From 157fed470a2fb23ee109f76a93cef3fc6216b75a Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 20 Mar 2025 11:44:08 +0100 Subject: [PATCH 1/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'api-rs': 'github:uku3lig/api-rs/4ea686b2171e65d21439e5c9324ef4c8f58dc1a9?narHash=sha256-FtKYaWu6edx3LLw8UdKOTLH4Gb0hztVuTsk7F53X/dI%3D' (2025-03-18) → 'github:uku3lig/api-rs/dd5dd7ec8c53a6b750cd0c2c452b1a23e1c0bbdb?narHash=sha256-LlA7/hGvUqcWtlL7WeYJwmhsx30J26LVpxu03ZvVSis%3D' (2025-03-20) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2816e14..c70a60a 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1742286645, - "narHash": "sha256-FtKYaWu6edx3LLw8UdKOTLH4Gb0hztVuTsk7F53X/dI=", + "lastModified": 1742467351, + "narHash": "sha256-LlA7/hGvUqcWtlL7WeYJwmhsx30J26LVpxu03ZvVSis=", "owner": "uku3lig", "repo": "api-rs", - "rev": "4ea686b2171e65d21439e5c9324ef4c8f58dc1a9", + "rev": "dd5dd7ec8c53a6b750cd0c2c452b1a23e1c0bbdb", "type": "github" }, "original": { From 591367639f36f3bca3d3a5ebbbd7a8b97e0473d1 Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 20 Mar 2025 11:44:28 +0100 Subject: [PATCH 2/3] chore(systems/etna): modify api-rs secret --- secrets/etna/apiRsEnv.age | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/secrets/etna/apiRsEnv.age b/secrets/etna/apiRsEnv.age index b5238df..71ab1cb 100644 --- a/secrets/etna/apiRsEnv.age +++ b/secrets/etna/apiRsEnv.age @@ -1,18 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmFVZFM1aEhqdkt3eFJF -VkNxeURqa1lZVk9iT0NDbmhHdERKNGV5cTNJCkZRd2dycnI3V1o1R2lXc3cyNVpP -dzUrWVljYVZlVTQ2bzRMOWh6aFBjMkEKLT4gWDI1NTE5IGd1bHRRR0pTMWpnOEQ3 -cFJrVnJiTGw2aE92THFJRW9XdlRtbUtSckV3VUUKUjhMWXBGc2tieWNWblJyZG4x -WTBoT1hJZkhmeElWWDZKcWtBTkp2TUpxYwotPiBYMjU1MTkgTXYvQjRoWW9LVWRp -TUVLRHJoekx5OG5jNU5rbHE2VTZHam9YQ2tBZzkxRQp6NmNLblUwNE5JNnljMWJm -SENYUG1RT3NOSTdIKzJsdk1sVzRCbXZZenFNCi0+IFgyNTUxOSBJY3FtT1dBMXR5 -Z21mT1hNZWlnR3JRcTNTbTZqZlAwcW1mRzhoaEsydG1JCi9PRlRKRUI1emZCdWhC -WG1rblQvNnBiK3g1SzZ5WlBrQ0JGYWthRG9BcFUKLS0tIGwrUjI3bFhjTElVYm82 -K3NTSWpPZUNNN1pIWEIzcEs4c0U2OTVCOWE5TmcK1nj86cobbkI5DlqXOe8wkSEd -WKeQHsEq6I5zIxRAa/AKAq+onz0DQa9ndT3IGg+LxisdahoxM+TpWoeZjJ3YndcH -BIzluYikuEsNZ5A0C7RzZWk54wOiJVLf9RLbylwL6+tmq9OlIv/JFcw0kKD0Bcre -8W9acC8xHvimpoS9lmmRBBRVPNwc04Ms9V4MYZuLZ16EfzK+07rOGn7cH7TCmjGs -X9/iZL02RbFTssX/61P8xbRem04CwZvYuHcOsezk1p0wxUNIHwAzV07TXzIKa3NS -aXL0jdoVIbNm9C9SN84PA+7ApIn1CMnQcbMFmAbS/pwO901K2v3VOwfE5wipMtVl -dPo= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWEk5Rm1reHVnZzVoU1pp +WjdZTVhvWUFvblJRNmt0QjJQL3B1bVZxU2lFCi9hQkJZalovbE1JczZxU0J1V2Ux +RnpzS01pWWZIdmZoNG9zR0NuZnozTDgKLT4gWDI1NTE5IDI2MS95bURVbU01ZjIx +M2txNkZBa3hSQ2sxTno4U04xMUMyTDA5Y0V5U0kKbTdqNFM0Q1N6SzZFR282RXZG +cUc3bU90SmFpOHo0bGYvbU1NaVJtVDZVMAotPiBYMjU1MTkgcmF4dnhsU20xMUxu +eExOR3UxaVJoY0VBVkk5aElENitkc0w5VzlKYlZscwpmajhDQkUxUmllNGhTc1ZP +MTFYWDhLbUNGa05KQ25pUmMwQmpOUkJUMlRNCi0+IFgyNTUxOSBBZVkyNFk4RElm +QWc1allWcTA1cGJ1ajh6V2FwYjIxZUhMZkR4Z1ZzSlFNCjlRRkVvUVRZc2tVOVFY +dU45RTV0RUVVQ2dyRVc4NmprUUgwWkVyZ0R4UU0KLS0tIC8vT1FMTkM1czVtZlRy +VVZ5dHYwN1o0UG8yN0JEL1NnMFdTQzNVdjQ5WDQKRPkajSZwrQHbsf4zN1cCQGyC +y/G6HPLlynpV/OmTuln1uRlNevn7u9pY2eO7ZdtEwH39PSzDKBUmHHTUU0ut+5oL +0YGJUJlqfGj5IbtoKtYzO276Khwsk0fCcH2rp+2armXeq2EPF5/JeWffZuQ63Xrl +b3lBaIQvMv/e5R6uyR+Upr+Bf3eBUGNvy/Uo7OQqWdkoNaikUT5/7iVwFYrPZ21U +Azh2RM70jyUlxPlm37JYObHSBqCEJH8mB0hU/3PdvAY39l2Wb6YJkZV2MPi6Yb17 +nsKWslxxKUBc1ExBA+2iYL7R+vtwxxvztqHjdOgrbrR8in163qp9rIGpOSwHmIJL +T2K+B0IU1aYE4z7Ee1guppyztv80ktyWgQHkeKi0G3hHAS+AeHPaYphDtKsytg== -----END AGE ENCRYPTED FILE----- From b8040ec72d5730cf1db197df777d6d5d5b82150b Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 20 Mar 2025 11:44:49 +0100 Subject: [PATCH 3/3] fix(systems/etna): don't chown cloudflared secret upstream switched the service to a dynamic user --- systems/etna/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/systems/etna/default.nix b/systems/etna/default.nix index dc35c90..6064d03 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -8,10 +8,7 @@ let tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; }; - cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" { - owner = "cloudflared"; - group = "cloudflared"; - }; + cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" { }; in { assertions = [