diff --git a/secrets/OVHCloud/default.yaml b/secrets/OVHCloud/default.yaml index fe903d6..1740d97 100644 --- a/secrets/OVHCloud/default.yaml +++ b/secrets/OVHCloud/default.yaml @@ -23,6 +23,10 @@ gitlab: DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str] JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str] musare: + APP_SECRET: ENC[AES256_GCM,data:MTwZ7ziFaa6kCdbvNPyFCbNa/aY1kPO3CuLG0UC8S8Pd5QHepIHor3Ab9yw=,iv:8zalEGdQUmCoSZV8B/wmztPFi2upZZ11rU/okhkdk30=,tag:++8A7nyxsAvpqg1azwCWaA==,type:str] + YOUTUBE_API_KEY: ENC[AES256_GCM,data:gyBGcdrTnpmnl+NtCO0qZdaUJJ4cGyrJng2us/1ERfmgJAds50eR,iv:0uAqORbl3hC7QYJfJaP/JnaYvHoToxwVKRwElFIhgRI=,tag:NuETLWclphy4dhVnKVh1jw==,type:str] + SPOTIFY_CLIENT_ID: ENC[AES256_GCM,data:SecWkp5T77ciTs5gjjUznYbhkFaLNGkiXwiD3uvprEQ=,iv:+Tm9qgTHiklnNsYDCXFV2pm5mDLV2azM2Q1ZWeifnFk=,tag:wkj63YNBx9svSUWoPBCFpQ==,type:str] + SPOTIFY_CLIENT_SECRET: ENC[AES256_GCM,data:QY6bXZSimSET8bQteZycUZOpC5lUgDXteBhFEYvtovI=,iv:3BtHH/pPFLqW+MHSgKVwJ/hViEeF4YOWRRFMT+YIibA=,tag:VKsuBBxV7y64vBMVl10PZQ==,type:str] MONGO_USER_USERNAME: ENC[AES256_GCM,data:XKk3rmNJ,iv:x853fsUKFZ5xEKTTFd+r8MQ4yZK1q0x9ocjmngBJ4Wo=,tag:v9xsFbImlrNQb/yAlIWM/w==,type:str] MONGO_USER_PASSWORD: ENC[AES256_GCM,data:QMocFYM0okz4/g0iPm3QoPGtxRc67A==,iv:xZJL5KVJAL0Gv9wkbyStrcJig1gKkHlQnJ8SIKVLeLs=,tag:HdXDA6z8YJzwEQPBt/0rCQ==,type:str] MONGO_ROOT_PASSWORD: ENC[AES256_GCM,data:KrrEa7NVF1J+znK+8aychgmBGgtLHw==,iv:BGsnTPXmQ3moqFRVATRbVDBLl/EFG5DqSwii/9eKdLg=,tag:0hR91iEZcox/xe7M4SmCBg==,type:str] @@ -87,8 +91,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-07T21:03:51Z" - mac: ENC[AES256_GCM,data:iRlsQiOia0lmCAHYCkEvK2FKY2rWxWwr3nI3i6dHwNPfUQGJuNbhIWWTzI/t60N6/lY4UmYQI8jcwUxKM1xvv6p/XNarpRfXdskm5ocAtg8AyXBtXx1kgsvPmzMzFE3QQ0s1XbEoGHQKTT4yE9rTQlX9Gnd1zzbYBgcgLZ+STus=,iv:t3lbU/dbdZjHsW58yZEiAHvUePwdc5JMFCtv28uqgXo=,tag:ghGULzQinWDlDFAX6hFUlg==,type:str] + lastmodified: "2024-11-07T22:25:47Z" + mac: ENC[AES256_GCM,data:6LynPNzengBoVm5fPtxHuUxbvMy7Vaf6Qd/ikUcu8/Af3oPhxeBTwN0aOje+oqAVuYFsNLCsf1GGCkZ+U1mK+Fr777vSsl/+T5iG7hcjTht+Gtq2sK93qiGB6rdYrHzuJ6G3hHR1Xl/OGW7TsYj9+2PJvV/Hr18qElr3VDBDJD0=,iv:EQe5Q4FDn9Di4L76eIw/wU+44iCeTS7lrJlPfZvLOdM=,tag:sEYyV4+jN8yEKPfYgrSemg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/services/musare/config.json b/services/musare/config.json deleted file mode 100644 index 0aa6108..0000000 --- a/services/musare/config.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "configVersion": 12, - "migration": false, - "secret": "CHANGE_ME", - "port": 8080, - "url": { - "host": "music.gasdev.fr", - "secure": true - }, - "apis": { - "youtube": { - "key": "CHANGE_ME" - }, - "discogs": { - "enabled": false, - "client": "CHANGE_ME", - "secret": "CHANGE_ME" - } - }, - "mail": { - "enabled": false, - "smtp": { - "host": "smtp.my.domain", - "port": 587, - "auth": { - "user": "CHANGE_ME", - "pass": "CHANGE_ME" - }, - "secure": true - } - } -} diff --git a/services/musare/default.nix b/services/musare/default.nix index a86dd0a..218584f 100644 --- a/services/musare/default.nix +++ b/services/musare/default.nix @@ -54,12 +54,16 @@ in { } ''; + sops.secrets."musare/APP_SECRET".owner = "root"; + sops.secrets."musare/YOUTUBE_API_KEY".owner = "root"; + sops.secrets."musare/SPOTIFY_CLIENT_ID".owner = "root"; + sops.secrets."musare/SPOTIFY_CLIENT_SECRET".owner = "root"; sops.secrets."musare/MONGO_USER_USERNAME".owner = "root"; sops.secrets."musare/MONGO_USER_PASSWORD".owner = "root"; sops.secrets."musare/MONGO_ROOT_PASSWORD".owner = "root"; sops.secrets."musare/REDIS_PASSWORD".owner = "root"; - sops.templates."musare.env" = { + sops.templates."musare/.env" = { content = '' MONGO_USER_USERNAME=${config.sops.placeholder."musare/MONGO_USER_USERNAME"} MONGO_USER_PASSWORD=${config.sops.placeholder."musare/MONGO_USER_PASSWORD"} @@ -71,6 +75,29 @@ in { ''; owner = "root"; }; + sops.templates."musare/config.json" = { + content = '' + { + "configVersion": 12, + "migration": false, + "secret": "${config.sops.placeholder."musare/APP_SECRET"}", + "port": 8080, + "url": { + "host": "music.gasdev.fr", + "secure": true + }, + "apis": { + "youtube": { + "key": "${config.sops.placeholder."musare/YOUTUBE_API_KEY"}" + }, + "spotify": { + "clientId": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_ID"}", + "clientSecret": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_SECRET"}" + } + } + } + ''; + }; virtualisation.oci-containers.containers = { musare-backend = { @@ -86,14 +113,14 @@ in { autoStart = true; volumes = [ "${musare-backend}:/opt/app/" - "${./config.json}:/opt/app/config.json" + "${config.sops.templates."musare/config.json".path}:/opt/app/config.json" ]; ports = [ "32483:8080" ]; workdir = "/opt/app"; environmentFiles = [ - config.sops.templates."musare.env".path + config.sops.templates."musare/.env".path ]; dependsOn = ["mongo" "redis"]; }; @@ -105,7 +132,7 @@ in { "musare-mongodb:/data/db" ]; environmentFiles = [ - config.sops.templates."musare.env".path + config.sops.templates."musare/.env".path ]; }; redis = { @@ -116,7 +143,7 @@ in { "musare-redis:/data" ]; environmentFiles = [ - config.sops.templates."musare.env".path + config.sops.templates."musare/.env".path ]; }; };