xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules/miniflux: handle oauth2 secret with LoadCredential

Browse source
This commit is contained in:
xinyangli 2024-08-05 10:52:54 +08:00
parent 9ffc2ad23d
commit 9d44f6eb07
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
5 changed files with 44 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
machines/massicot/default.nix
View file

@ -28,9 +28,7 @@
grafana_oauth_secret = {
owner = "grafana";
};
miniflux_oauth_secret = {
owner = "miniflux";
};
"miniflux/oauth2_secret" = { };
};
};

5
machines/massicot/secrets.yaml
View file

@ -2,6 +2,7 @@ storage_box_mount: ENC[AES256_GCM,data:9lOAL3tkfB0pN4/cuM4SX0xoMrW0UUEzTN8spw3MQ
gts_env: ENC[AES256_GCM,data:CKFKHXCJvTD0HFkVrBWhabcl/cloCT03qcZIc5JymiIAu+o6wef6gsQlkKP81vxC9S3XMYtLgXQ03D7Jetkfg+7nafF1+ogN,iv:/axRqZIatwYL++/KmBIievPPyKRkHGmVpgRe2Eet+fg=,tag:gwxyuePOYiD1vlSyq3yjXA==,type:str]
hedgedoc_env: ENC[AES256_GCM,data:zwAA+zKSJT0tZyYArCaa1lfL0y8DNHDp/thS11DrVxNvjmk38o0ydsKArfZKzFYye+qNBzz1B4sPCdW4cFgQUNgbM+n9AvoMB8CssdmQ+sALKmozA5aEV23q+khZSGlHocP6WA==,iv:SgZruOS1nanK64Ex1dvgoD1HzbGbNa4DFSBuVoaNgEc=,tag:R+I8m1AloDCXs5PdpEpS0w==,type:str]
grafana_oauth_secret: ENC[AES256_GCM,data:2dSgxeWXNtlvbrgW9whCVuM6tfzd4lVhynwQTSPbBJndhI8scpJle7LjI1+b14FS9boBsuYO+ym4Pf1I8/jJtKkj6X6I0BmXFBC/SfpCpo+ZGrxacg==,iv:N8iTPqMagKP3hWc7n0bjgYKvaFaw11ITvDn9lUkkAPY=,tag:Cz59fA2Zq3jVvhfxaFuGAA==,type:str]
miniflux: ENC[AES256_GCM,data:26/dYh3jrcqIxmo2WSy1tz54BQQAQg==,iv:yv7dS/RcsitYb/7firhr5lcy1TUDMuFRpwk6WaPHOKk=,tag:FdJcvBCL96GqG3uB41i6Ng==,type:str]
sops:
kms: []
gcp_kms: []
@ -26,8 +27,8 @@ sops:
dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i
V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-31T09:24:12Z"
mac: ENC[AES256_GCM,data:/TIuK0O0e3Kkb9yjVE4GEPLRRFo1wQEzfcuCcX/hS4eGSgVPu8p52meEzVW7Z9GLiKsmgSW+L5fW4k+kXGcOfKr1BarjfHa0pGcfoW/gb8BV2TFmX9rQk9ioh5m5NT97pv5KgrpPIU+HjUEe5ORebVZh5sW/R3Vh3PCyagINcIs=,iv:mU4P7BUnMjA/hIhX9SUImOuazoccPdnmeNIPGJUXaLw=,tag:EMXAVLgFZk3Mgv2O1rgibg==,type:str]
lastmodified: "2024-08-05T02:36:03Z"
mac: ENC[AES256_GCM,data:VD2tlgzwUujeuvO1SX4TBvJPyAQUKroZZ6KjJHwWvx/nOS/MfZQshuccP3QofHMKdBfSal22WVuxTzmzVCWv870/EOVKr3Tw1vAEpidDOLwmKHp6GrJXh5ReKg00j2yHgClsjetSMCQfaWmrO11Wa2UjS9+XDRMCQZ2sw2qbUtI=,iv:5kMwdTEeR7Dx0jfI4afeR88L1Sgij3S18KXGc77qzBU=,tag:4nKzV7vSX3T1b/HoAnCX8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

6
machines/massicot/services.nix
View file

@ -86,9 +86,9 @@ in
provision = import ./kanidm-provision.nix;
};
services.miniflux = {
custom.miniflux = {
enable = true;
config = {
environment = {
LISTEN_ADDR = "127.0.0.1:58173";
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIEND_ID = "miniflux";
@ -97,7 +97,7 @@ in
OAUTH2_USER_CREATION = 1;
CREATE_ADMIN = lib.mkForce "";
};
adminCredentialsFile = config.sops.secrets.miniflux_oauth_secret;
oauth2SecretFile = config.sops.secrets."miniflux/oauth2_secret".path;
};
services.matrix-conduit = {