From 9bf9ab65603aaf2e6eec512c9a541e9899f19f15 Mon Sep 17 00:00:00 2001 From: korenstin Date: Tue, 4 Jun 2024 20:37:38 +0200 Subject: [PATCH] config onlyoffice --- .sops.yaml | 11 +++++ hosts/vm/chene/default.nix | 1 + modules/services/onlyoffice.nix | 12 +++++ secrets/chene.yaml | 81 +++++++++++++++++++++++++++++++++ 4 files changed, 105 insertions(+) create mode 100644 modules/services/onlyoffice.nix create mode 100644 secrets/chene.yaml diff --git a/.sops.yaml b/.sops.yaml index f7a1860..eac8359 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,7 @@ keys: # Nounou keys. - &_aeltheos 0xDF6D6CE9E95E26E8 - &_pigeonmoelleux 0xFA47BDA260489ADA + - &_korenstin 0xA534E46682DD8C35377352C88DD28608BE411065 creation_rules: # Secrets that are shared accross all hosts. @@ -28,3 +29,13 @@ creation_rules: - pgp: - *_aeltheos - *_pigeonmoelleux + + # Secrets for chene. + - path_regex: secrets/chene.yaml + key_groups: + - pgp: + - *_aeltheos + - *_pigeonmoelleux + - *_korenstin + age : + - *chene diff --git a/hosts/vm/chene/default.nix b/hosts/vm/chene/default.nix index 1877168..0a92bfd 100644 --- a/hosts/vm/chene/default.nix +++ b/hosts/vm/chene/default.nix @@ -6,6 +6,7 @@ ./networking.nix ../../../modules + ../../../modules/services/onlyoffice.nix ]; networking.hostName = "chene"; diff --git a/modules/services/onlyoffice.nix b/modules/services/onlyoffice.nix new file mode 100644 index 0000000..1f34604 --- /dev/null +++ b/modules/services/onlyoffice.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + services.onlyoffice = { + enable = true; + hostname = "onlyoffice.crans.org"; + postgresHost = "tealc.adm.crans.org"; + postgresName = "onlyoffice"; + postgresUser = "onlyoffice"; + postgresPasswordFile = sops.secrets.onlyoffice-sliding-sync-pass-file.path; + }; +} diff --git a/secrets/chene.yaml b/secrets/chene.yaml new file mode 100644 index 0000000..73e8976 --- /dev/null +++ b/secrets/chene.yaml @@ -0,0 +1,81 @@ +onlyoffice-sliding-sync-pass-file: ENC[AES256_GCM,data:3m/OrDKvFDVeJjBag3jAIn4plGf5zrD9XQ==,iv:2cupGLGuNYN7WgYiQz8hADPrdyUgOeO3Vnw1bXh+22U=,tag:bacRGACFnbmHpWJQsYPBIw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVlFralVZZVBVejc4NzhB + Szc1SDJWZmQrdGYzbktpRzh4bG82RWh3Y0ZVClhaWHdlcEtiWkV4RmJBNXd3cDBz + YlArU1VOS2ppV3NVbFBDOTdTWjVxQmMKLS0tIDdOdU43NXJRZGs4U3NxbFF4a0RE + MXFoQXhZN3NkSHJNZUluRnVLZmFFRkEK019fLNm4xuH1Y1XLsfpvjC7uS7mE6ZEc + EJ/0Ml2xaQ/pRg9tN9AbGUZi0dx6jQmKqCTlglZM/ZDcg87oDAFzJA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-03T21:34:58Z" + mac: ENC[AES256_GCM,data:wqm8TcapmQKin4tzAuUzxM0cmS7AxH41tFZrBDNO5ArEhhlcYRD8wVPDeO0HeH8g5cA0Tx2flAPQ10eH1WF9wtZ0X6z+wzDkzcCUVvtw+eCxKIOo4/hkBBM9hr81GGTdsqdem++qUuOCUG0ztnPKsyONMUFBmQkfNTtw1+JY7Qo=,iv:mjuU02qFTgSbiJgWdPE3khpYxF/k2EBJZfmhz+HDY0U=,tag:GakVe+hHzOdXVGDamhQ6qg==,type:str] + pgp: + - created_at: "2024-06-03T21:32:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwEdD9k5IbiyARAAqGXoRluDnOZXgkA/TWWvxHI84NAKgnXd45qk26/GtouV + ihODq+ggXJbI4hj//0GwFq2oVt1cFB+7Rzbnah/F37jzLgApbDbtHBX2J3wkyTwW + 1lKjXGv6CjzzddOEXAUznM+WoHkczBZ+2EN60B5jTd09vzj7pih3E7lZmr4/nuiW + c86F34bdkLBv0XVDoAfmjHJpg565hCY7mesD8JcMO7nhy0LojgsgbRNvuCLGi/qX + cNxgS9/lp2bSfFK0SoRzoYpJwAzPpx/hSqX9IfBihxmChoHLozyOy4bkxNM5DF02 + CYuysUjOYmsuXV5DBa4/VEhZ4izkeoXgrJxpdCGJbPSxDsdcroLlYLaP34M5GYqN + HKmciIlRA5M7Sz3TewmCwHN6oDoiEIIYfj8Hdkmx7sF6yGs95HnTNZ7X0VemrT+G + oQ49gQfketU1ufXcLzXukjlkC+TAm2G9Pu8oTrr6hA2p6JvEc9UUbbpwJtTf1msj + wkckOFdYJzFZwH1oUP8N3WIIX1b1iYGNGuJhYT4hYM6JoaxQOBOoXvI8qIuISWZv + 3wSaRme5dMBQL38SkhzyJIOhLSCtit5z33EXuNDQsN3PTgGczmQuqTpuS3wLuqNg + gYDYTledqZAKBHaByGtsWLYdN6hJOc4QNqq7N205xyCCRCF1jfzczJytKu4IVHbS + XgG2pidGNW/g88VOFE+arlxeub1of5uPln7g2Q0cV91Xu1CW7Jp++qSfpEKZbxZR + vKQ7A6ko2URhcLmIGhyYW6Mw5Frmx4Fc9ipJsOejE/HoHsYiMvgUgsjzMUQc7l8= + =HBu2 + -----END PGP MESSAGE----- + fp: "0xDF6D6CE9E95E26E8" + - created_at: "2024-06-03T21:32:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/HTIsSK0VBlARAAr+thV3Du1fuzYCupxnspHAS2njh8Fsseo9RneFaPN1me + suenAQDpyZQ9ESa2dk2E/Hz82YspaurZ1lzU/WhX/3vCb2GquH/51XFIsQ6e1KCi + JPArsTZQs+UdjIN3J8GzTywkvhk3/q/ib6m0gc5AHwxsgkpd/fqgLLBlVMbasa7Y + 4QOyy5+nS9huat1l2K27+YgqOptw7snR58iDES9X+o4dN3A7LUud9dUhWckBDuRZ + KyI/eEDvyFSzS3LqiPcM45Xo+PnGYXI4Bbr+8AkUF+4KHJJsQncL7BkPOVS6l0U0 + 1ALpUvPJgUiCKX6eI+1vvSJ18YLPWWz4zZD1FMkOQpf9LMyO1XlTeaAxdLhEGs9S + Cd8+y6KRGvzTHGRJLJVCg0J4Mshf8unYAiQZBa+i0jc6iQVrCW+B34TSXp8JlYbg + LhnU1GXe9TVYIzVjPpxg6kSjU9kgZCvphyKmCtR+HfLL+5lYMbHumx5dnF6XC4B3 + ceKN8ewj549cCPbkbY1mRu8Ulnz+1DfBxZDLcVW/omXjWSJ0OVFyxMsHYo7rZ7Qc + 1z9lCDd5dq3zjchOTwTPf0GR4c8sSDlNJGQqQ2AZDzowcRwi1s31R/HlPSHsnFOE + wdi8a7xlBOdhSdJ1pcfH2T3KG9st6SduvxnFrxitJYfWfk8xmKldT2yEOw98UgvS + XgEbBt0zMVEJxF/oy/5WAr0REJx33bapuRxscCFvZOW3EzdaB9w3ICx208zQggcj + aJnLx0b4dJKypzFhECSA6zHHR1rPZzQRcRTnrxR5QC4lmA6m5GbC4bRZk/Ry+CA= + =/gY3 + -----END PGP MESSAGE----- + fp: "0xFA47BDA260489ADA" + - created_at: "2024-06-03T21:32:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4Uty74yOFxLAQ/+Nf44U9p6/26oYB83v/fZTYSF49TYussSNXWCl85FUS5h + GW7FxqjsjiiBdabMg4tqNqg9c559hF3ICZjbCuEo5rYYaSHqCRVc3k7bi5LQ2uY2 + dVJqVtboOGsYCFO6L/FnCeaCIHSiT5/1KVxh7T5LzQYxpuMxid8381uRJm2tSnBj + C+k9ocn5NEepwqT2QUIjS/0UwgiAZMuvZ6WDud92hawQw7ZSokLTRvkeJ0dRv2Ti + dCX43mIEFR+KgjfooHErL39HLKFIG7k52uhPXEN4Dlzi7/OvJwrmLp0NR6hbwp/3 + iWv2/W9I0mrVZS9UP0QffmzgHHpNGia2/LHKw4AdFAY0n1OpvLNdXZ77aw8YlwA3 + k7GG7+w8EvCt8ZzPDV1QfrB+RkD7Z3VibxBPxHbA0qPKyfSPMa+2YttEdjNDujob + USQktA4Ew62sLjUrRxPZjxrjkuKQv8wRgdkAggaveZWZLRMk9/gA6M38ibDMf9Rj + pRlNr9Jdi1avb6y+FOTSyNyrSctwwAyBgy5SLWuV/ZE71A67RMhRX/tAxXMB7BEW + trL01cbiraehg8biCHjcK5NQxtHgVSpY660m5r4OHFiyXD9G8JC1ryufdHdlqY6z + nHU8ZMGA3I549CITsVU4QlCDr/sVvrGZmQOPqxOaf8O/N0wOfRjbrsNiOkgMc0XS + XgE/z1dDPBOU4/Yppm58RLqx3l8XjvzakA/fPCBJmKoVkqF7sp55WlB5SoxwDzk/ + oM6PIncAqT0ZcBESJ9AgolpmvIswJ0u3MgGAe8AZ7Un6oNLE2ukpkIyvnqXURYA= + =/xDA + -----END PGP MESSAGE----- + fp: 0xA534E46682DD8C35377352C88DD28608BE411065 + unencrypted_suffix: _unencrypted + version: 3.8.1