diff --git a/flake.lock b/flake.lock index 622d0ca..af44d20 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ ] }, "locked": { - "lastModified": 1733214974, - "narHash": "sha256-wt0T39BRtLafAy3+IlX4ZZ8+KiZNykm9CrYO9IwTvEk=", + "lastModified": 1733301261, + "narHash": "sha256-DhrFTYBw4dqS5ZQG9yoAUr/ibTkN3wKjgogU4I9W2a8=", "owner": "uku3lig", "repo": "api-rs", - "rev": "e62f892e625b8a9872d9cd7bc140f7a8962abd81", + "rev": "e4c38c04529ca5fff3f170b8eca728ce72cfa529", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1733299177, - "narHash": "sha256-TvDEljXVpgJ7mPLyh9KKJLZkOypF+LCkcvJq/jBz9MU=", + "lastModified": 1733304249, + "narHash": "sha256-o6wNhr1ONxMuBJUGC9v0hEjFdv5rN6XzHJEL/rQJLjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "70803283187c8f775ff561be4117e5b1a11b296e", + "rev": "6c3a7a0b72c19ec994b85c57a1712d177bd809b2", "type": "github" }, "original": { @@ -205,11 +205,11 @@ "hydro": { "flake": false, "locked": { - "lastModified": 1730549115, - "narHash": "sha256-QYq4sU41/iKvDUczWLYRGqDQpVASF/+6brJJ8IxypjE=", + "lastModified": 1733306048, + "narHash": "sha256-KXch0JvfAfZfBgA8oXnYs6mRN417WvDoJN9EOZNZn10=", "owner": "jorgebucaran", "repo": "hydro", - "rev": "9c93b89573bd722f766f2190a862ae55e728f6ba", + "rev": "7d0b895f8c82ee9b3710a038e0ac558d99941a72", "type": "github" }, "original": { @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1733124015, - "narHash": "sha256-rPqOllvleOnYJaMU+zv+In7b2pTncRyRnzG7xjTZk8A=", + "lastModified": 1733301392, + "narHash": "sha256-OAVSSpI6TBcu0Gr38JkD3AuO6hiEZFaB6zVy2iU9Zdg=", "owner": "uku3lig", "repo": "ukubot-rs", - "rev": "35067c20002e73d766836e6c6fa79b8937c2fe59", + "rev": "02c6c93e4f6d2cdfcc585f34275a1863f9c8efc6", "type": "github" }, "original": { diff --git a/secrets/etna/vmauthEnv.age b/secrets/etna/vmauthEnv.age new file mode 100644 index 0000000..ea1f204 --- /dev/null +++ b/secrets/etna/vmauthEnv.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZHdmMjdOTkFNZzY3UC83 +d00xb3MwcmlSSGRtcVhYTWdWdUpsdmhQZ2xnCmE4Tkt0bzB4Z29lMTFMSzEvR0k4 +VUlFVVY5RGdyaFJyS1pkc2g4VGY2VEUKLT4gWDI1NTE5IFY2SFdpdlIrYnBTd1ZX +STREdWZjQ3JOOThVNFBLRUtLUEViVnorcTJHeVUKcUJ4M09vaUlzKzM0QW5WOU0r +LzNGTEcyWEJlSnNud1h1VlJVY1VuV2dCYwotPiBYMjU1MTkgUENxTkhUSE5SUXZI +NE9SQkJTVU10RWp3YTc3d09zd05BT2ROSXhST3RVMApydlQxUjdKNkhrRG5HWVRk +eTF0QjBUVmJ4dndUbmFaZFUvM3JaZTE3djlnCi0+IFgyNTUxOSArZi9VM2dVMVRN +bjZxSk1FZlNoL0pLNFg4RGJ4Y1VlMEJGdkNTaHQyem5VCmVVaEdOQmhyOFpENWdN +WXBYN01YU0xESmMybHBocHZWTVJGc2YrZFpxdHcKLS0tIDdiTngrUHJCWU9PYVow +TVFVTUxrV1M5NFEwQzdUM0ZjMGVqaHhvM2hhbnMKlx7IO02Yx2u0jAXj/6qnUjF1 +j87tucKv9X5YHkreU5u/C/x+NCvjR2SckJxJ8wDvhxeu/0WhkTWV2gG56kkf5BiT +QEA5UHkt157SIDM4FgH1VlmWr6lnhPdr+nQJB51BQNM70adOdY6qdmQ7BJ5W754G +BqnEKtZUQE+IV7esHNObKXnbkxf99KCiUxhGXHfbu/jdG/hCTBUbbEKpHGlot3xF +2XeVslCvdO49Jq24ae71fDo1/gbE2QKXgueBWU9jLXI96YCvRiqwIY7SqSz0Pr5O +bE9IRrs0rVQO +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 555a2db..ab7b04f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,4 +30,5 @@ in { "etna/navidromeEnv.age".publicKeys = main ++ [etna]; "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; "etna/vaultwardenEnv.age".publicKeys = main ++ [etna]; + "etna/vmauthEnv.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/metrics.nix b/systems/etna/metrics.nix index 35dc42d..3403138 100644 --- a/systems/etna/metrics.nix +++ b/systems/etna/metrics.nix @@ -6,10 +6,12 @@ }: let vmcfg = config.services.victoriametrics; secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];}; + vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {}; in { imports = [ mystia.nixosModules.vmauth secrets.generate + vmauthEnv.generate ]; cfTunnels = { @@ -59,7 +61,7 @@ in { services.vmauth = { enable = true; listenAddress = "127.0.0.1:9089"; - environmentFile = secrets.get "vmAuthToken"; + environmentFile = vmauthEnv.path; authConfig.users = [ { bearer_token = "%{VM_AUTH_TOKEN}";