From 234130fe02f65cad5651f50cdf96341742a5cf9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 4 Jan 2026 09:50:11 +0100 Subject: [PATCH] Fixed secrets --- deploy.conf | 26 +++--- templates/nix-config/sops-nix/secrets.yaml | 94 +++++++++++----------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/deploy.conf b/deploy.conf index 6107dd1..128f6a5 100644 --- a/deploy.conf +++ b/deploy.conf @@ -1,19 +1,19 @@ #TARGET SETTINGS -TARGET_HOST="192.168.1.10" -SSH_PUBLIC_KEY="ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@yourdomain.com" +export TARGET_HOST="192.168.1.10" +export SSH_PUBLIC_KEY="ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@yourdomain.com" # TRAEFIK SETTINGS -DOMAIN_NAME="yourdomain.com" -EMAIL_ADDRESS="your-mail@yourdomain.com" -CF_DNS_API_TOKEN="yourToken" +export DOMAIN_NAME="yourdomain.com" +export EMAIL_ADDRESS="your-mail@yourdomain.com" +export CF_DNS_API_TOKEN="yourToken" # SMTP SETTINGS -SENDER_EMAIL_ADDRESS="youraddress@gmail.com" -SENDER_EMAIL_ADDRESS_PASSWORD="emrp raps vzoi vnoe" -SENDER_EMAIL_DOMAIN="smtp.yourdomain.com" -SENDER_EMAIL_PORT="587" +export SENDER_EMAIL_ADDRESS="youraddress@gmail.com" +export SENDER_EMAIL_ADDRESS_PASSWORD="emrp raps vzoi vnoe" +export SENDER_EMAIL_DOMAIN="smtp.yourdomain.com" +export SENDER_EMAIL_PORT="587" #NETWORK SETTINGS -HOME_ROUTER_SUBNET="192.168.1.0/24" -HOME_ROUTER_IP="192.168.1.1" -HOME_SERVER_IP="192.168.1.5" +export HOME_ROUTER_SUBNET="192.168.1.0/24" +export HOME_ROUTER_IP="192.168.1.1" +export HOME_SERVER_IP="192.168.1.5" # SERVICES SETTINGS -SELECTED_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \ +export SELECTED_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \ "nextcloud" "passbolt" "pi-hole" "virtualization" ) \ No newline at end of file diff --git a/templates/nix-config/sops-nix/secrets.yaml b/templates/nix-config/sops-nix/secrets.yaml index 6e0c5fe..60a40e5 100644 --- a/templates/nix-config/sops-nix/secrets.yaml +++ b/templates/nix-config/sops-nix/secrets.yaml @@ -1,68 +1,68 @@ -ssh_public_keys: $SSH_PUBLIC_KEY -sender_email_address_password: $SENDER_EMAIL_ADDRESS_PASSWORD +ssh_public_keys: "$SSH_PUBLIC_KEY" +sender_email_address_password: "$SENDER_EMAIL_ADDRESS_PASSWORD" podman: frigate: | - DOMAIN_NAME=$DOMAIN_NAME - FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER - FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD + DOMAIN_NAME="$DOMAIN_NAME" + FRIGATE_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" + FRIGATE_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" gitea: | - DOMAIN_NAME=$DOMAIN_NAME - DB_NAME=$GITEA_DB_NAME - DB_USERNAME=$GITEA_DB_USERNAME - DB_PASSWORD=$GITEA_DB_PASSWORD - POSTGRES_HOST=gitea-database + DOMAIN_NAME="$DOMAIN_NAME" + DB_NAME="$GITEA_DB_NAME" + DB_USERNAME="$GITEA_DB_USERNAME" + DB_PASSWORD="$GITEA_DB_PASSWORD" + POSTGRES_HOST="gitea-database" POSTGRES_PORT=5432 home_assistant: | - DOMAIN_NAME=$DOMAIN_NAME - HOME_ASSISTANT_MQTT_USER=$HOME_ASSISTANT_MQTT_USER - HOME_ASSISTANT_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD + DOMAIN_NAME="$DOMAIN_NAME" + HOME_ASSISTANT_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" + HOME_ASSISTANT_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" immich: | - DOMAIN_NAME=$DOMAIN_NAME - DB_DATABASE_NAME=$IMMICH_DB_NAME - DB_USERNAME=$IMMICH_DB_USERNAME - DB_PASSWORD=$IMMICH_DB_PASSWORD - IMMICH_VERSION=release + DOMAIN_NAME="$DOMAIN_NAME" + DB_DATABASE_NAME="$IMMICH_DB_NAME" + DB_USERNAME="$IMMICH_DB_USERNAME" + DB_PASSWORD="$IMMICH_DB_PASSWORD" + IMMICH_VERSION="release" IMMICH_TRUSTED_PROXIES=172.16.50.253 - REDIS_HOSTNAME=immich-redis - DB_HOSTNAME=immich-database + REDIS_HOSTNAME="immich-redis" + DB_HOSTNAME="immich-database" UPLOAD_LOCATION=/mnt/data/immich DB_DATA_LOCATION=/mnt/config/immich/database - TZ=Europe/Paris + TZ="Europe/Paris" it_tools: | - DOMAIN_NAME=$DOMAIN_NAME + DOMAIN_NAME="$DOMAIN_NAME" nextcloud: | - DOMAIN_NAME=$DOMAIN_NAME + DOMAIN_NAME="$DOMAIN_NAME" NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS passbolt: | - DOMAIN_NAME=$DOMAIN_NAME - PASSBOLT_MYSQL_DATABASE=$PASSBOLT_DB_NAME - PASSBOLT_MYSQL_USER=$PASSBOLT_DB_USERNAME - PASSBOLT_MYSQL_PASSWORD=$PASSBOLT_DB_PASSWORD - SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS - SENDER_EMAIL_ADDRESS_PASSWORD=$SENDER_EMAIL_ADDRESS_PASSWORD - SENDER_EMAIL_DOMAIN=$SENDER_EMAIL_DOMAIN - SENDER_EMAIL_PORT=$SENDER_EMAIL_PORT - EMAIL_ADDRESS=$EMAIL_ADDRESS - TZ=Europe/Paris + DOMAIN_NAME="$DOMAIN_NAME" + PASSBOLT_MYSQL_DATABASE="$PASSBOLT_DB_NAME" + PASSBOLT_MYSQL_USER="$PASSBOLT_DB_USERNAME" + PASSBOLT_MYSQL_PASSWORD="$PASSBOLT_DB_PASSWORD" + SENDER_EMAIL_ADDRESS="$SENDER_EMAIL_ADDRESS" + SENDER_EMAIL_ADDRESS_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD" + SENDER_EMAIL_DOMAIN="$SENDER_EMAIL_DOMAIN" + SENDER_EMAIL_PORT="$SENDER_EMAIL_PORT" + EMAIL_ADDRESS="$EMAIL_ADDRESS" + TZ="Europe/Paris" pi_hole: | - DOMAIN_NAME=$DOMAIN_NAME + DOMAIN_NAME="$DOMAIN_NAME" HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET HOME_ROUTER_IP=$HOME_ROUTER_IP HOME_SERVER_IP=$HOME_SERVER_IP - FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD - TZ=Europe/Paris + FTLCONF_webserver_api_password="$FTLCONF_WEBSERVER_PASSWORD" + TZ="Europe/Paris" traefik: | - DOMAIN_NAME=$DOMAIN_NAME - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN + DOMAIN_NAME="$DOMAIN_NAME" + CF_DNS_API_TOKEN="$CF_DNS_API_TOKEN" disks: - content-disk-1: $CONTENT_DISK_1_KEY - content-disk-2: $CONTENT_DISK_2_KEY - content-disk-3: $CONTENT_DISK_3_KEY - content-disk-4: $CONTENT_DISK_4_KEY - content-disk-5: $CONTENT_DISK_5_KEY - content-disk-6: $CONTENT_DISK_6_KEY - parity-disk-1: $PARITY_DISK_1_KEY - parity-disk-2: $PARITY_DISK_2_KEY - parity-disk-3: $PARITY_DISK_3_KEY + content-disk-1: "$CONTENT_DISK_1_KEY" + content-disk-2: "$CONTENT_DISK_2_KEY" + content-disk-3: "$CONTENT_DISK_3_KEY" + content-disk-4: "$CONTENT_DISK_4_KEY" + content-disk-5: "$CONTENT_DISK_5_KEY" + content-disk-6: "$CONTENT_DISK_6_KEY" + parity-disk-1: "$PARITY_DISK_1_KEY" + parity-disk-2: "$PARITY_DISK_2_KEY" + parity-disk-3: "$PARITY_DISK_3_KEY"