feat: add flyio vaultwarden
This commit is contained in:
Truxnell
parent
f036f6b386
commit
eef9985d31
5 changed files with 147 additions and 31 deletions
2
.github/renovate.json5
vendored
2
.github/renovate.json5
vendored
|
|
@ -24,7 +24,7 @@
|
||||||
{
|
{
|
||||||
fileMatch: ["^.*\\.nix$", "^.*\\.toml$"],
|
fileMatch: ["^.*\\.nix$", "^.*\\.toml$"],
|
||||||
matchStrings: [
|
matchStrings: [
|
||||||
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?";',
|
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?"',
|
||||||
],
|
],
|
||||||
datasourceTemplate: "docker",
|
datasourceTemplate: "docker",
|
||||||
}
|
}
|
||||||
|
|
|
||||||
13
flyio/vaultwarden/.envrc
Normal file
13
flyio/vaultwarden/.envrc
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
use_sops() {
|
||||||
|
local path=${1}
|
||||||
|
eval "$(sops -d --output-type dotenv "$path" | direnv dotenv bash /dev/stdin)"
|
||||||
|
watch_file "$path"
|
||||||
|
}
|
||||||
|
|
||||||
|
if has nix; then
|
||||||
|
use flake
|
||||||
|
fi
|
||||||
|
|
||||||
|
if has sops; then
|
||||||
|
use sops ./flyctl-secret.sops.yaml
|
||||||
|
fi
|
||||||
40
flyio/vaultwarden/flake.lock
Normal file
40
flyio/vaultwarden/flake.lock
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1713145326,
|
||||||
|
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
|
||||||
|
"path": "/nix/store/g861759ghxxwvyfdbv17xf3iahgm8rcb-source",
|
||||||
|
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
|
||||||
|
"type": "path"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"systems": "systems"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
||||||
|
|
@ -1,30 +1,26 @@
|
||||||
{
|
{
|
||||||
description = "My nixos homelab";
|
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
# nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
|
systems.url = "github:nix-systems/default";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
self
|
systems,
|
||||||
, nixpkgs
|
nixpkgs,
|
||||||
, sops-nix
|
...
|
||||||
, home-manager
|
} @ inputs: let
|
||||||
, nix-vscode-extensions
|
eachSystem = f:
|
||||||
, ...
|
nixpkgs.lib.genAttrs (import systems) (
|
||||||
} @ inputs:
|
system:
|
||||||
|
f nixpkgs.legacyPackages.${system}
|
||||||
let
|
);
|
||||||
inherit (self) outputs;
|
in {
|
||||||
forAllSystems = nixpkgs.lib.genAttrs [
|
devShells = eachSystem (pkgs: {
|
||||||
"aarch64-linux"
|
default = pkgs.mkShell {
|
||||||
"x86_64-linux"
|
|
||||||
];
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
devShells.default = pkgs.mkShell {
|
|
||||||
packages =[
|
packages =[
|
||||||
pkgs.flyctl
|
pkgs.flyctl
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
|
|
||||||
67
flyio/vaultwarden/flyctl-secret.sops.yaml
Normal file
67
flyio/vaultwarden/flyctl-secret.sops.yaml
Normal file
|
|
@ -0,0 +1,67 @@
|
||||||
|
FLY_ACCESS_TOKEN: ENC[AES256_GCM,data:RPwjhZ7i3zfeXF5W6+6mn6NbTgfLPlsH7YnlHUQVhfRhJPLhGFOj6+8OHZDXRBI=,iv:kJXd5P26orrvqkeQE4X2MClFry/Hg/5pFbjZRNrDZ50=,tag:FJqRG98IcNwFivIMU8u2Ag==,type:str]
|
||||||
|
FLY_APP: ENC[AES256_GCM,data:3N8HH1kQ6ytsRw6Ywh42oC16YylwEcdc,iv:OicMBC0rsEqLJxbxty2IIwdc7V3eJV++EyDQR2BLQ/c=,tag:2psevqccXLpWZN/bSo/9/Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdjhxMGF1MXpZSUt5RVp4
|
||||||
|
NVhzM21iZWtjemVhWVA4Yi90M2RmNHJUeng0CkRTWlBnSlpXQkZ3UWZzdjNnRXVB
|
||||||
|
c3krbzE0WGRXMTFhS1NNeDdPQ0M4REEKLS0tIHlPVDlIcjVhaHRncTRZd1g1ckFs
|
||||||
|
UDY4ZlB5RGthbWNxeTU4a2hqd1owOTAK5HvbMYGC9T9P1FsoK66t/VWtYWSqJ/58
|
||||||
|
+FdDeUyHvZs95HmNr+9pG0qJUzU3Qps5HV73izNFMlBLgxPxz/PBGw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeGJ4dDBMRXdQMWdaeEk5
|
||||||
|
TnI3cDF2TjhFbFl0aTlVTVdjOEVOaFZqVEVZClFRelJTejBhSTB4UTUvMVM1Nk5U
|
||||||
|
Z1FuUllSRytZQkhubG44RTFySTlhaVEKLS0tIE8wTHNoVEs3c1ZGb3g0MWJQVURo
|
||||||
|
THl5TXRsd0N5NmIySUlRZ2dVQjRXc0UK5ijtJhVdKAVvTLJ0M9HAdn1b9PAXmDnP
|
||||||
|
8xxnq+qrbIDXwjxPk+61+prV87zZTm7NKZXSBtsQSFkgZGkc4CXNAg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQVh5TS9NWlpiOFVJZlZ2
|
||||||
|
cWRvZEY0MzdUbDhjV1Rmc3VlSFM1Q2NsbFFFClQxK1o4SW10VUc2VzhaN2RwbVo2
|
||||||
|
SXhXeG5aRGtsV1hEWXlWUVdRUnJZbnMKLS0tIGRFZURYZU9EcG1wWmZwRTNneWU0
|
||||||
|
bGY1UitYSGhpdzBYWUdhQmRkNlA5UkUKKf4v4NN458LVpN8H950cbGnafxbEiWsr
|
||||||
|
X/UDEi4u62Nm+U9bBRDNtpILxTfrMyEvlSbnwMCuF/hiVKnx9tPwpg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqL09PL0F6dmxFVExvNXdm
|
||||||
|
ZU5mU3hXZk9zZkpRNEx3ZHBINXVjYkFoMUE0Ck14Tks1QlBEc1pHS29WTldKSm45
|
||||||
|
NGtjYm9vZkJWUlBDNnFNcTdiY1ZaYUkKLS0tIHZpbUx6MXBUSjY1K2ZHQStNMENY
|
||||||
|
UFc4NG10d2loYmdHeGdVSlk2aUczaFkKNRoVjjkkoPfupq4G+luCIN1yHwXDfTGE
|
||||||
|
mxLcZOV2OWdzNSAQrGLtK4tzsm1hQtrpZVQ1c791u1uZpURg9CTowA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MU1GcEc1aThlL1dqYTJB
|
||||||
|
VHBZY1JBeVpHa2FjaERkaGV2bHp1OUV4UVVFCkg1NmU2aVNLZndzTnhzREZzaHhv
|
||||||
|
ZzEvdy9xamZkK0Vna3M1MW9yQ21oWjQKLS0tICtVMFp2NTF2U0FvV1ZlYmdWc1dD
|
||||||
|
UHRsd25GNHV5dXZCOWU1UEk4RVV4dGsKna6T46OCEKcToaznl4BrgQ1NdoPyUbH2
|
||||||
|
0vdQOc5XeAoCsbLS4Tj/d1OcyG2vF+P5AV9/Is/NUbLytjQl5t1CDg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb05XYlR4YmhxeGNJTkFM
|
||||||
|
L0loaG9TVGJuUHdpMTJpbWJBdVh5M29Pc2lBCmVZWkZIUGMxRmR5cGdDRE9heXpm
|
||||||
|
d1R2Wk5pU3N0MTRHbk9yNDNjSGVEcGcKLS0tIC9mdS9UM2N4VDJOZTBDK0hMOHpY
|
||||||
|
c2FWOXk5c3M5WDJtUHlmV2FKUWRPNHcKIy1xzOTBYNOwHX4/NtRdZaom+SsY5C5G
|
||||||
|
YnqXyenlYxfSrxtKZj9rj2rZGbz2sGeFCGvSrKfyczgjcMcKXidMYA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-23T11:55:35Z"
|
||||||
|
mac: ENC[AES256_GCM,data:9r4ODui1do3mLu2Gk4hLsdjQ/tbTwE1LZcSfsix1V3vAkH2XRr6cS4pBo7fkrCpV7o/l2RLgdVc/FXQnWfrG7w2xGY32yi9Oem27pYZrunA6hBkBN91Xad2q0h35oTqfiNX7Q3THHAspc709F2P4I7f5PBULiWPQUTdu5nunv0c=,iv:3middRo3qKq88bZFM8c03hh/MtCq77NCdnUd5OgorZ0=,tag:19sFH7qI9zYxhoPQztnUWQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
Reference in a new issue