delta/dotfiles
1
0
Fork 0
mirror of https://github.com/deltathetawastaken/dotfiles.git synced 2025-12-06 07:16:37 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

nginx ip hidden in sops

Browse source
This commit is contained in:
Your Name 2024-03-21 20:09:04 +03:00
parent 7cb8ec0656
commit 41175885a7
3 changed files with 46 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
hosts/intelnuc/configuration.nix
View file

@ -85,10 +85,10 @@
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://123.123.123.123:3000; include ${config.sops.templates."nginx-graf1.conf".path};
''; '';
locations."/api/live/ws".extraConfig = '' locations."/api/live/ws".extraConfig = ''
proxy_pass http://123.123.123.123:3000; include ${config.sops.templates."nginx-graf1.conf".path};
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@ -101,10 +101,10 @@
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://123.123.123.123:3000; include ${config.sops.templates."nginx-graf2.conf".path};
''; '';
locations."/api/live/ws".extraConfig = '' locations."/api/live/ws".extraConfig = ''
proxy_pass http://123.123.123.123:3000; include ${config.sops.templates."nginx-graf2.conf".path};
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@ -117,7 +117,7 @@
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://123.123.123.123:5601; include ${config.sops.templates."nginx-kibana.conf".path};
''; '';
}; };

31
hosts/intelnuc/sops.nix
View file

@ -3,16 +3,33 @@
{ {
sops = { sops = {
defaultSopsFile = ../../secrets/intelnuc/main.yaml; defaultSopsFile = ../../secrets/intelnuc/main.yaml;
sshKeyPaths = lib.mkForce []; age.sshKeyPaths = [ "/home/delta/.ssh/id_ed25519" ];
age.sshKeyPaths = lib.mkForce [ "/home/delta/.ssh/id_ed25519" ];
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
secrets = { secrets = {
"myservice/my_subdir/my_secret" = {}; "nginx/graf1" = { };
# "nginx/graf1" = { }; "nginx/graf2" = { };
# "nginx/graf2" = { }; "nginx/kibana" = { };
# "nginx/kibana" = { };
}; };
templates ={
"nginx-graf1.conf"= {
content = '' proxy_pass ${config.sops.placeholder."nginx/graf1"}; '';
owner = "root";
mode = "0444";
};
"nginx-graf2.conf"= {
content = '' proxy_pass ${config.sops.placeholder."nginx/graf2"}; '';
owner = "root";
mode = "0444";
};
"nginx-kibana.conf"= {
content = '' proxy_pass ${config.sops.placeholder."nginx/kibana"}; '';
owner = "root";
mode = "0444";
};
};
}; };
} }

37
secrets/intelnuc/main.yaml
View file

@ -1,11 +1,8 @@
#ENC[AES256_GCM,data:FaOSuGU8RwFvckoITrGacn0T8dbVLaDH0aYVXaE=,iv:L6ffjAOb40cJrVipFOL2BqUHP2HKbiG7SYOk5duJLT8=,tag:O3J8FRYlElrrCiWCHq51BA==,type:comment] #ENC[AES256_GCM,data:TKFsca0ngKW2E0UzOkdwYBFqzUKFF5B5+OBBs5Q=,iv:3TpoJ0ERwn5coP+QCb07eKI0bDsCCJzVncvBPNt7ZJM=,tag:wXF9PqFJ6ATe9CDAtLUUDA==,type:comment]
nginx: nginx:
graf1: ENC[AES256_GCM,data:FLFAf065Lcu+e64=,iv:W/jQmUEueAVkuWFaElXVILV86n25MjRlcieUOdS73Kw=,tag:UTDfnLXBtI6kSiNkdqMTew==,type:str] graf1: ENC[AES256_GCM,data:V2nwxbhaSZ/+yy2dxGEApWKVUBhpFSY=,iv:BaKJAt1YoDtPbforo40L49Sx2FlicgWzEV/0zGqHsE0=,tag:JcQL6WuPOTAFjJ52ym9+4w==,type:str]
graf2: ENC[AES256_GCM,data:mdKFz9IMNpcfX04=,iv:34N491ELjlOlOdwpJEQNAR2mz+nrgGDnzppnyq76jeM=,tag:tLLzgjYlEpNGCISIHWEe2g==,type:str] graf2: ENC[AES256_GCM,data:VCoHvyka6Npo31w=,iv:XqkBCQZ9N4T5zKE5JmVYO1HsR1naPQtVTWoEaz/WPAA=,tag:lUunS+92Kyt3voS9b34/6Q==,type:str]
kibana: ENC[AES256_GCM,data:oiSnQzvaRYDS/44=,iv:3XlfBMd5gAu/FIbSr5nI0fHHCmwJkFHCiPXpoZB8ycw=,tag:lDcYsjdM86Bq7TE0yByAEA==,type:str] kibana: ENC[AES256_GCM,data:xv2K1JXWsHoIsgM=,iv:F3IFgWiMaKOIyaWclmgDpQyVtgniP7CSPu990RH2j5w=,tag:Dhe4IWXPT9InrgxnWRSaTw==,type:str]
myservice:
my_subdir:
my_secret: ENC[AES256_GCM,data:/9KmKrM0Js5a,iv:n1xlsrjbHsiyynTjNjvPcVSQm/7YJ30S5Is7w33AKFA=,tag:WG50Y5nePaHrtijQ3muXHw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,23 +12,23 @@ sops:
- recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y - recipient: age15ztewc67js3aunwx8zvkdukqy8r3qswpqucjsqqnqjy3zecvacyqdxhl4y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa3RXMG1Jc3c1NVFCYnlO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTUFkVnE1a24zSmVTVW1i
bHdxc3cyYUZ6MDZKOGsxTklLbE5DTzYyLzF3CkFwRGlPNTFaYWNCbkxMcmJVVCtM RGdYYWwxS1BQNTFoLzNWdVB4cFVpSEZtdDFzCkhCZE9XTTkwZDAzbCttbDVXcnhU
V0Z4RWxXVTErYUVlU05uMXNRSFZIUlUKLS0tIEtTMkcwTDhDZzdpRGtCSFpMV3Z6 S1lrS3YwM3Z0MjNMUkxLVHp2QldRbFEKLS0tIDV5R1JjTkYvendPNFVPRUtJYkho
ai9wNlRkUC9XNTlad3VkM3U5U3E3UGMKTnRsw7LstwwlELVtZcq6Yo0ClXs6BUX7 cDJiQ204czZ6RlN6VWNsNXRKWFlabHMKN4RzFvn1Fka0spPVSk7VOXEe4mlZQFJZ
5AFE6q6bhdpkze0QPQLEm7hEyZ5hBIvD1T9LoAS19APd6ah6+eAHWA== EraNKedbc+yEjkCsliez91X8PH6bTqr/LuOPf+ZrczwcCcmjF5GhoQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1sxv5n2au0pwpvnj8qya75quz264s5jt0e9734jefng4dh2vyyqlqyuynuc - recipient: age1vt6n9pgz57malqryph4nyvypr3y845fthkc704uhh0s7sqy4s97q0hffyk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTZWdnpidGZkeEpTa2E4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaUt0NHBTc0wySnBZajNC
ZVFCR21ZMVBiM1BtNk1rV2EwZmNldG1jYmljClFNMitqT2cwbGthRGswREtoWktx TkNNZVZUYVpVSWQ2WGZrcFgzVU1SaUViS0g0CldkNG1QdUZmVHBPUHBQYVNSMitX
VmVicityeVphcWNSVFVzREE0TVBUMG8KLS0tIGxtT3ppWDBqNXpUeDhUbXFDYjQ5 Vm5FT3VHNVZOVzVJV3ZGRmJBK094Z0EKLS0tIFlGOUJCNkFGamNvS1dGSjZ5UkFB
ZkFmUUg1R0w3czMvZytud3pEajFxL00KWcIupUeVIcXhf29NAiUGmmsCminokmJM YmhmZ256WW1yUFV3a3RScmNoSHFsbm8KNPDePbaa5fNywlOo9VBUli76lbkTRigU
+/82FhbQwvIOCU5GlZOpCLVOFWIsMiwC3OzDv64hMHxzH4TNuiulvg== 78jZRaQ0fKGobZ4R5lYzJWmZNDbkuEH1VG1L8PlNrbWsbcEvlDya7A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T15:21:14Z" lastmodified: "2024-03-21T17:02:45Z"
mac: ENC[AES256_GCM,data:l/I2iaLLcj3q83L/eOObxN3z+zzyy8I8cJzi9b2FRzcaMUggot0l1LdPqk6KDaEfzlOPv8N1ZtwO1oYcb1JkO1/5Ga0hqBKs4yuQUrmXYjhZa6VzY7Jd1aKRTVZZtBeW2mbENVha6Co2tSRGOQNPJM64G2oIhUv3g6WdVUSCOb0=,iv:vIcmlAqBD8Z0IWnV5m/2MBXuQIl8MdRXc4c/XvUdi34=,tag:/RT/T5VuHbxrMIcaSKhPnw==,type:str] mac: ENC[AES256_GCM,data:kIYQRHj4AIRJ5It1tQXiBwEKoKjN3tmGchYDvXKVNQbA5Mi7uxVsunBcz5Nu0CGB9qa/OIJAtx8+7Cth1YEFAXfFnFD/sy8b3zKFgQJI7iB/1IxJbOsoHHcEbuoqRaZQUqrzsctZjI4v203liE9X6zalm8vovZ4As1b808Anwtk=,iv:tepGQAmydrha/hAzFJqWtEX0b2VefjfSbBgtVjdE+7o=,tag:OGawRuZ6/GCpYP7/gbAVhw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1