From 62bc964785451dc3da3701c0517c5df929825519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= Date: Mon, 30 May 2022 01:43:22 +0200 Subject: [PATCH] fix(owntracks): add secret to owntracks-recorder And fix `secrets/mqtt/owntracks.age`. --- secrets/mqtt/owntracks-plain.age | 11 ----------- secrets/mqtt/owntracks.age | Bin 658 -> 613 bytes secrets/owntracks/recorder.env.age | 13 +++++++++++++ secrets/secrets.nix | 2 +- services/mosquitto.nix | 1 - services/owntracks.nix | 11 +++++------ 6 files changed, 19 insertions(+), 19 deletions(-) delete mode 100644 secrets/mqtt/owntracks-plain.age create mode 100644 secrets/owntracks/recorder.env.age diff --git a/secrets/mqtt/owntracks-plain.age b/secrets/mqtt/owntracks-plain.age deleted file mode 100644 index 62dd763..0000000 --- a/secrets/mqtt/owntracks-plain.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA EUCAFvv0lXb1aUeNwfETPZPjnPu2jvfE/Y2oDqWxsS0 -90gepjWnqV1y2fy/fXtseGWoVYZZ7gqotYbRlqwoJkk --> ssh-ed25519 lJaKnA 7qZgtht5htf04vvKyS6clUDdDl79XXiz5tfMCADuCng -XpnIlDH9G/kVKsrRQqvhMq0WzyCKU1uxewBB6+gUl7I --> ssh-ed25519 72ij7w VD0nT2Xe1FyS65birBDixk6wGo65X/BbWciIr7RbEmI -JyjbLeJihjduMjj1s3FwONYLDOtlpgGaLFe6PQyAubw --> T-grease -7dwzA+u7t5WSPe0rR0cptQivYAmlIAd1MRgn5cfyoQ ---- NPZDG+VU3AvoxqrA86Gk6CNbyGVX3yeT/+ZTymgwKVs -ϬV }$`Z$6~!ʄsGRhmES[{Tϧ \ No newline at end of file diff --git a/secrets/mqtt/owntracks.age b/secrets/mqtt/owntracks.age index 756b096dbb5b4df7e30d9fbd46109d40045d14ab..b701bd3f3822377a170739133a24851b9422835f 100644 GIT binary patch delta 560 zcmWm9L2J`s002S1UXnl?$(z#KG5lQd16rc2kP8;mablB`|RWNDKo z%7zDb5y4H_Ma09vi3fL5Py~lCcM&{z+Qoz5!GnlQ@Zd#!|KM$(`8INYdV?xe)JhKE zfurJez09i0hHLwqg&Ieo_AW?2q_V$~&seoLmk0ZDrl|{Rz&RwkW|&%?U!?<}hGN>uRb7RTQLdM=z5H-Kgj!lMiy%^kp-j)KvZ;dRFkOrW zb9`M=GA0qBqC^_9?>9UDCpT&lY^{No4-zvFUy#`vDWeL75X3UkG@7}PDknEIf=<>N zIU*FT-b$gaX7xU%I{Bf+;T8nLaH7?yD!nLK7+A#u7vUCFMw2mt#VO6`R5SIshG{e{ zBKfu>LoA1Xy1ngR+&}J;dq-0TiHG8=U1R?bwY0De{=d^S?(`q#Zp?d8JurRepYt@P&ycV~|m wrqPqJlSf`@N1Hrb!w$}k=|7q?;+x%j0ke2(9ljbp2JXrA?u+O4_{R_b0OD20od5s; delta 606 zcmWm9OKZ~r007|Oo8XY4Y!?q@tfI!!v`L!I4M*Cnk7P~Sq*;><(Y)HEN!K=M9<568 zH1y<#c=0d>>W&`7Um$`5K|zKGhj^G9;y@H14CWBOfAD=ivV8R3rGDGY@)Zo{6G1%d zblj9E+Y;&8v#g<}ig~Sr=18YVg1LH00a}LXm6^ayOMaFtQaaXv7(q#~U|O`g(FU2M z)mk+d6=+BVB3D9=qenC~j-s*gkVQ(=0v?(PW)K=SvRcoNdNf1CGfcxOOk-9<r*b)Gy+ld39(KZ zu0s+EqtuvarsosQa_RpBJ+1yMO|&xe7?z= zRmfBv3I`&QNXSB)LC2OVB9oc^M{>xQjXnXI))ZIrzr^C-TH&*7~ z{vJ4Z>T^@&>pQ0w3*%dRFV{Y9tY*B)-I1S{7r&m1B06fgEyXq>7mer-L28X54ZjS#bn ssh-ed25519 OAZQhA Qnhjg0aiCjjpq5S9uUqZUamO6lX0aoNutCYgqh0vbBI +ZGEbJUs9WsQKgb4F13QYGgFvYXBTCCpxfMiAadz3l4g +-> ssh-ed25519 lJaKnA jOejc7Gj3MrwLY5xOCZh8hJjQ3+bY8ZOhRipLu20TCc +fyXQHrrYzAQTDc0VGTDw5tc9Sl/KoS7bVsmOKmxXUcE +-> ssh-ed25519 72ij7w E4hDPtzBc5TA9di+fDx6wZ8DVfT38jffoToijv5SLB0 +/KNjXHUZKtA90H1xWc30vvhXB/lKmOXA5UC7yG4c5mE +-> 9zk}K-grease kS{7C :,4?G Y7kE pX +9AqBHJDka8OWGDWlxoe/+KNygaTB4NyTVy/NTnhywmebFLmWCFKjcQPB1v5HJf9E +te6IjpnLvwI5wrW48Q +--- vVz2GKYi4Q2ChGi0QjHVZgN2B8I8srC4DWwiH8zh0N0 +]B{0@fE5e[dGW)SEJ:,?DKe7nU +56j)@~Ǜ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e798be3..2d054df 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,8 +20,8 @@ in { "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ]; - "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ]; "cloudflare.age".publicKeys = [ felschr home-pc home-server ]; + "owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ]; "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ]; "etebase-server.age".publicKeys = [ felschr home-pc home-server ]; "miniflux.age".publicKeys = [ felschr home-pc home-server ]; diff --git a/services/mosquitto.nix b/services/mosquitto.nix index 6389820..8f6f976 100644 --- a/services/mosquitto.nix +++ b/services/mosquitto.nix @@ -17,7 +17,6 @@ in { mqtt-hass = mkSecret ../secrets/mqtt/hass.age; mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age; mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age; - mqtt-owntracks-plain = mkSecret ../secrets/mqtt/owntracks-plain.age; }; services.nginx = { diff --git a/services/owntracks.nix b/services/owntracks.nix index 1589d54..b1cef70 100644 --- a/services/owntracks.nix +++ b/services/owntracks.nix @@ -6,6 +6,8 @@ let window.owntracks.config = {}; ''; in { + age.secrets.owntracks-recorder-env.file = + ../secrets/owntracks/recorder.env.age; age.secrets.owntracks-htpasswd.file = ../secrets/owntracks/htpasswd.age; virtualisation.oci-containers.containers = { @@ -18,18 +20,15 @@ in { OTR_HOST = "localhost"; OTR_PORT = "1883"; OTR_USER = "owntracks"; - OTR_PASS = ""; # TODO }; + # provide OTR_PASS + environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ]; # easypi/ot-recorder-arm uses different store location # volumes = [ "/var/lib/owntracks/recorder/store:/store" ]; volumes = [ "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store" ]; - extraOptions = [ - # TODO systemd doesn't substitute variables because it doesn't run in a shell - # "-e OTR_PASS=\"$(cat ${config.age.secrets.mqtt-owntracks-plain.path})\"" - "--network=host" - ]; + extraOptions = [ "--network=host" ]; }; owntracks-frontend = {