read(miniflux): Mash all secrets into one env file

2024-07-16 00:03:43 +02:00 · 2024-07-16 00:03:43 +02:00 · 427f7f4485
commit 427f7f4485
parent 8b537059af
3 changed files with 6 additions and 16 deletions
--- a/machines/read/configuration.nix
+++ b/machines/read/configuration.nix
@ -96,10 +96,7 @@
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    caddy-env = { };
-    miniflux-admin-user = { };
+    miniflux-env = { };
    miniflux-admin-password = { };
    miniflux-oidc-client-id = { };
    miniflux-oidc-client-secret = { };
  };
  system.stateVersion = "24.11";
--- a/machines/read/miniflux/default.nix
+++ b/machines/read/miniflux/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ config, ... }:
 {
  services.miniflux = {
    enable = true;
@ -7,14 +7,10 @@
      LISTEN_ADDR = "/run/miniflux/miniflux.sock";
      POLLING_SCHEDULER = "entry_frequency";
      OAUTH2_PROVIDER = "oidc";
      OAUTH2_CLIENT_ID_FILE = config.sops.secrets.miniflux-oidc-client-id.path;
      OAUTH2_CLIENT_SECRET_FILE = config.sops.secrets.miniflux-oidc-client-secret.path;
      OAUTH2_REDIRCT_URL = "https://read.datarift.nl/oauth2/oidc/callback";
      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.datarift.nl/realms/datarift/";
      ADMIN_USERNAME_FILE = config.sops.secrets.miniflux-admin-user.path;
      ADMIN_PASSWORD_FILE = config.sops.secrets.miniflux-admin-password.path;
      WEBAUTHN = 1;
    };
-    adminCredentialsFile = pkgs.writeText "miniflux-dummy-admin-credentials" "";
+    adminCredentialsFile = config.sops.secrets.miniflux-env.path;
  };
 }
--- a/machines/read/secrets.yaml
+++ b/machines/read/secrets.yaml
@ -1,8 +1,5 @@
 caddy-env: ENC[AES256_GCM,data:gw+QSN+c2Lp2F4wNzhTXklq9sUrDT389KLAh2YRpZbqxWpodx4LPJ1uIUsMC1TdeYmq+lkI+,iv:iXjLwOfQo9wEa9bBlE5HYUKDNriJgcm7hxPsBys62hk=,tag:DbutFgWz5ZqHE1/aP4+7Ag==,type:str]
-miniflux-admin-user: ENC[AES256_GCM,data:G0JD/iI=,iv:CPVSFIr5TzOGmyAt1zkz37Zld1lfPrnDxdOoJ8oGivQ=,tag:2RmlqB5zNyTBVSPv3zankA==,type:str]
+miniflux-env: ENC[AES256_GCM,data:5H+/yRuPW6BodnHaq3E7bcqD7xSRLHwle6BdSpsyFPUY9lw7JT4445lnQlV/uliGJJTu0H9N3G5KhsDQbvvU8vw+5yQvX4EgYQnJfYMyEn8LmQE+ErGz5Lpx3A6sjFuy0KHCqbFJwf5jjfZwuxvNdTKv34gnR2u9+4Vyg5qjwAP4jw==,iv:HfLie5OUOkEKjSmm7rBfOtVhkIq9GA3NRfwDg5AD7MQ=,tag:1ysgjaklV6twaLPe5na+hw==,type:str]
 miniflux-admin-password: ENC[AES256_GCM,data:kIxW0Ybz5ZNCBaKiwg==,iv:HMbW6vfid8r9ZDpzlWGYJwALF1wz7NuVvEKtGW27twk=,tag:TXsYzDmIXSsACxe62F15sQ==,type:str]
 miniflux-oidc-client-id: ENC[AES256_GCM,data:yCIEu1PBGAA=,iv:YpOU0lfzXNMlwb5jI8LO1WV58j3QwidbxbT5OJu2Vtw=,tag:MrnFlwxcg6wV9bG93XKyVg==,type:str]
 miniflux-oidc-client-secret: ENC[AES256_GCM,data:0wVAofr4H7juq3QrqO0fH6lWpdxKbSbUjqo7GtVcnns=,iv:rnePz45XaTkshZ/0YsnmW6VVfJI3FIw4n+SN+2lVrcs=,tag:Mk7IVkrmDsF2sjszhbgf4A==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -36,8 +33,8 @@ sops:
            alprbldiMEtZQ29DaUJzaEZlWmxXTmMKPYHIg4fMR5fbCoCAyHHuL/WGfn4D6mXJ
            yulfOqthMxvvWr+9sOBeAWIWSCcc0DBmDjvUTaDqVA7pnhZE+hQ2mw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-15T21:34:14Z"
+    lastmodified: "2024-07-15T22:03:26Z"
-    mac: ENC[AES256_GCM,data:NZ/kdtM1XFePRz6mbNhU1TZHsBSnQRU6k39dxYaXsDIS/oHM0Cy68qsCaniV309YmYSDmTFPJ9S9QAE3mVa7BbZvuYOcWkdMCRNC5gYKwvM2iP/gpu3XCm64emwDKm+bLL/kDFc69iCyyajPP/KhqvMoEgXrPCAnCWxzhER9LiI=,iv:UdFEQLegd7s0KUUt1BmRakFtEVE91L3M/pa59mjeKPc=,tag:iu8jzwYza7oa9a0lH1puaw==,type:str]
+    mac: ENC[AES256_GCM,data:T4BUMEd6lxXtndOH52M2SGqMm08kW6tG4VDcpaBv5De+DmSaXX2cojM2MIOVBnQjNxCT6534RZAvnG4cQkUiIgaqP+PDyb1w0cYnv+zfgE/yHQ/AkBXlnr4jblJLYtU/04HpFm5OGvjYxqXDrrcWu/tZD6lZgiDcqLO5R+V0Azg=,iv:/WNzbV8YJpdVD7nF+AFQz/why5QFKGYidIgh1V8VLGA=,tag:RyyZRIsF7kyg+ZgDD+7DhQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0