From e17c31bd770318d6363a9d4aedb5a9306765d5b2 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Mon, 5 Dec 2022 10:56:44 +0100 Subject: [PATCH] Add livebook-password to configuration and secrets --- machines/loki/configuration.nix | 3 ++ machines/loki/secrets.yaml | 57 +++++++++++++++++---------------- modules/livebook/default.nix | 3 ++ 3 files changed, 35 insertions(+), 28 deletions(-) diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 49fe07a..b77927c 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -193,6 +193,9 @@ livebook_cookie = { owner = "erwin"; }; + livebook-password = { + owner = "erwin"; + }; }; # This value determines the NixOS release from which the default diff --git a/machines/loki/secrets.yaml b/machines/loki/secrets.yaml index 571fb66..9e7275c 100644 --- a/machines/loki/secrets.yaml +++ b/machines/loki/secrets.yaml @@ -1,33 +1,34 @@ ha_now_playing_token: ENC[AES256_GCM,data:2NKdfEn0tQx+DTE6HBVo79Ico8+afqJ2XFaBVOgIikaL4eMa34CqHwhX91T64VVdmWyjvhaC1kRzxsALoJvw1ZHEnSG2va6lX0vN36j/n8R3ulcX23ZJetMHYQQE6ss7A+gvnBHTnTBG+F9XyrPFT7xnfQ363lWHQ3nRFiGAZJjj6eYqLxSuG7KMWHtfSozy5gSy2JKoxyV4KnqpDs39PhBmNA7OSh3FRYZPIaq+i4qhdCfHRET+,iv:Znl6IW36aqhL/KBr0cRgPBPtqkhuc1GtoqCQEQJ/cXI=,tag:ubvLck9m9qiutU2zcQtdDw==,type:str] gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01tUdRA==,iv:HY82pn2rp9zf+xHWRg6Zwbl5V2qgp+67LghxHRQjiMI=,tag:OrkwDDYpJLXnsWZvqBtY9g==,type:str] livebook_cookie: ENC[AES256_GCM,data:ZB7u8BWNn7x2O00YTALYTwNi/obq8nH3mI01Bd8UxPg=,iv:JVpPJaB6O7oRjYqYuEueT812U0Bn8mUCOLDwpAU5yTs=,tag:GIkodjTt9mRLQZ0UAtJszg==,type:str] +livebook-password: ENC[AES256_GCM,data:6w+qCJRm56Y=,iv:FOQf8zu3WXWN1OPSY/Y0yTVnQkruGDQyjv2ykw+ZLhU=,tag:y1IpzvOkDjfx9zFIaj4eEg==,type:str] renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWnIvTVljMWZKVDVyNENl - TjBNRHJ3RllaQ0JZNXpCZlMwYkttMmVGeVQwCkExNzNDY2ZWQ0xRdk1rdytYVjls - SFFUNVJndHdpQ2djR2EzYklHYUErd0kKLS0tIEpoQkRNcFUvMXhmQW1TKzNESHhL - U2NROUNJQnEvaG1ZNVVEd0txUndVUjAKnnkLobhykAYvhE1N0rfgR/supQ4mCNP/ - 5/UAkFCbwNR6tAJHZH72grNh5mzl+fCyiHmDGOMgxhTyL/5lC9k9ZA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTkxwMHkyeDRmUUZZZFFG - cThxTytQSjVmcGdiY2d1U0xrRkhUMEdBckZNCm95WGF0N0twN0VrU1U3MXdPdE4x - OE55eXh2RUtOUnBwbmVaWGdadmlBUG8KLS0tIEFqdW5PSUJmNjd0NlFMTEp3cjRS - T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj - KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-26T17:17:46Z" - mac: ENC[AES256_GCM,data:ifCxcuSVCjlzd7l99q6gbhg/GYw0SBwz24N7Pjhynuq6CMBTGYH1mItWkBTdPhaM1r2RokSutSxmPSJfWAE/9B21p1wJH0RCKKoWyGAu7VlKMFHvv3xcIGNiZhcNfk3/zmZT4SifDfK8iA/VHt2dJlFomZhBvntIwnyRUEhEa7w=,iv:N6JOY9ceWB6d+87XsoYnJRI7RJ7WwegMMwedPIYLbfA=,tag:eB0lcAk2ZEyXBdSp19XX8g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWnIvTVljMWZKVDVyNENl + TjBNRHJ3RllaQ0JZNXpCZlMwYkttMmVGeVQwCkExNzNDY2ZWQ0xRdk1rdytYVjls + SFFUNVJndHdpQ2djR2EzYklHYUErd0kKLS0tIEpoQkRNcFUvMXhmQW1TKzNESHhL + U2NROUNJQnEvaG1ZNVVEd0txUndVUjAKnnkLobhykAYvhE1N0rfgR/supQ4mCNP/ + 5/UAkFCbwNR6tAJHZH72grNh5mzl+fCyiHmDGOMgxhTyL/5lC9k9ZA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTkxwMHkyeDRmUUZZZFFG + cThxTytQSjVmcGdiY2d1U0xrRkhUMEdBckZNCm95WGF0N0twN0VrU1U3MXdPdE4x + OE55eXh2RUtOUnBwbmVaWGdadmlBUG8KLS0tIEFqdW5PSUJmNjd0NlFMTEp3cjRS + T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj + KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-05T08:18:03Z" + mac: ENC[AES256_GCM,data:YerddVd+obdDrBMa43CHhoVp108fWiTp0ZettA632R6pXQEN//fIDcEHn4Yv6aFV9rgn3p8DRdFuS+geORCuuKa2md3P7IkA06wei+AblT8HfpWz9PtSjyeFjJzCI9ZkrIzKUlYosqDQFG3Bq27f3LjHJMvNtWKkINTCV+qPYzE=,iv:3O6Eg4zzJNTOyqegTFwuQER1juXFxPqaMI6ELQNA85A=,tag:alQv8wKLca+XNZh0zn39gw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/modules/livebook/default.nix b/modules/livebook/default.nix index 8dfbfdb..6bc5a81 100644 --- a/modules/livebook/default.nix +++ b/modules/livebook/default.nix @@ -25,6 +25,9 @@ in livebook = { autoStart = true; image = "livebook/livebook"; + environmentFiles = [ + config.sops.secrets.livebook-password.path + ]; ports = [ "8080:8080" ];