSmGbjKQXodOA==,type:str] + lastmodified: "2025-02-10T22:53:44Z" + mac: ENC[AES256_GCM,data:79jqTQZ8WuoVTcFpf5y8j4HH+s5SKh5iZfFjdEu0XxwQO5Ted+XxYaLWnvrIJDt/8Ldiriep2sNoHZELhsG5R+KNAxaaJ3HMbUOnFg1/PsaD7ILaYa62Ol44QW+T3544fZFZej2Wm2+h+GmyNlcf4HdgPRzC4CA6NTJVCZlwaws=,iv:IOE84up63PThX7w01Ko6XBeFCK76kH5V1efZP7iRMgc=,tag:lTvYzeyxMAkU+/GWpj2DnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/hosts/nixos/lapetus/services/glass-server/default.nix b/hosts/nixos/lapetus/services/glass-server/default.nix index dce4b4b..241d853 100644 --- a/hosts/nixos/lapetus/services/glass-server/default.nix +++ b/hosts/nixos/lapetus/services/glass-server/default.nix @@ -15,13 +15,20 @@ sopsFile = ../../secrets.yaml; }; + sops.secrets.glass_server_admin_token = { + owner = config.services.glass-server.user; + group = config.services.glass-server.user; + sopsFile = ../../secrets.yaml; + }; + sops.templates.glass-server-config = { owner = config.services.glass-server.user; group = config.services.glass-server.user; content = '' { "SECRET_KEY": "${config.sops.placeholder.glass_server_secret_key}", - "PASSWORD": "${config.sops.placeholder.glass_server_admin_password}" + "PASSWORD": "${config.sops.placeholder.glass_server_admin_password}", + "API_TOKEN": ${config.sops.placeholder.glass_server_admin_token} } ''; };