feat: add flyio vaultwarden
This commit is contained in:
parent
f036f6b386
commit
eef9985d31
5 changed files with 147 additions and 31 deletions
2
.github/renovate.json5
vendored
2
.github/renovate.json5
vendored
|
@ -24,7 +24,7 @@
|
|||
{
|
||||
fileMatch: ["^.*\\.nix$", "^.*\\.toml$"],
|
||||
matchStrings: [
|
||||
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?";',
|
||||
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?"',
|
||||
],
|
||||
datasourceTemplate: "docker",
|
||||
}
|
||||
|
|
13
flyio/vaultwarden/.envrc
Normal file
13
flyio/vaultwarden/.envrc
Normal file
|
@ -0,0 +1,13 @@
|
|||
use_sops() {
|
||||
local path=${1}
|
||||
eval "$(sops -d --output-type dotenv "$path" | direnv dotenv bash /dev/stdin)"
|
||||
watch_file "$path"
|
||||
}
|
||||
|
||||
if has nix; then
|
||||
use flake
|
||||
fi
|
||||
|
||||
if has sops; then
|
||||
use sops ./flyctl-secret.sops.yaml
|
||||
fi
|
40
flyio/vaultwarden/flake.lock
Normal file
40
flyio/vaultwarden/flake.lock
Normal file
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1713145326,
|
||||
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
|
||||
"path": "/nix/store/g861759ghxxwvyfdbv17xf3iahgm8rcb-source",
|
||||
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs",
|
||||
"systems": "systems"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
|
@ -1,30 +1,26 @@
|
|||
{
|
||||
description = "My nixos homelab";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||
# nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
systems.url = "github:nix-systems/default";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self
|
||||
, nixpkgs
|
||||
, sops-nix
|
||||
, home-manager
|
||||
, nix-vscode-extensions
|
||||
, ...
|
||||
} @ inputs:
|
||||
|
||||
let
|
||||
inherit (self) outputs;
|
||||
forAllSystems = nixpkgs.lib.genAttrs [
|
||||
"aarch64-linux"
|
||||
"x86_64-linux"
|
||||
];
|
||||
|
||||
in
|
||||
{
|
||||
devShells.default = pkgs.mkShell {
|
||||
systems,
|
||||
nixpkgs,
|
||||
...
|
||||
} @ inputs: let
|
||||
eachSystem = f:
|
||||
nixpkgs.lib.genAttrs (import systems) (
|
||||
system:
|
||||
f nixpkgs.legacyPackages.${system}
|
||||
);
|
||||
in {
|
||||
devShells = eachSystem (pkgs: {
|
||||
default = pkgs.mkShell {
|
||||
packages =[
|
||||
pkgs.flyctl
|
||||
];
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
||||
|
|
67
flyio/vaultwarden/flyctl-secret.sops.yaml
Normal file
67
flyio/vaultwarden/flyctl-secret.sops.yaml
Normal file
|
@ -0,0 +1,67 @@
|
|||
FLY_ACCESS_TOKEN: ENC[AES256_GCM,data:RPwjhZ7i3zfeXF5W6+6mn6NbTgfLPlsH7YnlHUQVhfRhJPLhGFOj6+8OHZDXRBI=,iv:kJXd5P26orrvqkeQE4X2MClFry/Hg/5pFbjZRNrDZ50=,tag:FJqRG98IcNwFivIMU8u2Ag==,type:str]
|
||||
FLY_APP: ENC[AES256_GCM,data:3N8HH1kQ6ytsRw6Ywh42oC16YylwEcdc,iv:OicMBC0rsEqLJxbxty2IIwdc7V3eJV++EyDQR2BLQ/c=,tag:2psevqccXLpWZN/bSo/9/Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdjhxMGF1MXpZSUt5RVp4
|
||||
NVhzM21iZWtjemVhWVA4Yi90M2RmNHJUeng0CkRTWlBnSlpXQkZ3UWZzdjNnRXVB
|
||||
c3krbzE0WGRXMTFhS1NNeDdPQ0M4REEKLS0tIHlPVDlIcjVhaHRncTRZd1g1ckFs
|
||||
UDY4ZlB5RGthbWNxeTU4a2hqd1owOTAK5HvbMYGC9T9P1FsoK66t/VWtYWSqJ/58
|
||||
+FdDeUyHvZs95HmNr+9pG0qJUzU3Qps5HV73izNFMlBLgxPxz/PBGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeGJ4dDBMRXdQMWdaeEk5
|
||||
TnI3cDF2TjhFbFl0aTlVTVdjOEVOaFZqVEVZClFRelJTejBhSTB4UTUvMVM1Nk5U
|
||||
Z1FuUllSRytZQkhubG44RTFySTlhaVEKLS0tIE8wTHNoVEs3c1ZGb3g0MWJQVURo
|
||||
THl5TXRsd0N5NmIySUlRZ2dVQjRXc0UK5ijtJhVdKAVvTLJ0M9HAdn1b9PAXmDnP
|
||||
8xxnq+qrbIDXwjxPk+61+prV87zZTm7NKZXSBtsQSFkgZGkc4CXNAg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQVh5TS9NWlpiOFVJZlZ2
|
||||
cWRvZEY0MzdUbDhjV1Rmc3VlSFM1Q2NsbFFFClQxK1o4SW10VUc2VzhaN2RwbVo2
|
||||
SXhXeG5aRGtsV1hEWXlWUVdRUnJZbnMKLS0tIGRFZURYZU9EcG1wWmZwRTNneWU0
|
||||
bGY1UitYSGhpdzBYWUdhQmRkNlA5UkUKKf4v4NN458LVpN8H950cbGnafxbEiWsr
|
||||
X/UDEi4u62Nm+U9bBRDNtpILxTfrMyEvlSbnwMCuF/hiVKnx9tPwpg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqL09PL0F6dmxFVExvNXdm
|
||||
ZU5mU3hXZk9zZkpRNEx3ZHBINXVjYkFoMUE0Ck14Tks1QlBEc1pHS29WTldKSm45
|
||||
NGtjYm9vZkJWUlBDNnFNcTdiY1ZaYUkKLS0tIHZpbUx6MXBUSjY1K2ZHQStNMENY
|
||||
UFc4NG10d2loYmdHeGdVSlk2aUczaFkKNRoVjjkkoPfupq4G+luCIN1yHwXDfTGE
|
||||
mxLcZOV2OWdzNSAQrGLtK4tzsm1hQtrpZVQ1c791u1uZpURg9CTowA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MU1GcEc1aThlL1dqYTJB
|
||||
VHBZY1JBeVpHa2FjaERkaGV2bHp1OUV4UVVFCkg1NmU2aVNLZndzTnhzREZzaHhv
|
||||
ZzEvdy9xamZkK0Vna3M1MW9yQ21oWjQKLS0tICtVMFp2NTF2U0FvV1ZlYmdWc1dD
|
||||
UHRsd25GNHV5dXZCOWU1UEk4RVV4dGsKna6T46OCEKcToaznl4BrgQ1NdoPyUbH2
|
||||
0vdQOc5XeAoCsbLS4Tj/d1OcyG2vF+P5AV9/Is/NUbLytjQl5t1CDg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb05XYlR4YmhxeGNJTkFM
|
||||
L0loaG9TVGJuUHdpMTJpbWJBdVh5M29Pc2lBCmVZWkZIUGMxRmR5cGdDRE9heXpm
|
||||
d1R2Wk5pU3N0MTRHbk9yNDNjSGVEcGcKLS0tIC9mdS9UM2N4VDJOZTBDK0hMOHpY
|
||||
c2FWOXk5c3M5WDJtUHlmV2FKUWRPNHcKIy1xzOTBYNOwHX4/NtRdZaom+SsY5C5G
|
||||
YnqXyenlYxfSrxtKZj9rj2rZGbz2sGeFCGvSrKfyczgjcMcKXidMYA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-23T11:55:35Z"
|
||||
mac: ENC[AES256_GCM,data:9r4ODui1do3mLu2Gk4hLsdjQ/tbTwE1LZcSfsix1V3vAkH2XRr6cS4pBo7fkrCpV7o/l2RLgdVc/FXQnWfrG7w2xGY32yi9Oem27pYZrunA6hBkBN91Xad2q0h35oTqfiNX7Q3THHAspc709F2P4I7f5PBULiWPQUTdu5nunv0c=,iv:3middRo3qKq88bZFM8c03hh/MtCq77NCdnUd5OgorZ0=,tag:19sFH7qI9zYxhoPQztnUWQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Reference in a new issue