felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(owntracks): add secret to owntracks-recorder

Browse source 
And fix `secrets/mqtt/owntracks.age`.
This commit is contained in:
Felix Schröter 2022-05-30 01:43:22 +02:00
parent 6efc9cea3f
commit 62bc964785
Signed by: felschr
GPG key ID: 671E39E6744C807D
6 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
secrets/mqtt/owntracks-plain.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 OAZQhA EUCAFvv0lXb1aUeNwfETPZPjnPu2jvfE/Y2oDqWxsS0
90gepjWnqV1y2fy/fXtseGWoVYZZ7gqotYbRlqwoJkk
-> ssh-ed25519 lJaKnA 7qZgtht5htf04vvKyS6clUDdDl79XXiz5tfMCADuCng
XpnIlDH9G/kVKsrRQqvhMq0WzyCKU1uxewBB6+gUl7I
-> ssh-ed25519 72ij7w VD0nT2Xe1FyS65birBDixk6wGo65X/BbWciIr7RbEmI
JyjbLeJihjduMjj1s3FwONYLDOtlpgGaLFe6PQyAubw
-> T-grease
7dwzA+u7t5WSPe0rR0cptQivYAmlIAd1MRgn5cfyoQ
--- NPZDG+VU3AvoxqrA86Gk6CNbyGVX3yeT/+ZTymgwKVs
»äñ™ýûáϬÕVÆ }$•æÍ`Z¨$¬6~Í‚ÂÈ!Ê„s“Gš½Rüh<1F>¡mEíS[{éóTϧ

BIN
secrets/mqtt/owntracks.age
View file

Binary file not shown.

13
secrets/owntracks/recorder.env.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 OAZQhA Qnhjg0aiCjjpq5S9uUqZUamO6lX0aoNutCYgqh0vbBI
ZGEbJUs9WsQKgb4F13QYGgFvYXBTCCpxfMiAadz3l4g
-> ssh-ed25519 lJaKnA jOejc7Gj3MrwLY5xOCZh8hJjQ3+bY8ZOhRipLu20TCc
fyXQHrrYzAQTDc0VGTDw5tc9Sl/KoS7bVsmOKmxXUcE
-> ssh-ed25519 72ij7w E4hDPtzBc5TA9di+fDx6wZ8DVfT38jffoToijv5SLB0
/KNjXHUZKtA90H1xWc30vvhXB/lKmOXA5UC7yG4c5mE
-> 9zk}K-grease kS{7C :,4?G Y7kE pX
9AqBHJDka8OWGDWlxoe/+KNygaTB4NyTVy/NTnhywmebFLmWCFKjcQPB1v5HJf9E
te6IjpnLvwI5wrW48Q
--- vVz2GKYi4Q2ChGi0QjHVZgN2B8I8srC4DWwiH8zh0N0
]¦B{¼0Û@fèE5¿þ„eøƒ[¥õÅd¢GúžšW)<29>SEŽŠûJð:Œ,¥?´¶žDíKeþ7nU
À¼5Ò6<EFBFBD>)@—~Ç›

2
secrets/secrets.nix
View file

@ -20,8 +20,8 @@ in {
"mqtt/hass.age".publicKeys = [ felschr home-pc home-server ];
"mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
"mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];
"mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];
"cloudflare.age".publicKeys = [ felschr home-pc home-server ];
"owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ];
"owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
"etebase-server.age".publicKeys = [ felschr home-pc home-server ];
"miniflux.age".publicKeys = [ felschr home-pc home-server ];

1
services/mosquitto.nix
View file

@ -17,7 +17,6 @@ in {
mqtt-hass = mkSecret ../secrets/mqtt/hass.age;
mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age;
mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age;
mqtt-owntracks-plain = mkSecret ../secrets/mqtt/owntracks-plain.age;
};
services.nginx = {

11
services/owntracks.nix
View file

@ -6,6 +6,8 @@ let
window.owntracks.config = {};
'';
in {
age.secrets.owntracks-recorder-env.file =
../secrets/owntracks/recorder.env.age;
age.secrets.owntracks-htpasswd.file = ../secrets/owntracks/htpasswd.age;
virtualisation.oci-containers.containers = {
@ -18,18 +20,15 @@ in {
OTR_HOST = "localhost";
OTR_PORT = "1883";
OTR_USER = "owntracks";
OTR_PASS = ""; # TODO
};
# provide OTR_PASS
environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ];
# easypi/ot-recorder-arm uses different store location
# volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
volumes = [
"/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store"
];
extraOptions = [
# TODO systemd doesn't substitute variables because it doesn't run in a shell
# "-e OTR_PASS=\"$(cat ${config.age.secrets.mqtt-owntracks-plain.path})\""
"--network=host"
];
extraOptions = [ "--network=host" ];
};
owntracks-frontend = {