megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix(gogs): update certificate

Browse source
This commit is contained in:
Malte Tammena 2023-10-04 16:33:37 +02:00
parent a816249733
commit 26081d759a
4 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/faunus-ater.nix
View file

@ -536,6 +536,7 @@ in {
"certificate-key-note-home" = nginxSecret;
"certificate-key-foto-home" = nginxSecret;
"certificate-key-listen-home" = nginxSecret;
"certificate-key-git-home" = nginxSecret;
"paperless-admin-password" = {};
"photoprism-admin-password" = {};
"grafana-admin-password" = {

4
modules/gogs.nix
View file

@ -51,8 +51,8 @@ in {
addSSL = true;
listenAddresses = [cfg.addr.v4 "[${cfg.addr.v6}]"];
sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt);
sslCertificateKey = config.sops.secrets."nginx-cert-key".path;
sslCertificate = config.sops.secrets."nginx-cert-crt".path;
sslCertificateKey = config.sops.secrets."certificate-key-git-home".path;
sslCertificate = ../secrets/pub/git-home.crt;
locations."/" = {
proxyPass = "http://${config.services.gogs.httpAddress}:${toString config.services.gogs.httpPort}";
proxyWebsockets = true;

5
secrets/hosts/faunus-ater/secrets.yaml
View file

@ -20,6 +20,7 @@ certificate-key-read-home: ENC[AES256_GCM,data:gmOZltlFX1MnD2O9MvImBfHXSFOCoRwf2
certificate-key-note-home: ENC[AES256_GCM,data:3o14rUIbQnO2zsWZ+2HOYeUj9bCwAyDnCTJnqPFeUoycRNof72adOQnXD55zkRjvmTCKn+eUAftMUmKwLh6igQBUDfaa3LR4vrFIFxGU2yVc05HCtkNoH8DDbaNlh2qUEXxRhdHOOH8H9+owKC8vdI3lg0jQCOCohyh8DXzMBlDwMrRt4GEdCf9SacVFSAwYjBcaY5QiGno62cwhIopOqrDEgDjX9DqSXdMldWPJAhY+vKqkQw3s0TEP6VKUWxS1dsk5iUWLCiwEluapUlkNe8pl2IS+edfMHs6r5VjkvREZgnVlYG/E7KZxs+RXZHH6hqC+QVQwb1Pyvg1pNrgRgYglQjGEk4Hw2KYLPiujvA8Gh5g4FXLqOqb0D+1e/L4KmuuRJj4NFSJva1BlMXg=,iv:CzTsAY13qJ7QuLxAy8hR25eilH1xk2ZeMm1n36jXhr0=,tag:EF58EugYcdZmus01rYU4Og==,type:str]
certificate-key-foto-home: ENC[AES256_GCM,data:fBu0O+jgpvquYLm8pkATyJc/htIM9K45O+ORLh6BZ3sU4KkzHxhxwgmGirt+KmuPDfpXKpXZ9JnR6ZzQ8fx+SKy65RLN0NsFYgmtmkLft0x5yir9qODGSFcEfAbF8ytr2+TvjLJxm44uutuwuedM3npfM1Ix8kJctTbDDsDm+O1a6yHwYMzdNMvG/wzYwcLfkKYVAmJ7NSDhWn0EQbMuiYE+Dr5ELpLBRrJ+9jLRSW21coK3vsjWPdDNu53HJhm3tXMygShrfMnbizCS+usHDaDPmyR6FNsS1+jc6BosVD/hK1p/eXkLKYwnOyMZdpnPiVQVr1E7Sa0P1RgOoDkWx8J+ltj1UqqDtWaU6caqALOXE++oowXJski1HJWZtPyra0TkbZXNqrUA2Pwyxns=,iv:/Ssx11gARoOKrO4slcd3h839qyrzkuYWF2yBUpD+QCQ=,tag:qgZauUmp6Ry5RGsA0uPqZA==,type:str]
certificate-key-listen-home: ENC[AES256_GCM,data:B0sXmMgBnBc2T2rimUrsx77uLcKeMUkMIOCuI1eGR/HJdGmDlD3fTu4OHEBi/dlcDhka7sEw3at2orZtn4C7vaT0xvbvQTNtHnXSYIsKJd4lc/5UGugAi7uL5yzv6GlgJDsD6hy7sxRgiZzvk5fqlPZ6IRn2olMV1fhEAqHYQuyYca4Jx8M0s/lfnW1IzxZkykMrxXAWgCccC8JwtAbFmGBIIJATR+sIbK6w2eT/c/6DuqVlcqpL2w81RHn5nATUOsqTMuAxNPFOsQ8hkhohi7i07UJ9zHTbgd1Joxp0UnilW7eNKevySXSpS2K5D/lpNA2TXVImC+mKf2vw9Tq0fLbh3AtoWkKMKvDMe65SnnKs7w57SKNOHwcImMEiEr33xaj9SuDL9pbuXp5j84E=,iv:xxXKfCd1wbuXh+PfLkBuE+hMtrqwGPETHqHP+Ym1Kdw=,tag:midB+J8LvwGhTBpZ6z0ajA==,type:str]
certificate-key-git-home: ENC[AES256_GCM,data:/ElUTbedyaxWRf+A0A/4oCxcCFBz10zI26/i6h1TVEWg347v76k1BqlsywERg7Q+uLTc61bE5JdskoAX7im2HbYgC83o2YmnLTPKFWWlXIZDbBAx4BCh2/O2W38plgpN3jMeZ0VG9/11nL3pwXPyFwdOqhbaH3Xa0fWcomvREq9bewM1MzAw74KI6bNVnKpe9LQNj+aQBzq5UNDWiToR2iNyQ1k8DUhmBPxei/nMrHiFRj4gVk86IhyQKjZAY4Q+dLQ/aPSz1EqGUoXWh05RgvB+Q5BNJMTIj1x/OYpxoH5/E8babQwX4fhXPFHDf5+wdLJlaFUPoswHIIrXrP+T6UQtFRMS2oBI/cln2uoma49ApXmNOBzmkAAOd0tJ4VDFxQ/PhdtF0tsR5mOSLKU=,iv:Lk9K11R4kOIXUipUhxjIIryt+sIMLETuYx1IrAsYiLM=,tag:41DTtViZFE3ZRQLvRnV0xw==,type:str]
sops:
kms: []
gcp_kms: []
@ -35,8 +36,8 @@ sops:
cUZZQ1N4dGxpR2VLR1ZjTlFmTmwvTGsKzvsg2Uh2LzE5vXrdxW+H3ACP9kbFO1Rb
XUyEF6E40UGTR40J8CqV7IvnHVvaLVIekW51MyKVGNyBG1phOne10w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-19T15:35:58Z"
mac: ENC[AES256_GCM,data:qFEHyZEkfrIgB/5oVO3bLmR9NbFKKxUeSEL9nGbCkzREKxECWwBwpY8fMZM17DE8XG4cP+AmpkT56eOEd5tbr3JYqbn/LzMvjEXBEyv15dg4/4XPyLO22uKk/E0EtOgVZaFiX+joDhFVDnvlcntuJobH0xEYUDCA00jMXRBS19k=,iv:JjZMKF23lXa1y2zAbyd+9X8m7gMOvX2n2bThVj4WWmY=,tag:D9fG0sDtPVWz5FlmAbX+2w==,type:str]
lastmodified: "2023-10-04T14:28:07Z"
mac: ENC[AES256_GCM,data:5ClPyK4mJ+YwcYVKyHKZnH0gCl4GYfZHATFNTRDnHZE8rY9xkDr31t1Q3brCyQcpPBzj/mL3sNWqaVZJ36rAdBgj9hCk5cOikA3J3BLDk2zyu1ugRotliYBWOYSZastu2czfBoGn+MxENqr4qT2jmBH3K1cd1mUwkKVl/C5OGkk=,iv:+j88Yba0m0KKc0DmI+8NMilIOxCYii9CysZ+2GoOc/o=,tag:OMVrXpps7x4M70HDRKkyyA==,type:str]
pgp:
- created_at: "2022-06-04T20:24:49Z"
enc: |

11
secrets/pub/git-home.crt Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUegAwIBAgIUcJLg2plScWMgDUk+jtw7eEwOpfcwCgYIKoZIzj0EAwIw
FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yMzEwMDQxNDI4MDZaFw0yNDEwMDMx
NDI4MDZaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABP6qv9g+sNiYHaQTGxsbFT1GbIwnVFjpHhv3WfjNPkIqQ6Uxx3iZDzcZkFza
UnbwZ5mXkrg4t8M5OPv3LozuAeSjeTB3MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK
BggrBgEFBQcDATATBgNVHREEDDAKgghnaXQuaG9tZTAdBgNVHQ4EFgQU9YvwvRmg
kH7T8rPZmAQqtg7arzswHwYDVR0jBBgwFoAU3LHFhGwT3qMYGN9SmsFeqDIHztMw
CgYIKoZIzj0EAwIDRwAwRAIgB3w5EYXZRZpTMg95zrY/iWxBF4wrSR+UjgJ6K1va
GyICIEanqxKN+PYkZ4CJ28UQuw6GnSa2myL2xLj0fUBXyTpl
-----END CERTIFICATE-----