diff --git a/secrets/mqtt/owntracks-plain.age b/secrets/mqtt/owntracks-plain.age deleted file mode 100644 index 62dd763..0000000 --- a/secrets/mqtt/owntracks-plain.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA EUCAFvv0lXb1aUeNwfETPZPjnPu2jvfE/Y2oDqWxsS0 -90gepjWnqV1y2fy/fXtseGWoVYZZ7gqotYbRlqwoJkk --> ssh-ed25519 lJaKnA 7qZgtht5htf04vvKyS6clUDdDl79XXiz5tfMCADuCng -XpnIlDH9G/kVKsrRQqvhMq0WzyCKU1uxewBB6+gUl7I --> ssh-ed25519 72ij7w VD0nT2Xe1FyS65birBDixk6wGo65X/BbWciIr7RbEmI -JyjbLeJihjduMjj1s3FwONYLDOtlpgGaLFe6PQyAubw --> T-grease -7dwzA+u7t5WSPe0rR0cptQivYAmlIAd1MRgn5cfyoQ ---- NPZDG+VU3AvoxqrA86Gk6CNbyGVX3yeT/+ZTymgwKVs -ϬV }$`Z$6~!ʄsGRhmES[{Tϧ \ No newline at end of file diff --git a/secrets/mqtt/owntracks.age b/secrets/mqtt/owntracks.age index 756b096..b701bd3 100644 Binary files a/secrets/mqtt/owntracks.age and b/secrets/mqtt/owntracks.age differ diff --git a/secrets/owntracks/recorder.env.age b/secrets/owntracks/recorder.env.age new file mode 100644 index 0000000..159b576 --- /dev/null +++ b/secrets/owntracks/recorder.env.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 OAZQhA Qnhjg0aiCjjpq5S9uUqZUamO6lX0aoNutCYgqh0vbBI +ZGEbJUs9WsQKgb4F13QYGgFvYXBTCCpxfMiAadz3l4g +-> ssh-ed25519 lJaKnA jOejc7Gj3MrwLY5xOCZh8hJjQ3+bY8ZOhRipLu20TCc +fyXQHrrYzAQTDc0VGTDw5tc9Sl/KoS7bVsmOKmxXUcE +-> ssh-ed25519 72ij7w E4hDPtzBc5TA9di+fDx6wZ8DVfT38jffoToijv5SLB0 +/KNjXHUZKtA90H1xWc30vvhXB/lKmOXA5UC7yG4c5mE +-> 9zk}K-grease kS{7C :,4?G Y7kE pX +9AqBHJDka8OWGDWlxoe/+KNygaTB4NyTVy/NTnhywmebFLmWCFKjcQPB1v5HJf9E +te6IjpnLvwI5wrW48Q +--- vVz2GKYi4Q2ChGi0QjHVZgN2B8I8srC4DWwiH8zh0N0 +]B{0@fE5e[dGW)SEJ:,?DKe7nU +56j)@~Ǜ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e798be3..2d054df 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,8 +20,8 @@ in { "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ]; - "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ]; "cloudflare.age".publicKeys = [ felschr home-pc home-server ]; + "owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ]; "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ]; "etebase-server.age".publicKeys = [ felschr home-pc home-server ]; "miniflux.age".publicKeys = [ felschr home-pc home-server ]; diff --git a/services/mosquitto.nix b/services/mosquitto.nix index 6389820..8f6f976 100644 --- a/services/mosquitto.nix +++ b/services/mosquitto.nix @@ -17,7 +17,6 @@ in { mqtt-hass = mkSecret ../secrets/mqtt/hass.age; mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age; mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age; - mqtt-owntracks-plain = mkSecret ../secrets/mqtt/owntracks-plain.age; }; services.nginx = { diff --git a/services/owntracks.nix b/services/owntracks.nix index 1589d54..b1cef70 100644 --- a/services/owntracks.nix +++ b/services/owntracks.nix @@ -6,6 +6,8 @@ let window.owntracks.config = {}; ''; in { + age.secrets.owntracks-recorder-env.file = + ../secrets/owntracks/recorder.env.age; age.secrets.owntracks-htpasswd.file = ../secrets/owntracks/htpasswd.age; virtualisation.oci-containers.containers = { @@ -18,18 +20,15 @@ in { OTR_HOST = "localhost"; OTR_PORT = "1883"; OTR_USER = "owntracks"; - OTR_PASS = ""; # TODO }; + # provide OTR_PASS + environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ]; # easypi/ot-recorder-arm uses different store location # volumes = [ "/var/lib/owntracks/recorder/store:/store" ]; volumes = [ "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store" ]; - extraOptions = [ - # TODO systemd doesn't substitute variables because it doesn't run in a shell - # "-e OTR_PASS=\"$(cat ${config.age.secrets.mqtt-owntracks-plain.path})\"" - "--network=host" - ]; + extraOptions = [ "--network=host" ]; }; owntracks-frontend = {